[ISN] Second sight

InfoSec News isn at c4i.org
Mon Oct 25 05:59:24 EDT 2004


Dave Birch
October 21, 2004
The Guardian 

I was involved in a discussion about internet policing and child
pornography the other day. There were a number of suggestions: ID
cards, expanding police IT training and so on. None, in my opinion,
were likely to have much impact.

A cursory search on any of the file-sharing networks reveals the IP
addresses of servers distributing child pornography. These "sick
servers" change frequently, but they are discoverable. That is
obvious, otherwise the judges, teachers, policemen et al, convicted of
downloading such material wouldn't be able to find it.

But what to do about them? Knowing that a sick server in some
far-flung former Soviet province is distributing child pornography is
one thing, stopping it is another.

The scale and distributed nature of this problem makes conventional
policing impossible. There are simply not enough resources to track
down every sick server, find the people behind them (even if you
could), and then prosecute.

A more realistic goal may be to disrupt the servers. In many cases,
the owners of the servers have no idea they are being used in this
way. But if their servers go down, then the distribution of the
material will be halted and the owners alerted to the problem. If a
web-hosting company sees a server go down, I am sure they will do
something about it.

One approach might be to capitalise on the internet dynamic of
decentralised cooperation. Instead of internet users calling for
someone else to police their environment, perhaps they should band
together to tackle it themselves.

Internet users already cooperate in a distributed, coordinated way to
tackle other big problems. The canonical example is the search for
extra-terrestrial intelligence (Seti). Around the world, users have
downloaded screensavers that crunch through the signals picked up from
outer space, searching for patterns that could indicate unnatural
sources. When they find one, as happened earlier this year, they
report the signal to a central system for further investigation.

Suppose they were, instead, searching for sick servers? Instead of
merely reporting the problem, they could launch a distributed denial
of service (DDoS) attack.

A DDoS attack occurs when PCs connected to the internet (often because
of a malicious virus, of which users are unaware) simultaneously try
to connect to a website. The target site is swamped, and legitimate
users cannot get through.

Why not link the automated scouring of the internet for sick servers
with the distributed power of screensavers and the DDoS? I am writing
this on a plane: at home there are two G4s doing nothing. If I could
download a screensaver that either searched for sick servers or
obtained a list (from the Internet Watch Foundation) of servers to
attack and then cooperated with thousands of other machines to launch
DDoS attacks against those servers, I would be doing something to

The police could spend their time chasing the paedophile sources of
the sick content rather than trying to put their fingers in the dyke.  
My screensaver might become a life saver. Second

More information about the ISN mailing list