One of President Donald Trump’s early cybersecurity actions will be a public call for internet companies to collaborate to stop the scourge of botnets — massive networks of compromised computer hardware weaponized by hackers.
“I believe we can radically reduce the number of botnets in this country,” White House homeland security adviser Thomas Bossert said Wednesday. “I believe that’s a voluntary effort … The president will call for that publicly,” he said at a Center for Strategic and International Studies event Wednesday.
Almost any device that connects to the internet — from PCs to DVRs and webcams — can be recruited into a botnet, and in unscripted remarks, Bossert laid out in stark terms the consequences of such widespread insecurity — and the need to address it at a systemic level.
“That one keyboard operator at one machine can launch code that then turns thousands or hundreds of thousands of devices against one target — a bank — strikes me as something that we should not address at the bank level,” he said.
If the hacker enterprise was a mountain, “the top of the mountain is that guy at that keyboard. If we can find that guy and eliminate his privileges from the internet, that would be great,” he said.
“But in the interim,” he said, “all the players that are involved in this… in a voluntary way [need to] figure a method for identifying those botnet attacks by looking at network traffic and shunting it a little bit more effectively,” he said, saying major social media and consumer internet companies needed to be involved alongside internet service providers.
“I think right now our approach is to have the ISPs shunt that traffic. And there’s a cost to that, right? It’s happening a little bit too close to the bank.”
Botnets can be used to send vast quantities of fraud-laden spam email, and they also can generate huge attacks targeting a website with constant requests to connect, overwhelming the site’s servers and preventing genuine visitors from getting through. Mitigating these distributed denial of service or DDoS attacks is currently an “opportunity cost,” Bossert said.
Because the malware that carries the infection communicates over the internet, compromised hardware can be detected and isolated.
In several high-profile cases over the past three or four years, ISPs and other tech firms have banded together with law enforcement in multiple countries to get a court order allowing action against particular botnets — essentially cutting infected computers off from the internet until their owners download security software that cleans the infection off the hard drive.
“Botnet attacks can be reduced, if not to zero, then we can dramatically reduce their number,” said Bossert.
He said the government would steer clear of regulation. “My instinct, the president’s instinct, is not to mandate or regulate this,” he said. “This will be a call for voluntary coordination. [The president] will set a leadership goal, and we’ll provide the mechanism to coordinate that effort,” he said.
Valecia Maclin, director of cybersecurity for Raytheon Intelligence, Information and Services, said her initial impressions of the prospect of White House leadership on the issue were favorable. “There is a lot you can do,” at the technical level to deflect DDoS and other botnet attacks
“At the end of the day, you will need some policy input,” she said, comparing the issue to cyberthreat information sharing, where legislation eventually provided a legal safe harbor for companies who send threat indicators to the government.