Peering through internet traffic to spot crime before it happens
“Using this tool we spotted a bug that could have brought down a significant proportion of the global internet in only a few hours.”
Simon McCalla, chief technology officer of Nominet, is talking as green and red circles on a screen move around at his touch, showing suspiciously anomalous web traffic.
Think of them as kind of like a digital Postmaster General, making sure that everyone has their own address and that those addresses match up with the person who owns them
This is a visual representation of the internet — or, at least, a part of it — produced by turing, a new security app from the company that’s in charge of the UK domain name registry. Think of them as kind of like a digital Postmaster General, making sure that everyone has their own address and that those addresses match up with the person who owns them.
turing is a tool for analysing traffic that flows through the domain name system (DNS), the worldwide backbone to the internet that keeps the register of where things are online, so that data going halfway across the world and back knows exactly how to get there. It’s a bit like watching a simplified version of the tech in the movie Minority Report, as “bad” traffic — requests targeted at addresses that don’t exist, or requests coming from one address that suddenly generates an unexpectedly large amount of traffic — gets identified automatically, and marked out as orange-to-red splotches in a sea of green (“normal”) traffic.
Nominet has been in charge of .uk domain names since it was founded in 1996 as a non-profit by Dr Willie Black. Recently, it has begun to expand beyond just domain name registrations, trying to figure out how to use its “unique perspective”, as McCalla calls it, for public good. So far that’s included research into the Internet of Things, which was deployed as part of a trial to build a network to detect flash flooding in Oxford and save the city millions; and it’s also working on dementia research, where smart devices could aid people in remembering things and actions around the house.
With turing, the idea is to make best use of Nominet’s expertise in the infrastructure of the internet. “It’s about using the DNS data for public good, for security,” McCalla explains. “And if we can share things we know, we should. With turing, we can identify bad actors in the tech space. It shows how our data and our development are feeding each other.”
There’s no analysis of data packets themselves with turing — in other words, nobody’s opening the mail as it’s moving through the postal system — just the origin point and destination. McCalla claims that they can spot some issues, like a new ‘botnet’ coming online — several thousand computers connected together for malicious activity — up to two hours before many specialist security companies. Several of those online security companies have already expressed an interest in turing, which can be run off “reasonably straightforward hardware” thanks to the cloud, McCalla says.
The “malicious” agents behind botnets test thousands (or even millions) of addresses from databases cobbled-together and sold on the black market
The “malicious” agents behind botnets test thousands (or even millions) of addresses from databases cobbled-together and sold on the black market, and when defunct sites or email addresses suddenly get a lot of requests, it’s a reliable indicator that something dodgy is afoot.
But sometimes, there are more prosaic things that the app can spot — like a fake URL that the makers of the BBC comedy-drama Murder in Paradise put in one episode, which gets flagged up every time it gets repeated somewhere because nobody actually registered it in real life.
This story is one of 30 celebrating the launch of .uk domain names in 1985. To read the others visit our 30 Years of .uk hub. To start your own .uk story check out www.agreatplacetobe.uk.
