BEIJING, March. 29 (Xinhuanet) -- A group of
18 network providers and ISPs on Monday have banded together to confront
large-scale hacker attacks, struggling to cope with a dramatic rise in malicious
The organizations, which include BT Group PLC (BT), Deutsche Telekom AG
(DT), MCI Inc. (MCIP), NTT Communications Corp., Cisco Systems Inc. (CSCO) and
EarthLink Inc. (ELNK), have agreed to share information about network-based
attacks while they are under way through the Fingerprint Sharing Alliance, to be
unveiled Monday. Participants will share data using technology from Arbor
Networks Inc., a closely held Lexington, Mass., security company that sells
technology for detecting and fending off network-based attacks to about 70% of
the world's tier one Internet-backbone providers.
Farnam Jahanian, Arbor Network's founder and chief scientist, said in an
interview with eWEEK.com that the Fingerprint Alliance effectively replaces a
"laborious and tedious process" that involved the manual use of phone calls and
e-mails to share information on cyber-threats.
"This is the first time network and service providers can share attack
profiles and fingerprints automatically, without giving up any competitive
information," Jahanian said.
A typical fingerprint includes data on the scope and severity of a hacker
attack. It also can be used to distribute information on the threat's impact on
devices, services and customers.
"This can be used for a broad range of zero-day cyber-threats," Jahanian
said. "It can flag a denial-of-service attack, flood-based attacks or scanning
attacks. It can also be used to share information on the fast-propagating worms
and viruses we're seeing every day."
Until recently, denial-of-service attacks were usually weapons used by
novice attackers in vendettas against enemies. But like other types of malicious
activity on the Internet, attackers increasingly appear to be members of
criminal enterprises with financial motives.
The alliance members hope that a centralized, automated system for sharing
information about attacks with other operators will help them contain them more
quickly and trace them to their sources more effectively. Members will also be
able to take steps to dismantle botnets and perhaps ultimately begin to reverse
the attack's alarming growth trend. Operators now have a cumbersome, informal
information-sharing system using e-mail and phone conversations and based on
personal relationships, that isn't always speedy or effective.
"The landscape has certainly changed over the last year and a half" said
Rob Rigby, director of managed security services at MCI. "Now the malicious
intent is extortion or something more egregious than it was before. This is
starting to become a moneymaking operation."