Senators take aim at ‘armies of zombie computers’

A group of senators this week introduced reworked legislation to combat botnets, which transmit computer viruses, after the measure failed to make it into the major cybersecurity bill passed late last year. 

{mosads}The reintroduced bill, from Sens. Lindsey Graham (R-S.C.), Sheldon Whitehouse (D-R.I.) and Richard Blumenthal (D-Conn.), would expand the authority of law enforcement and the courts to crack down on botnets.

“This bill will arm law enforcement and our courts with tools to help fight back and better protect Americans from cybercrime,” Whitehouse said in a Thursday statement.

Botnets are networks of “zombie” computers infected with viruses that force them to forward transmissions to other computers without their owners’ knowledge.

They have been implicated in the rapid expansion of ransomware, viruses that encrypt users’ computers for the purpose of extortion.

“Cybercriminals can wield these armies of zombie computers to carry out all manner of criminal activity — from pillaging private data, to shutting down businesses’ websites, to attacking critical infrastructure,” said Whitehouse, the Ranking Member of the Senate Judiciary Subcommittee on Crime and Terrorism.

Whitehouse and Graham stumped for the bill during a lightly attended Senate Judiciary Committee hearing on ransomware this week.

Supporters of the bill say it gives necessary authority to the Department of Justice (DOJ) to seek injunctions against botnets engaged in a broader range of illegal activity. Under current law, supporters say, the DOJ can only go after botnets engaged in fraud or illegal wiretapping, not those that result in the destruction of data or denial-of-service attacks.

The bill would also create a new criminal offense for selling or providing access to botnets, as well as grant judges the discretion to impose stiffer penalties for attacking computers that control critical infrastructure — something that has been met with support from some business groups.

“The Chamber supports increasing the resources that law enforcement agencies need to counter and mitigate cyber threats,” the U.S. Chamber of Commerce wrote in a Thursday letter to Whitehouse and Graham. “S. 2931 would help tip the scales of justice toward American law enforcement and industry.”

Some privacy groups oppose the legislation, arguing that it offers insufficient protections to the victims of botnets — possibly opening their computers up to damages during a government shutdown of a zombie network — and would expand penalties under a computer hacking law that critics say is already too harsh.

Whitehouse wanted to attach a version of the legislation as an amendment to the Cybersecurity Act of 2015, passed as part of last year’s omnibus package, but was rejected.