/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow UsExistence of botnets in cyberspace now accounts for several decades. It is defined as the network of infected systems under the governance of a botnet master.
A botnet typically consists of an advanced piece of malware widely distributed with the crucial feature that it can enable remote control over the infected system by establishing and maintaining a communication channel to a Command and Control (C&C) infrastructure established by the botnet creator (Cyber War, Richard Clarke).
The infected machines can be utilized by cyber criminals for data or monetary theft or to disrupt any organization services. Botnets have been recognized as a grave threat to the nations whose economies are heavily dependent on the Internet. The cyber attacks on Estonia in 2007 were not as severe but it highlighted the increased use of botnets as an armor to conduct such attacks. In April 2007, for more than 22 days, the Estonian government and the private sector which included banks, Internet service providers and news portals - suffered due to a massive Distributed Denial of Services (DDoS) attacks.
The attack modus operandi was the initial introduction of bots in the Estonian national network. The Estonian incident propelled the nations to re-look their national cyber strategies or formulate one if non-existent and it also aided in adding cyber threat as a new category of threat to list of national security threats of various nations.
The cyber criminals are able to operate efficiently and carry out cyber crimes effectively because they work in tandem and with lucid strategies. To counter the dynamic threat landscape and bring down cyber criminal networks, nations need to build robust cyber defensive strategies and policies, if required specifically for botnets.
The level of sophistication and functionality of botnets has experienced a drastic advancement in the recent past. It started relying on P2P technologies and the establishment of a distribution network which is laid across several countries. Geographies where cyber security doesn't get the significant attention of policy makers and where legal provisions for cyber crimes are inadequate, become safe heavens for the bot networks.
Infected endpoints are vehicle for many planned attacks. However, identification and isolation of these endpoints is a tough challenge. It requires collaborative efforts from government cyber security machinery, service providers, security experts etc to take down the bot network.
The cyber security policy of a nation should take cognizance of the botnet networks. It should bring the operations of such network under the purview of legal framework. Nations should empower the machinery with necessary powers to take actions.
Nations should have active operations in identifying and taking down the network. Necessary international collaboration should be sought for the purpose. Collaborations between CERTs is a key to achieve critical success. International coordination mechanisms have been emerging in this direction.Service providers have specific responsibility towards this task.
They should have skills, capability and legal powers to act against the such networks. However, as these operations require significant resources and efforts, service providers may struggle to arrange them.
The most critical piece is to map the access points where botnets could be tentatively residing which can be global & national telecom networks and these points can be used to attribute infected end user machines.
There is a need to formulate national policies which specify disinfecting the infected end user machines or their isolation from the network. What can be other strategies or policies? It can be but not limited to action from industry, state and international organizations. The actionable elements need not be offensive in nature; it can incorporate defensive elements also. Some of the actionable elements to take down criminal networks under each pertinent stakeholder are as follows classified under different buckets.
These elements if implemented can give a philip on building a secure and hygienic cyber space.
I. Industry elements : Collaboration with government on cyber security at various levels i.e. forming public-private partnerships; establish cyber clean centers at organizational level etc.
II. State elements : Formulation of cyber security policy at the national level or its revitalization to botnets; Changes in legal and law enforcement frameworks; prioritization of cyber security at the stage of national security; Building public private partnerships specific to bots, National CERTs to establish botnet removal plan etc.
III. International organizations elements : European Union, NATO, ITU, OECD etc to work towards formulation of global internet security guidelines, to prepare dedicated cyber policies for its member states or organizations, establishment of bots specific information gathering and dissemination mechanisms etc .