Larry Greenemeier, “Estonian Attacks Raise Concern Over Cyber ‘Nuclear Winter,’”
, May 24, 2007, at [http://www.informationweek.com/news/showArticle. jhtml?articleID=199701774].
Jeanne Meserve, “Official: International Hackers Going After U.S. Networks,” CNN.com,October 19, 2007, [http://www.cnn.com/2007/US/10/19/cyber.threats/index.html].Sebastian Sprenger, “Maj. Gen. Lord Is a Groundbreaker,”
Federal Computer Week
,October 15, 2007, vol. 21, no. 34, p. 44.
Tom Espiner, “Security Expert: Storm Botnet ‘Services’ Could Be Sold,” CnetNews.com,October 16, 2007, [http://www.news.com/Security-expert-Storm-botnet-services-could-be-sold/2100-7349_3-6213781.html]. Dan Sullivan, “P2P Botnets Increasingly Sophisticated,Realtime-Websecurity,” April 18, 2007, [http://www.realtime-websecurity.com/articles_and_analysis/2007/04/p2p_botnets_increasingly_sophi.html].
Botnets, Cybercrime, and Cyberterrorism:Vulnerabilities and Policy Issues for Congress
Cybercrime is becoming more organized and established as a transnationalbusiness. High technology online skills are now available for rent to a variety of customers, possibly including nation states, or individuals and groups that couldsecretly represent terrorist groups. The increased use of automated attack tools bycybercriminals has overwhelmed some current methodologies used for trackingInternet cyberattacks, and vulnerabilities of the U.S. critical infrastructure, which areacknowledged openly in publications, could possibly attract cyberattacks to extortmoney, or damage the U.S. economy to affect national security.In April and May 2007, NATO and the United States sent computer securityexperts to Estonia to help that nation recover from cyberattacks directed againstgovernment computer systems, and to analyze the methods used and determine thesource of the attacks.
Some security experts suspect that political protestors mayhave rented the services of cybercriminals, possibly a large network of infected PCs,called a “botnet,” to help disrupt the computer systems of the Estonian government.DOD officials have also indicated that similar cyberattacks from individuals andcountries targeting economic, political, and military organizations may increase inthe future.
Cybercriminals have reportedly made alliances with drug traffickers inAfghanistan, the Middle East, and elsewhere where profitable illegal activities areused to support terrorist groups. In addition, designs for cybercrime botnets arebecoming more sophisticated, and future botnet architectures may be more resistantto computer security countermeasures.
This report discusses options now open to nation states, extremists, or terroristgroups for obtaining malicious technical services from cybercriminals to meetpolitical or military objectives, and describes the possible effects of a coordinatedcyberattack against the U.S. critical infrastructure. This report will be updated asevents warrant.