AT&T Policing its Network for Profit

Stephen Yagielowicz
LOS ANGELES — Overworked and understaffed IT departments, as well as overwhelmed home users, have an increasingly active partner in their war against malicious intruders and network-draining resources: telecommunications giant AT&T.

You don't have to be a network engineer to realize that spam, viruses, worms and other forms of malware are a constant nuisance and a catastrophically dangerous problem for Internet users that requires substantial resources to keep pace with.

Enter telecommunications carriers such as AT&T that are no longer passively transporting voice and data across their networks, but will now eliminate many of the passing problem packets for a price.

According to AT&T's Chief Security Officer, Ed Amoroso, a substantial amount of unwanted and harmful material passes over the company's Internet backbone, providing the carrier with an opportunity to eliminate it before it hits corporate networks and home users.

AT&T's network reportedly carries around 14.5 petabytes of traffic daily, with an increasing percentage of that traffic being unwanted by or harmful to users. For example, AT&T estimates that roughly 80 percent of email traversing its network is spam.

"The real solution here is that service providers need to be cleaning the pipes," Amoroso said. "Taking on a greater role in security is a natural evolution for telecommunications carriers."

While AT&T's biggest competitor, Verizon, also offers security services, telecommunications companies have historically not monitored the content of their networks in an effort to enhance their legal protections as "common carriers." One notable exception is their cooperation in the aftermath of the Sept. 11 terrorist attacks, from which the carriers are now seeking immunity from civil actions.

Today's Internet, however, is becoming increasingly congested with worms and viruses, making carrier-level monitoring a necessity if quality connectivity is to be the rule rather than the exception.

For example, Internet security company Symantec reported a five-fold increase in malicious code in 2007, with 1.1 million reported instances and claims that 5 million computers are now infected with bots that are used to to send spam and launch denial-of-service attacks against companies and government agencies.

"The carriers can filter the bits before they get to you," Vice President of research firm Gartner, John Pescatore, said. "That has proven very effective, especially for preventing denial-of-service attacks."

AT&T has offered a DDoS Defense service since 2005, which has been growing by more than 50 percent annually.

DDoS attacks have presented problems to a number of adult website operators that have been targeted both by antiporn activists as well as by their competitors.

Amoroso believes that delivering clean data saves its corporate customers money, as less hardware and fewer IT employees are required and because AT&T is better able to provide continuously updated firewalls and enhanced intrusion detection systems.

AT&T is also considering a service targeted to consumers that could replace standard security products such as Norton AntiVirus on their home computers.

Network management at the carrier level is not without its problems or detractors, however. For example, Comcast is currently embattled in a controversy surrounding its delay of BitTorrent traffic, a protocol often used for illegal file trading, while AT&T is being criticized for considering filtering copyrighted content from its network.

"Protecting yourself from unwanted communication is not illegal," Yale Law School professor Susan Crawford opined. "The problem is if AT&T is using these security services as an occasion to intercept the content of domestic Internet communications for some other purpose."