Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Connectivity

Trump’s Call for a Crackdown on Botnets Is a Long Shot

Complicated technical and political challenges stand in the way of the president’s wish for a “dramatic” reduction in botnet attacks.

President Trump wants to crack down on botnets, the networks of hacked zombie computers that criminals or adversaries can use to carry out large-scale cyberattacks. Achieving this would surely disrupt the cybercriminal infrastructure, but it will also require that the administration overcome monumental technical and political hurdles.

This month, Trump signed a long-awaited executive order addressing the cybersecurity threat, which many national security experts consider the top threat facing the United States. Though the order contains mostly broad language, it does single out botnets, calling for them to be “dramatically” reduced. Criminals can use botnets to execute a range of different kinds of cyberattacks, from malware and spam distribution to distributed denial of service (DDoS) attacks, which entail flooding a target’s server with artificial traffic. The threat is growing as we connect more cheap webcams, baby monitors, DVRs, and other Internet of things devices, which hackers can use to launch attacks (see “10 Breakthrough Technologies: Botnets of Things”).

Subscribe to The Download
What's important in technology and innovation, delivered to you every day.
Manage your newsletter preferences

The administration has some relatively new tools at its disposal to combat botnets. Recent changes to the federal rules of criminal procedure allow investigators to use a single search warrant to hack into multiple computers comprising a botnet. The Justice Department used this authority recently to dismantle a global botnet that had been stealing banking credentials and distributing e-mail spam and malware. The Trump team could also renew legislative proposals made by the Obama Justice Department that would broaden the instances in which the FBI could get a court order to compel an ISP to shut down botnet traffic, says Zachary Goldman, executive director of the Center on Law and Security at New York University School of Law.

Still, while these new avenues may help law enforcement officials dismantle botnets, they won’t do much to prevent botnet-powered DDoS attacks, which are growing larger and more frequent every year. After a botnet briefly took down much of the Internet for millions of users in the U.S. last October, prominent security researchers warned Congress that the proliferation of poorly secured connected devices represents a market failure, and urged the government to step in to address the growing risk.

Exactly how the government should intervene is a matter of debate. At question is which agencies have the proper authorities, which ones should be in charge, and what Internet service providers should be doing to help.

In the absence of government action to cut down on the risky devices connecting to the Internet, ISPs could try to collaborate to root out and stop DDoS attacks before they do much damage. Since these attacks are easiest to detect near the target, and easiest to stop near the source, an automated system that ISPs could use to detect attacks and then signal to other providers upstream to coördinate rapid responses could be particularly effective, says Jim McEachern, senior technology consultant at the Alliance for Telecommunications Industry Solutions (ATIS), a computing industry standards organization. ATIS’s members include ISPs, device makers, and Internet companies.

What should the government do about the growing risks posed by the Internet of things?

Tell us what you think.

Components of such a system already exist. The Internet Engineering Task Force, an organization made up of volunteers from the industry that develops new Internet standards, is creating technical standards for a secure messaging system that businesses could use to signal for help that they are under attack. Called DDoS Open Threat Signaling, or DOTS, the system would appeal for assistance from an ISP or other entity with the capacity and necessary tools to filter out the bad traffic—a process called “scrubbing.” If ISPs agreed to coöperate on stopping DDoS attacks, they could also use DOTS to signal between each other, says Andrew Mortensen, an engineer at Arbor Networks who is helping lead the DOTS project.

ISPs haven’t yet agreed to join forces against botnets, and for obvious reasons. The idea raises complicated new business and policy questions, since asking an ISP to block traffic is essentially asking it to forgo revenue, and someone will have to foot the bill for the traffic scrubbing technology, says McEachern. The business-related issues “are going to be at least as challenging as the technical ones.”

Trump’s order gives the Secretaries of Commerce and Homeland Security a year to iron out a plan for beating back botnets and other distributed attacks. That could be too long, Senator Mark Warner of Virginia, cofounder of the Senate Cybersecurity Caucus, told MIT Technology Review in an e-mail statement. “I fear that the president’s lengthy time frame for identifying and promoting actions to address these risks … misapprehends the gravity of these threats.”

Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.

Subscribe today

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Insider Basic.
  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.