Skip to main content

APCERT Drill Closes Worldwide Botnet

The Asia Pacific Computer Emergency Response Team (APCERT) today (21 December 2005) completed its second annual drill to test the timeliness and response capability of many of its member computer security incident response teams (CSIRT).

The drill scenario centred around KrCERT/CC from Korea notifying other APCERT CSIRTs about the detection of a botnet attacking many sites in South Korea and requested intervention and assistance from other APCERT CSIRTs to help stop the attacks, by closing down the attacking bots located in other APCERT economies. A 'botnet' is jargon for a robot network. A botnet comprises hundreds and often thousands of compromised computers (bots) which allow them to be remotely controlled by an attacker to conduct a variety of different types of Internet attacks, including distributed denial of service attacks.

APCERT was established by leading and national CSIRTs from the economies of the Asia Pacific region to improve the level of cooperation, response and information sharing among CSIRTs in the region. APCERT comprises 17 CSIRTs from 13 economies.

"This is the second drill organised by APCERT member CSIRTs in China, Japan and South Korea," said Graham Ingram, the APCERT Chair.

"This year, the drill has been expanded to include a number of other APCERT teams, including the leading or national CSIRTs of the Philippines, Singapore, Hong Kong, Malaysia, Chinese Taipei and Australia," he said.

"The drill is important and helps us refine and test the points of contacts and procedures we have established to share and respond to active Internet attacks in progress. The reality is that APCERT members are already very active in helping each other respond to Internet attacks within our respective economies, but drills like this help us review and improve our procedures and ensure that we are prepared to help each other as best we can," Mr Ingram said.

KrCERT/CC, which is part of the Korea Information Security Agency, initiated the idea for the drill and developed the drill scenario. "Though the drill is designed to improve cross-border cooperation to stop Internet attacks, the drill also demonstrates the need for strong relationship between CSIRTs and Internet Service Providers (ISP) in each local economy," said Mr Arnold Yoon, Coordination Manager for KrCERT/CC, Korea Information Security Agency.

"Today, most cyber security incidents are cross-border in nature. For resolution to be effective and timely, it is imperative that national CERTs understand the procedures and importance in working with one another. This drill offers an opportune platform to refine processes and prepare the various national teams to better manage security breaches in today's borderless world of cyberspace," said Mr Martin Khoo, Head of SingCERT, Infocomm Development Authority of Singapore.

"The drill has greatly enhanced the response capability of the CERT teams in the region and fostered a closer working relationship among us. As a result, the teams are able to better utilize the resources and expertise in the region to tackle the increasing cyber attacks, and work together to respond much faster to incidents," said Mr. Roy Ko, Centre Manager of Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT). The HKCERT was set up by the Hong Kong Productivity Council to provide a centralized contact for computer and security incident reporting and response for local enterprises and Internet users.

Mr Husin Jazri, Director of National ICT Security and Emergency Response Centre (NISER), Malaysia said, "It has been an important event being a member of the APCERT network to cooperatively exercise each other's capability in handling incident within the region. NISER through MyCERT (Malaysian Computer Emergency Response Team) has been providing support in responding to Malaysian internet users on computer security incidents."

Further information about APCERT can be found on www.apcert.org.

For media enquiries, please contact:
Hong Kong Productivity Council
Ms Betty Lee
General Manager
Corporate Communications and Events
Tel: (852) 2788 5036
Fax: (852) 2788 5056
E-mail: emilyc@hkpc.org

APCERT Secretariat
Ms Shiori SATOU
Tel: +81-3518-4600 (Mon-Fri, 10:00-17:00 JST)
E-mail: office@jpcert.or.jp

21 December 2005