menu

There are now criminal turf wars going on over the thousands of computers that comprise botnets across America and the world. This “invisible” conflict is unknown to most computer users in America but is no less real or sinister because we cannot see it happening.

Most people, even those with above average knowledge of cyber issues, still think of botnets in two contexts. One is as a means of spreading spam. This seemingly harmless, if annoying, problem actually makes the bad guys quite a bit of money, as they get paid for every “click” they get. Unfortunately, our lax cyber personal hygiene leads lots of folks to click away on almost anything that pops up. Bad idea for several reasons! More on this later.

The other context is related, if more ominous. This is the use of Bots for distributed denial of service attacks. These simply overwhelm a website or sites with a massive wave of service requests in such a short period that the site simply crashes. This method has been used to annoy, to punish, and to attack entities considered enemies by the initiators.

Botnets can also be used to search for and steal money, financial data, passwords, and intellectual property. The size of some of the botnets out there rival and surpass the capabilities of most nation states, and the guys who control them are NOT the good guys.

Criminal networks have been building these zombie conglomerates for years. They send out spam, you click on it, and download malware that allows them to take over your home computer. You never know it, and the only thing noticeable is a little slow down. Internet service providers know when something is up but are reluctant to take action, or even notify you, because they don’t want to be seen as “watching” you. Well, they do, and I for one would rather get something worthwhile out of it by being better protected, not just getting more targeted advertising. It will take a law before it happens (or at least some promise of indemnification).

Back to my main point. Not only are the Bots growing, but they are now fighting with one another. They are using extortion and threats to gain control of rival gangs’ assets. It is the cyber equivalent of the goons coming into your store in Chicago and saying: “Now you are going to pay us for protection, not them.” They just don’t get you, the computer owner, involved.

They are also competing with the FBI, who is trying to capture the botnets to kill them, or capture their controllers. Strangely, the same laws that keep ISPs from taking action also keep law enforcement from “reaching in” and cleaning your computer. The laws actually protect the bad guys.

I am cheering for the FBI to hunt down and kill more of these botnets. If they don’t, we will all be at greater and greater risk. If a botnet is used for an attack on a nation state, the victim might launch an attack on all the parts of the network. That means you! Our country and our allies are constantly wrestling with this problem, but others might not.

It is in everyone’s interest to stop these threats. LEA are trying, as are security firms, and ISPs, but until we align the laws, get grandpa (and all of us too) to stop clicking on spam, and develop accurate attribution tools, the problem will not go away.

Remember, the Zombies are out there, not to eat your brains, but to control your computer!

Dr. Steven Bucci is director of the Allison Center for Foreign Policy Studies at The Heritage Foundation. He was previously a lead consultant to IBM on cyber security policy. Bucci’s military and government service make him a recognized expert in the interagency process and defense of U.S. interests, particularly with regard to critical infrastructure and what he calls the productive interplay of government and the private sector. Read More