CyberRehab's mission? To clean up the internet, one ASN block at a time

A new project aims to mitigate cybercrime by making it in the economic and business interests of ISPs and telcos to clean up the internet.

CyberRehab wants to prove that it can establish an IP range that hackers choose to stay away from. If miscreants try to attack, they will lose their infrastructure.

The IP range will be protected by a combination of honeypots, nagging and certification for good ISPs. It will probably include discrimination of non-certified ISPs through peering, tagging of suspected malicious traffic, making the ISPs closest to the hacker in charge of cleaning up, and a global secured segmented corporate-style network as a replacement for Tor and more.

Detection of malware will be based on firewalls, intrusion detection systems and internet provider security on the receivers' end, and therefore will not introduce any packet inspection by ISPs (a class of technology that poses a privacy risk).

It's a lofty aim and some knowledgable security observers are expressing scepticism about its practicality. "Cybercrime can't and never will be eradicated, just like crime can't and never will be eradicated," said Brian Honan, founder and head of Ireland's CSIRT and special advisor on internet security to Europol.

Bulletproof vest

CyberRehab faces a cybercrime ecosystem that includes bulletproof hosting sites run by ISPs that ignore takedown requests.

The immediate focus of the project is Africa rather than eastern Europe, which many experts see as the locus of more malfeasance. "[The] problem in eastern Europe may be bigger, but governments may also be more involved which will make this much more complicated," Oystein Torsas, a spokesman for the project, told El Reg. "The IP range may be established in an African IP range, because there are more available addresses and because African countries need a more aggressive approach to cybercrime than what is normally accepted in Europe."

Countries and ISPs that don't implement sufficient cybersecurity represent a problem not only to themselves but to others as well, backers of the project argue.

"CyberRehab is about making the sender responsible for blocking malicious traffic," Torsas added. "The sender is in much better position to determine what's malicious or not. Even better than to block, is to get rid of infected units, malicious servers and peering contracts with ISPs that are addicted to cybercrime."

Legislation is 'useless'

Fighting the problem of poor internet hygiene through cooperation and offering incentives to service providers that act as good netizens is preferable to approaches that rely on tougher regulations and new laws, according to CyberRehab.

"Legislations are useless because hackers know how to hide in one jurisdiction and attack in another," Torsas explained. "That changes if we hold the sender responsible. Influencing peering agreements between ISPs is the best way to make the sender responsible for ensuring that criminals end in prison or get rehabilitated."

CyberRehab is preparing an EU research project with some universities, mainly in Spain and the UK. The project is looking to encourage further industry and academic participation.

"It's led by UPC university in Barcelona. Oxford also claims to be very interested along with 20+ other universities," Torsas told El Reg. "When it comes telcos, it's also hard to make things happen, but I've received positive feedback from Telefónica Spain, BT Spain, Euskaltel, Telstra, Telenor, Orange Poland, SwissCom and a few more. I wouldn't call any of them signed up yet, though."

CyberRehab is owned by a Norwegian NGO but will do business with for-profit partners in individual countries."The first countries will hopefully generate proof of concept free of charge while those joining later will pay a much higher price," Torsas explained.

Eventually a "hacker-free" IP address range could be curated and sold by commercial partners all over the world, or so the plan goes. ®