Skip to main content
SpringerLink
Log in
Book cover

Botnets pp 1–40Cite as

Botnets, Cybercrime and National Security

  • Chapter
  • First Online:

Part of the book series: SpringerBriefs in Cybersecurity ((BRIEFSCYBER))

Abstract

This chapter will address how botnet infrastructure could be exploited for national security and cybercrime purposes. Cyber threats, including botnets, represent a fast developing international issue that is facilitated by the low awareness of end-users, by differences in national legal and policy approaches to cyber security and by the lack of attention to security in companies providing Internet services. Botnets are used for reaping economic gains by criminals as well as for politically motivated activities. Although many efforts have been made recently in mitigating botnets, they will be likely to re-emerge at the new level of sophistication and organisation. Also, botnet activity will move away from developed countries and spread further in emerging markets and in developing countries. The following study approaches the subject as a public policy issue and will analyse the phenomenon of botnets from national security, law enforcement and regulatory policy perspective. It will also offer recommendations for policy-makers on different public policy responses to effectively fight botnets, and highlights the need for international response mechanisms. In order to successfully address cyber threats, law enforcement capacity building and criminal justice should be strengthened globally, with a special focus on fast growing emerging economies.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    See the Grum botnet case in earlier section, for instance.

  2. 2.

    Although Estonia did limit Internet connectivity at the peak of attacks on 8–9 May, the connection was never cut off entirely, and Internet always worked inside Estonia. The Internet architecture in Estonia allows to limit connectivity to outside world and maintain functionality of online services inside the country. In order to allow Estonian citizens to conduct their everyday online business, the method of limiting connectivity with the rest of the world was used as a last resort for few days during the cyber attacks.

  3. 3.

    International law enforcement cooperation was very good during and after the event, only one country, which has also not joined a major international cyber convention, the Council of Europe Convention for Cybercrime, declined the international obligation under the Mutual Legal Assistance Treaty to investigate the cyber attacks organised from its territory.

  4. 4.

    The Law of Armed Conflicts and International Humanitarian Law regulate when the use of force in armed conflicts has occured and which principles apply when using the force.

  5. 5.

    Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on Critical Information Infrastructure Protection—Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience {SEC(2009) 399} {SEC(2009) 400}, COM/2009/0149 final.

References

  1. Rowinski, D. (2011). Cybecrime as large as illegal drug trade. Symantec Reports. Retrieved September 8, 2011, from http://www.readwriteweb.com/archives/symantec_cybercrime_as_large_as_the_illegal_drug_t.php.

  2. Europol presentation at the: Round table on cyber security: Which role for the European Parliament? European Parliament Workshop of Cybercrime. November 22, 2011.

    Google Scholar 

  3. Hogben, G., Plohmann, D., Gerhards-Padilla, E., Leder, F. (2012). Botnets: Detection, measurement, disinfection and defence. ENISA Report, March 7, 2012.

    Google Scholar 

  4. Lewis, J. A. (2012). Significant cyber incidents since 2006. Publication of the Center for Strategic and International Studies, May 4, 2012.

    Google Scholar 

  5. Hogben, G., Plohmann, D., Gerhards-Padilla, E., Leder, F. (2011). Botnets: Ten tough questions, ENISA Report, 2011.

    Google Scholar 

  6. Microsoft Security Intelligence Report, January–June 2009.

    Google Scholar 

  7. Hogben, G., Plohmann, D., Gerhards-Padilla, E., Leder, F. (2012). Botnets: Detection, measurement, disinfection and defence. ENISA Report, March 7, 2012.

    Google Scholar 

  8. van Eeten, M. et al. (2010). The role of internet service providers in botnet mitigation: An empirical analysis based on spam data. OECD Science, Technology and Industry Working Papers, 2010/05, OECD Publishing.

    Google Scholar 

  9. Armin, J. et al. (2012) Top 50 bad hosts and networks. HostExploit’s Worldwide Cybercrime Series 1st Quarter Report, April 2012.

    Google Scholar 

  10. Gross, G. (2012). Cybersecurity bill would create costly regulations, say critics. ITNews, February 16, 2012.

    Google Scholar 

  11. Africa used as botnet army; South East Asia invests in information warfare; Latin America beefs up regulation, Info-Security Magazine, July 30, 2012.

    Google Scholar 

  12. Empsak, J. (2012). How banking trojans empty your online accounts. NBCNews, April 24, 2012.

    Google Scholar 

  13. White house announces public-private partnership initiative to combat botnets. Press Release, The U.S. Department of Commerce, May 30, 2012.

    Google Scholar 

  14. Kirk, J. (2012). Microsoft leads seizure of Zeus-related cybercrime servers. NetworkWorld, March 26, 2012.

    Google Scholar 

  15. Magnuson, S. (2010). Russian cyberthief case illustrates security risks for U.S. corporations. National Defence Magazine, May 2010.

