The big bad blackout – policy in the botnet
Dear readers,
Over the past few days you may have noticed a lack if articles here at the Big Bad Blog. The more perceptive amongst you might also have noticed my subtle hints as to why: the botnet.
Wiktionary kindly provides the following definition of a botnet:
A collection of zombies that are controlled by the same cracker.
In short, it means that a hidden virus on my laptop was part of a network of computers sending out spam mail. Wikipedia provides a slightly more robust definition.
So whilst I was off sunning in Bulgaria last week, the good folks at Sky decided to turn off the Internet at home. Karen, not being in Bulgaria, was impacted by this. As the owner of a small consultancy and a job seeker, Internet is a necessity, not a luxury. Upon calling Sky, she was informed that the reason was that one of our computers was infected with a botnet, and delivering vast quantities of spam. It took moments to identify the infected computer: my personal laptop.
With an approximate 25% of computers worldwide infected by botnets (source), ISP policy for handling infected customers has to be an important consideration. In the aftermath of the Big Bad Blog’s brush with botnets, Tech and World takes a look at Sky’s policy and how it could be better.
Sky’s Policy
Noting that I am not actually privvy to Sky’s official process or policy, here is what I believe it to be, based on recent experience:
1: The policy/process is triggered when Sky is informed that large volumes of spam are being generated from one of their IP addresses.
2: Sky monitors the account to confirm the suspicions that the customer is infected with a botnet.
3: On confirmation, Sky cuts off Internet to that customer.
4: Sky sends a letter letting the customer know what happens, and the steps needed to have their Internet turned back on.
What is good about Sky’s policy
As an irate customer, one can expect I would overlook this — I do not. While Sky’s policy is lacking, it is not without it’s bright points. Namely that the process works. It was easy to understand why our service was cut off, and what steps we needed to take to restore our service.
These two things are very important to any policy where a service is being withheld to a paying customer. Clear reasons as to why and how to restore that service are paramount, as is an efficient process to achieve restoration of the service. Sky’s success in these arenas cannot be ignored, and they are thanked for making the process transparent and easy to complete.
What needs improvement about Sky’s policy
One can argue that the strength of Sky’s policy is not the policy itself, but the process. They have a well-defined process which is efficient in achieving its goals. With an estimated quarter of their customers experiencing this at some point in time, the best policy in the world would not help without a decent process backing it up.
But where it can be considered lacking is on the actual policy side of the equation — there is no sign that they have paid the interests of their customers any mind.
First, there is the fact that after notification they appear not to inform the customer with an infected computer immediately, but instead monitor their account to confirm. Banking details, credit card details, and other sensitive information can be stolen by the virus — by not immediately informing the customer, they are placing their customers’ information in danger. That cannot be considered an option.
Yet there was initial monitoring before customer contact, and contact was not made via telephone or e-mail, but by letter. While a letter should most definitely have followed, Sky should have taken a more proactive role in ensuring that their customers are informed in as short a time as possible. A written letter, delivered second class, does not achieve this.
Second, there is the fact that customers are cut off from the Internet before being informed. This causes potential income losses to their customers due to an unexpected interruption in their service, and forces angry calls to Sky’s customer service centre. A call, e-mail or SMS could have delivered a warning that there was one (or more) infected machines on the network, that the broadband connection was being monitored, and the service was scheduled to be suspended if the infected machines were not removed from the network. This would allow the customer to avoid having their service suspended, and hopefully leave them happy that Sky had sent out an alert to the danger posed by the infected machine.
Naturally, if you’re from Sky and reading this, you need to be careful implementing the above suggestions. The good things are both good and necessary. Whatever you do, do not lose these in a review of the overall policy.
Related articles: