Obama Administration Wants More Legal Power To Disrupt Botnets

Trailrunner7 writes: The Obama administration has proposed an amendment to existing United Stated federal law that would give it a more powerful tool to go after botnets such as GameOver Zeus, Asprox and others. In recent years, Justice, along with private security firms and law enforcement agencies in Europe, have taken down various incarnations of a number of major botnets, including GameOver Zeus and Coreflood. These actions have had varying levels of success, with the GOZ takedown being perhaps the most effective, as it also had the effect of disrupting the infrastructure used by the CryptoLocker ransomware.

In order to obtain an injunction in these cases, the government would need to sue the defendants in civil court and show that its suit is likely to succeed on its merits. "The Administration's proposed amendment would add activities like the operation of a botnet to the list of offenses eligible for injunctive relief. Specifically, the amendment would permit the department to seek an injunction to prevent ongoing hacking violations in cases where 100 or more victim computers have been hacked. This numerical threshold focuses the injunctive authority on enjoining the creation, maintenance, operation, or use of a botnet, as well as other widespread attacks on computers using malicious software (such as "ransomware" )," assistant attorney general Leslie Caldwell wrote.

Simple solution, really

[Jhon]

Declare bot-nets a utility -- then regulate them.

(ducks and runs)

Re:

[cyberchondriac]

or crafty.. instead of using an old law with just enough power, they willingly forget it and write a new one with a whole lot more power.

Re:

[davester666]

Unfortunately, Tor and Bittorrent also fall under the vague definition of 'botnet'.

Re:

[Anonymous Coward]

Declare bot-nets a utility -- then regulate them.

But if you like your bot-net, then you can keep your bot-net.

Obama Administration also wants

[Anonymous Coward]

more freedom in what it can be allowed to label as a botnet. How about any selection of computers in any government, or computers belonging to a large company in a competing market, or a competing foreign economy?

Re:

[ganjadude]

it will be like the definition of a gang "any group of 3 or more people" "any person who controls more than one computer"

Re:

[Jane Q. Public]

more freedom in what it can be allowed to label as a botnet.

Knowing government, their definition would turn out to include things like SETI at Home and Folding at Home. Then they'd ignore the ones they don't care about, and only prosecute the ones they felt were "bad" for some reason. But if the law covers them all, who knows what that reason might be on any given day?

That's the way they've done a lot of crap in the past! What we need is less government, not more.

Really? You think?

[Anonymous Coward]

Could have stopped at "wants more legal power."

Re:Really? You think?

[TheGratefulNet]

do not give them this power!

they can then 'schwartz you' if they want.

I would not be surprised if they defined 'botnet' as any automated network job or task. which means anything we do that has any automation to it would be 'against the law'.

way too much power, here!

botnets suck but legal means is NOT the way to stop them!

each time we give the government more legal means to punish, its almost always the wrong 'bad guys' that get punished, like aaron.

JUST SAY NO to more US laws. we have too many laws already. why they think that adding MORE laws is a good idea, I'll never undertstand. (well, I do understand, but I'll never LIKE it)

this law, like PATRIOT would be misused eventually. better to not have any law than one that will obviously be misused and probably won't take very long to misuse it, either.

I'm at the point now where "if you want it, I want you to NOT have it" - meaning, laws that politicians want. if you wanted that, that's enough to show me you don't really deserve it.

Re:

[Anonymous Coward]

... this law, like PATRIOT would be misused eventually ...

Unlike the 'PATRIOT laws', which have been misused / abused eventually, to the detriment of the common people, Obama's latest request already pre-packaged with all the nasty intentions that his administration is notorious for --- misused / abuse are guaranteed to happen, for sure

... and don't forget ... they will lie about it, under oath, and get away with it

Re:

[Anonymous Coward]

"do not give them this power!

they can then 'schwartz you' if they want."

You are way late, see here about america...

http://williamblum.org/aer/read/137 [williamblum.org]

Reason doesn't work the way we thought it does:

https://www.youtube.com/watch?v=PYmi0DLzBdQ [youtube.com]

Most have no clue what's really going on in the world... the elites are afraid of political awakening (aka global revolt). i.e. they fear you stopping voting for politicians and causing social and political change because the democratic system is a sham.

This (mass surve

Re:

[Lord Kano]

You beat me to the punch.
This is what I was going to say on the matter.

And to be fair, it's not just Obama. It has been pretty much every head of the executive branch for as long as I have been alive but he's the guy there now.

