While national and worldwide agencies wage a war against online crime through the criminal courts, Microsoft is finding success using civil suits to help crack down on botnets, arguably the most dangerous form of cybercrime due to the massive scope of their reach.
Through botnets, which are groupings of computers that attempt to harvest personal and bank information from millions of computers connected to the internet, cybercriminals have a nearly automated way of getting passwords and hacking into financial accounts. They are often hard to trace and even harder to take down, but Microsoft’s self-proclaimed “neighborhood watch” is starting to make an impact.
“You can take out a botnet, but unless you take down the coders and put the clients behind bars, they’re just going to go ahead and do this again,” said Jose Nazario, senior security researcher at Arbor Networks.
This is where the raids come in. Microsoft, behind the leadership of Richard Boscovich, a former federal prosecutor and current senior lawyer in Microsoft’s digital crimes unit, is procuring court orders to take on botnets in civil courts. They aren’t just suing people, either. Last Friday several Microsoft employees were accompanied by US Marshals in two raids, one in Pennsylvania and one in Illinois, and were able to gather evidence, deactivate servers, and seize control of hundreds of web addresses that we used to get personal information from victims.
With their software operating on the majority of personal computers in the world, Microsoft has the most “skin in the game” when it comes to protecting people because their software is often the target entry point. For this reason, they’ve been able to get warrants and file suits that do not get publicized until after the raids because of a nice loophole: copyright and trademark infringement.
Many botnets send out emails that impersonate Microsoft and its various product lines. The company has successfully made the case that declaring their intentions in the suits before they’re able to gather evidence will only push the required information further from reach. Cybercriminals that are tipped off can easily hide the evidence or transport them to safer locations in the real world and on the web.
Microsoft is not alone. Because there are often financial institutions used to handle the transfer of money discreetly, Microsoft has received support for their initiative from the Financial Services Information Sharing and Analysis Center and the National Automated Clearing House Association who both filed court declarations supporting the Friday sweeps.
Their primary target currently is Zeus, a source code for botnets that is being sold to operators around the world. The code can be customized to fill the needs of the clients and has spread dramatically in recent months. It is speculated that Zeus was born in Eastern Europe.
Boscovich doesn’t think the recent raids will make a huge dent in the Zeus problem, but every action makes it more expensive and risky for them to do business. “The plan is to disrupt, disrupt, disrupt,” he said.