Damage by Botnets
Monday, April 30. 2007
A few days ago, Ed Felton posted a summary of a recent Botnet Briefing in Washington. The interesting point is the question whether or not the $5000 damage threshold of the Computer Fraud and Abuse Act is too high for such cases and if it would make more sense to have some designated number of computers affected. Presumably this comes back to the question on how to estimate the damage of a single incident. Do you take into account the time to clean up the bot-infected machines (re-installing the system, customizing everything, restoring from backup, ...) and also the costs of possible DDoS, identity theft, or other kind of victims?
".
