Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress by Clay Wilson

Summary: Cybercrime is becoming more organized and established as a transnational business. High technology online skills are now available for rent to a variety of customers, possibly including nation states, or individuals and groups that could secretly represent terrorist groups. The increased use of automated attack tools by cybercriminals has overwhelmed some current methodologies used for tracking Internet cyberattacks, and vulnerabilities of the U.S. critical infrastructure, which are acknowledged openly in publications, could possibly attract cyberattacks to extort money, or damage the U.S. economy to affect national security.

In April and May 2007, NATO and the United States sent computer security experts to Estonia to help that nation recover from cyberattacks directed against government computer systems, and to analyze the methods used and determine the source of the attacks. Some security experts suspect that political protestors may have rented the services of cybercriminals, possibly a large network of infected PCs, called a “botnet,” to help disrupt the computer systems of the Estonian government. DOD officials have also indicated that similar cyberattacks from individuals and countries targeting economic, political, and military organizations may increase in the future.

Cybercriminals have reportedly made alliances with drug traffickers in Afghanistan, the Middle East, and elsewhere where profitable illegal activities are used to support terrorist groups. In addition, designs for cybercrime botnets are becoming more sophisticated, and future botnet architectures may be more resistant to computer security countermeasures.

This Congressional Research Service (CRS) report discusses options now open to nation states, extremists, or terrorist groups for obtaining malicious technical services from cybercriminals to meet political or military objectives, and describes the possible effects of a coordinated cyberattack against the U.S. critical infrastructure. This report will be updated as events warrant.