Re: mitigating botnet C&Cs has become useless

[Sean Donelan <sean () donelan com>]

On Tue, 8 Aug 2006, Rick Wesson wrote:
> > > Last sunday at DEFCON I explained how one consumer ISP cost American 
> > > business $29M per month because of the existence of key-logging botnets.
> >
> > Why did you attribute responsibility for the cost only to the consumer ISP? 
> > How much of the cost should be attributed the PC OEM, or the software 
> > developers, or the American business, or the ....?
>
> Because the numbers are significant. Finding any entity that could provide a 
> choke-point for 4% of business side id-theft is an interesting  exercise and 
> of significant value to the community.

Ok, so the ISPs weren't actually responsible for the cost, you are just 
choosing ISPs as a convenient mechanism to impose controls on the 
Internet.

How do you intend to compensate the ISP for providing this valuable 
service to the American business community?  Are American businesses going 
to get together and pay for it?  Or are you expecting ISPs to charge 
consumers more to connect to the Internet in order to pay for it?

Or would the money be better spent by American businesses improving their
ID checking so the problem of id-theft could be addressed regardless of
the information was obtained by criminals, from computers, trash cans, 
phishing, online information brokers, etc.