LK

Re:

[Wootery]

I'll have a go at a less cynical explanation:

As society advances, there will be an ongoing increase in the number of issues that government needs to address, requiring ever-increasing specific powers.

Re:

[Wootery]

Government "needs" to address them since society is too lazy to do so on their own.

It's government or nothing. Sure, in a perfect world, everyone would maintain good security on their own machines. But it's not happening.

Re:

[khallow]

I'm good with "nothing" here. I don't see what government is going to do to address these issues that's better than doing nothing at all.

Re:

[Wootery]

The old anything government does is wrong line, then.

It's not self-evident that government efforts to stop botnets are doomed to fail.

Re:

[khallow]

You have a reason for your opinion, or is it a hope that this time, the federal government won't abuse the power it's given and which it didn't need?

Re:

[Wootery]

Well sure, that's my assumption. I'm not sure what's the nearest example we can look at.

Re:

[Ravaldy]

But is this really bad if properly implemented?

What about the botnets run by the NSA . . . ?

[PolygamousRanchKid]

Actually, the headline could have been simply shortened to: Obama Administration Wants More Legal Power!

And whatever administration that comes next, will also want more legal power.

Re:

[Anonymous Coward]

And there will be many that will cheer the continual power grab on.
"So this is how liberty dies... with thunderous applause."

Re:What about the botnets run by the NSA . . . ?

[bondsbw]

Yep. Polarizing party politics causes large numbers of citizens to align with parties even when it means shedding their own morals and desires.

Just to keep this in perspective, this is largely how the Nationalsozialistische Deutsche Arbeiterpartei (Nazi party) gained power. Of course, that's not to say it has anything to do with what was done with that power. But that's the beauty of power... all it takes is allowing a true lunatic to gain that power and we might be in for another world war.

Re:

[nehumanuscrede]

*groan*

No offense, but like the Ben Franklin quote about freedoms vs security, the Star Wars reference about applause needs to be buried and never heard again.

Re:

[Ralph Siegler]

"Wesa got a grand army. That's why you no liking us meesa thinks. "

useless, dishonorable pricks

[Anonymous Coward]

they know that only thing capable of challenging the status quo of espionage landscape are the botnets. Basically, the Government thugs want a monopoly on espionage-over-ip type of business model. While using the botnets that they do take over in their own missions, with plausible deniability all over. "i swear, its those russian ZEUS botherders that did it"... except like... there were jokes about zeus in 2007, how only prepubescent kids use it...

Not only are THEY not playing by the rules, they want to mak

I'm OK with it ...

[CaptainDork]

... this ransomware shit is tiresome and needs to be hammered into the ground. I can't find the bastards but the government can't hide a fucking thing.

Re:

[Anonymous Coward]

... the government can't hide a fucking thing

Say what???

There are so many things the government has decided that you are not privy to know (aka hidden from you) and you are here telling us that the government can't hide a fucking thing???

Re:

[CaptainDork]

Think a minute, OK?

Government abuse has been all over the news lately.

Manning and Snowden were so far removed from the core of security and walked off with all the goods.

The government is transparent, but due to incompetence.

Computer abuse and fraud act?

[Anonymous Coward]

Doesn't the already existing Computer abuse and fraud act already give his administration all the power they need to go after botnet operators? If not, can somebody explain to me what authority it doesn't give him that he claims he needs?

Re:

[userw014]

The article mentions "certain frauds" but doesn't try to enumerate or summarize what frauds - and I haven't gone looking at the law itself to see what the "certain frauds" is.

Could the new definition include crap-ware pre-installed on workstations or that comes with other downloads? What about phone or tablet apps that download advertising? What affect would this have on the app stores?

Government should be a coordinator, not the hammer

[Aqualung812]

If you have a malicious device connected to an ISP, the ISP should be the one to disconnect it. The problem is that the target of the malicious device is often on another ISP.

Rather than allowing the government to be the hammer and force people offline, the government should create a coordination point where attacks can be reported and the proper ISP and their customers alerted to the activity.

One of the activities could be creating OSS that allows for firewall logs to send attack information to this central resource.

Another could be creating a help page that assists end users with understanding why they're having this issue and how to correct it.

Finally, proposing a Internet remediation zone would be the best end result. Instead of pulling the cord on infected devices, put them on a standard ACL/web filter that only allows them to software updates and AV signatures.

These are harder tasks for any one ISP to do, but a good thing for government to do.

Remediation zone

[Aqualung812]

Man, the more I think of it, I REALLY like the idea of a standard remediation zone that all ISPs could deploy.

