The Daily Caller logo

Microsoft’s new Cybercrime Center combines tactics against hacking groups

Reuters Contributor
Font Size:

By Joseph Menn

REDMOND, Washington (Reuters) – The maker of the most popular computer operating system in the world is launching a new strategy against criminal hackers by bringing together security engineers, digital forensics experts and lawyers trained in fighting software pirates under one roof at its new Cybercrime Center.

Microsoft Corp’s expanded Digital Crimes Unit inside the 16,800-square foot, high-security facility combines a wide array of tactics that have worked the best: massive data gathering and analysis, gumshoe detective work, high-level diplomacy and creative lawyering.

The new approach, to be launched on Thursday, is the latest attempt to close the gap created in the past decade as criminal hackers innovated in technology and business methods to stay ahead of adversaries mired in the slow-moving world of international law enforcement.

Already, many of the biggest victories against organized online criminals have come when private companies have worked together to seize control of the networks of hacked computers, called botnets, that carry out criminal operations. Though it is at times derided for the security shortfalls in its own products, Microsoft has led more of those seizures than any other company.

“Cybercrime is getting worse,” Digital Crimes Unit chief David Finn told Reuters during an exclusive visit to the Redmond, Washington, campus building this week. But Finn hopes that by mixing specialists from various professional arenas, Microsoft can get better.

The center features a lab for dissecting malicious software samples that is accessible only with fingerprint authorization. In another room, a monitor tracks the countries and Internet service providers with the greatest number of machines belonging to some of the worst botnets.

Next to a situation room with a wall-sized, touch-screen monitor sit rows of empty offices for visiting police, Microsoft customers or other allies expected to join specific missions for days or weeks at a time.

There are hundreds or thousands of botnets, and Microsoft is trying to get only the biggest or most damaging, or else to pursue fights that would establish key precedents.

In the past few years “at least half of the major, significant takedowns have been driven by Microsoft,” said Steve Santorelli, a former Microsoft investigator and Scotland Yard cybercrime detective who now works at a security nonprofit group called Team Cymru.

Microsoft has tangled with a Mexican mafia family that proudly put brand labels on pirated Xbox game CDs, a ring that took online payments via a parking garage in Malaga, Spain, and a Russian virus writer paid with a paper bag full of cash — by a 12-year-old boy on a bike.

Outside security experts praised the cross-pollination of fraud, security and software specialists.

“That kind of integration is only for the better. The financial sector has been thinking along those lines as well,” said Greg Garcia, a former cybersecurity official at the Department of Homeland Security and at Bank of America who now advises the banking industry’s main cybersecurity coordination group, known as FS-ISAC.

The crimes unit doesn’t tackle government spying, where Microsoft is among the major Internet companies that have turned over large amounts of data on users to the U.S. National Security Agency (it is suing for the right to disclose how much). And another unit within Microsoft is in charge of making the company’s products less susceptible to hacking.

PIRACY SQUAD PROTECTS WINDOWS

About 80 of the crime unit’s 100 staffers have focused on the piracy of Microsoft products, with far fewer devoted to deconstructing the methods of criminals attacking Microsoft users and stopping them when possible.

But time and again, the piracy squad has found counterfeiters who were using botnets that also sent spam or attacked websites with denial-of-service attacks, or who slipped malicious software into copied Microsoft wares, or who had other ties to broader security issues.

In one test, undercover Microsoft employees bought 20 new computers in China the way average consumers would. All had pirated versions of Windows, and all had at least traces of malicious software. An expanded pool of 169 machines included 18 percent ready to receive electronic commands as part of a botnet called Nitol.

More critically, the piracy people bring experience with unusually powerful U.S. copyright laws. With a strong preliminary showing in court that their goods are being misrepresented, copyright owners can win orders allowing them to seize the offending property without prior notice.

In an innovative and aggressive twist, Microsoft has been using that law to seize website addresses, including those used by criminals to control botnets.

“Microsoft really has done a very positive job in a couple of areas, and one of those is construction of legal frameworks that create precedents that allow future actions,” said Jeff Williams, head of security strategy at Dell Inc’s SecureWorks Counter Threat Unit.

The Nitol case was remarkable in that it and other botnets were connecting to 70,000 addresses at a Chinese web domain-name seller called 3322.org. Microsoft won the right to filter all connections to those addresses and blocked more than 7 million attempts in 16 days. The owner of 3322 agreed to settle Microsoft’s lawsuit and to drop other bad addresses identified by Microsoft or Chinese Internet security officials in the future.

Microsoft also felled a botnet called Rustock, once one of the biggest sources of spam on the planet. More recently, it teamed with banks to seriously hurt two operations that sell do-it-yourself kits for crafting smaller botnets that have stolen hundreds of millions of dollars from online accounts.

