Crossroads Blog | Institute National Security and Counterterrorism

Cyber Legislation, Cybercrime, law enforcement, Legislation, malware

The Administration’s Proposed Statutory Change Explained

In an effort to apprise the public of the government’s ongoing effort to combat cyber crime, the DOJ began a series on its blog explaining some of the legislative proposals made by President Obama in January.  Each blog post will focus on a specific aspect of the proposal, and will outline the reasons behind the proposed changes.

The first post highlighted what we should all know: Individuals, organized criminal networks, and nation states that engage in cyber crime pose a serious threat to American citizens, businesses, as well as the nation’s economy.  The post also revealed the difficulties of protecting Americans because legislation still has not adapted to new technologies as the adversaries have.  The proposed changes include adding more types of illegal activities to existing laws, mainly 18 U.S.C. § 1345 (“section 1345”), to broaden their scope.

The second blog post focuses on section 1345 which authorizes federal courts to issue injunctions to stop the commission of certain fraud crimes and illegal wiretapping.  Once the court issues the injunction, law enforcement can launch an operation to shut down the networks that the attacks are originating from.  But crimes included in section 1345 are limited, and those that are included do not encompass many of the illegal activities that can be carried out using botnets today, according to the second blog post.  In 2014, the GameOver Zeus botnet was taken down under authority given by section 1345.  Although many computers worldwide were being targeted and made victims, the criminals behind the attack also targeted banks and bank customers which is what triggered section 1345, according to the post.

According to the post, the Administration’s proposed statutory changes would add the operation of a botnet to the list of offenses that would be eligible for injunctive relief.  The Administration’s proposal would allow the DOJ to seek injunctive relief to shut down botnets that victimize 100 or more computers.  The post explains that the numerical threshold allows the DOJ to focus on “enjoining the creation, maintenance, operation, or use of a botnet.”

The Administration is focusing on the ability of law enforcement to shut down botnets once it has already victimized computers, but wouldn’t it be more effective to focus on preventing the creation of botnets in the firs place?  I propose that in addition to statutory changes, the Administration begin programs designed to educate the general public on cyber-hygiene.  Personal computers can easily become a part of a botnet.  According to the FBI, a user can simply click a link in an unsolicited email to become infected with malware.

The following is a list of the FBI’s tips on protecting your computer:

  • Keep antivirus software on your computer and smartphone updated.
  • Use strong passwords, and avoid using the same one for everything.
  • Only download software from trusted sites.
  • Do not open attachments in unsolicited emails.
  • Patches for you operating system should be automatically downloaded.

Together, the efforts of the government, private sector and an educated public will likely improve our nation’s cyber security.

Leave a Reply

Bitnami