Internet service providers need to work harder to prevent hacks, data theft and other fraud, including contacting customers whose infected computers have been hijacked by organized crime and helping them clean out viruses, the head of the Federal Communications Commission said on Wednesday.
FCC Chairman Julius Genachowski said he sought “smart, practical, voluntary solutions” to the massive problem of Internet fraud and data theft. He estimated that 8.4 million credit card numbers are stolen online each year.
Policymakers are eager to prevent security problems and subsequent bad publicity from slowing the growth of the Internet market, worth about $8 trillion a year.
“If consumers lose trust in the Internet, this will suppress broadband adoption and online commerce and communication, and all the benefits that come with it,” Genachowski said in a speech.
In addition to helping customers whose computers have been pulled into a botnet, a network of computers used to send spam aimed at committing fraud, Genachowski urged network owners to adopt standards to ensure that Internet traffic goes through the most efficient route and to prevent any hijacking.
That step would presumably prevent a repeat of a 2010 incident where some 15 percent of Internet traffic was diverted through Chinese servers for about 18 minutes, said Genachowski.
The reason for the diversion, whether an innocent mistake or cyber espionage, has never been established.
Lastly, Genachowski urged Internet providers to adopt a system called DNSSEC to ensure that if an Internet user, for example, types the Internet address of their bank that they will go to their bank’s web site rather than a fraudulent web site designed to steal passwords.
Comcast, which already contacts customers who have been pulled into botnets and which already uses DNSSEC, praised the chairman’s speech.
“To be effective, everyone who is a part of the Internet ecosystem must play a meaningful role in ensuring that private and government networks, and personal computers and devices are secured,” said Comcast/NBCUniversal President Kyle McSlarrow in a blog posting.
There was no immediate reaction from Verizon or AT&T Inc.
Internet security experts were pleased at the prospect of Internet service providers informing customers when their machines were pulled into criminal botnets, and helping them clean up their machines.
“The notification has to happen in some way. I think it’s overdue,” said Johannes Ullrich, a cybersecurity specialist at the SANS Institute Internet Storm Center, which monitors threats.
Some of the ISPs found that it was cheaper to notify customers before they telephoned to complain. “If you’re infected with malware, your computer is going to be slow. And the first thing they (customers with slow computers) do is call the ISP,” said Ullrich.
Dmitri Alperovitch, president of Asymmetric Cyber Operations, said he supported any effort to clear out botnets but said the FCC effort would do little to stop two other major threats: state-supported cyber-espionage, often blamed on China, or securing mobile devices.
Prominent hacking targets have included VeriSign, RSA, an authentication company owned by storage maker EMC Corp, and defense contractors such as Lockheed Martin Corp. Others include web search leader Google Inc, Citigroup bank and exchange operator Nasdaq OMX.
There are other efforts in Washington to ensure the Internet continues to function smoothly.
On Capitol Hill, the Senate is considering a bipartisan bill that requires the secretary of homeland security to designate certain infrastructure like air traffic control as critical and compel steps to defend against hackers.
The U.S. House of Representatives is considering similar legislation.