The takedowns are often dramatic, with armed raids on multiple locations where servers are housed. If there are many control computers and they don’t get disconnected within minutes of one another, the surviving machines can issue new commands and recreate the entire network.

During one raid in Pennsylvania, an executive at the bad web page’s hosting company was cooperating when the site’s owner realized what was happening and changed his password from afar, locking out the official. The Microsoft team pulled out the cables to save the day.

Finn and Microsoft crime expert Richard Boscovich, a fellow former federal prosecutor, said they are working on new means to take down even more sophisticated botnets, which are controlled through a peer-to-peer mechanism instead of through centralized servers.

“You’ll be seeing some interesting stuff in the near future,” Boscovich promised. “This is an area where what is good for the business is good for society.”

(Reporting by Joseph Menn)

Tags : microsoft
Reuters

PREMIUM ARTICLE: Subscribe To Keep Reading
Sign up

By subscribing you agree to our Terms of Use

 You're signed up!

Sign up

By subscribing you agree to our Terms of Use

 You're signed up!
Sign up

By subscribing you agree to our Terms of Use

 You're signed up!

Sign up

By subscribing you agree to our Terms of Use

You're signed up!
Sign up

By subscribing you agree to our Terms of Use

 You're signed up!

Sign Up

By subscribing you agree to our Terms of Use

 You're signed up!
Sign up

By subscribing you agree to our Terms of Use

 You're signed up!
Sign up

By subscribing you agree to our Terms of Use

You're signed up!
BENEFITS READERS PASS PATRIOTS FOUNDERS
Daily and Breaking Newsletters
Daily Caller Shows
Ad Free Experience
Exclusive Articles
Custom Newsletters
Editor Daily Rundown
Behind The Scenes Coverage
Award Winning Documentaries
Patriot War Room
Patriot Live Chat
Exclusive Events
Gold Membership Card
Tucker Mug

What does Founders Club include?

Tucker Mug and Membership Card
Founders

Readers,

Instead of sucking up to the political and corporate powers that dominate America, The Daily Caller is fighting for you — our readers. We humbly ask you to consider joining us in this fight.

Now that millions of readers are rejecting the increasingly biased and even corrupt corporate media and joining us daily, there are powerful forces lined up to stop us: the old guard of the news media hopes to marginalize us; the big corporate ad agencies want to deprive us of revenue and put us out of business; senators threaten to have our reporters arrested for asking simple questions; the big tech platforms want to limit our ability to communicate with you; and the political party establishments feel threatened by our independence.

We don't complain -- we can't stand complainers -- but we do call it how we see it. We have a fight on our hands, and it's intense. We need your help to smash through the big tech, big media and big government blockade.

We're the insurgent outsiders for a reason: our deep-dive investigations hold the powerful to account. Our original videos undermine their narratives on a daily basis. Even our insistence on having fun infuriates them -- because we won’t bend the knee to political correctness.

One reason we stand apart is because we are not afraid to say we love America. We love her with every fiber of our being, and we think she's worth saving from today’s craziness.

Help us save her.

A second reason we stand out is the sheer number of honest responsible reporters we have helped train. We have trained so many solid reporters that they now hold prominent positions at publications across the political spectrum. Hear a rare reasonable voice at a place like CNN? There’s a good chance they were trained at Daily Caller. Same goes for the numerous Daily Caller alumni dominating the news coverage at outlets such as Fox News, Newsmax, Daily Wire and many others.

Simply put, America needs solid reporters fighting to tell the truth or we will never have honest elections or a fair system. We are working tirelessly to make that happen and we are making a difference.

Since 2010, The Daily Caller has grown immensely. We're in the halls of Congress. We're in the Oval Office. And we're in up to 20 million homes every single month. That's 20 million Americans like you who are impossible to ignore.

We can overcome the forces lined up against all of us. This is an important mission but we can’t do it unless you — the everyday Americans forgotten by the establishment — have our back.

Please consider becoming a Daily Caller Patriot today, and help us keep doing work that holds politicians, corporations and other leaders accountable. Help us thumb our noses at political correctness. Help us train a new generation of news reporters who will actually tell the truth. And help us remind Americans everywhere that there are millions of us who remain clear-eyed about our country's greatness.

In return for membership, Daily Caller Patriots will be able to read The Daily Caller without any of the ads that we have long used to support our mission. We know the ads drive you crazy. They drive us crazy too. But we need revenue to keep the fight going. If you join us, we will cut out the ads for you and put every Lincoln-headed cent we earn into amplifying our voice, training even more solid reporters, and giving you the ad-free experience and lightning fast website you deserve.

Patriots will also be eligible for Patriots Only content, newsletters, chats and live events with our reporters and editors. It's simple: welcome us into your lives, and we'll welcome you into ours.

We can save America together.

Become a Daily Caller Patriot today.

Signature

Neil Patel