The war on botnets

"We looked at the body of laws that were in place in the civil world in the US and asked how could we adopt these to be able to confront some of these 21st centutry problems?' There is always a cry for new laws and new legislation, but the reality is there are a lot of good laws on the books that were passed for other purposes that are easily translatable."

It's all about creative use of the current laws, rather than begging for fresh legislation, Boscovich argues. In this week's DNS Changer takedown, courts were again convinced to let law enforcement take a botnet apart. Datacentres in Chicago and New York were raided and dirty servers replaced with clean ones all thanks to a court order. If the perpetrators had been warned in that case, it could have ruined five years' worth of work.

Indeed, the company' responsible for running the botnet, an Estonian organisation called Rove Digital, had previously moved servers when they sensed law enforcement was closing in on some of its other suspicious operations, according to Trend Micro. Imagine if they'd been given notice again. Four million computers would still be infected and the crooks would continue making millions fraudulently.

The future

Whilst the work of law enforcement, industry and others involved in the war on botnets is more than commendable, it would be unwise to get carried away. There remain some major obstacles to overcome. The first is how to tackle the subdomain issue.

At the current time, there is no requirement for domain hosts to know anything about those using their subdomains. In the case of Kelihos, Microsoft got a little lucky. Dominique Alexander Piatti of Czech domain hoster dotFREE Group was accused, along with a number of unidentified suspects, of owning a domain cz.cc and using it to register other subdomains which were running the Kelihos botnet.

It is time for the community to put more rules in place internationally through ICANN, hopefully, to get more transparency as to who is really behind these domains and subdomains.

Yet Microsoft dropped a lawsuit against Piatti late last month as it seemed dotFREE was simply being used by Kelihos's controllers. Anyone hoping the case would inspire law makers to create fresh legislation were to be sorely disappointed. Domain hosts will still not be forced into knowing who their customers are. The crooked ones will simply turn a blind eye to pernicious activity on their servers.

"There are a lot of domains hosting hundreds of thousands of subdomains that are really hosting nasty stuff," said Boscovich. He explained dotFREE had been highly proactive in cleaning up its game and learning about its customers. The domain industry should follow suit, he said. Either that or extra regulation is required.

"We would really like to see either the other subdomainers employ the same kind of business practices or maybe even have ICAAN require that if you're going to provide subdomains that you're required to get the same information registrars are asked to get," he added.

"It is time for the community to put more rules in place internationally through ICANN, hopefully, to get more transparency as to who is really behind these domains and subdomains that are causing a lot of problems."

Subdomainers aren't the only ones who need to be brought into line. The young up-starts of the info-sec world need to be convinced to join the party too. The divisions between the new players and the old guard could mean certain important data isn't being shared. If these schisms aren't dealt with, ironically, industry in-fighting will only benefit the cyber criminals.

In essence, it's all about greater and greater collaboration. The war against botnets will always be one of attrition. As in the real world, you can't ever completely kill crime. Yet if you can build a sizeable enough army, and keep its various factions at peace with one another, you'll be winning the fight even if you won't win outright.