Dr. Antonio Nucci

By Supranamaya Ranjan

My colleague, Kevin McTiernan, and I recently spoke at the ISS World Conference in Washington, DC. A key concern we highlighted in our presentations is how standards for Lawful Interception are in denial about denial-of-service attacks. Participants were not fully aware of how DoS, DDoS, scans and Internet worms could interfere with successful interception, and why it is increasingly important for carriers and ISPs to think about securing their LI infrastructure.

A malicious entity can prevent law enforcement agencies and ISPs from successfully intercepting targeted events and traffic data by simply launching a denial-of-service attack on the ISP’s infrastructure. The techniques available to attackers are extensive and bewildering. One could congest the ISP’s network with a SYN flood attack, UDP flood, ICMP Smurf attack or other sophisticated DoS variants. One could also bring down the web portal being used for “LI Reporting?” by sending a flood of HTTP requests towards the web server. These attacks could begin with port scans directed towards the ISP’s network in order to locate the IP address of the reporting web server or the other vulnerable service ports that are open. Exacerbating this is the fact that the tools and resources needed for launching these attacks are easily available on the Internet.

Why exactly would this be important for carrier networks and ISPs? Well, a lot of the DoS, DDoS, scan and worm attacks we’ve seen so far in the Internet have been launched by thrill-seeking script kiddies, or by cyber extortionists looking for some quick bucks, or by spammers looking for unpatched vulnerable machines so that they could add them to their bot armies. However, once ISPs become compliant to CALEA and ETSI in 2007, the scenario will very likely change and cyber mafias will get yet another customer – the thugs and terrorists, who upon learning of impending intercept warrants against them, can be expected to approach the cyber mafias to prevent successful interception! The results will be disastrous, with cyber attacks launched as fast as warrants are issued. Unfortunately, it will be the ISPs and carriers who will bear the brunt of a cyber thug or mafia nexus. Imagine being an ISP that suddenly starts getting a huge number of phone calls from disgruntled customers who couldn’t check their emails, couldn’t access their banking accounts, and couldn’t order life-saving drugs online – all because you are being DDoS’ed for opening up a cyber warrant against a few thugs.

The picture may appear gloomy, but unified security and LI solutions like NarusInsight are fortunately now available. LEAs and ISPs can proactively address the challenge by deploying LI solutions with built-in security capabilities, or by complementing existing LI infrastructures with proven network security solutions.

By Kevin McTiernan

An employee of a large US corporation was fired for excessive use of the Internet during work hours. After his employment was terminated in 2003, the employee filed a lawsuit charging his employer with wrongful termination. He claims that his employer offered programs to assist fellow employees “with much more severe psychological problems?” including drugs and alcohol and thusly, he should have been offered counseling instead of being fired. His employer claims that he was in Internet chatrooms where sexually explicit topics were discussed and visited a website containing sexual content, all of this while using one of their computers. The employee claims the chatrooms were “self medication?” to help cope with post traumatic stress due to his experiences in Vietnam.

This brings up interesting comments about today’s Internet-driven culture. Employers are finding their employees requiring physical therapy for the “thumb tendonitis?” which results from the constant use of smartphones (such as Blackberrys, Treos and Sidekicks). Treatment centers are finding their clientele increasing and needing help with addictions including online gambling, cybersex and online shopping.

It is interesting – could the Internet, by making it possible to communicate with anyone around the clock, by providing an unending supply of information, and by enabling technologies (such as VoIP or videoconferencing), cause dependencies similar to that of nicotine, alcohol and drugs? When you look at the statistics released with a Stanford University study (see “A Stanford University study finds…?” below), there may be a new addiction for the healthcare industry to keep an eye out for.

In this Internet-driven culture, what will the responsibility of an employer be? Would employers be required to monitor all Internet traffic and analyze to look for dependencies? Will employers continue to offer Internet access? How long before we see a pamphlet on our HR admin’s desk on Internet addiction? Will schools need to provide guidance to students similar to teen pregnancy or alcohol abuse?

Stanford University’s Office of Communication and Public affairs has information on their study, here.