innismir.net

F-Secure, who is doing great work on surveying the breadth of Downadup, recently asked “Is it time for Internetpol?” when people starting asking why they didn’t take advantage of their sinkholes for Downadup and attempt to disinfect the zombies.

Still — it seems that people want a champion that can make big command decisions. Perhaps it would be a good time to bring up the idea of Internetpol again? Mikko briefly mentioned it on December 12th, it was the topic of his AVAR 2008 keynote. The idea was also mentioned in our third quarter security summary.

Do you want an organization with international legal authority to act against Internet threats?

Speaking strictly as a security researcher who, whenever I feel a bit masocistic, attempts to play whack a mole with various “bad sites” on the Internet: “Yes!” I don’t think anyone would disagree with a group Internationally recognized with the authority to shut down “bad” sites.

However, the primary issue is what constitues a “bad” site? With the authority to declare a site “bad” shifted over to an International entity, what standards will they use to judge sites? Sure, I think everyone will agree that sites which distribute malware is bad, but what about sites engaging in dissident political speech? I’m sure China think that any site blocked by the “Great Firewall” is “bad.” How will an InternetPol handle this? I would see conversations playing out like a scene from Silence of the Lambs:

Clarice: That’s only a part of the island. There’s a very, very nice beach. Terns nest there. There’s beautiful…
Hannibal: [cuts her off] Terns? Mmh. If I help you, Clarice, it will be “turns” with us too. Quid pro quo. I tell you things, you tell me things. Not about this case, though. About yourself. Quid pro quo. Yes or no?
[pause]
Hannibal: Yes or no, Clarice? Poor little Catherine is waiting.

China is a large haven for malware. Does “InternetPol” say “we won’t disconnect the sites you’ve requested” to China? If so, what would China do when InternetPol comes knocking and asks them to assist in an investigation from another member country? Quid Pro Quo would expect them to show InternetPol the door. The only way to get every country to play ball is to adjust the standards so that every country will be enforcing every other country’s laws. China doesn’t like Falun Gong sites? Gone. US doesn’t like gambling sites? Gone. Australia doesn’t like naughty web sites? Gone. It’s less of a “slippery slope” and more like a near vertical drop.

This is also coupled with numerous other issues of local Law Enforcement Organizations (LEO). If Russia doesn’t feel like enforcing their laws against a certain group *cough* RBN *cough* then the best an InternetPol oganization can hope for is to lean on their upstream providers and hope they cave. Thankfully, this seems to be working even with private organizations, but criminals are crafty, what happens when we see criminal organizations start setting up their own NSPs (With Blackjack! And Hookers!)? How about when the local LEO is compromised itself through bribes or worse?

These are major issues that need to be addressed on a global scale. Sadly, if only one country decides to take it’s ball and go home, we’re going to see every e-Crime enterprise beat a path to that country’s door the next day. If numerous countries refuse to play ball, InternetPol will be the electronic form of the United Nations: a great idea who’s main weapon is a strongly worded letter.