Abuse of the internet
In the modern world, the internet is the global medium for communication, information exchange, social interaction, collaboration and commerce. However, the internet's success has a down side. Precisely because it is so important to society and the economy, it is increasingly a medium for regimes, criminals and terrorists to pursue their own ends. Some of the most common forms of internet abuse are briefly outlined here.
(D)DoS stands for (distributed) denial of service. A denial-of-service attack is ‘distributed’ if it involves a number of computers (sometimes millions) simultaneously bombarding a single target with traffic. The target may be a computer, a computer network or an internet service, and the aim of the bombardment is to render the target unavailable to ordinary users. An attack will typically entail so many computers trying to visit a particular website or use a particular service that the server cannot cope. As a result, the site or service is made unavailable to genuine users. Attackers will often use botnets to launch their assaults. A botnet is a network of computers that have been infected with malicious software (malware). When activated by the attackers’ central command and control servers, the malware makes all the computers in the botnet send requests to the target at the same time. Botnet malware usually works in the background, without the people who own the infected computers being aware of it.
Reducing the risk
There are various ways of reducing the risk:
To prevent your computer becoming part of a botnet, it’s important to keep the software on your computer(s) up to date and to be selective about the links you click on. We recommend using anti-virus software as well.
Network administrators can protect their infrastructures with Intrusion Detection Systems (IDS) and/or Intrusion Protection Systems (IPS) or even honeypots. NetFlow is a very useful infrastructure protection tool. There are also services, some of which are free, which can alert you if your network is infected. Your internet service provider may well already use such services.
SIDN is protected in various ways against (D)DoS attacks that might otherwise disrupt its services and affect the availability of the .nl domain. For example, we have a network of (local) anycast nodes.
SIDN has also taken steps to prevent its DNS infrastructure being abused for ‘amplification’ attacks against third parties.
SIDN actively scans for command and control servers associated with .nl domains. When we detect such servers, we work with our partners to take them down.
General information about protection is available from the website of the National Cyber Security Centre.
Typosquatting is a form of abuse that takes advantage of the fact that people sometimes make slips when typing web and e-mail addresses. For example, a user may get one or two letters wrong when typing the address of a website, and consequently find themselves looking at a site that is full of adverts or that offers a rival service. In other words, typosquatters cash in on the reputation and success of popular sites and services. Even worse, many typosquatters’ sites are used for criminal purposes. They may infect visitors’ computers with malware, for example. Or the squatter site may look just like the site of a trusted organisation, in order to trick visitors into parting with money or disclosing confidential information. Typosquatting is often closely linked with phishing. As a result, it undermines users’ confidence in the ‘genuine’ companies and institutions whose sites and services they want to use.
Reducing the risk
SIDN’s Domain Name Surveillance Service alerts you whenever a domain name is registered that is very similar to your domain name or company name. Read more about DBS.
Phishing is a form of internet-based fraud, also known as website spoofing. The victim typically receives an e-mail that looks as if it comes from a bank, a social medium or another familiar service provider. In the mail there will normally be a link. However, the link takes the user to a fraudulent or ‘spoofed’ website. The spoof website will usually have a URL very like the genuine site that the user thinks they are visiting. What’s more, the spoof site may be very hard to tell apart from the genuine one. Consequently, the user is liable to think they are on the genuine site and, when prompted, to confirm their account details and/or provide other confidential information. So the phishers trick people into parting with personal details and passwords, which are then used to steal money from the victim or to obtain goods and services at the victim’s expense.
Reducing the risk
Look out for anything unusual or suspicious in e-mails you receive or websites you are directed to. The design might not be quite what you are familiar with, for example. Or the wording may not be what you would expect from your bank or service provider. Never give confidential information, such as your bank account details, your PIN or your Public Service Number in an e-mail. Your bank will never ask you for that kind of information. - You can reduce the risk of phishing by protecting your computer or computer network with a virus scanner and making sure that you always have the latest browser version installed.
Use a spam filter, so that fewer suspect messages make it to your inbox.
Protect the domain name system (DNS) using DNSSEC
More information about phishing is available on the website Digibewust (in Dutch)
More information about phising on the secure banking information site
E-mail spoofing is a common form of abuse. With e-mail, it is very easy to falsify a ‘from’ address, so that a message appears to come from, for example, a familiar organisation, when the real sender is a fraudster. Email spoofing is often used for sending spam. Web addresses given in spoofed e-mails are typically linked to fraudulent websites. Such sites may exist to trick visitors into giving confidential information (phishing) or to offer commercial or other services, often of dubious value. It isn’t always institutional mail addresses that are spoofed, however. Sometimes, a message will appear to come from someone you know – a form of attack known as ‘social engineering’.
Reducing the risk
Be on the lookout for suspect senders. Pay close attention to the contents of incoming messages: are there typing errors and grammatical mistakes of the kind you wouldn’t expect from a large institution? If the message starts ‘Dear…’ without giving your name, ask yourself whether that is normal.
You can protect your domain (or get it protected) with relatively new technologies, such as DKIM/DMARC and DNSSEC. Those technologies allow for sender verification, thus reducing the risk of abuse.
You can also protect your domain through the Sender Policy Framework (SPF). SPF enables receiving mail servers to check whether the sending mail server is allowed to send mail for the relevant domain.
You can give your messages a digital signature, e.g. using S/MIME. A digital signature is a form of authentication that the recipient can check.
Naturally all confidential e-mail should be encrypted, e.g. using S/MIME, PGP or by means of inter-server secure SMTP (StartTLS).