Botnet boom requires new laws to deal with it, argues US Justice Department

By Graeme Burton
17 Jul 2014 View Comments

The threat posed by cyber criminals operating via vast botnets of hijacked computers has increased "dramatically" in recent years, according to the US Justice Department.

Testifying in front of a Senate subcommittee examining crime and terrorism, assistant attorney general Leslie Caldwell claimed that the botnet put together via the Gameover Zeus Trojan had caused losses of more than $100m - and this is just the tip of the iceberg.

Further reading

Caldwell used his appearance to argue in favour of "updated and enhanced" laws so that organisations such as the Federal Bureau of Investigation (FBI) could better fight cyber crime - although much of it is planned and perpetrated far from the reach of US law enforcement in Eastern Europe and the countries of the post-Soviet Commonwealth of Independent States.

"If we want to remain effective in protecting our citizens and businesses, our laws and our resources must keep pace with the tactics and numbers of our adversaries," said Caldwell.

"The creators of the Gameover Zeus botnet designed a novel and resilient structure, including three distinct layers of command and control infrastructure that rendered the botnet particularly difficult to overcome.

"The department's successful disruption began with a complex international investigation conducted in close partnership with the private sector. It continued through the department's use of an inventive combination of criminal and civil legal process to obtain authorisation to stop infected computers from communicating with each other and with other servers around the world.

"The operation simultaneously targeted all three command and control layers of Gameover Zeus, and stopped Cryptolocker from encrypting additional computers," said Caldwell.

The operators of the Gameover Zeus Trojan and botnet used it to install the Cryptolocker "ransomware" on infected PCs. Cryptolocker infected key files on infected computers and gave the victims three days to pay a ransom of between $300 and $750, depending on the value of Bitcoin, their currency of choice.

Cryptolocker infected more than 260,000 computers worldwide, according to Caldwell, with the police department in Swansea, Massachusetts the most high-profile victim. It paid up $750 to regain access to investigative files and arrest photographs.

"Others refused to pay the ransom and tried to defeat the malware," said Caldwell.

"A Pittsburgh insurance company was eventually able to restore data from a backup, but only after incurring an estimated $70,000 in losses and sending employees home during remediation. A Florida company lost critical files, which resulted in an estimated $30,000 in loss.

"And a North Carolina business, whose main files and backup were both encrypted, lost its critical files despite engaging a computer forensics firm to try to restore its access. That company has lost about $80,000, and the owner told the FBI that he may have to lay off employees as a result," he said.

The loss of even the backup files demonstrates the value of an offsite backup procedure - not just mirroring data in real-time.

Caldwell admitted, though, that the FBI is unable to keep up with, and respond to, foreign requests for electronic evidence on cyber criminals located in the US. "Our capacity to do so simply has not kept up with the demand," he said. Its 2015 budget request, he continued, would enable the FBI to cut in half the amount of time it takes the organisation to respond to Mutual Legal Assistance Treaty requests.

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

35 %
31 %
14 %
20 %