Germany to set up centre to coordinate fight against botnets
In 2010 the German government is planning to pick up the fight against infected home computers. In the first half of next year it plans to set up an advisory centre which will help users purge their computers of viruses and bots. The idea, jointly developed by the Federal Office for Information Security (BSI) and the Association of the German Internet Industry (eco), is based on the premise that internet service providers (ISPs) have long had the technical capability to identify infected computers by analysing network traffic. The project was officially announced by BSI and eco at today's fourth national IT summit in Stuttgart.
According to the plan, ISPs will contact customers whose PCs are infected with a bot, possibly by post or by telephone. The plan also contemplates having infected computers automatically connect to a special web page each time they connect to the internet. Before the plans are implemented, however, a decision needs to be made on what sanctions customers who decline to cooperate with their ISP can be subjected to. According to an eco project manager, quoted by the dpa, "Anyone surfing without proper anti-virus software is endangering other web users, in the same way that a car driver driving with faulty brakes is endangering other road users."
Germany has the third highest number of infected computers in the world. According to the BSI, the objective of the project, which is unique in Europe, is to get Germany out of the top ten originating countries for cybercriminality. Broadband providers will be expected to encourage their customers to use the new service, which should be provided free of charge. The service is, however, likely to be offered free only to customers authorised by their ISP. According to the project organisers, negotiations with broadband providers are already making excellent progress. The project planners estimate that up to a quarter of all computers in Germany are infected with viruses, with 60,000 new infections per month.
At the heart of the countrywide advisory service will be a call centre employing around 40 staff. Users with infected computers will first, however, be directed to a website hosting software for removing viruses from infected systems. If this first approach fails, ISPs will then provide customers with a code for accessing telephone support from anti-virus experts who will aid users in finding and eliminating malware. No official estimate of the likely cost of the project has been made.
There is also a question mark over the legality of ISPs inspecting customers' network traffic. According to section 202b of the German Criminal Code, interception of information is illegal. Section 88 of the German Telecommunications Act also states that transmitted content must be treated as confidential. The third clause of this same section does, however, add that operators of telecommunications services may obtain information on content where this is required to protect their technical systems. A high network load due to a bot-launched spam wave could therefore be permissible grounds for examining a user's traffic. Accusations of spying and censorship are sure to be forthcoming – particularly if, for instance, plans were to be introduced for ISPs to check that customers have anti-virus software installed on their computers. It would therefore be better to convince users who have previously failed to implement security measures on their PCs of the utility of the campaign and allow them to explicitly approve filtering measures.
The concept is nothing new. 1&1 launched a similar project, which informed users if their computers were infected, earlier this year. According to Thomas Plünnecke, spokesman for 1&1, the company employs more than 40 people involved in countering internet abuse working in three teams. The abuse department analyses around 2.5 million emails per month for indications of potential problems. Since the initiative was launched in February, almost 50,000 customers have been informed that their computer is infected with a virus or trojan.
Today's announcement of a government-backed centre to combat viruses looks like testimony to the project's success. Plünnecke reckons that 1&1 has played a major role in inspiring the centre.
The Australian Internet Industry Association (IIA) published draft guidelines on requiring ISPs to block bot-infected computers several months ago. More than 60 ISPs are reported to now be following these guidelines. It can only be hoped that the BSI-eco project does not end up seeing one in four Germans, or more, cut adrift from the web in 2010.
- eSecurity Code to protect Australians online, report from the internet industry association.
- Dispatches from the botnet front, a report from The H.
- Botnet control server camouflages commands as JPEG images, a report from The H.