{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,27]],"date-time":"2025-11-27T07:41:00Z","timestamp":1764229260405,"version":"3.46.0"},"reference-count":72,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2025,7,1]],"date-time":"2025-07-01T00:00:00Z","timestamp":1751328000000},"content-version":"vor","delay-in-days":181,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"funder":[{"DOI":"10.13039\/100010663","name":"European Research Council","doi-asserted-by":"publisher","award":["949127"],"award-info":[{"award-number":["949127"]}],"id":[{"id":"10.13039\/100010663","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,1,17]]},"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>We evaluate a rare successful intervention in the management of Internet infrastructure\u2014an anti-spoofing campaign, which has achieved genuine traction against an issue that has dogged the network engineering community for more than 30 years. We study the Traceback initiative\u2014an intervention, which sought to tackle Denial of Service attacks at global scale by making it harder for attackers to spoof their traffic. While much scholarship in the security literature has sought to establish the perverse commercial incentives frustrating action against cybercrime and identify possible ways to alter these, in this case we observe a community acting to short-circuit them entirely. We show, through interviews and autoethnographic reflection from key players, how the issue of spoofing was relocated away from the commercial incentive structures of a decentralized community of competing providers with little motivation to solve the issue. We develop previous work applying theory from infrastructure studies to cybercrime economies, developing a new account of how power can be asserted within infrastructure to achieve change, apparently against the grain of other long-standing incentives.<\/jats:p>","DOI":"10.1093\/cybsec\/tyaf014","type":"journal-article","created":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T07:54:31Z","timestamp":1750233271000},"source":"Crossref","is-referenced-by-count":0,"title":["Peer(ing) pressure: a cybersecurity intervention at global scale in the internet infrastructure"],"prefix":"10.1093","volume":"11","author":[{"given":"Ben","family":"Collier","sequence":"first","affiliation":[{"name":"School of Social and Political Science, University of Edinburgh , Edinburgh EH8 9LD ,","place":["United Kingdom"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1673-918X","authenticated-orcid":false,"given":"Richard","family":"Clayton","sequence":"additional","affiliation":[{"name":"University of Cambridge Department of Computer Science and Technology, , Cambridge CB3 0FD ,","place":["United Kingdom"]}]}],"member":"286","published-online":{"date-parts":[[2025,7,1]]},"reference":[{"article-title":"A weakness in the 4.2BSD Unix TCP\/IP software","year":"1985","author":"Morris","key":"2025112702372796100_bib1"},{"key":"2025112702372796100_bib2","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1145\/378444.378449","article-title":"Security problems in the TCP\/IP protocol suite","volume":"19","author":"Bellovin","year":"1989","journal-title":"SIGCOMM Comput Commun Rev"},{"article-title":"CERT* Advisory CA-95.01: topic: IP spoofing attacks and hijacked terminal connections","year":"1995","author":"CERT","key":"2025112702372796100_bib3"},{"article-title":"CERT* Advisory CA-96.01: topic: UDP port Denial-of-Service attack","year":"1996","author":"CERT","key":"2025112702372796100_bib4"},{"article-title":"CERT* Advisory CA-96.21: topic: TCP SYN flooding and IP spoofing attacks","year":"1996","author":"CERT","key":"2025112702372796100_bib5"},{"article-title":"Welcome to syncookies","year":"1996","author":"Bernstein","key":"2025112702372796100_bib6"},{"key":"2025112702372796100_bib7","article-title":"Resisting {SYN} flood {DoS} attacks with a {SYN} cache","volume-title":"Proceedings of the\u00a0BSDCon 2002","author":"Lemon","year":"2002"},{"article-title":"Defense