Internet Identity

Part of IID's Takedown Taekwondo Series

In the previous Takedown Taekwondo blog post, we examined how businesses and Internet security companies work with U.S.-based law enforcement to wipe out fraudulent websites. This time, we’ll set our sights on foreign soil and examine how matters change when dealing with authorities abroad.

Ensuring Takedowns Are Not a Foreign Concept

The Internet has made the world a smaller place, granting us the ability to instantly reach out to the far corners of the globe. Unfortunately, that capability likewise grants cybercriminals around the world the tools to vastly expand their criminal enterprises, extending their tentacles overseas and across borders.

When foreign criminals set their sights on U.S.-based businesses, these targeted companies and their Web-based security providers must often liaise with other countries’ law enforcement agencies in order to convince internationally based Internet Service Providers to take down these malicious sites. That’s because each country comes with its own set of laws and challenges, and the process of a website takedown must be handled accordingly. Culturally and politically, some countries are more averse than others about the idea of regulating their local ISPs and, in the bigger picture, patrolling and controlling the Internet.

On the aggressive side of the spectrum are the Scandinavian countries, as well as the Netherlands and Brazil, where anti-cybercrime efforts are practically considered a matter of national pride. On the opposite end are countries like Russia and Turkey, where local ISPs will refuse to take down all but the most blatant fraud sites without a court order. Not surprisingly, these nations have garnered reputations as hotbeds for cybercrime. Governmental cooperation is difficult to establish, yet essential in such countries, in part because their ISPs are either partly state-controlled or retain strong ties to the current regime.

Even Canada is trickier than you might think - some Canadian ISPs have a strict policy not to mitigate certain fraud issues like phone phish without first obtaining consent from the Royal Canadian Mounted Police (RCMP). As a result, Web-based security providers like Internet Identity must constantly foster relationships within the RCMP in order to facilitate and expedite takedown authorizations. Such action is essential: a prominent 2011 study by Websense, Inc. named Canada the second leading source of phishing scams in the world.

Working jointly with IID, other countries like Italy and Venezuela have taken great strides after initially exhibiting heavy resistance to shutting down fraud sites. In conjunction with these countries’ CERT (Computer Emergency Readiness Team) operations, IID has helped tailor a takedown process for these nations, evolving their policies on how their law enforcement interacts with ISPs. In Italy, for instance, law enforcement contacts are now involved in virtually every takedown at Italy’s largest telecommunication provider.

Tongues and Time Zones

Another complication that can pop up when dealing with international takedowns is the language barrier. Security providers like IID must rely on Internet-based translation services or third-party interpreters when communicating with foreign ISPs, which can ultimately slow down the takedown process. IID’s strong relationship with CERT teams around the world has even resulted in bilingual CERT agents assisting IID with template translations.

Also, because the source of an attack can come from any time zone - just as the target can be located anywhere on the planet - the quest to shut down malicious websites is a never-ending operation that requires 24-7 vigilance. That’s why IID employs analysts and threat mitigation teams on a round-the-clock basis. IID’s evening shift places emphasis on monitoring and mitigating threats hosted in Asia because the Asian business day correlates with their shift. The overnight shift, on the other hand, concentrates on the Middle East and Europe. Of course, since cybercrime never sleeps, IID analysts are always monitoring the entire cyberworld and working with ISPs 24-7 to mitigate threats as quickly as possible, no matter what time it is.

Regardless of where an attack originates from, cooperation between ISPs, law enforcement agencies, and Internet security providers like IID is critical. But they are not the only parties to play a prominent role in the takedown of malicious websites. For example, when a cyberattack is malware-based, an anti-virus company can become a key partner in helping launch a counterassault. We’ll explain how in our next post.