Internet providers can function as control points for cyber security, says Dr Samaneh Tajalizadehkhoob. She discovered that most of the cyber crime originates from large and cheap providers offering shared hosting.
For her study into the role of hosting providers in web security, the Iranian-born Dr Samaneh Tajalizadehkhoob identified 45,000 internet providers in 150 countries worldwide, varying widely in size from a couple to millions of web servers. The aim of her PhD research at the Faculty of Technology, Policy and Management was to identify the role of hosting providers in fighting cybercrime.
One of the outcomes is that most (84%) of the phishing activity – sending fake emails to obtain sensitive information - on the internet comes from specific providers with many customers offering shared hosting. Having many WordPress accounts on a single server was also found to make providers more vulnerable to criminal misuse.
Once it’s known which type of providers is the most popular among cyber criminals, measures can be taken. ‘Practically speaking,’ she writes, ‘a hosting provider might adjust the services it offers in order to reduce its vulnerability to abuse. For instance, providers that offer shared hosting could internalise all security decisions regarding client-side applications to retain better control over patching levels (securing timely software updates-red.). Or, limits could be placed on the applications that clients may install.’
When contacting the sector, it turned out that some Dutch internet providers were quite unaware of the criminal abuse in their networks. Tajalizadehkhoob proposes to make blacklisted data of blocked sites available to internet providers to improve their awareness.
Other practical measures she proposes include:
- taking down providers that facilitate most of the cyber criminality, wittingly or not;
- introducing tax cuts for providers willing to implement security measures, such as proactively installing software updates;
- setting up websites that show the price/security performance of hosting providers, thus creating information transparency.
In a reaction, the managing director the Digital Infrastructure Association NL (DINL), Michiel Steltman writes: ‘Members of the DINL recognise the need for hosting providers to intensify their conduct with respect to mitigating abuse and other unlawful or undesirable activities. As a sector, we embrace research aimed at identifying the problems and possible solutions. We recognize and agree with the need for a combination of sticks and carrots to motivate providers to improve. Tax measures, black- and whitelisting could be effective instruments, but only if the rating and measurements of their conduct are correct, objective , and include a sufficiently large and representative collection of platforms in an international setting. In addition to this research, we consider therefore the operational availability of a reliable and continuously improving international rating system as a requirement for implementing the proposed solutions.’
- Samaneh Tajalizadehkhoob, The Role of Hosting Providers in Web Security, 5 January 2018, PhD supervisors Prof. Michel van Eeten and Prof. Martijn Groenleer (TPM).
07-02-18 - second sentence of introduction replaced. Was: ‘Criminals show a preference for large and cheap providers offering shared hosting'. However, Professor Van Eeten pointed out that criminals don't have preferrence. "It's just a matter of size and ’attack surface". he wrote.