    Google Scholar 

  16. Armin, J. (2011). The carbon market, cyber attacks and organised criminal gangs. Hostexploit, January 27, 2011.

    Google Scholar 

  17. Palo Alto networks discover “Jericho” an emerging botnet. Spamfighter News, May 12, 2012.

    Google Scholar 

  18. Krebs, B. (2008). Host of internet spam is cut off. Washington Post, November 12, 2008.

    Google Scholar 

  19. Leyden, J. (2011). Rustock takedown: How the world’s worst botnet was KO’d. The Register, March 23, 2011.

    Google Scholar 

  20. Rustock. Special Edition Security Intelligence Report: Battling the Rustock Threat, March 16, 2011.

    Google Scholar 

  21. Schwartz, M. J. (2010). Bredolab botnet still spewing malware. Information Week, October 29, 2010.

    Google Scholar 

  22. Huge spam botnet Grum is taken out by security researchers. BBC News, July 19, 2012.

    Google Scholar 

  23. Ryan, J. (2012). DHS: Hackers mounting organised cyber attack on U.S. gas pipelines. ABC News, May 9, 2012.

    Google Scholar 

  24. In the dark: Crucial industries confront cyberattacks, McAfee Report, 2011.

    Google Scholar 

  25. Williams, C. (2011). GCHQ aims to protect critical private networks from hackers, The Telegraph, March 8, 2011.

    Google Scholar 

  26. Internet based attacks on critical systems rise, BBC News, April 18, 2011.

    Google Scholar 

  27. Clayton, M. (2011). FBI to kill secret-stealing Russian botnet: Is your computer infected? The Christian Scince Monitor, May 6, 2011.

    Google Scholar 

  28. How conficker continues to propagate. Microsoft Security Intelligence Report, vol. 12, 2011.

    Google Scholar 

  29. Willsher, K. (2009). French fighter planes grounded by computer virus. The Telegraph, February 7, 2009.

    Google Scholar 

  30. Researcher warns of Android phone “botnet”. Yahoo News, July 5, 2012.

    Google Scholar 

  31. Georgia tech information security center and Georgia tech research Institute “Emerging Cyber Threats Report 2012”, Georgia Tech Cyber Security Summitt 2011.

    Google Scholar 

  32. Brooks, C. (2011). Cybersecurity experts say small businesses beware, Business News Daily, October 9, 2011.

    Google Scholar 

  33. Demchak, C. (2012). Resilience, disruption, and a “Cyber Westphalia”: Options for national security in a cybered conflict world. In N. Burns, J. Price (Eds.), Securing cyberspace: A new domain for national security. Queenstown: Aspen Institute.

    Google Scholar 

  34. Nathan, T. (2005). Inside the Chinese hack attack, Time, August 25, 2005.

    Google Scholar 

  35. Winkler, I. (2005). Guard against titan rain hackers, Computer World, October 20, 2005.

    Google Scholar 

  36. Clarke, R. A. (2012). How China steals our secrets. New York Times, April 2, 2012.

    Google Scholar 

  37. Deibert, R., Rohozinski, R. (2009). Tracking ghostnet: Investigating a cyber espionage network, Information Warfare Monitor, March 29, 2009.

    Google Scholar 

  38. Zetter, K. (2010). Google hack attack was ultra sophisticated, New details Show, Wired, January 14, 2010.

    Google Scholar 

  39. Alperovitch, D. (2011). Revealed: operation shady RAT, McAfee White Paper, Retrieved August 3, 2011 from http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf.

  40. Lewis, J. A. (2012). Significant cyber incidents since 2006, Publication of the Center for Strategic and International Studies, May 4, 2012.

    Google Scholar 

  41. Olsen, K. (2009). Massive cyber attack knocked out government web sites starting on July 4, Huffington Post, July 9, 2009.

    Google Scholar 

  42. Leyden, J. (2011). Palestine fingers Israel for blasting Gaza off the net: Services wiped out in DDOS attack, The Register, November 2, 2011.

    Google Scholar 

  43. Duma Delegation Visits Estonia, Postimees, May 02, 2007.

    Google Scholar 

  44. Estonia’s decision to dismantle the monument to soviet soldier desecrates WWII history, Pravda, April 26, 2007.

    Google Scholar 

  45. Digital fear emerge after data siege in Estonia, New York Times, May 29, 2007.

    Google Scholar 

  46. The hackers take down the most wired country in Europe, The Wired, August 21, 2007.

    Google Scholar 

  47. Senators quizz government for cybersecurity initiative. Security Focus, May 5, 2008.

    Google Scholar 

  48. Danchev, D. (2008). Coordinated Russia vs Georgia cyber attack in progress. Zdnet.com, August 11, 2008.

    Google Scholar 

  49. Leidner, J. (2008). Bear prints found on Georgian cyber-attacks. The Register, August 14, 2008.

    Google Scholar 

  50. Krebs, B. (2008). Report: Russian hacker forums fueled Georgia cyber attacks. The Washington Post, October 16, 2008.

    Google Scholar 

  51. Council of Europe treaty office website. http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=185&CL=ENG.

  52. van Eeten, M. et al. (2010). The role of internet service providers in botnet mitigation: An empirical analysis based on spam data, OECD science, Technology and Industry Working Papers, 2010/05, OECD Publishing.