mechanisms against network attacks and worms","year":"2011","author":"Korn","key":"2025112702372796100_bib8"},{"key":"2025112702372796100_bib9","doi-asserted-by":"publisher","DOI":"10.17487\/RFC2827","article-title":"Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing","volume":"2267","author":"Ferguson","year":"1998","journal-title":"RFC"},{"key":"2025112702372796100_bib10","doi-asserted-by":"publisher","DOI":"10.17487\/RFC2827","article-title":"Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing","volume":"2827","author":"Senie","year":"2000","journal-title":"RFC"},{"key":"2025112702372796100_bib11","article-title":"Ingress filtering for multihomed networks","volume":"3704","author":"Baker","year":"2004","journal-title":"RFC"},{"key":"2025112702372796100_bib12","article-title":"Enhanced feasible-path unicast reverse path forwarding","volume":"8704","author":"Sriram","year":"2020","journal-title":"RFC"},{"key":"2025112702372796100_bib13","first-page":"53","article-title":"The Spoofer Project: inferring the extent of source address filtering on the Internet","volume-title":"Steps to Reducing Unwanted Traffic on the Internet (SRUTI) Workshop","author":"Beverly","year":"2005"},{"article-title":"Everyone should be deploying BCP 38! wait, they are","year":"2012","author":"Barry\u00a0Raveendran","key":"2025112702372796100_bib14"},{"article-title":"Initial longitudinal analysis of IP source spoofing capability on the Internet","year":"2013","author":"Beverly","key":"2025112702372796100_bib15"},{"key":"2025112702372796100_bib16","doi-asserted-by":"crossref","first-page":"1","DOI":"10.23919\/TMA.2018.8506499","article-title":"Using crowdsourcing marketplaces for network measurements: the case of Spoofer","volume-title":"Proceedings of the\u00a02018 Network Traffic Measurement and Analysis Conference (TMA)","author":"Lone","year":"2018"},{"key":"2025112702372796100_bib17","article-title":"SAVing the Internet: explaining the adoption of source address validation by Internet Service Providers","volume-title":"Workshop on the Economics of Information Security WEIS","author":"Lone","year":"2020"},{"key":"2025112702372796100_bib18","doi-asserted-by":"crossref","first-page":"1039","DOI":"10.1145\/3485832.3485917","article-title":"SMap: internet-wide scanning for spoofing","volume-title":"Proceedings of the 37th Annual Computer Security Applications Conference, ACSAC \u201921","author":"Dai","year":"2021"},{"article-title":"Reports on openly accessible server services","year":"2019","author":"Bundesamt fu\u00a8r Sicherheit in der Informationstechnik (BSI)","key":"2025112702372796100_bib19"},{"volume-title":"Practical Solutions for Amplification Attacks","year":"2019","author":"Menscher","key":"2025112702372796100_bib20"},{"article-title":"How a dated cyber-attack brought a stock exchange to its knees","year":"2021","author":"Tarabay","key":"2025112702372796100_bib21"},{"article-title":"Market operator obligations targeted review\u2014NZX","year":"2021","author":"New Zealand Financial Markets Authority","key":"2025112702372796100_bib22"},{"key":"2025112702372796100_bib23","doi-asserted-by":"crossref","first-page":"347","DOI":"10.1007\/978-1-4757-2644-2_22","article-title":"The Internet: a future tragedy of the commons?","volume-title":"Computational Approaches to Economic Problems","author":"Gupta","year":"1997"},{"key":"2025112702372796100_bib24","doi-asserted-by":"publisher","DOI":"10.19030\/jber.v1i11.3070","article-title":"Internet security and the tragedy of the commons","volume":"1","author":"Rose","year":"2003","journal-title":"J Bus Econ Res"},{"key":"2025112702372796100_bib25","doi-asserted-by":"crossref","first-page":"358","DOI":"10.1109\/ACSAC.2001.991552","article-title":"Why information security is hard\u2014an economic perspective","volume-title":"Proceedings of the\u00a0Seventeenth Annual Computer Security Applications Conference","author":"Anderson","year":"2001"},{"article-title":"Cyber security incentives and the role of cyber