Constant Guard Rolls Out Nationally
Security Scene: Constant Guard Rolls Out Nationally
Posted by Jay Opperman, Senior Director of Security and Privacy, in Security and Privacy
Our Constant Guard service (introduced in October 2009) is the result of a multi-year effort to create a comprehensive approach to protect our customers from increasingly sophisticated online security threats.
One of the most pressing threats has to do with bots - or robots - which are a malicious form of software that can take over your computer and command it to do things like send spam, host a phishing website or lead to identity theft by collecting all your keystrokes - like user IDs and passwords.
The National Cyber Security Alliance has called bots "one of the fastest growing cyber crimes," and recent research estimates the cost of identity theft fraud in the United States increased 12.5 percent in 2009 to $54 billion. A lot of that theft was the result of cyber criminals using bots.
As the nation's largest ISP, we're doing our part to detect bots and notify customers who we believe may have a computer that is being controlled by one. Last year, we launched an automatic bot detection and notification trial in Denver. During the trial, customers with computers that appeared to be infected with bots received a notification informing them of the potential bot infection and links to resources they could use to check and remove the bot.
Response to the trial was very positive and today we are beginning to roll-out the bot notification and detection service nationally on a market-by-market basis.
As we enter a market, customers will receive an e-mail announcement letting them know the Constant Guard service is now available in their area. Bot notifications will be first sent by e-mail. Once we are rolled out to all markets, we will add on an in-browser Service Notification (see image below), which makes it quick and easy to take action.UPDATE - Part II: Constant Guard Rolls Out Nationally
Yesterday, we announced we were taking our Constant Guard Bot Detection and Notification service nationally. As the nation's largest ISP, we have a responsibility to protect our customers from online threats, and this is yet another step we've taken in this direction. Bots are a fairly new phenomenon, and as the Messaging Anti-Abuse Working Group (MAAWG) pointed out earlier this year a healthy majority of consumers don't understand what a bot is. A good article to read is Elinor Mills' post at CNET.
One of the first things we're trying to do is educate our customers about bots and what they can do about them. Our bot detection and notification service is an effective network-based solution, which means there is no software for our customers to download, and absolutely no searching into individual's computers. So our customers can have peace of mind knowing that Comcast takes their security and privacy very seriously, and is working to protect them without customers having to take additional steps to benefit from this offering.
So what are we doing and how does this work? Let me take a step back and explain. A bot is a malicious form of software that is remotely controlled like a "robot" by someone with a criminal intent. Many bots are commanded to send spam or host phishing websites (which are "fake" websites intended to trick people into entering credit cards or social security numbers). Other bots track every keystroke typed on a keyboard. A cyber criminal can comb through that data to find usernames and passwords that lead to identity theft and financial fraud.
To set up a bot, a cyber criminal establishes what is known as a "command and control center" (CNC). This is essentially the bot's brain, which is sent instructions by the person who set it up. The command and control center sits out in the Internet somewhere at a specific IP (Internet Protocol) address. Many of these IP addresses can be identified and flagged by security professionals, Internet engineers and others. Since we know that any communication with the known CNC is from a bot, when contact is made our system sends a notification to the Customer IP address that made contact with it.
Many customers have multiple devices connected to their modems - desktop PCs, wireless laptops, gaming consoles, smart phones, iPads and more - so any one of them could be the one that is receiving commands from the bot.
Cyber criminals are getting more and more sophisticated and we encourage our customers and all consumers to remain vigilant. Be careful what you download to your computers and devices, use up-to-date anti-virus software and take the time to talk with your kids or grandkids or friends about how to remain safe online. For more information, visit www.comcast.net/security