Will the US Government Get Ahead of the Trickbot Botnet?
The Trickbot botnet has gathered notoriety for the danger that it poses to individuals and institutions.
So much so that one of the World’s most devastating cyber threats was recently shutdown.
This victory, though, can be attributed to the joint actions of the US Government, Microsoft, and several other cybersecurity firms.
Public and Private Engagement Shutdown Trickbot
Recent reports show that the US Cyber Command and the software giant through various efforts have been able to ward shutdown the botnet before the US Presidential elections in November.
In line with the nature of botnets, Trickbot was designed to use denial of service (DDOS) and other attacks to steal personally identifiable information (PII) from victims.
Since 2016, the botnet has been spreading across the internet. The botnet is said to have infected millions of devices across the spectrum.
Trickbot is Made of many Parts
Trickbot appears to be a spin-off of the deadly Dyreza. It also has some advanced capabilities that include Bitcoin wallet theft, among others.
Many had before now considered the serious nature of the Trickbot botnet operations close to the US Presidential elections.
Already, during the last election cycle, (the US congressional mid-term 2018 elections), Cybercom displayed its ability to do this by shutting down.
It is in line with the US “persistent engagement” policy.
According to the policy, the US cyber command can and will engage with bad actors rather than seek the cooperation of technology providers.
How the Trickbot Takedown Occurred
Tom Burt, Corporate Vice-President, Customer Security, and Trust Microsoft had in a recent post indicated that Microsoft was part of a combined effort with other technology partners to takedown Trickbot.
Microsoft’s approach was, however, from a different perspective; a legal one.
Microsoft approached the US District Court for Eastern Virginia to obtain a court order.
The software giant took full advantage of the legal case for Trickbot abusing the copyright framework as far as Window’s operations and other supported software are concerned.
Microsoft having studied how the many variants of Trickbot worked approached the Court on copyright issues as far as Windows and windows compatible systems were concerned.
The major argument here was that Trickbot was accessing Microsoft Windows systems and breached copyright laws by doing so.
The Court order paved the way for Microsoft and other partners to execute their takedown.
It presents a new paradigm. One where private companies use legal mechanisms to undertake international takedown of criminal networks without any executive governmental approval.
While it could be argued that such actions border on the abuse of power by state actors, the use of a Court order as a legal instrument is also an indication that big tech will now perform certain actions as they see fit based on legal instruments such as Court orders.
US Cybercom Undertakes a Parallel Operation
As Microsoft and other partners were executing their takedown, the US Cyber Command was also running its operation against the botnet.
According to sources, Cybercom officials had employed various strategies in attacking the Trickbot Botnet.
One of these strategies was the addition of false information to those already gleaned by the attackers.
Another was the direct shutdown and disconnecting of infected devices.
As always, in such scenarios, official confirmation of the operation will be vague at best.
Unofficially though, the takedown on the part of the notoriously secretive Cybercom represents a practical example of its persistent engagement policy in action.
While the simultaneous takedown operations have diminished the botnets’ ability to run, the Botnet operators will find ways to make their prior operations profitable.
They are also most likely in the process of rebuilding the botnet after significant losses.
The Trickbot Botnet was a Threat to Credible Elections
The consensus in the technology community is that botnets are a threat to technology-based events.
Such events include elections, power generation, and distribution, healthcare, supply chain operations to name a few.
With a significant event coming up, it comes as no surprise that attempts were made to at best cripple the Trickbot botnet.
Botnets are becoming increasingly complex and can do far more damage than they could previously.
Ransomware scenarios are the current norm.
They are frustrating beyond measure.
However, the ability of code to talk to hardware is becoming the order of the day.
A scenario where voting systems get shut down in the US Presidential elections is a distinct possibility in this day and age.
That, however, may not occur if both public and private actors get their act right and focus on the enemy.
The Trickbot botnet takedown is just the beginning.