insurance","year":"2021","author":"Sullivan","key":"2025112702372796100_bib26"},{"key":"2025112702372796100_bib27","article-title":"How cyber insurance shapes incident response: a mixed methods study","volume-title":"Proceedings of the\u00a0Workshop on the Economics of Information Security (WEIS)","author":"Woods","year":"2021"},{"key":"2025112702372796100_bib28","article-title":"Incentives for human agents to share security information: a model and an empirical test","volume-title":"Proceedings of the\u00a0Workshop on the Economics of Information Security (WEIS)","author":"Mermoud","year":"2018"},{"key":"2025112702372796100_bib29","doi-asserted-by":"publisher","first-page":"1703","DOI":"10.1287\/mnsc.1060.0568","article-title":"Network software security and user incentives","volume":"52","author":"August","year":"2006","journal-title":"Manag Sci"},{"key":"2025112702372796100_bib30","article-title":"The countervailing incentive of restricted patch distribution: economic and policy implications","volume-title":"Proceedings of the\u00a0Workshop on the Economics of Information Security (WEIS)","author":"Rahman","year":"2007"},{"key":"2025112702372796100_bib31","first-page":"1","article-title":"Can we nudge users toward better password management? an initial study","volume-title":"Proceedings of the\u00a0Extended Abstracts of the 2018 CHI Conference on Human Factors in Computing Systems","author":"Kankane","year":"2018"},{"key":"2025112702372796100_bib32","doi-asserted-by":"crossref","first-page":"192","DOI":"10.1007\/978-3-642-17197-0_13","article-title":"The password game: negative externalities from weak password practices","volume-title":"Proceedings of the\u00a0International Conference on Decision and Game Theory for Security","author":"Preibusch","year":"2010"},{"key":"2025112702372796100_bib33","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1007\/b116816","article-title":"Privacy and security of personal information: economic incentives and technological solutions","volume-title":"Economics of Information Security","author":"Acquisti","year":"2004"},{"key":"2025112702372796100_bib34","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1109\/MSP.2010.85","article-title":"To strengthen security, change developers\u2019 incentives","volume":"8","author":"Halderman","year":"2010","journal-title":"IEEE Secur Priv"},{"key":"2025112702372796100_bib35","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1111\/j.1468-5973.2009.00592.x","article-title":"Emerging threats to Internet security: incentives, externalities and policy implications","volume":"17","author":"Eeten","year":"2009","journal-title":"Conting Crisis Mgmt"},{"key":"2025112702372796100_bib36","article-title":"Evangelos Ouzounis, and Panagiotis Trimintzios. Resilience of the Internet interconnection ecosystem","volume-title":"Proceedings of the\u00a0Workshop on the Economics of Information Security (WEIS)","author":"Hall","year":"2011"},{"key":"2025112702372796100_bib37","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1002\/bltj.21529","article-title":"Internet architecture evolution and the complex economies of content peering","volume":"17","author":"Krogfoss","year":"2012","journal-title":"Bell Labs Tech J"},{"key":"2025112702372796100_bib38","first-page":"1","article-title":"Internet service providers and peering","volume-title":"Proceedings of NANOG","author":"Norton","year":"2001"},{"article-title":"A business case for ISP peering","year":"2002","author":"Norton","key":"2025112702372796100_bib39"},{"key":"2025112702372796100_bib40","article-title":"Concentrating correctly on cybercrime concentration","volume-title":"Proceedings of WEIS","author":"Clayton","year":"2015"},{"key":"2025112702372796100_bib41","doi-asserted-by":"publisher","first-page":"205","DOI":"10.1080\/14747731.2014.887387","article-title":"From cyber-libertarianism to neoliberalism: internet exceptionalism, multi-stakeholderism, and the institutionalisation of Internet governance in the 