Cyber-paramedics fight Internet infections
Our feature outlines the current situation in cyberspace and explains how users can protect themselves.
Security in cyberspace is something that concerns policymakers, customers and businesses alike. Internet service providers play a key role, however.
In our view, providers' responsibilities include warning customers whose computers have malware infections and are possibly being remotely hijacked for criminal purposes. Needless to say, providers can issue such warnings only when they are in a position to learn of spam-mailing occurring via subscribers in their IP address ranges.
Focus on awareness
Each month, Deutsche Telekom provides an important service for customers by sending up to 40,000 e-mails and letters with such warnings. In so doing, it is also helping to reduce and contain threats on the Internet. Deutsche Telekom furthermore keeps working to raise awareness about the risk and opportunities in cyberspace.
Each month, Deutsche Telekom's Security team receives more than two million indications of suspected abuse of Internet services.
Relevant abuse is occurring, for example, when a customer's malware-infected computer is attacking other computers, or sending spam, via a Deutsche Telekom Internet access.
The methods of the Telekom Security team
The most important sources of tips regarding abuse include security organizations, Internet service providers and Deutsche Telekom's own "honeypots." The Telekom checks tips for relevance, the Telekom Security Team identifies affected customers and then sends them a guide, via both e-mail and regular mail, that explains how to remove the malware from their computers. When a customer's computer continues to launch attacks, in spite of such measures, the Telekom Security Team takes additional steps. For example, it might temporarily block certain services, such as e-mail, in order to protect other users.
Responding within seven days
In each case, the Telekom Security Team has a seven-day period in which to follow up on external indications and identify affected customers. At the end of the seven days, pertinent stored IP addresses are deleted. This practice conforms to the German Telecommunications Act, and it has been upheld – most recently, on July 3, 2014 – by the Bundesgerichtshof (Germany's Federal Court of Justice) in Karlsruhe.