The Internet's Bad Neighborhoods

An anonymous reader writes "Of the 42,000 Internet Service Providers (ISPs) surveyed, just 20 were found to be responsible for nearly half of all the spamming IP addresses — and some ISPs have more than 60% of compromised hosts, mostly in Asia. Phishing Bad Neighborhoods, on the other hand, are mostly in the U.S. Also, there is a silent ticking 'spam' bomb in BRIC countries: if India would have the same Internet penetration rate as the United States while keeping its current ratio of malicious IP addresses, we would observe 200% more spamming IP addresses worldwide. These are just few of the striking results of an extensive study from the University of Twente, in The Netherlands, which scrutinizes the Internet Bad Neighborhoods to develop next-generation algorithms and solutions to better secure networks."

How is this news?

[Synerg1y]

Anybody who's worked at a datacenter has known this for years and years. And comparing them to bad neighbors is correct... if we didn't consider scope and the medium. It's a lot harder to police something that's not in physical form and is transitional, and A LOT harder when it's in a country you don't have jurisdiction over. Sure you could block these ISPs and in a lot of cases it makes sense, if your website is national, then it can save a lot of pain, but it's not the end all solution to spam.

Re:How is this news?

[ninjacheeseburger]

Most of us don't work in datacenters.

I think this could easily become a huge issue. We are lucky that most phishing emails are of a very low standard and it's easy to spot the fakes.

I'm guessing that these developing countries don't take cyber crime to seriously at the moment, perhaps instead of governments pushing SOPA and and ACTA they could come up with agreements which will encourage BRIC nations to start cracking down on spammers before the problem gets out of hand.

Those aren't the phishers you're looking for

[Animats]

Those aren't the phishers you're really worried about. There seem to be about ten "usual suspects" we keep seeing on our phishing reports. The low-end ones are trolling for Habbo Hotel accounts. A few notches up are phony logins for bank accounts (PayPal and HSBC are popular targets. New this week: Swedish tax refunds. And, for some reason, several new phish sites for AOL 9.0 accounts.) We track these, but they're more of a nuisance than a real threat.

The ones to worry about are better targeted and are of better quality. Those are aimed at corporate login info. Those won't be seen by broad-based phishing detection services because they're only sent to people who might have those logins. So they tend not to be blacklisted.

Break it down per capita

[roman_mir]

Brazil: 196,655,014 people (World Bank)
Russia: 141,930,000 people
India: 1,241,491,960 people
China: 1,344,130,000 people

that's 2,924,206,974 people total.
world population: 6,973,738,433 people, so BRIC countries are 41% of the total in population.

FTFA:

Of the 42,000 Internet Service Providers (ISPs) surveyed, just 20 were found to be responsible for nearly half of all the internet addresses that send spam.

so I take it "nearly half" is between 40% and 50%, but less than 50%. If it's over 41%, then what we are looking here is some form of distribution of 'nuisance' that is related to the actual population and it probably shows normal distribution.

Is this really a surprise?

Re:Break it down per capita

[AK+Marc]

It is my field. I've never been "attacked" with a coordinated intrusion attempt. I've worked on systems that were hacked by script kiddies with no agenda (it was used only for warez, when they compromised a web server). But scans I get, and I've seen port scans referred to by the US government as "attacks" because that helps generate fear and hate in the population, which allows for money and power grabs. And those seem to be distributed more on the level of compromised machines, than concentration in areas where we have "enemies" (real or perceived).

As such, I would take the official numbers to be lies, until proven otherwise. Why? Because I have enough personal real-world experience in security to validate the implied raw numbers and invalidate the conclusions. That's why they'll never tell us enough to make up our own minds. Someone like me could prove in 5 minutes that all the conclusions are lies. So we only get false generalizations and, for all we know, 99.44% of Chinese attacks are false flag. Much like the claims that "an IP doesn't identify a person" in the copyright cases, the US is asserting that an IP from China is the government or an agent thereof. It could be a private Chinese citizen, or, more likely, someone from Russia or the US that runs a botnet.

Re:The Internets "real" bad neighborhoods:

How is Al-Jazeera a bad neighbourhood? I found them to be a useful source during the Egyptian revolution, it is a western-style news channel from Arabia. Just because they have been sent tapes from terrorists does not mean that they support them, just as the guardian getting leaks from wikileaks does not mean that they support wikileaks.

Final solution

[PopeRatzo]

Clearly the only solution is to only let the world's biggest telecoms provide Internet to people.

I would gladly take an Internet with some "bad neighborhoods" over a completely safe Internet provided by entirely by AT&T/Comcast and a handful of megacorps who are also involved in creating content.

The Internet/Media/Industrial Complex loves to tell us scary stories about how dangerous an "open" Internet can be. Apparently, the Internet, like the "free market" is only good if they can control it.

Just sell us some bandwidth and I'll look out for my own safety, thanks very much.