1990s","volume":"11","author":"Chenou","year":"2014","journal-title":"Globalizations"},{"key":"2025112702372796100_bib42","first-page":"3","article-title":"Global Internet policy: a fifteen-year long debate","volume-title":"The Evolution of Global Internet Governance: Principles and Policies in the Making","author":"Chenou","year":"2014"},{"key":"2025112702372796100_bib43","doi-asserted-by":"crossref","DOI":"10.2139\/ssrn.2809217","article-title":"Multistakeholderism or elitism? the creation of a transnational field of Internet governance","volume-title":"GigaNet: Global Internet Governance Academic Network, Annual Symposium","author":"Chenou","year":"2010"},{"volume-title":"History of the International Telecommunication Union (ITU): Transnational technodiplomacy from the telegraph to the Internet","year":"2020","author":"Balbi","key":"2025112702372796100_bib44"},{"key":"2025112702372796100_bib45","doi-asserted-by":"publisher","first-page":"102148","DOI":"10.1016\/j.telpol.2021.102148","article-title":"Normfare: norm entrepreneurship in Internet governance","volume":"45","author":"Radu","year":"2021","journal-title":"Telecommun Policy"},{"key":"2025112702372796100_bib46","doi-asserted-by":"publisher","DOI":"10.4337\/9781781001219","volume-title":"International Handbook on Informal Governance","author":"Christiansen","year":"2012"},{"key":"2025112702372796100_bib47","doi-asserted-by":"publisher","first-page":"1","DOI":"10.14763\/2019.2.1407","article-title":"The platform governance triangle: conceptualising the informal regulation of online content","volume":"8","author":"Gorwa","year":"2019","journal-title":"Internet Policy Rev"},{"volume-title":"The Conficker Mystery","year":"2009","author":"Hypponen","key":"2025112702372796100_bib48"},{"key":"2025112702372796100_bib49","doi-asserted-by":"crossref","first-page":"102142","DOI":"10.1016\/j.telpol.2021.102142","article-title":"Idea entrepreneurs: the United Nations open-ended working group & cybersecurity","volume":"45","author":"Levinson","year":"2021","journal-title":"Telecommun Policy"},{"key":"2025112702372796100_bib50","doi-asserted-by":"publisher","first-page":"451","DOI":"10.1016\/j.telpol.2012.02.001","article-title":"At the boundaries of peer production: the organization of Internet security production in the cases of Estonia 2007 and Conficker","volume":"36","author":"Schmidt","year":"2012","journal-title":"Telecommun Policy"},{"key":"2025112702372796100_bib51","doi-asserted-by":"publisher","first-page":"92","DOI":"10.18352\/ijc.343","article-title":"Crowdsourcing cyber security: a property rights view of exclusion and theft on the information commons","volume":"7","author":"Shiffman","year":"2013","journal-title":"Int J Commons"},{"key":"2025112702372796100_bib52","doi-asserted-by":"publisher","first-page":"429","DOI":"10.1108\/DPRG-05-2017-0029","article-title":"Patching security governance: an empirical view of emergent governance mechanisms for cybersecurity","volume":"19","author":"Eeten","year":"2017","journal-title":"DPRG"},{"key":"2025112702372796100_bib53","doi-asserted-by":"publisher","first-page":"610","DOI":"10.1126\/science.1130992","article-title":"The economics of information security","volume":"314","author":"Anderson","year":"2006","journal-title":"Science"},{"key":"2025112702372796100_bib54","first-page":"68","article-title":"Information security economics\u2014and beyond","volume-title":"Proceedings of the Annual International Cryptology Conference","author":"Anderson","year":"2007"},{"key":"2025112702372796100_bib55","doi-asserted-by":"crossref","first-page":"720","DOI":"10.1080\/1369118X.2012.659199","article-title":"Hidden levers of Internet control: an infrastructure-based theory of Internet governance","volume":"15","author":"DeNardis","year":"2012","journal-title":"Inf Commun Soc"},{"key":"2025112702372796100_bib56","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511807763","volume-title":"Governing the Commons: The Evolution of Institutions for Collective Action","author":"Ostrom","year":"1990"},{"key":"2025112702372796100_bib57","first-page":"19","article-title":"Toward