Washington, DC – Senators Sheldon Whitehouse (D-RI), Lindsey Graham (R-SC), and Richard Blumenthal (D-CT) have announced the Botnet Prevention Act of 2016, which would provide law enforcement and the courts expanded power to disrupt botnets—networks of infected computers used to commit cybercrime—and hold accountable those who create and use them.
“Cybercriminals can wield these armies of zombie computers to carry out all manner of criminal activity—from pillaging private data, to shutting down businesses’ websites, to attacking critical infrastructure,” said Whitehouse, the Ranking Member of the Senate Judiciary Subcommittee on Crime and Terrorism. “This bill will arm law enforcement and our courts with tools to help fight back and better protect Americans from cybercrime.”
“Cybercriminals are engaging in crimes that are as old as time itself,” said Graham, who is the Chairman of the Judiciary Subcommittee on Crime and Terrorism. “At the end of the day, they’re just using new technologies to try and shake people and businesses down and steal their money. The imagination of the criminal is unlimited. It’s important we give the authorities the ability to hold accountable those who plot and carry out this new wave of high-tech crimes.”
“It may sound like something straight out of a sci-fi movie, but networks of virus-infected computers pose a real threat to our country’s security. Cybercriminals can use these zombie computer networks to infiltrate sensitive databases, shut down infrastructure, and steal personal information. This critical legislation would give law enforcement the tools it needs to fight back against cybercrime—one zombie computer network at a time,” said Blumenthal.
Botnets are formed by infecting computers of unsuspecting users with malware that grants the originator of the infection complete control over the machine. By commanding hundreds, thousands, or even millions of computers at once, hackers are able leverage a powerful network of compromised computers while concealing their true identity. Botnets facilitate a wide range of criminal activity, including the theft of personal and financial information, intrusions into online bank accounts, and identity theft on a massive scale. Hackers have also been known to sell or lease the use of their botnets to others engaged in cybercrime.
According to estimates compiled by the U.S. Department of Justice (DOJ), botnets infect 500 million computers each year—or 18 victims per second. They have caused over $9 billion in losses to victims in the United States and over $110 billion in losses globally.
Introduced this week, the Botnet Prevention Act would strengthen law enforcement and courts’ authority to clamp down on botnets in several areas:
- It would enhance the DOJ’s authority to obtain injunctions used to shut down botnets. Under current law, the DOJ’s authority to seek injunctions is limited to botnets engaged in fraud or illegal wiretapping. The bill would expand that authority to cover a wider range of illegal activity, including the destruction of data, denial-of-service attacks used to disrupt websites, and other criminal acts that damage computers.
- It would grant judges the discretion to impose tougher penalties on those who attack the computers that control critical infrastructure, such as dams, power plants, and hospitals.
- It would create a new criminal offense targeting criminals who sell access to the compromised computers in a botnet. Under current law, it is difficult to prosecute sellers of access to compromised computers—especially when the seller is not the person who compromised the computer in the first place—because no current criminal law directly prohibits this conduct. The legislation would close this loophole.
###
