Botnet boom requires new laws to deal with it, argues US Justice Department
US assistant attorney general demands more far-reaching laws from Congress
The threat posed by cyber criminals operating via vast botnets of hijacked computers has increased "dramatically" in recent years, according to the US Justice Department.
Testifying in front of a Senate subcommittee examining crime and terrorism, assistant attorney general Leslie Caldwell claimed that the botnet put together via the Gameover Zeus Trojan had caused losses of more than $100m - and this is just the tip of the iceberg.
Caldwell used his appearance to argue in favour of "updated and enhanced" laws so that organisations such as the Federal Bureau of Investigation (FBI) could better fight cyber crime - although much of it is planned and perpetrated far from the reach of US law enforcement in Eastern Europe and the countries of the post-Soviet Commonwealth of Independent States.
"The creators of the Gameover Zeus botnet designed a novel and resilient structure, including three distinct layers of command and control infrastructure that rendered the botnet particularly difficult to overcome.
"The department's successful disruption began with a complex international investigation conducted in close partnership with the private sector. It continued through the department's use of an inventive combination of criminal and civil legal process to obtain authorisation to stop infected computers from communicating with each other and with other servers around the world.
"The operation simultaneously targeted all three command and control layers of Gameover Zeus, and stopped Cryptolocker from encrypting additional computers," said Caldwell.
The operators of the Gameover Zeus Trojan and botnet used it to install the Cryptolocker "ransomware" on infected PCs. Cryptolocker infected key files on infected computers and gave the victims three days to pay a ransom of between $300 and $750, depending on the value of Bitcoin, their currency of choice.
Cryptolocker infected more than 260,000 computers worldwide, according to Caldwell, with the police department in Swansea, Massachusetts the most high-profile victim. It paid up $750 to regain access to investigative files and arrest photographs.
"Others refused to pay the ransom and tried to defeat the malware," said Caldwell.
"A Pittsburgh insurance company was eventually able to restore data from a backup, but only after incurring an estimated $70,000 in losses and sending employees home during remediation. A Florida company lost critical files, which resulted in an estimated $30,000 in loss.
"And a North Carolina business, whose main files and backup were both encrypted, lost its critical files despite engaging a computer forensics firm to try to restore its access. That company has lost about $80,000, and the owner told the FBI that he may have to lay off employees as a result," he said.
The loss of even the backup files demonstrates the value of an offsite backup procedure - not just mirroring data in real-time.
Caldwell admitted, though, that the FBI is unable to keep up with, and respond to, foreign requests for electronic evidence on cyber criminals located in the US. "Our capacity to do so simply has not kept up with the demand," he said. Its 2015 budget request, he continued, would enable the FBI to cut in half the amount of time it takes the organisation to respond to Mutual Legal Assistance Treaty requests.