Washington, DC – Today U.S. Senator Sheldon Whitehouse held a hearing of the Judiciary Subcommittee on Crime and Terrorism to examine efforts to address the threat from botnets – networks of infected computers that are used to carry out cyber attacks, send spam messages, steal consumers’ personal information, and for a variety of other criminal purposes. The hearing featured testimony from individuals in both the public and private sectors who have worked to combat botnet activity, and highlighted the need for coordination between those sectors on this issue.
Botnets are one of the most powerful weapons cyber criminals have in their arsenals. A botnet can allow a single hacker to control an army of “zombie” computers, which can be used for a variety of malicious purposes. For instance, botnets are responsible for sending approximately three-quarters of all spam generated worldwide. Botnets are frequently used to launch denial-of-service attacks, which can shut down popular websites. And botnets are often used to steal personal information and other sensitive data from unsuspecting internet users. According to estimates, the largest botnets infect millions of computers, but most users have no idea that their computers have been infected.
“Simply put, botnets threaten the integrity of our computer networks, our personal privacy, and our national security,” Whitehouse said in his opening statement. “My hope is that this hearing starts a conversation among those dealing day-to-day with the botnet threat and those of us in Congress who are deeply concerned about that threat.”
Witnesses testifying at today’s hearing were Leslie Caldwell, Assistant Attorney General in the Criminal Division of the United States Department of Justice; Joseph Demarest, Jr., Assistant Director of the Cyber Division at the Federal Bureau of Investigation; Richard Boscovich, Assistant General Counsel for Microsoft’s Digital Crimes Unit; Cheri McGuire, Vice President of Global Government Affairs & Cybersecurity Policy for Symantec Corporation; Dr. Paul Vixie, Chief Executive Officer of Farsight Security; and Craig Spiezle, Executive Director of the Online Trust Alliance.
“The computers of American citizens and businesses are, as we speak, under attack by individual hackers and organized criminal groups using state-of-the-art techniques seemingly drawn from a science fiction movie,” said Assistant Attorney General Caldwell. “Unfortunately, this cybercrime wave is all too real. Botnet attacks are intended to undermine Americans’ privacy and steal from unsuspecting victims. If left unchecked they will succeed.”
“We do not—and cannot—fight botnets alone,” noted Boscovich. “As the title of this hearing suggests, fighting botnets requires efforts from both the private and public sector.”
“In the private sector, we need to know that we can work with our government partners and with our private sector counterparts to disrupt botnets without having to look over our shoulder to ensure we are not running afoul of the law,” added McGuire. “To be clear, I am not talking about a blank check – what I am saying is that consistent with privacy protections and legal parameters, we need to be able to share cyber threat information and coordinate with our peers in industry and our partners in law enforcement quickly and efficiently.”
Whitehouse and U.S. Senator Lindsey Graham serve as Chairman and Ranking Member of the Subcommittee, respectively, and have worked together on efforts to combat cyber threats. They have cosponsored legislation to promote public awareness of cyber security, and are coordinating on efforts to crack down on economic espionage.
###