Lawful Detection, Investigation, and Prosecution of Botnet-related Crime

Botnets represent a powerful tool for committing cybercrimes: by using malware to take control of numerous information technology systems, an attacker has considerable resources at his disposal to commit (further) crimes in a concerted manner. Detecting (and combating) botnets is therefore a major concern for cybersecurity and cybercrime law, as well as for affected individuals with regard to the integrity of their systems.

Botnet detection is primarily a technical challenge, relying namely on the availability of a large amount of - up-to-date - data (e.g., on preceding attacks). It therefore stands to reason that such data should not only be collected by the respective operators on their own, but also exchanged or aggregated, especially since this also allows the distributed nature of the attack to be adequately taken into account. Data collection and, in particular, data exchange naturally raise questions of data protection law and technology, insofar as personal data are involved.

In the project described here, we are getting to the bottom of these data protection issues in interdisciplinary collaboration. For example, we need to clarify the extent to which the data required for botnet detection is actually personal data, and whether there are any conceivable ways of achieving sufficient anonymization of the data, particularly in the area of information exchange. Overall, the aim is to propose a procedure that takes comprehensive account of data protection requirements. In doing so, we are also exploring what the practical implementation of such a procedure might look like in institutional terms. For example, technical solutions are conceivable in which a third party with limited trust is involved in the communication; however, who could take on this role and how far the necessary trust in this institution must extend must be clarified in the course of the project.

Our research takes place in close cooperation with another subproject of the Chair of Criminal Law and Criminal Procedure of Prof. Dr. Dominik Brodowski, LL.M. (UPenn), which focuses on the security and criminal law aspects of botnet countermeasures.