Hunting Botnets With Randal Vaughn
May 23, 2008 4:00 AM PT
You might call Randal Vaughn the Botnet Slayer. After all, he spends much of his time researching the intricacies of cybercrime carried out through malware marauders perpetrating their evil deeds with robotized computers around the globe.
When Vaughn is not peering through sinuous Internet traffic reports looking for botnet trails, he is lecturing to his students at Baylor University, where he is a popular management information systems professor. Think of him as a sort of Indiana Jones of cybercrime.
Vaughn targets demographics and awareness as his primary research aims. He also teaches business telecommunications, cyber-security technology and cyber-warfare courses in Baylor's Hankamer School of Business.
Perhaps his most striking e-crime-fighting credentials come from his membership in the Anti-Phishing Working Group (APWG), a coalition of industry, law enforcement and government associates sworn to wiping out Internet scams and fraud. The APWG's goal is the elimination of identity theft and fraud caused by the growing problems of phishing, e-mail spoofing and crimeware. The organization is comprised of over 3,000 members and 1,700 companies and organizations worldwide.
Vaughn will present "Botnets: A Plague of Neglect - The Crucial Changes Required to Staunch Runaway Botnets' Proliferation" at APWG's second annual Counter-eCrime Operations Summit (CeCOS II) on May 26 and 27 in Tokyo. His presentation will focus on the major research he has done over the past several years on eCrime and the global communications infrastructure associated with botnets.
The summit will attract leading operations experts, researchers, security professionals and law enforcement officials from Japan, East Asia, the U.S. and Europe. Attendees will discuss operational issues and resources for counter-e-crime professionals. Global counter-e-crime companies in attendance will include research centers and agencies like the Council of Anti-Phishing Japan, the Korea Internet Security Center, the Palo Alto Research Center and Interpol.
TechNewsWorld spoke with Vaughn as he prepared for his trip to the APWG's Tokyo conference.
TechNewsWorld: What fed your interest in Botnet slaying?
Randal Vaughn: I got started in computing when I was in the U.S. Air Force. Back then, I got a sense of security that tailored my career in that direction. After my military service ended, I went to graduate school and started managing one of the mainframes. I had to constantly troubleshoot and deal with student actions.
TNW: Did you receive any specialized training in those early years before Internet safety became such a prevalent issue?
Vaughn: I learned good judgment by making mistakes on the early Internet. I got involved with security people. I guess you could say I fell into it. Of course, when my young daughter started Web surfing, I acquired a personal reason for learning more about security.
TNW: What led to your particular specialty in hunting down botnets?
Vaughn: I give much of that credit to Peter Cassidy, the secretary general of the APWG. He got me interested in the counter-phishing Net activities. Everything we see happening with phishing, spam, ID theft, etc. is related in some way to botnets. A lot of people in the security industry today are concerned about the infrastructure of the Internet that allows botnets to exist.
TNW: In your role as a virtual hunter of bad guys, what do you see as a key factor in having so many botnet criminals?
Vaughn: Cybercriminals enjoy a low risk of getting caught on the Internet. We want to increase this risk. If criminal prosecutions have too many hurdles to put a botnet criminal in jail, then let's go after their profits through civil means.
TNW: Are you seeing progress as a result of recent high-profile arrests of cyber-crooks?
Vaughn: We do need more cooperation from law enforcement. But I do see some signs that we are making an impact. We also need more Internet service provider (ISP) involvement. In general, we need to do a better job of working together to identify who the criminals are, where they are and how they move around.
TNW: The title of your upcoming speech at the APWG Summit suggests that the industry has not been as effective as it should have been. What concerns will you present in your address?
Vaughn: We own the Internet and can shut it down if necessary. We don't have to tolerate botnets. The industry has to start thinking about issues surrounding Internet transparency and Net neutrality. We really need to start seeing some limitations on what people can do for free on the Internet.
TNW: You just mentioned the need for ISPs to work more closely with law enforcement. How much of the blame can rightfully be placed on providers?
Vaughn: Maybe ISPs need to start thinking about their profit model. How much can we reasonably expect ISPs to handle? Granted, their profit margins are too low for them to have all of the answers. So we need to agree on where the money is going to come from and find out who is willing to pay more for a safer Internet.
TNW: What has your botnet research revealed about where the biggest stronghold of e-criminals is located? Recent news accounts point the finger to European and Asian crime groups.
Vaughn: Traditionally, the U.S. is the stronghold of the biggest offenders. But e-criminals exist all over the globe. Of course, the more technologically sophisticated countries produce more of these criminals. It is hard to find out exactly who is behind the organizations running botnets.
TNW: You make the solution sound desperately out of reach. Do you have any hope that the computing industry will solve the botnet problem?
Vaughn: I think that we can eventually solve the botnet problem. But it will be difficult. We need more government involvement. However, we are never going to stop crime.
TNW: Recently, an Air Force colonel suggested that the U.S. government should use botnets as a weapon against our potential enemies. What do you think about using botnets for military purposes?
Vaughn: It's interesting to see the military thinking strategically about botnets. But I think our military needs to be more subtle. It is important for governments to consider the cyber side of the battlefield. Maybe military leaders should think of more sophisticated ways of fighting back. I hope they don't ignore other solutions.