    Google Scholar 

  53. Hathaway, M. E. & John E. S. (2012). Duties for internet service providers. Paper, Munk School of Global Affairs, University of Toronto, March 2012.

    Google Scholar 

  54. Hathaway, M. E. (2012). Falling prey to cybercrime: Implications for business and the economy. Chap. 6 in Securing cyberspace: A new domain for national security. Queenstown: Aspen Institute.

    Google Scholar 

  55. Hathaway, M. E. (2012). Internet service providers are the front line of cyber-defence, Europe’s World, Spring 2012.

    Google Scholar 

  56. van Eeten, M. et al. (2011). Internet service providers and botnet mitigation: A fact-finding study on the Dutch market, Delft University of Technology, January 2011.

    Google Scholar 

  57. Cyber clean centre website. https://www.ccc.go.jp/en_index.html.

  58. Website of the anti-botnet advisory center. https://www.botfrei.de/en/ueber.html.

  59. Norton Cybercrime Report, Symantec 2012.

    Google Scholar 

  60. Global project on cybercrime (Phase 2), 1 March 2009–31 December 2011, Council of Europe Final Project Report, April 9, 2012.

    Google Scholar 

  61. Project on cybercrime in Georgia, Council of Europe website. http://www.coe.int/t/dghl/cooperation/economiccrime/cybercrime/cy_project_in_georgia/projectcyber_en.asp.

  62. Cybercrime, council of Europe website. http://www.coe.int/t/DGHL/cooperation/economiccrime/cybercrime/default_en.asp.

  63. Cybercrime, council of Europe website. http://www.coe.int/t/DGHL/cooperation/economiccrime/cybercrime/default_en.asp.

  64. Council framework decision 2005/222/JHA of 24 February 2005 on attacks against information systems (pp. 0067–0071). Official Journal of the European Union, March 16, 2005.

    Google Scholar 

  65. The EU internal security strategy in action: Five steps towards a more secure Europe. COM(2010) 673 final, Brussels, November 22, 2010.

    Google Scholar 

  66. Commission to boost Europe’s defences against cyber-attacks, IP 12/1239, Retrieved September 30, 2010, from http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/1239.

  67. Communication from the commission to the European parliament, the council “Tackling crime in our digital age: Establishing a European cybercrime centre”. COM(2012) 140 final, Brussels, March 28, 2012.

    Google Scholar 

  68. EU Directive 2009/136/EC of the European parliament and of the Council of 25 November 2009 amending Directives 2002/21/EC on a common regulatory framework for electronic communications networks and services, 2002/19/EC on access to, and interconnection of, electronic communications networks and associated facilities, and 2002/20/EC on the authorisation of electronic communications networks and services, Official Journal of the European Union, December 18, 2009.

    Google Scholar 

  69. Cyber Europe 2012, ENISA website. http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cyber-crisis-cooperation/cyber-europe/cyber-europe-2012.

  70. London conference on cyberspace: Chair’s statement. Retrieved November 2, 2012, from http://www.fco.gov.uk/en/news/latest-news/?view=PressS&id=685663282.

Download references

Author information

Authors and Affiliations

  1. Expert in Cybersecurity, Islandi väljak 1, 15094, Tallinn, Estonia

    Heli Tiirmaa-Klaar

  2. Research Group Cyber Defense, Fraunhofer FKIE, Friedrich-Ebert-Allee 144, 53113, Bonn, Nordrhein-Westfalen, Germany

    Jan Gassen & Elmar Gerhards-Padilla

  3. Director Fraunhofer FKIE, Fraunhofer FKIE, Friedrich-Ebert-Allee 144, 53113, Bonn, Nordrhein-Westfalen, Germany

    Peter Martini

Authors
  1. Heli Tiirmaa-Klaar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jan Gassen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Elmar Gerhards-Padilla
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Peter Martini
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Heli Tiirmaa-Klaar .

Rights and permissions

Reprints and permissions

Copyright information

© 2013 The Author(s)

About this chapter

Cite this chapter

Tiirmaa-Klaar, H., Gassen, J., Gerhards-Padilla, E., Martini, P. (2013). Botnets, Cybercrime and National Security. In: Botnets. SpringerBriefs in Cybersecurity. Springer, London. https://doi.org/10.1007/978-1-4471-5216-3_1

Download citation

  • DOI: https://doi.org/10.1007/978-1-4471-5216-3_1

  • Published:

  • Publisher Name: Springer, London

  • Print ISBN: 978-1-4471-5215-6

  • Online ISBN: 978-1-4471-5216-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation