Cyber crime is a source of growing concern for businesses in the developing countries of Africa and the Caribbean. Law enforcement officials and security experts in those regions and around the world struggle to keep pace with the escalating sophistication of transnational cyber criminal operations. By some estimates, cybercrime will cost approximately $6 trillion per year on average through 2021.
Not only have the measures to counter cybercrime progressed too slowly, but the evolution of some core components of the Internet itself has also lagged behind. One part of the Internet architecture exploited by malicious actors is the Domain Name Service, or DNS, which is used routinely to carry out email fraud, malware, ransomware and other common cyber threats. A lot of malicious actors have figured out ways to abuse low-security DNS servers, and use them to compromise people’s devices.
The fight is far from over, however. A group of major tech players recently flipped the script on bad actors, unveiling a free security solution designed to deploy DNS to keep users safer online.
IBM, Packet Clearing House and the Global Cybersecurity Alliance on November 16 launched a free, public, global recursive DNS resolver, with strong privacy and security features built-in. Aptly named Quad9, it uses the IP address 220.127.116.11, and can be enabled with a few changes to network settings.
“Quad9 is a free layer of protection that will put the DNS to work for you,” said John Todd, executive director of Quad9. “It allows optional encryption of the query between the user and the server, and it minimises the amount of data that can leak to unknown destinations. And it uses DNSSEC to cryptographically validate the content of the DNS answers that it’s passing back to users for domain names that implement this security feature.”
The new service can be extended to Internet of Things (IoT) smart devices, which face vulnerabilities such as botnet command-and-control requests. Several leading cyber security firms are feeding updated threat information into Quad9, and the service leverages that global intelligence to help keep individual users’ data and devices safe.
Quad9 can also help users to keep their browsing habits private. The service is engineered not to store or analyse users’ personally identifiable information. Todd said that decision was, in part, a deliberate stance against the ingrained practice among many larger Internet service providers who collect and resell private information to commercial data brokers such as online marketers.
Internet users in developing regions such as Africa and the Caribbean stand to gain much from the global service. Bill Woodcock, executive director of Packet Clearing House, said Quad9 users in those regions could experience noticeable improvements in speed, performance and resiliency.
“Many DNS service providers are not sufficiently provisioned to be able to support high-volume input/output and caching, and adequately balance load among their servers. But Quad9 uses large caches, and load-balances user traffic to ensure shared caching, letting us answer a large fraction of queries from cache,” he said.
Quad9 shares infrastructure with other Packet Clearing House projects, and that synergy holds great promise for users outside of heavily networked parts of the developed world, such as North America, Europe and parts of Asia. Over the last two decades, Packet Clearing House has established the largest authoritative DNS service network in the world, hosting multiple root letters and more than 300 top-level domains on thousands of servers in 150 locations around the world, including less well-connected areas such as the Caribbean and sub-Saharan Africa.
Quad 9 has 100 points of presence in 59 countries, including 24 in Africa and 12 in the Caribbean, and plans to double that by 2019.
“Many DNS service providers are not sufficiently provisioned to be able to support high-volume input/output and caching, and adequately balance load among their servers. But Quad9 uses large caches, and load-balances user traffic to ensure shared caching, letting us answer a large fraction of queries from cache,” said Nishal Goburdhan, Internet Analyst at Packet Clearing House.
The Quad9 service was publicly announced on November 16 with simultaneous press events in London, Maputo and New York.