Here’s a great conversation starter for a nice chat with your business leaders, “The FBI has found over 1 million computers are controlled by criminal botnets.”
Be prepared to answer some follow-up questions from your business leaders after telling them this, such as…
“Are any of these criminally-controlled computers on our network?”
“How do we know?”
“What about the computers our employees use at their homes to do business?”
“How do criminals put these botnets on the computers?”
“What are we doing to keep these botnets off our network?”
“What kind of damage can these botnets really do?”
“So our computers could be used to commit crime through these botnets?”
Could you answer these questions?
Determine what your answers would be then open up a conversation. They really are great ways to raise awareness with your business leaders. Just be sure you’re prepared to answer your management’s questions.
If you are not brave enough to pose this question to your C-level business leaders, at least consider creating an FAQ that answers these questions and posting it on your intranet.
Here’s the full text of the FBI press release for those of you too shy to go to the actual FBI site:
“Over 1 Million Potential Victims of Botnet Cyber Crime
Today the Department of Justice and FBI announced the results of an ongoing cyber crime initiative to disrupt and dismantle ‚Äúbotherders‚Äù and elevate the public’s cyber security awareness of botnets. OPERATION BOT ROAST is a national initiative and ongoing investigations have identified over 1 million victim computer IP addresses. The FBI is working with our industry partners, including the CERT Coordination Center at Carnegie Mellon University, to notify the victim owners of the computers. Through this process the FBI may uncover additional incidents in which botnets have been used to facilitate other criminal activity.
A botnet is a collection of compromised computers under the remote command and control of a criminal “botherder.” Most owners of the compromised computers are unknowing and unwitting victims. They have unintentionally allowed unauthorized access and use of their computers as a vehicle to facilitate other crimes, such as identity theft, denial of service attacks, phishing, click fraud, and the mass distribution of spam and spyware. Because of their widely distributed capabilities, botnets are a growing threat to national security, the national information infrastructure, and the economy.
“The majority of victims are not even aware that their computer has been compromised or their personal information exploited,” said FBI Assistant Director for the Cyber Division James Finch. “An attacker gains control by infecting the computer with a virus or other malicious code and the computer continues to operate normally. Citizens can protect themselves from botnets and the associated schemes by practicing strong computer security habits to reduce the risk that your computer will be compromised.”
The FBI also wants to thank our industry partners, such as the Microsoft Corporation and the Botnet Task Force, in referring criminal botnet activity to law enforcement.
Cyber security tips include updating anti‚Äëvirus software, installing a firewall, using strong passwords, practicing good email and web security practices. Although this will not necessarily identify or remove a botnet currently on the system, this can help to prevent future botnet attacks. More information on botnets and tips for cyber crime prevention can be found online at www.fbi.gov.
The FBI will not contact you online and request your personal information so be wary of fraud schemes that request this type of information, especially via unsolicited emails. To report fraudulent activity or financial scams, contact the nearest FBI office or police department, and file a complaint online with the Internet Crime Complaint Center, www.ic3.gov.
To date, the following subjects have been charged or arrested in this operation with computer fraud and abuse in violation of Title 18 USC 1030, including:
James C. Brewer of Arlington, Texas, is alleged to have operated a botnet that infected Chicago area hospitals. This botnet infected tens of thousands of computers worldwide. (FBI Chicago);
Jason Michael Downey of Covington, Kentucky, is charged with an Information with using botnets to send a high volume of traffic to intended recipients to cause damage by impairing the availability of such systems. (FBI Detroit); and
Robert Alan Soloway of Seattle, Washington, is alleged to have used a large botnet network and spammed tens of millions of unsolicited email messages to advertise his website from which he offered services and products. (FBI Seattle)
The FBI will continue to aggressively investigate individuals that conduct cyber criminal acts.”
Tags: awareness and training, botnet, cybercrime, FBI, Information Security, IT compliance, malware, policies and procedures, privacy, risk management