US Government proposed an amendment to fight botnets

Pierluigi Paganini March 13, 2015

Obama Administration proposes giving courts more power to issue botnet injunctions, a measure necessary to fight the diffusion of malicious infrastructures.

The US Government has proposed an amendment that would enable the Department of Justice to seek an injunction to prevent the diffusion of botnets.

The Obama’s Administration would add activities like the operation of a botnet to the list of offenses eligible for injunctive relief.

“The Administration’s proposed amendment would add activities like the operation of a botnet to the list of offenses eligible for injunctive relief.  Specifically, the amendment would permit the department to seek an injunction to prevent ongoing hacking violations in cases where 100 or more victim computers have been hacked.” Leslie R. Caldwell, assistant attorney general in the criminal division at the Department of Justice, wrote in a blog post.

The amendment would give Obama Administrator a more power to take over the dangerous botnets. In the recent years, law enforcement have conducted several operation against operators of principal botnets, including the GameOver Zeus and Ramnit.

botnets

In some cases, the law enforcement dismantled the entire control infrastructure, in other cases they hit only a part of the overall infrastructure, seizing its servers or arrested a number of its operators.

“One powerful tool that the department has used to disrupt botnets and free victim computers from criminal malware is the civil injunction process.  Current law gives federal courts the authority to issue injunctions to stop the ongoing commission of specified fraud crimes or illegal wiretapping, by authorizing actions that prevent a continuing and substantial injury.  This authority played a crucial role in the department’s successful disruption of the Coreflood botnet in 2011 and the Gameover Zeus botnet in 2014,” continues Leslie R. Caldwell.

According to Cladwell, the principal problem is represented by the limits imposed by current law that allows authorities to issue injunctions to contrast only specific crimes.

“Current law gives federal courts the authority to issue injunctions to stop the ongoing commission of specified fraud crimes or illegal wiretapping, by authorizing actions that prevent a continuing and substantial injury,” she wrote.

“The problem is that current law only permits courts to consider injunctions for limited crimes, including certain frauds and illegal wiretapping,” she added. “Botnets, however, can be used for many different types of illegal activity. They can be used to steal sensitive corporate information, to harvest email account addresses, to hack other computers, or to execute DDoS attacks against web sites or other computers. Yet — depending on the facts of any given case — these crimes may not constitute fraud or illegal wiretapping. In those cases, courts may lack the statutory authority to consider an application by prosecutors for an injunction to disrupt the botnets in the same way that injunctions were successfully used to incapacitate the Coreflood and Gameover Zeus botnets.”

Resuming the federal authorities request more in granting injunctions to fight botnets and take down malicious infrastructures.

“In sum, this proposal would provide the government with an effective tool to shut down illegal botnets or certain widespread malicious software to better match the ways that criminals are using these technologies,” she wrote.

Pierluigi Paganini

(Security Affairs –  botnets, US Government)



you might also like

leave a comment