Almost sounds like some zany horror movie, doesn’t it? “When zombies attack!” Well, it looks like ISPs have proven that they do not partake in that sort of zombie-like behavior.

ISPs (Internet service providers) were put on “trial” Tuesday, with hundreds of IT security professionals serving as jurors, for not doing enough to keep subscribers’ computers from being compromised and used as tools in attacks on corporate networks.

The plaintiffs, a couple of fictional companies hit by denial of service attacks, argued that ISPs could do more to prevent “zombie” machines used in attacks by scanning subscribers’ computers, monitoring traffic and shutting down suspicious network uses. “ISPs are in the best position to take reasonable steps to diminish the threat,” argued real-life cybersecurity lawyer Ben Wright, during a mock trial at the Gartner IT Security Summit in Washington, D.C. “It’s very difficult to go out and find the hackers who are responsible for these attacks.”

But defense lawyer Stewart Baker, a partner in the Washington office of Steptoe and Johnson LLP, argued that it would be a violation of privacy for ISPs to check subscribers’ computers. It would be nearly impossible for ISPs to distinguish between legitimate Internet traffic, such as a subscriber’s browser updating a weather map every few seconds, and a computer being used in a denial of service attack, added Baker, representing a group of fictional ISPs. [Read the rest]