Abuse Information Exchange
The Abuse Information Exchange Association was initiated by KPN, SIDN, Solcon, Tele2, UPC, XS4ALL, Zeelandnet and Ziggo. SURFnet and RoutIT committed themselves to the initiative last year and are helping to broaden knowledge and insight. The aim of the association is to improve the provision of information about botnets and other forms of Internet abuses in the Netherlands by collecting and correlating data about infections from various sources at a central point. This enables botnet infections to be combated faster and better, thus improving the security and stability of the internet. The Abuse Information Exchange is an open initiative with the ambition of reaching as large a proportion of the Dutch Internet infrastructure providers as possible.
Abuse Information Exchange

In the fight for a safer Internet, the Abuse Information Exchange Association launched the AbuseHUB. A software system that allows botnets and computers infected with malware to be better identified. An important step towards greater security and stability on the Internet. Ibuildings was responsible for the development of the AbuseHUB. Tom Hendrikx, system development coordinator for AbuseHUB and Michel Zoetebier, Abuse Specialist KPN, explain why.

Hundreds of thousands of computers in the Netherlands are infected with a botnet infection every year, according to [research by Delft]University of Technology (https://goo.gl/kf4498).
At least 5 to 10% of all consumers are affected by Internet criminals and that number is growing. That’s why a number of providers, together with SIDN, registry of the .nl domain, jointly set up the Abuse Information Exchange association in 2012, financed by a subsidy from the Ministry of Economic Affairs and a start-up contribution from SIDN.
The goal? To collect and centralize information about botnets so that providers can take faster and more targeted action. Tom Hendrikx: “The AbuseHUB is the hub where all complaints about botnet infections come in. The system analyses and sorts the information and sends it to the affiliated members. They can then take quick and targeted action within their network and limit the damage caused by botnets and save costs”.

Package of demands

For the development of the AbuseHUB, the association drew up a substantial package of requirements and wishes. Three demands stood out. Tom Hendrikx: “First of all, the software had to be able to convert all the different sources and formats that were supplied to one standard format, so that the members could easily work with them. Secondly, we wanted to add intelligence to the data. The software had to be able to correlate: analyse abuse reports and add a score, so that members could immediately understand the seriousness and urgency of the reports”. Michel Zoetebier adds: “Finally, we wanted to develop the system in open source, so that we could extract knowledge from and share it with the community, after the AbuseHUB has proven itself in Dutch practice over a longer period of time. Then other stakeholders can also set up their own AbuseHUB”.

Thorough selection

The association evaluated the proposals of various providers. Tom Hendrikx: “In addition to financial and economic capacity, expertise and references, we also looked at the quality and price of the solution and approach. Quality was more important than price”. Michel Zoetebier: “In the total score Ibuildings was the best. They thought along with us and were clear about what was and what wasn’t feasible. They had really immersed themselves in us.” Tom Hendrikx continues: “Ibuildings also paid direct attention to the costs, both in the initial development and for the future. For example, by cleverly realising features that we wanted in the software. Often slightly different from what we had thought ourselves. Very surprising. That was exactly what we were looking for in a partner”.

Trust

They built the system based on the architecture and designs that Ibuildings had presented for the AbuseHUB. In close collaboration with the Working Group Information Exchange, which tightly directed the requirements and design principles. In doing so, they had to take the future into account, because the system had to be easy to expand. Michel Zoetebier: “For the scalability of the AbuseHUB, Ibuildings used an innovative processing technique, so that the system can process the level and numbers we expect in the future. A performance test showed that it works. That gives confidence.” Within four months, the AbuseHUB went live: on time and within budget. “I know of few projects that have produced such a result and so few problems in such a short time,” says Tom Hendrikx.

Good results

The AbuseHUB now processes the input from multiple sources and forwards it to the affiliated members. There are several release phases, each with its own requirements and wishes. Michel Zoetebier explains why. “We are phasing consciously, because we want to realise the connection with the abuse processes and abuse automation for all members. The reactions of the affiliated providers are enthusiastic. They are involved and motivated and see that the AbuseHUB helps them to fight botnets. Tom Hendrikx: “They find the information they receive clear and useful. A nice sequel is that members are now also improving their own systems and processes and exchanging best practices about abuse”.

Satisfied?

“Absolutely,” says Michel Sweet Beer. “Ibuildings has quickly become involved in the world of abuse and they continue to develop. They are skilled people and a pleasure to work with. You are looking for a smart party that is flexible at the same time. Ibuildings makes that happen with us.” Tom Hendrikx looks at the way Ibuildings managed the project. “Finance and turnaround time were essential for us. From the tender onwards, we emphasised that we wanted to steer firmly on this together with the supplier. Ibuildings has lived up to that 100%. They delivered the entire project within budget with agreed quality and on time. That’s really worth a compliment.