We often throw around the term "bots" in our industry. Short for "robots," it's the common term for software programs that run automated tasks. In many cases, bots can be innocuous and even useful. The most common example of their benefit is that they are the first step in creating Internet search systems.
However, bots have taken on a more insidious meaning in recent years because many of them play a much more devious role. These kinds of bots usually are distributed surreptitiously and installed on computers through everyday tasks such as reading email or visiting a website. Many of these bots work together as part of a botnet, or a network of similar programs that can communicate with each other and take instructions from a central control point.
Botnets raise critical and complex problems that affect the full range of the Internet community: individual users, online merchants, infrastructure providers, national governments, and more. They are used to propagate spam, phishing, malware, spyware, DDOS attacks, and other abusive practices. Their impacts range from annoyance and productivity loss to data theft, fraud, and disruption of the Internet infrastructure. In essence, bots undermine the security and stability of the Internet, which in turn, undercuts the world's trust in the 'net.
These broad and potentially crippling effects require that everyone in the Internet community be part of addressing the issues and finding ways to remove these bad actors from the web. That's why the Public Interest Registry has, and will continue to be, committed to active participation in this fight. In fact, we recently sponsored two important programs in our battle against botnets.
The first program was a botnet workshop held in connection with the Online Trust Alliance's (OTA) 2012 Trust Forum, This event, sponsored jointly by PIR, the OTA, and Microsoft, was a day-long program in early October to address the challenges of notifying and aiding consumers who have been affected by botnets and other malware. It included registries, ISPs, government, and industry. Industry sectors ranged from online entities affected by botnet operations to security companies that provide methods for mitigating them.
The workshop's primary conclusion was that cooperation through sharing of information and experiences is critical in the fight to block botnets from spreading and accomplishing their ultimate purposes. OTA will issue a whitepaper examining the workshop and its conclusions within the next week or so, which will be available here.
We at PIR continued our anti-botnet efforts a few weeks later with a sponsored roundtable at the Anti-Phishing Working Group's eCrime program. This session had a different focus, that of addressing various approaches to attacking botnets directly.
The panel, which took on more of a global focus, examined how infrastructure organizations, such as PIR, can address botnets internally but also explored ways that members of a given sector, such as registrars, can work together as well as with other sectors. Examples are very successful communal initiatives in Switzerland and Germany. It also discussed existing and new avenues for infrastructure and third party information sharing that are valuable in addressing botnet problems.
The OTA and APWG programs are two examples of how PIR is committed to combatting abuse on the Internet, but are only the first two of many initiatives to come. The next one is this week, PIR's own December 5 forum in New York on Mitigating DDoS Threats. If you would like to attend the DDos Forum, you can either register to attend or view it live online at ISOC's Livestream channel on December 5th at 10 AM.
Public Interest Registry is a nonprofit corporation that operates the .org top-level domain – the world's third largest "generic" top-level domain with more than 10 million domain names registered worldwide. As an advocate for collaboration, safety and security on the Internet, Public Interest Registry's mission is to empower the global noncommercial community to use the Internet more effectively, and to take a leadership position among Internet stakeholders on policy and other issues relating to the domain naming system. (Learn More)
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Minds + Machines