Microsoft Launches Cybercrime Center

9 Android Apps To Improve Security, Privacy

Microsoft has unveiled its latest effort to combat cyberthreats with the opening of its new Cyber Crime Center. The state-of-the-art operations facility, located on Microsoft's Redmond, Wash., campus, provides specialists with an array of advanced tools to visualize and identify cyberthreats around the world.

The center is not simply for Microsoft, though. In addition to the technical experts who can track criminal activities, the center is working closely with law enforcement agencies, customers, and academics to develop ways to keep the public safe from cyber criminals. Microsoft is also including legal experts who can advise the best ways to navigate international law.

"The center provides an unprecedented opportunity to bring together people with different expertise -- engineers, investigators, lawyers, etc. -- and equip them with the best tools and technology available," Bonnie MacNaughton, assistant general counsel for the Digital Crimes Unit (DCU), told InformationWeek.

[ Is it time for Congress to reconsider privacy protection laws? Its own watchdog group thinks so. Read Consumer Privacy Protections Need Review, GAO Tells Congress. ]

The DCU team is made up of nearly 100 lawyers, investigators, forensic analysts, and business professionals all around the world. The company has established a dozen satellite offices or regional labs in major cities, including Beijing, Berlin, Bogota, Dublin, Hong Kong, Sydney, and Washington, D.C. It can provide the latest technology and monitor developments internationally -- two aspects that can be challenging for US law enforcement.

Housed within the Cyber Crime Center, the DCU team brings cybercrime experts across the areas of IP, botnets, malware, and child exploitation under one umbrella, "so that when focus areas intersect … we can work better together to eliminate cyber threats to Microsoft's businesses, customers, and the entire digital ecosystem," said MacNaughton.

Many federal agencies are working on aspects of cyberthreats: the Department of Homeland Security's US Computer Emergency Readiness Team (US-CERT), the FBI's Cyber Crime division, the Secret Service network of Electronic Crimes Task Forces, and Immigration and Customs Enforcement, to name a few, do everything from tracking threats, to cyber forensics, to taking down internationally wanted criminals.

Almost every country has its own cybercrime program, not to mention Interpol, NATO, and other regional alliances.

Where does Microsoft's center fit into this veritable galaxy of cyber law enforcement?

"The DCU understands that Congress has traditionally seen fit for private entities to protect themselves, and their customers, through legal action," MacNaughton said. "Microsoft is very deliberate about pursuing disruptive measures through the civil judicial system, as the U.S. Congress envisioned when it created a civil component to the RICO and Lanham acts. By effectively leveraging these civil causes of action, Microsoft has sought to bring additional pressure against a determined and sophisticated adversary."

But the company knows that only law enforcement agencies can really crack down on cybercriminals.

"[We work] closely with law enforcement to combat cybercrime, and whenever possible we use the evidence gathered in civil actions to refer cases to law enforcement for criminal prosecution," MacNaughton said. "For instance, in the Rustock and Zeus botnet cases, after closing our civil cases we made a criminal referral to the FBI." Those are two of seven botnets tied to criminal organizations committing consumer, financial, and advertising fraud, according to Microsoft briefing materials. The others include Citadel, Bamital, Nitol, Kelihos, and Waledac.

In another worldwide botnet investigation targeting cybercriminals out of Eastern Europe, Microsoft and financial services industry leaders affected by the Citadel botnet investigated and filed their own civil case, MacNaughton said. Then they worked with the FBI and coordinated a worldwide disruption of the Citadel zombie network and shut down nearly 90% of enslaved computers.

"When Microsoft seizes the command and control infrastructure of a botnet, it severs the connection between the cybercriminals running it and the computers they infected with that botnet's malware," she said. "These infected computers continue to try to check into the botnet command for instructions until they are cleaned of the malware. Every day, Microsoft's system receives hundreds of millions of attempted check-ins" from infected computers.

The company shares data gathered by its Azure-based Cyber Threat Intelligence Program (C-TIP) with ISPs and CERTs, giving them better situational awareness of cyber threats.

Microsoft officials also noted that as a result of joint operations with Interpol, the FBI, ICE/HSI, Scotland Yard, and the Medicines and Healthcare Products Regulatory Agency (MHRA), more than 20,000 illegal online pharmacies selling dangerous counterfeit drugs were identified through Microsoft's SitePrint tool and subsequently taken down.

Consumerization 1.0 was "we don't need IT." Today, we need IT to bridge the gap between consumer and business tech. Also in the Consumerization 2.0 issue of InformationWeek: Stop worrying about the role of the CIO. (Free registration required.)