Slashdot Mirror
Obama Administration Wants More Legal Power To Disrupt Botnets
Trailrunner7 writes: The Obama administration has proposed an amendment to existing United Stated federal law that would give it a more powerful tool to go after botnets such as GameOver Zeus, Asprox and others. In recent years, Justice, along with private security firms and law enforcement agencies in Europe, have taken down various incarnations of a number of major botnets, including GameOver Zeus and Coreflood. These actions have had varying levels of success, with the GOZ takedown being perhaps the most effective, as it also had the effect of disrupting the infrastructure used by the CryptoLocker ransomware.
In order to obtain an injunction in these cases, the government would need to sue the defendants in civil court and show that its suit is likely to succeed on its merits. "The Administration's proposed amendment would add activities like the operation of a botnet to the list of offenses eligible for injunctive relief. Specifically, the amendment would permit the department to seek an injunction to prevent ongoing hacking violations in cases where 100 or more victim computers have been hacked. This numerical threshold focuses the injunctive authority on enjoining the creation, maintenance, operation, or use of a botnet, as well as other widespread attacks on computers using malicious software (such as "ransomware" )," assistant attorney general Leslie Caldwell wrote.
In order to obtain an injunction in these cases, the government would need to sue the defendants in civil court and show that its suit is likely to succeed on its merits. "The Administration's proposed amendment would add activities like the operation of a botnet to the list of offenses eligible for injunctive relief. Specifically, the amendment would permit the department to seek an injunction to prevent ongoing hacking violations in cases where 100 or more victim computers have been hacked. This numerical threshold focuses the injunctive authority on enjoining the creation, maintenance, operation, or use of a botnet, as well as other widespread attacks on computers using malicious software (such as "ransomware" )," assistant attorney general Leslie Caldwell wrote.
If you have a malicious device connected to an ISP, the ISP should be the one to disconnect it. The problem is that the target of the malicious device is often on another ISP.
Rather than allowing the government to be the hammer and force people offline, the government should create a coordination point where attacks can be reported and the proper ISP and their customers alerted to the activity.
One of the activities could be creating OSS that allows for firewall logs to send attack information to this central resource.
Another could be creating a help page that assists end users with understanding why they're having this issue and how to correct it.
Finally, proposing a Internet remediation zone would be the best end result. Instead of pulling the cord on infected devices, put them on a standard ACL/web filter that only allows them to software updates and AV signatures.
These are harder tasks for any one ISP to do, but a good thing for government to do.
Grammer Nazis - I mod you "troll" unless you actually add something on-topic. Yes, I know I have mispellings in my sig.