« How to Disable Java on Safari Browser Version 6 | Main | How to Enable or Disable JavaScript in Safari: Choose your Poison »

Thursday, 30 August 2012

A Chain Saw is a Poor Choice for Surgery and for Blocking Web Content

The Internet creates extraordinary opportunities for large populations to monitor and influence politics and lawmaking. Engaged citizens have raised firestorms against antipiracy bills, while powerful lobbies urged politicians to mandate the use of technical measures to protect copyrights. Demonstrators have blogged or tweeted about anti-government protests from rally sites, circumventing governments’ best efforts to prevent the news media from reporting on these events.

In these scenarios, lobbyists and governments looked at the technical measures enterprises and ISPs had used to control user access to or remove content, and they hastily concluded, “This works for them. Why not for us?”

There are several scenarios where the motives to block or remove access are controversial. In some cases -- when technical measures to block access or remove content are incorporated badly into laws -- you end up choosing a chain saw for surgery where a laser or scalpel would suffice. Worse, you often don’t accomplish what you intended.

Yar! Pirates!

Piracyitsacrime_robotson
Hometaping_startagain
Clickcanthide 		In the alphabet soup of antipiracy and content protection legislation, the Stop Online Piracy Act and Protect IP Act are poster children for incorporating technology into law badly. These bills would have mandated the use of DNS filtering to combat illegal use or distribution of intellectual property and copyrighted material.

These bills targeted rogue Websites offering access to copyrighted material. Specifically, they would have given the US attorney general the power to ask federal courts to order ISPs to prevent users from accessing rogue sites hosted outside the US by blacklisting the domain name (“DNS filtering”) and redirecting users to a page telling them the site violated copyrights.

LividFiction_Piracy

This looks very similar to how an enterprise might configure its DNS servers when using a block list to filter spam domains. Those behind bills like SOPA see that this works for the enterprise, and they conclude it would also work at a national level. The difference is that an enterprise imposes the policy uniformly for all of its users and only for its users. The proposed bills targeted sites hosted outside the US. If they had passed, their mandated technical measures would have ultimately proven ineffective, because:

  1. The removal orders could be issued only to US ISPs.
  2. The orders would not compel hosting providers to remove content.
  3. The orders would not compel non-US ISPs to change their DNS servers to block rogue sites or redirect pirate domain names to the attorney general's notice.

The bottom line is that the content would remain there to be found, and determined users could use a non-US ISP’s resolver to circumvent DNS filters. In fact, workarounds became available as anti-SOPA sentiments intensified.

Great walls of fire

Greatchinafirewall_teach42

If SOPA had become law, it would have caused Internet users to receive different answers from the DNS depending on which resolver the user queried. This is exactly the kind of behavior that organizations with mobile workforces encounter when their people travel to countries where access to content is restricted.
In such countries, IP address blocking and URL or keyword filtering are used in conjunction with DNS filtering or redirection techniques to ensure that only state-sanctioned material is available to the population and visitors. The DNS measures are applied today on domain names, but the addition of the XXX top-level domain has caused other nations to investigate whether it is practical to block top-level domains in their entirety. The worry is not whether nations will block TLDs, but what technical measures they would use, how these measures would affect the global DNS, and whether the global Internet will eventually balkanize.

DNS is a critical component of your infrastructure, and some of the issues I’ve been discussing may cause you to think more about how you’re providing name service to your users. (See: Preventing Access or Removing Content: Laser, Scalpel, or Saw? and Shutdowns, Suspensions, & Seizures… Oh, My!) For example, when you consider how DNS blocking is used today, you might include “we’ve been blocked” scenarios as risk factors. My guess is you’ll realize it’s important to stay familiar with pending legislation and know how to remedy false positives.

You should also be thinking about measures you can take to ensure universal resolvability of domain names for your users, especially your mobile workforce. Configuring end points you administer to use name servers or resolvers that you operate or have managed on your behalf may be a proper course for your organization.

 

Originally posted at The Champion Community 9 May 2012

Photos by StartAgain, robotson, redmind, LividFiction, teach42

Posted at 07:30 AM in Domain names and DNS |

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.

Find me on Mastodon and Facebook

Spotlight Posts

  • FTC's proposed Trade Regulation Rule on Impersonation of Government and Businesses is important for #infosec
    M3AAWG comments on the FTC's proposed rule Trade Regulation Rule on Impersonation of Government and Businesses is available. I was one of the contributors to the comment. In the comment, M3AAWG "suggests additional regulatory solutions and best practices to complement the goals of this rule, such as clarifying the scope of the rule to include the use of domain names in impersonation schemes and the use of technologies that enable impersonation" and the important role that Whois plays in investigating impersonation and fraud. Several reports that my Interisle colleagues and I published are cited in the comment, along with the...
  • Cybercrime Information Center reports sharp increases in phishing attacks, unique domains reported in August-October 2022 time period
    A recent ebb in domain names reported for phishing created some euphoria in the domain industry. With phishing activity, as with tides, ebbs are invariably followed by flows. In their August- October 2022 Quarterly Phishing Activity, the Cybercrime Information Center observed a 40% increase in phishing attacks and a nearly 20% increase in unique domain names reported for phishing.
  • Cybercrime Information Center's YouTube Channel
    My colleagues and I at Interisle have created a YouTube channel to complement the quarterly reporting and studies of cybercrime we host at the Cybercrime Information Center. Our goal is to share, in a few minutes, the findings and insights from our research in a format that's easily accessible and shareable, informative, and entertaining. The inaugural videos provide 2-5 minute summaries of our annual Phishing and Malware Landscape studies. We'll continue to produce videos of our annual studies. If you like what you see, leave us a comment.
  • Malware Landscape 2022: unabated malware growth, continued exploitation of IoT devices
    My colleagues at Interisle and I have published a study, Malware Landscape 2022: A Study of the Scope and Distribution of Malware. The study, which analyzed 2.5 million records of distinct malware events from May 2021 to April 2022 collected by the Cybercrime Information Center, explains what malware was most prevalent, where malware was served from, and what resources criminals used to pursue their attacks.
  • New TLDs are coming #Dangerclose.
    A Domain Name Wire post, Time to pay attention to the next round of new TLDs, begins with an ominous: They’re coming. Eventually. While not as dramatic or enduring as Arnold Schwarzenegger's "I'll be back", the reporter cites policy activity at ICANN as evidence that new TLDs are coming. Eventually. In a September 2019 post, and in response to the ICANN memorandum, Readiness to Support Future Rounds of New gTLDs, I asked, Has enough been done to study and rectify the concentration of security threats in the new TLD space? In that post, I quoted correspondence from ICANN's security advisory...

Search

My Photo

Categories