Information security is very much like a professional team sport, where you not only have to work with your internal teammates but also need assistance from a range of supporting partners too.
Such partners can provide extra support when you don’t have the expertise or resources in-house, and a broader visibility of attacks that are occurring in the community. They have been key to the success of this community for a long time.
There are many so great collaboration stories in the security response community, but one support organization worth highlighting is the ShadowServer Foundation.
I first heard about them back when I was working at the Malaysia Computer Emergency Response Team (MyCERT) around 2007. They started to share feeds of computers/systems infected with malware with us.
Sharing this type of information with a national CERT helps with understanding the local context of this malicious activity and identifying how many systems are a part of certain botnets. This can then allow the CERT to initiate relevant outreach activities ranging from issuing advisories, doing awareness campaigns and proactively working with stakeholders, such as ISPs, to fix the issue.
Apart from this, I remembered that despite being relatively small, they also supported a regional CSIRT event — the Kuala Lumpur FIRST Technical Colloquium 2009.
Although I no longer work for a national CERT, I still get involved with supporting many national CERTs/CSIRTs. And to this day, I continue to see that whenever a new CERT/CSIRT reaches out to ShadowServer, they will be provided with the feeds and appropriate support, at no cost.
In addition to the feeds for CERTs/CSIRTs, network operators and other constituents, ShadowServer has also supported the LEA community in various botnet ’take down’ efforts, which has led to successful criminal seizures and arrests. In other words, efforts such as these, help prevent more losses to potential victims.
Supporters also need support
Having supported so many teams and initiatives for so long, the ShadowServer crew are now in dire need of financial support — unfortunately, they lost support from a long-term funder, which you can read more about here.
This situation puts the public benefit services that ShadowServer has been providing since 2004 at risk. This will be a big loss not only for the CERT/CSIRT and LEA communities, but to all Internet users.
APNIC has provided some financial support to their cause and I hope by highlighting their story and how they have helped our community you can help spread the word or also consider supporting their cause.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.