Monday brought mixed news on the ever-expanding cyber-security front.
The good news is that a small band of researchers got together and identified a major new suspected source for malevolence on the Web, Real Host Ltd., then convinced connection provider TeliaSonera to pull the plug.
Jart Armin and Andrew Martin, among others, found that Real Host was using leased space at hosting provider Junik in Latvia to infect Web surfers through unpatched security holes and control chunks of the Zeus botnet, which is stealing financial data from an estimated 3.6 million PCs in the US alone. In the old days, that would have made for interesting reading and not much more.
But ever since similar reports last year pointed an accusing finger over botnet controllers, infectious pages and other badness at ISPs Atrivo and McColo, that kind of exposure is getting noticed by business partners. World spam plummeted after the upstream connectivity providers for McColo cut it off. Earlier this year, the Federal Trade Commission went so far as to get a court to shut down American operation Pricewert, also known as 3FN. And this time, Telia dropped Real Host not long after we first reported on the researchers’ findings.
The bad news was that Melissa Hathaway, who led the Obama administration’s review of cyber-security policy, announced her resignation effective Aug. 21. That gives the White House, already under fire for failing to fill the cyber czar post by now, a firm deadline to get on with it.
Security experts said the tasks of coordinating multiple agencies, defending federal networks and helping protect private carriers will be onerous enough even with a heavyweight in place. Not much is going to happen with no one there, even if Obama has declared the area as one of his top priorities.
