Skip to Content

Trump’s Call for a Crackdown on Botnets Is a Long Shot

Complicated technical and political challenges stand in the way of the president’s wish for a “dramatic” reduction in botnet attacks.

President Trump wants to crack down on botnets, the networks of hacked zombie computers that criminals or adversaries can use to carry out large-scale cyberattacks. Achieving this would surely disrupt the cybercriminal infrastructure, but it will also require that the administration overcome monumental technical and political hurdles.

This month, Trump signed a long-awaited executive order addressing the cybersecurity threat, which many national security experts consider the top threat facing the United States. Though the order contains mostly broad language, it does single out botnets, calling for them to be “dramatically” reduced. Criminals can use botnets to execute a range of different kinds of cyberattacks, from malware and spam distribution to distributed denial of service (DDoS) attacks, which entail flooding a target’s server with artificial traffic. The threat is growing as we connect more cheap webcams, baby monitors, DVRs, and other Internet of things devices, which hackers can use to launch attacks (see “10 Breakthrough Technologies: Botnets of Things”).

The administration has some relatively new tools at its disposal to combat botnets. Recent changes to the federal rules of criminal procedure allow investigators to use a single search warrant to hack into multiple computers comprising a botnet. The Justice Department used this authority recently to dismantle a global botnet that had been stealing banking credentials and distributing e-mail spam and malware. The Trump team could also renew legislative proposals made by the Obama Justice Department that would broaden the instances in which the FBI could get a court order to compel an ISP to shut down botnet traffic, says Zachary Goldman, executive director of the Center on Law and Security at New York University School of Law.

Still, while these new avenues may help law enforcement officials dismantle botnets, they won’t do much to prevent botnet-powered DDoS attacks, which are growing larger and more frequent every year. After a botnet briefly took down much of the Internet for millions of users in the U.S. last October, prominent security researchers warned Congress that the proliferation of poorly secured connected devices represents a market failure, and urged the government to step in to address the growing risk.

Exactly how the government should intervene is a matter of debate. At question is which agencies have the proper authorities, which ones should be in charge, and what Internet service providers should be doing to help.

In the absence of government action to cut down on the risky devices connecting to the Internet, ISPs could try to collaborate to root out and stop DDoS attacks before they do much damage. Since these attacks are easiest to detect near the target, and easiest to stop near the source, an automated system that ISPs could use to detect attacks and then signal to other providers upstream to coördinate rapid responses could be particularly effective, says Jim McEachern, senior technology consultant at the Alliance for Telecommunications Industry Solutions (ATIS), a computing industry standards organization. ATIS’s members include ISPs, device makers, and Internet companies.

Components of such a system already exist. The Internet Engineering Task Force, an organization made up of volunteers from the industry that develops new Internet standards, is creating technical standards for a secure messaging system that businesses could use to signal for help that they are under attack. Called DDoS Open Threat Signaling, or DOTS, the system would appeal for assistance from an ISP or other entity with the capacity and necessary tools to filter out the bad traffic—a process called “scrubbing.” If ISPs agreed to coöperate on stopping DDoS attacks, they could also use DOTS to signal between each other, says Andrew Mortensen, an engineer at Arbor Networks who is helping lead the DOTS project.

ISPs haven’t yet agreed to join forces against botnets, and for obvious reasons. The idea raises complicated new business and policy questions, since asking an ISP to block traffic is essentially asking it to forgo revenue, and someone will have to foot the bill for the traffic scrubbing technology, says McEachern. The business-related issues “are going to be at least as challenging as the technical ones.”

Trump’s order gives the Secretaries of Commerce and Homeland Security a year to iron out a plan for beating back botnets and other distributed attacks. That could be too long, Senator Mark Warner of Virginia, cofounder of the Senate Cybersecurity Caucus, told MIT Technology Review in an e-mail statement. “I fear that the president’s lengthy time frame for identifying and promoting actions to address these risks … misapprehends the gravity of these threats.”

Keep Reading

Most Popular

Conceptual illustration of a therapy session
Conceptual illustration of a therapy session

The therapists using AI to make therapy better

Researchers are learning more about how therapy works by examining the language therapists use with clients. It could lead to more people getting better, and staying better.

street in Kabul at night
street in Kabul at night

Can Afghanistan’s underground “sneakernet” survive the Taliban?

A once-thriving network of merchants selling digital content to people without internet connections is struggling under Taliban rule.

Conceptual illustration showing a file folder with the China flag and various papers flying out of it
Conceptual illustration showing a file folder with the China flag and various papers flying out of it

The US crackdown on Chinese economic espionage is a mess. We have the data to show it.

The US government’s China Initiative sought to protect national security. In the most comprehensive analysis of cases to date, MIT Technology Review reveals how far it has strayed from its goals.

IBM engineers at Ames Research Center
IBM engineers at Ames Research Center

Where computing might go next

The future of computing depends in part on how we reckon with its past.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.