Joining forces against cybercrime

The SWITCH community's work is hugely important when it comes to security: Incidents rarely affect just one organisation.

Published on 12.05.2016


The work centres on the Security Working Group (Security WG). Ever since the WG’s first workshop at the start of 2003, the purpose of its meetings has been to share information, experience and knowledge in the field of security and to provide security staff with an opportunity for networking. The common goal is to prevent or at least minimise damage caused by security incidents.


Learning from other people's mistakes

The Security WG meets at least twice a year, and its agenda is largely determined by the community. As well as shedding light on best practices and success stories as a source of inspiration for its work, it is also about learning from other people's mistakes and discussing problems that have not yet been solved. New problem-solving approaches often arise within the community, and not just in the meetings themselves. WG members also make the most of their coffee breaks to chat in an informal setting about issues that concern them before opening them up to the group as a whole.

Trust is essential

Networking within the community at the personal level is of vital importance to the work done by everyone involved because security issues are seldom limited to one organisation. When a problem occurs, personal contact means that people can work together straight away to solve it. It also builds trust, which is hugely important in ensuring that people communicate openly with each other. This also applies, of course, to international cooperation, with SWITCH's Computer Emergency Response Team (SWITCH-CERT) representing Swiss interests as part of a global community.

SWITCH community for me is all about human cooperation. It is solidarity starting at the professional level to reach equally the user or citizen level. For this to keep on, it must stand out as a public common entity.

Francois Tamone Ingénieur de Système, HES-SO Genève

The membership of the Security WG has not changed much over the years. The universities, Federal Institutes of Technology and other organisations connected to SWITCHlan are all well represented. While larger organisations with more resources can play a greater role, smaller ones are by no means left on the sidelines.

Because the community approach has proven so important in the field of security, SWITCH has carried it over to its services for the financial sector. The banks were sceptical to start with because they compete with each other, but candid exchanges have now become firmly established for them as well. It goes without saying that these have to be governed by strict rules to guarantee confidentiality. The standard Chatham House Rule and Traffic Light Protocol apply to sharing sensitive information.

The SWITCH community and the interaction with other universities are very important to my work. As well as technical developments, regulatory and political aspects are also assessed within the community. A coordinated approach and a united front give the universities a strong voice.

Marc McGuinness, ICT Security Officer (ZHAW)

A need in the community

The Information Security Management WG (ISMS WG) is a spin-off from the Security WG that was set up in response to a need in the community. It shows that universities also want to manage their information security in an organised way.

Thomas Wick, E-Banking Security, Raiffeisen Switzerland, SWITCHcert for Banks customer

Domino effect in combating malware

"You could say that the SWITCHcert for Banks service is Raiffeisen's way of keeping its finger on the pulse as regards malware. When something new crops up on the malware scene, SWITCH provides us with the relevant information and also makes it available to our clients.

Valuable extra resources

For us, SWITCH is an extra resource that supports us in keeping our e-banking system secure. Its service package includes sharing knowledge with other banks. SWITCH's resources in other domains are especially valuable to us.

E-banking is important for Raiffeisen: around a million of our clients use it, so we put a lot of effort into security.

Of course, we know that the three main points of attack for cybercriminals are the e-banking system, clients' PCs and the connection between the two. Today's hackers mostly try to get into the e-banking system via infected client PCs.

With this in mind, we were all ears when a client reported an unusual problem when logging in. It turned out that malware had made changes to his PC that allowed a fraudster to steal his login details. The hacker used them to gain access to the client's e-banking account via a botnet. SWITCH was able to identify one of the bots that was being used as a proxy on its academic network. It was an infected PC. SWITCH found out who it belonged to and analysed the logs and the malware. Based on what it found, it recommended suitable preventive measures. This helped us to protect other clients against this kind of fraud.

More infected PCs found

The rapid, expert response to our query was extremely helpful. It is very difficult for Raiffeisen to search for malware on clients' PCs at the right time because they have usually cleaned their system before they report the problem to us.

SWITCH found more infected PCs on the academic network, informed the people concerned and helped them to remove the malware."


Other articles