Darknets, Greynets. Dark traffic. The words are frightening. The reality behind them is even more frightening. Increasingly clever hackers, thieves and scoundrels are using the Internet, peer-to-peer products, instant messaging and e-mail to wreak havoc, in ways and for purposes never before seen. Their motivation is clear: They want money, and lots of it. Worst of all, they prey on human nature — and business infrastructure — to do their dirty work for them.
First, some definitions.
Greynet is an offshoot of the term “darknet” which has been used by the entertainment community to denote secret societies that use sophisticated technologies and networks to conduct file sharing, CD and DVD copying, and theft of copyrighted material in general. FaceTime Communications in San Mateo, California coined the modified term to focus attention on network-enabled applications that are installed on a corporate user’s system without permission from IT, and that are very good at avoiding detection and blocking.
While some of these greynets, like instant messaging, have legitimate business uses, others do not, and all are at risk of serving as vectors for malware, loss of intellectual property, identity theft and more.
Dark traffic, according to security software vendor Tumbleweed, is related directly to e-mail and represents that portion of e-mail traffic that is not legitimate business communication. This includes spam, Directory Harvest Attacks, e-mail denial-of-service attacks, phishing attacks, e-mail-borne viruses and other communications unrelated to the delivery of valid e-mail messages. Today the company estimates that upwards of 70 percent of e-mail traffic is actually dark traffic. The cost to the enterprise can be staggering, since it calls for over-resourcing the e-mail infrastructure to handle traffic that doesn’t belong on the network.
An Ugly, New World
These two terms, and the reality behind them, point to a changing world. Although one deals with unintended consequences of desktop applications, and the other with unwanted consequences of normal e-mail usage, both point out the fact that the bad guys are getting greedy.
Whereas participants in darknets might not have been motivated by profit, but rather by the desire for bragging rights or pleasure, those involved in greynets and dark traffic are clearly different. They fully understand the fact that corporations and government organizations are dependent on e-mail — and often on instant messaging, file-sharing and collaboration tools — to get business done. So they are piggybacking on this dependency to fill their pockets.
Dark Traffic: E-Mail Gone Bad
We have all seen the incredible rate at which spam grew from a minor nuisance to a major problem, giving birth to an entirely new genre of security solution vendor. But that was just the beginning. Now we are seeing a tremendous amount of e-mail traffic that should never make its way onto the network, taking advantage of a company’s e-mail infrastructure to steal legitimate e-mail addresses, or to maliciously bring down the company’s network.How big is the problem? According to Pete Chiccino, CIO of the Bancorp Bank headquartered in Philadelphia, up to 60 percent of his company’s e-mail could be considered “dark.”
“It’s mainly denial of service attacks, directory harvest attacks, and pharming and phishing,” said Chiccino, and the issue has escalated to the very top of the organization. “We are an Internet bank, and technology is what drives us. Any outage has a financial impact.”
Bancorp was faced with a dilemma: take the normal route, and manually block the source IP address, or use technology to thwart the problem. They chose to stop the dark traffic before it even entered their network, consequently increasing performance and uptime. The company uses an application-aware network-layer solution from Tumbleweed that stops dark traffic before it can begin to thrash company resources or, even worse, work its evil magic on the network itself.
Greynets: Slipping in Under the Radar
While the threats posed by e-mail might be relatively well understood, many companies find themselves on the slippery slope of “productivity” tools — instant messaging, file-sharing, collaboration, or other similar tools. The term “greynets” at first puzzled John Takemura, first vice president of IT production for Calyon Financial in Chicago, but he admits it does make sense.
“It really is a grey area,” he says, “since the applications that fall into this category are very well hidden and many are designed to be undetectable.”
As a global brokerage firm with offices around the globe, Calyon has regulatory issues, such as capturing all incoming and outgoing communications, as well as security concerns related to spyware. (A frightening example of both is the spyware “phone home” capability that could be reporting information from your network out to someone else.)
One of the biggest concerns is bandwidth. When the firm first started using a tool from FaceTime to find and control such usage, they were surprised to find that 30 percent of network traffic was attributed to greynets. “This was a huge surprise to us, because our normal monitoring tools couldn’t find all of them,” notes Takemura.
Once again there is no silver bullet that will protect an organization from all the threats. And once again we advocate a layered approach. But there are some concrete steps an IT manager or a security officer can take, today, to skirt the dark side of the Internet. Stay vigilant. Educate yourself. According to Chiccino, “Don’t think it will never happen to you — it will. Stay on top of what’s going on in the industry. If you become complacent, you will be a victim.”
Takemura echoes this advice, and goes further. “The layered defense approach is very important, but you need to look at it in multiple dimensions. For example, don’t just rely on a firewall — use two layers of firewall, and make sure they are from different vendors,” he explains. “Most importantly, partner with security product vendors whose very livelihood depends on their staying current. That way you can be sure that you are implementing ‘best practices’ — whatever that means in this constantly evolving world!”
There is tremendous financial gain to be made via the Internet — as well as tremendous financial loss to be experienced by the victims. Be proactive when thinking about dark traffic and greynets. Don’t think you aren’t a target — it is probable that they already pose a much bigger threat than you imagine. By doing do, you can achieve several side benefits: conserving bandwidth, and preserving your IT team’s sanity.
Tanya Candia is a consultant and expert on information technology (most notably data management and security), business management and marketing issues. As president/founder of Candia Communications, she consults with a variety of companies on business, strategy and maketing programs. Candia can be reached at [email protected].