Botnets New Peril to Cyber Security, Capitol Panel Says
The U.S. is the most “wired” nation, making it the most vulnerable to cyber threats, Sen. Bennett (R-Utah) said Wed. at the U.S. Capitol during a panel on botnets. The phenomenon is a command & control technology that the Assn. for Computing Technology, which hosted the panel, calls an emerging threat to personal information and e-mail inboxes. Law enforcement officials are just starting to study commercial use of botnets, according to one speaker, but legislation is in place to punish violators when they're caught.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Attackers exploit security flaws in personal software to gain control of local networks of computers, often over the Internet Relay Chat (IRC) protocol commonly used in client- to-server communications, said Princeton U. Computer Science & Policy Prof. Edward Felten. Botnets turn PCs into networks of obedient bots, or botnets, and are believed to account for most spam, DoS attacks and click fraud, Felten said.
These and other novel attacks endanger the U.S. economy and military, said Bennett, who led Senate hearings on what became known as Y2K. To the security experts in attendance he joked: “The survival of Western Civilization depends on how well you do your job.”
Botnets’ numbers and activity has risen steadily, said Scott O'Neal, FBI Section Chief, Computer Intrusion. This is because besides the financial incentives in being able to send potentially untraceable spam, these networks let bad actors pay someone to shut down a business competitor’s site, or even to attack someone “for spite or for sport,” he said. The FBI nonetheless has the right legislative tools to deal with the problem as it unfolds, he said: CAN-SPAM and federal computer fraud law give the FBI the authority it needs to pursue and convict “botmasters.”
Apprehension can be difficult, said Microsoft’s Phil Reitinger. And Europe and the Asia-Pacific region are facing more threats to personal data from use of botnets, he said.
O'Neal said he hopes other countries continue to cooperate when their citizens are shown to be botmasters, as he said has happened with major cases in Turkey, New Zealand and Australia. Those countries helped U.S. investigators who had traced botnets back to IP addresses there, he said. A bigger concern, he added, is multinational organized crime getting involved with the attacks because they see something that’s “low risk, big money, and they want in.”