Media Release - APCERT Drill Closes Worldwide Botnet Date: 21 December 2005 http://www.auscert.org.au/render.html?it=5851
The Asia Pacific Computer Emergency Response Team (APCERT) today completed its second annual drill to test the timeliness and response capability of many of its member computer security incident response teams (CSIRT) teams. The drill scenario centred around KrCERT/CC from Korea notifying other APCERT CSIRTs about the detection of a botnet attacking many sites in South Korea and requested intervention and assistance from other APCERT CSIRTs to help stop the attacks, by closing down the attacking bots located in other APCERT economies. A botnet¹ is jargon for a robot network. A botnet comprises hundreds and often thousands of compromised computers (bots) which allow them to be remotely controlled by an attacker to conduct a variety of different types of Internet attacks, including distributed denial of service attacks. APCERT was established by leading and national CSIRTs from the economies of the Asia Pacific region to improve the level of cooperation, response and information sharing among CSIRTs in the region. APCERT comprises 17 CSIRTs from 13 economies. ³This is the second drill organised by APCERT member CSIRTs in China, Japan and South Korea², said Graham Ingram, the APCERT Chair. ³This year, the drill has been expanded to include a number of other APCERT teams, including the leading or national CSIRTs of the Philippines, Singapore, Hong Kong China, Malaysia, Chinese Taipei and Australia, he said. ³The drill is important and helps us refine and test the points of contacts and procedures we have established to share and respond to active Internet attacks in progress. The reality is that APCERT members are already very active in helping each other respond to Internet attacks within our respective economies, but drills like this help us review and improve our procedures and ensure that we are prepared to help each other as best we can², Mr Ingram said. KrCERT/CC, which is part of the Korea Information Security Agency, initiated the idea for the drill and developed the drill scenario. ³Though the drill is designed to improve cross-border cooperation to stop Internet attacks, the drill also demonstrates the need for strong relationship between CSIRTs and Internet Service Providers (ISP) in each local economy,² said Mr Arnold Yoon, Coordination Manager for KrCERT/CC, Korea Information Security Agency. ³Today, most cyber security incidents are cross-border in nature. For resolution to be effective and timely, it is imperative that national CERTs understand the procedures and importance in working with one another. This drill offers an opportune platform to refine processes and prepare the various national teams to better manage security breaches in today¹s borderless world of cyberspace,² said Mr Martin Khoo, Head of SingCERT, Infocomm Development Authority of Singapore. ³The drill has greatly enhanced the response capability of the CERT teams in the region and fostered a closer working relationship among us. As a result, the teams are able to better utilize the resources and expertise in the region to tackle the increasing cyber attacks, and work together to respond much faster to incidents,² said Mr. Roy Ko, Centre Manager of Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT). Mr Husin Jazri, Director of National ICT Security and Emergency Response Centre (NISER), Malaysia said, ³It has been an important event being a member of the APCERT network to cooperatively exercise each other¹s capability in handling incident within the region. NISER through MyCERT (Malaysian Computer Emergency Response Team) has been providing support in responding to Malaysian internet users on computer security incidents,² he added. Further information about APCERT can be found on www.apcert.org. You are a subscribed member of the infowarrior list. Visit www.infowarrior.org for list information or to unsubscribe. This message may be redistributed freely in its entirety. Any and all copyrights appearing in list messages are maintained by their respective owners.