DNS would be filtered, only DNS responses to hosts on the allowed list. I would even be ok with MitM changes to DNS queries in this case.

Again, the idea is that you are only placed in this zone when your device has attacked another.
Once you think you've fixed the issue, they could allow all DNS traffic again, but watch your traffic to see if the attacks resume. This could be automated, so the end user doesn't have to constantly call the ISP.

Re:

[plover]

It'd be pretty easy to do, really. Create a quarantine VLAN, and if someone's spewing bad packets, flip them into it. Once inside, there could be all kinds of safety rails. All DNS requests would be hijacked and rerouted to the ISP's special quarantine DNS server. Packets would only be allowed to destinations where a valid DNS request was previously made. No routing would be allowed through the network: all packets must either have a source or destination address within the VLAN. SMTP traffic would be

Re:

[andrewbaldwin]

Oh great!

This would open the door to even more unsolicited calls from "Microsoft Windows" telling you that you have a problem and offering to supply a fix. Just a minor change to the script 'virus' now becomes 'botnet' and away they go again

This scam is gradually dying off (in the UK at least -- I almost mis the opportunity to prolong the conversation and annoy the scammers) but I can well foresee it wakening up gain if ISPs were charged with telling their customers that they have a problem.

It's a nice ide

Re:

[Aqualung812]

Capture their DNS and have it be a website.

Coordinate with the Ad Council to get them to run PSA showing the standard redirect page and how to check the SSL cert of that page. Remind the viewers that this is the ONLY way their ISP will notify them of an issue and that your hardware and software vendor will never call you.

Re:

[nehumanuscrede]

Dunno.

Look how well the whole DMCA thing works. Pretty much anyone can toss out a bogus claim and have all sorts of things taken offline without a whole lot of investigation done about the legitimacy of said claim.

Imagine taking a network offline from the ISP level due to some bogus botnet claim. Getting your YouTube video taken down is one thing, knocking your entire business offline is quite another. Some may consider that to be a strawman, but I try to think about what some idiot with nothing else to

Re:

[Aqualung812]

Imagine taking a network offline from the ISP level due to some bogus botnet claim.

That's exactly my point. They're wanting the ability to take you completely offline. I'm proposing a middle ground where you're not knocked completely offline, and getting back online can be automated.

Always, ALWAYS question the motives of any governmental request for additional powers.

We agree, that is why I want them to be a coordinator, not the executioner.

Re:

[LessThanObvious]

How are the ISPs responding currently? Is there any current international cooperation for shutting down offenders based on good faith evidence?

I would tend to agree the ISP responsible for allowing a user to transmit traffic on the internet has the ethical obligation to squash malicious criminal action that is harming other internet users. I'd also like them to be the first line, but I think the government or better yet an independent international team should have abilities that would go beyond those of th

Save us! Something must be done!

[P3r1$c0p3]

DoJ has declaired that all computers must join the Federal Botnet so they can't be absorbed into other botnets under a new executive order by the president. In other news, a large new botnet is reaking havoc on the internet. President Obama seeks new powers to deal with this emergent threat. Attacks have increased since the formation of the FedNet, and law enforcement is puzzled as to where the attacks are originating. Homeland Security has requested 900 billion dollars to meet this new mystery threat.

Re:

[JustNiz]

Dumbidum? Does It have electrolytes?

News Flash

[MitchDev]

People in Hell want ice water...

Government always wants more power....

Obama Wants More Legal Power To Disrupt Botnets

[Feral Nerd]

So can we now expect the Republicans declare to a crusade to promote the creation of botnets? ...or have I misunderstood how American democracy works these days?

Re:

[blue9steel]

More likely botnet operators will be labeled "job creators" and given tax breaks. Amusement aside, I'm not opposed to this idea in general but I'd want there to be a strong judicial process around it and some sort of civilian review and oversight of the program long term.

Re:

[Anonymous Coward]

Did you miss the part where what he wants already exists with judicial oversight and process, he is asking to be able to ignore that part of what already exists.

Re:

[blue9steel]

Actually what he's saying is that the current system is quite burdensome and slow and he's looking for a way to make things more efficient. Of course more efficient for the government isn't necessarily a good thing in this case.

First...

[funwithBSD]

they came for the Botnets.

Yes, botnets. Like the "Occupy" websites.

[gestalt_n_pepper]

Because in the end, that's where this goes.

More power to disrupt botnets?

[MagickalMyst]

Learn to code.

How to Disrupt Botnets?

[DougPaulson]

er .. switch off all those compromised Windows Desktop computers out there clogging up the Intertubes ..