Senate Dem wants to battle botnets

Sen. Sheldon Whitehouse (D-R.I.) is raising alarms about criminal hackers that turn victims’ computers against their owners.

In a hearing on the “botnets” on Tuesday, the head of the Senate Judiciary subcommittee on Crime said that the systems allow hackers to “command a virtual army of millions, most of whom have no idea that they have been conscripted.”

ADVERTISEMENT
“The only limit to the malicious purposes for which botnets can be used is the imagination of the criminal who controls them,” Whitehouse said. And when a hacker runs out of uses for a botnet, he can simply sell it to another criminal organization to use for an entirely new purpose.

"It presents a virtual infrastructure of crime,” he added.

Whitehouse said that he is working with Sen. Lindsey Graham (R-S.C.), ranking member of the subcommittee, on a bill to crack down on the hackers that he hoped could pass this year.

“With any luck we can get something perhaps for the lame duck,” he told reporters after Tuesday’s hearing. “I think between now and the election the floor time is pretty heavily subscribed ... but I think after that we have a real option to move bipartisan, noncontroversial legislation, and that’s what this should be.”

Hackers use botnets to control people’s computers remotely, either to mask their own identity or to turn the devices into “zombies” for operations like sending out massive amounts of spam.

Some botnets, for instance, allow hackers to sneak into someone else’s webcam and discretely take pictures of users. Others, known as ransomware, lock down victims' computers and demand they pay a ransom to get all of their files and documents back.

The networks are massive, and infect about 18 victims per second, according to the FBI.

Botnet attacks are intended to undermine Americans’ privacy and steal from unsuspecting victims,” Leslie Caldwell, the assistant attorney general in the Justice Department’s Criminal Division, told the subcommittee. “If left unchecked, they will succeed.”

Efforts to fight the systems have had some success of late.

Last week, the Justice Department announced that “all or nearly all” computers infected by the Gameover Zeus botnet, which Caldwell said was “widely regarded as the most sophisticated criminal botnet in existence worldwide,” had been cleaned of the bug.

Still, the botnets are growing more advanced, officials told the Judiciary subcommittee.

The proliferation of connected devices known as the “Internet of Things” could lead to a wave of new “thingbots,” warned Cheri McGuire, vice president of cybersecurity policy with the security firm Symantec.

The government’s action on Gameover Zeus, she added, “should serve as a model for the future.”