Government

FBI rounds up bot-herders, national security at stake


During the May 2007 Anti-Phishing Working Group Counter eCrime summit in San Francisco, researcher Joe St. Sauver spoke about the need for a government agency to step up and help in the war against consumer computer compromise. He stated that consumers aren't capable of taking the steps necessary to prevent their systems from becoming launching platforms for information theft or attacks against business and national infrastructure (Robert Lemos, "Gov't group needed to keep the Net healthy?" SecurityFocus, 14 June 2007).  It looks like a government agency is getting involved.

The FBI announced this week that a law enforcement effort named Operation Bot Roast has been responsible for identifying and bringing charges against three bot-herders in the United States. Along with the arrests, agents identified about a million bot-infested computers (Federal Bureau of Investigation, "Operation: Bot Roast," 13 June 2007). According to the FBI, Operation Bot Roast was launched "...because the national security implications of the growing botnet threat are broad."

To help consumers keep their PCs safe, the FBI and the National White Collar Crime Center have teamed up to create the Internet Crime Complaint CenterIn addition to tips about how to protect computers from cybercriminals, consumers who believe they have been -- or are -- the victims of Internet crime can report it at the site.

This looks like a great start, but the FBI's reach is limited. In my opinion, the majority of Internet incidents involving national security originate in other countries. These countries, such as China, are typically resistant to outside interference in internal affairs. This is especially true when the government itself is likely a perpetrator.  (See "The growing threat of cyberwarfare.") 

In addition to identifying systems that have already been infected, I believe the government must work with private industry and consumers to block the creation and use of bot armies in the first place. This will help prevent offshore attempts to compromise our national infrastructure.  Failure to do so will cause us to increasingly rely on the clemency of governments -- which are perfecting their ability to conduct cyberwarfare -- for our economic welfare.

About

Tom is a security researcher for the InfoSec Institute and an IT professional with over 30 years of experience. He has written three books, Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide (to be publish...

9 comments
BALTHOR
BALTHOR

The Mafia makes over a trillion dollars a month in Internet theft money.

geoff
geoff

The richest country in the world is the US, its M3 is around 6 trillion dollars plus the 15 trillion (give or take a trillion) dollars floating around the NY stock exchange. The Richest man in the world (according to Forbes for the 12th year running) is also the most hated man in computers, Master Gill Bates who at current levels is worth a whopping 27.31 billion dollars, though a slide from over a 100 billion in 1998. You could be thinking of the Yen, 1 trillion yen is ?4,075,699,986.025 or $8,103,238,238.179 dollars (at time of writing) I think that the world?s economics could cope with that amount disappearing into the hands of a greedy criminal corporation (no not Microsoft) where as if a trillion dollars was stolen, online by the mafia each month then the US would be broke within 6 months, within 2 years the Mafia would hold most of the world wealth, the United states would be approaching a third world country and I?d be out of a job, maybe all good things apart from me losing my job of course. Maybe it?s under a billion a month and it?s the combined mafia (An amalgamation of all the Mafias. Italian, Russian, Chinese, UK, Easter Island and the pink fluffy land of rainbow dreams Mafia, which is the most feared of all the Mafia for their use of a brutal torture technique involving some Ben and Jerry?s chunky monkey ice cream, an inflatable plastic novelty toothbrush and one large European hedgehog) and it?s all the money, from all enterprises and scams that the crime syndicates run over a month or maybe it?s just wrong. I?m going to be putting my money on the latter.

Chaz Chance#
Chaz Chance#

Are you: a) Quoting a reliable source? b) A member of the Mafia? c) Just plain making it up? If a) then please provide your source. If b) then I mean you no disrespect, and please don't have me killed. If c) then what do you gain from spreading rumours?

tomb
tomb

"Nothing New Here, move along now". The IC3 has been around for over a decade, and has failed to put a dent in cybercrime. As with any wild frontier, or when traveling in parts of the world where the rule of law is tenuous, it is by banding together that we can protect ourselves. Projects like DShield and ThreatSTOP can help protect in real time, while law enforcement can only deter, and prosecute after the damage is done.

Chaz Chance#
Chaz Chance#

...your own company web site, is it Tom?

tomb
tomb

But it is relevant, and we work in the space, with the people who are really making a difference: The Internet Storm Center.

Editor's Picks