Page 1

Battling Botnets: Implications for a Cybercrime Strategy

July 8, 2010

Page 2

Is it a game, or is it real?

Page 3

Times have changed!

Page 4

The botnets

Page 5

The threat is real

• 1.5 million infected machines/ day

• 21 million botnet connections per month

• 44 billion bad e‐mails/month

• 200 Petabytes of malicious traffic / year

Page 6

Victims are clueless

Page 7

Agenda

• the nature of cybercrime

• different regulatory modalities

• examples from the Canadian Criminal Code

• implications for a cybercrime strategy

Page 8

Question:

Can we apply general rules of law, and specifically, criminal law, to the Internet context?

Page 9

Take one

“…the best way to learn the law applicable to specialized endeavors is to study general rules.... Any effort to collect these strands into a course on "The Law of the Horse" is doomed to be shallow and to miss unifying principles.”

- F. Easterbrook “Cyberspace and the Law of the Horse” (1996)

Page 10

Take two

“… there is an important general point that comes from thinking in particular about how the law and cyberspace connect.

This general point is about the limits on law as a regulator and about the techniques for escaping those limits. This escape in both real space and in cyberspace comes from recognizing the collection of tools that society has at hand for affecting constraints upon behavior.”

- Lawrence Lessig, “The Law of the Horse: What Cyberlaw Might Teach” (1999)

Page 11

Cybercrimes

In the Canadian Criminal Code

Page 12

Section 342.1(2)

“computer system” means a device that, or a group of interconnected or related devices one or more of which,(a) contains computer programs or other data, and(b) pursuant to computer programs,

(i) performs logic and control, and(ii)may perform any other function;

Page 13

Categories of cybercrimes

1. child exploitation

2. hate crimes

3. fraud

4. identity theft

Page 14

The headlines

Page 15

Regulatory modalities: an example

Page 16

Legal

Page 17

Social

Page 18

Market forces

Page 19

Architecture

Page 20

Modal Interplay

recognizing the interplay of all four modalities will enhance our ability to contend with cybercrimes

Page 21

“thou shall not use the Internet to prey on minors”

The law is clear

Page 22

Ok, but is the same true online?

Are other constraints we have on predators in real space effective in cyberspace?

Page 23

A chatroom isn’t like a classroom

Page 24

Social modality is different

• victims are aware they are conversing online with adults

• only 5% of offenders pretended to be teens when they met potential victims online

• rarely deceive victims about their sexual interests

Source: Wolak et al., 2004

Page 25

Market forces seemingly absent

• some child friendly sites

• some emphasizing parental controls

Page 26

Architecture modality is largely untouched

• physical layers (cable, wireline, etc)

• logical layers (software and standards)

• content layer (text, images, etc.)

Page 27

The challenge of cyberspace

• the regulatory modalities change

• changes need to be noted

Page 28

Proactive defence

• discover, infiltrate and disrupt activity before an attack

• involves a multi-pronged approach that leverages technology

Page 29

Bill C-28

• Fighting Internet and Wireless Spam Act (FISA)

• considers the technology

• promotes a holistic

• reflecting the regulatory modalities

Page 30

FISA law

• recognizes nature of the technology

• facilitates consultation, referral and information sharing

• implicates foreign states

Page 31

FISA social

• recognizes impact on the individual and privacy issues

• promotes the transparency and openness of practices

Page 32

FISA architecture

• prohibits the altering of a data transmission

• exempts service providers for the purposes of “network management”

• promotes the use of systems to help identify and intercept activities

Page 33

FISA market forces

• part of a general Canadian trend

• service provider intervention is permissible if not necessary

Page 34

What does this mean?

Implications for a cybercrime strategy

Page 35

Law: strategic implications

• recognize the different modalities and how they work in cyberspace

• design with technology in mind

Page 36

Social: strategic implications

• public awareness campaign

• individuals need to know about the risks associated with these crimes and how to mitigate these risks.

Page 37

Market forces: strategic implications

• incent players to participate

• better risk management capabilities should provide competitive advantage

• law enforcement agencies should outsource functions where more efficient to do so

Page 38

Architecture: strategic implications

• consider all layers of the technology form

• “sector networks” or “associations” to promote strategic partnerships among relevant players in cyber security

• establish standards for infrastructure protocols and procedures.

Page 39

Conclusion

• cybercrimes are substantively different from real space crimes - regulatory modalities may not function the same way

• no longer be a case of using old laws to adapt to new technology

• bolster proactive defences and take into account all regulatory modalities