from Digital and Cyberspace Policy Program

Zero Botnets

Building a Global Effort to Clean Up the Internet

Botnets—groups of computers infected with malicious software often used for crime—cost the economy billions of dollars each year. Technology makers, ISPs, cybersecurity companies, and law enforcement need to work together across the globe to fight botnets.

Council Special Report
Concise policy briefs that provide timely responses to developing crises or contributions to current policy dilemmas.

Botnets are the bane of the internet. Criminals use these groups of computers infected with malicious software to propagate spam, send phishing emails, guess passwords, impersonate users, and break encryption. Their most pernicious use, however, is to carry out distributed denial of service (DDoS) attacks. DDoS attacks harness the power of the individual computers that make up the botnet to send internet traffic to a target, thereby blocking legitimate traffic. As much as 30 percent of all internet traffic may be attributable to botnets, and most of that traffic is from DDoS attacks.

Jason Healey

Senior Research Scholar, Columbia University’s School for International and Public Affairs

Robert K. Knake
Robert K. Knake

Whitney Shepardson Senior Fellow

Most DDoS attacks are criminal in nature, often used by companies to take down their competitors’ websites or servers; however, China, Russia, and Iran have all harnessed botnets for geopolitical purposes. A motivated nation-state actor could easily harness millions of systems to shut down countries’ domestic networks or target core internet infrastructure and shut the internet down globally. Foreign governments certainly might judge such actions to be to their advantage in some scenarios.

More on:

Cybersecurity

Digital Policy

Influence Campaigns and Disinformation

Cybercrime today may cost the global economy $600 billion per year, with much of that loss tied to botnets, and those losses are only set to grow. About sixteen billion devices are connected to the internet today, and both that number and the number of vulnerable and infected devices are expected to double in the next five years. Even if only the tiniest fraction of these devices is infected with botnets, malicious actors will have enormous disruptive potential at their disposal. Thus an ambitious goal of zero botnets is necessary.

To achieve that goal, information security experts first need to do a better job of measuring current botnet activity and set incremental goals for reductions. Nations and international institutions should then work to establish the principle that states are responsible for the harm that botnets based within their borders cause to others. When governments are unable or unwilling to be responsible, other states may be justified in taking action, in or out of the cyber domain, to thwart cross-border effects. Similarly, at the internet service provider (ISP) level, good stewards of online spaces need to hold other ISPs accountable for the bad traffic leaving their networks. The makers of devices that are vulnerable to becoming parts of botnets need to be incentivized to secure their devices, and the resellers of those devices should use their leverage to hold them accountable. Hosting providers, name registrars, and other components of the internet ecosystem that are used by botnets should be pressured to police themselves and prevent their services from being used for criminal purposes. Finally, when these measures fail to suppress the growth of botnets, an ongoing international effort to take down botnets will be necessary.

Professors: To request an exam copy, contact [email protected]. Please include your university and course name.

Bookstores: To order bulk copies, please contact Ingram. Visit https://ipage.ingrambook.com, call 800.234.6737, or email [email protected]. Include ISBN: 978-0-87609-739-7.

More on:

Cybersecurity

Digital Policy

Influence Campaigns and Disinformation

Top Stories on CFR

United States

Each Friday, I look at what the presidential contenders are saying about foreign policy. This Week: Joe Biden doesn’t want one of America’s closest allies to buy a once iconic American company.

Immigration and Migration

Dara Lind, a senior fellow at the American Immigration Council, sits down with James M. Lindsay to discuss the record surge in migrants and asylum seekers crossing the U.S. southern border.

Center for Preventive Action

Every January, CFR’s annual Preventive Priorities Survey analyzes the conflicts most likely to occur in the year ahead and measures their potential impact. For the first time, the survey anticipates that this year, 2024, the United States will contend not only with a slew of global threats, but also a high risk of upheaval within its own borders. Is the country prepared for the eruption of election-related instability at home while wars continue to rage abroad?