The Obama administration last week announced a proposed amendment to existing law that would give federal courts more authority in the ongoing fight against botnets, according to a release from Leslie R. Caldwell, assistant attorney general for the Criminal Division.
Current law allows for the issuance of injunctions for crimes involving fraud and illegal wiretapping, the release indicates. As such, the Justice Department has been able to successfully take down botnets in recent years, including the Coreflood botnet in 2011 and the Gameover Zeus botnet in 2014.
However, botnets can also be used to steal sensitive corporate information, harvest email account addresses, hack other computers, and to execute distributed denial-of-service (DDoS) attacks, Caldwell wrote. In those instances, an application for an injunction to disrupt botnets may not be considered by the courts – something Caldwell indicated is a problem.
“The Administration's proposed amendment would add activities like the operation of a botnet to the list of offenses eligible for injunctive relief,” Caldwell wrote. “Specifically, the amendment would permit the department to seek an injunction to prevent ongoing hacking violations in cases where 100 or more victim computers have been hacked.”
Caldwell continued, “This numerical threshold focuses the injunctive authority on enjoining the creation, maintenance, operation, or use of a botnet, as well as other widespread attacks on computers using malicious software (such as “ransomware”).”
Jasper Graham, former NSA technical director and SVP of Cyber Technologies and Analytics at Darktrace, told SCMagazine.com on Monday that the proposal makes sense because it gives authorities something leverage “that doesn't have to fit in a tiny square box.” He said that these measures will enable authorities to act when a botnet is possibly putting finances and personal information at risk.
Graham said that botnets are a growing threat that put businesses, ISPs and everyday users at risk. He explained that the federal government has the right technical capabilities to take down botnets, but the legal framework – as well as partnerships – has to be in place.
He noted that an impact mechanism should be considered when establishing the amendments. Graham explained that by disrupting a ransomware botnet, for example, there is a chance for large scale data corruption that may affect victims.
Speaking on the 100 or more number, Graham said that it may seem small by modern botnet standards, but it was likely chosen on purpose. He explained that botnet operators are smart and will find ways to work around laws in order to get in the least amount of trouble if caught.
“This is sort of a stepping stone,” Graham said. “I'm surprised it's taken this long to have legislation bubble up and broaden authority. It will be interesting to see how it is implemented.”