a behavioral theory linking trust, reciprocity, and reputation","volume":"6","author":"Ostrom","year":"2003","journal-title":"Trust Recip Interdisc Less Exp Res"},{"volume-title":"Micromotives and Macrobehavior","year":"2006","author":"Schelling","key":"2025112702372796100_bib58"},{"volume-title":"The System of Professions: An Essay on the Division of Expert Labor","year":"2014","author":"Abbott","key":"2025112702372796100_bib59"},{"key":"2025112702372796100_bib60","doi-asserted-by":"publisher","DOI":"10.1515\/9781503621749","volume-title":"The Logic of Practice","author":"Bourdieu","year":"1990"},{"key":"2025112702372796100_bib61","first-page":"1","article-title":"What makes a social class? On the theoretical and practical existence of groups","volume":"32","author":"Bourdieu","year":"1987","journal-title":"Berk J Sociol"},{"key":"2025112702372796100_bib62","first-page":"498","article-title":"Distinction & the aristocracy of culture","volume-title":"Cultural Theory and Popular Culture: A Reader","author":"Bourdieu","year":"2009"},{"key":"2025112702372796100_bib63","doi-asserted-by":"publisher","first-page":"S95","DOI":"10.1086\/228943","article-title":"Social capital in the creation of human capital","volume":"94","author":"Coleman","year":"1988","journal-title":"Am J Sociol"},{"key":"2025112702372796100_bib64","first-page":"375","article-title":"The creation and destruction of social capital: implications for the law","volume":"3","author":"Coleman","year":"1987","journal-title":"Notre Dame JL Ethics Pub Pol'y"},{"key":"2025112702372796100_bib65","doi-asserted-by":"publisher","first-page":"3","DOI":"10.4324\/9781315129457","article-title":"Building a network theory of social capital","volume-title":"Social Capital","author":"Lin","year":"2017"},{"key":"2025112702372796100_bib66","doi-asserted-by":"publisher","DOI":"10.15353\/joci.v4i3.2946","article-title":"Social networks and social capital: rethinking theory in community informatics","volume":"4","author":"Williams","year":"2008","journal-title":"JoCI"},{"key":"2025112702372796100_bib67","doi-asserted-by":"publisher","first-page":"1","DOI":"10.14763\/2016.3.429","article-title":"Instability and internet design","volume":"5","author":"Braman","year":"2016","journal-title":"Internet Policy Rev"},{"article-title":"Lessons learned","year":"2011","author":"Conficker Working Group","key":"2025112702372796100_bib68"},{"article-title":"The team of sleuths quietly hunting cyberattack-for-hire services","year":"2023","author":"Greenberg","key":"2025112702372796100_bib69"},{"key":"2025112702372796100_bib70","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1145\/3355369.3355592","article-title":"Booting the booters: evaluating the effects of police interventions in the market for denial-of-service attacks","volume-title":"Proceedings of the Internet Measurement Conference (IMC)","author":"Collier","year":"2019"},{"volume-title":"Dismantling DDoS: Lessons in Scaling","year":"2023","author":"Peterson","key":"2025112702372796100_bib71"},{"article-title":"Scholl receives 2023 M3AAWG J.D. Falk award for IP spoofing mitigation","year":"2023","author":"M3AAWG","key":"2025112702372796100_bib72"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/11\/1\/tyaf014\/63635986\/tyaf014.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/11\/1\/tyaf014\/63635986\/tyaf014.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,27]],"date-time":"2025-11-27T07:37:42Z","timestamp":1764229062000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyaf014\/8180257"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":72,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,1,17]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyaf014","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"type":"print","value":"2057-2085"},{"type":"electronic","value":"2057-2093"}],"subject":[],"published-other":{"date-parts":[[2025]]},"published":{"date-parts":[[2025]]},"article-number":"tyaf014"}}