Government // Cybersecurity
News
4/13/2012
09:16 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Microsoft Hampered Zeus Botnet Investigations, Researchers Say

Microsoft's mishandling of the recent Zeus botnet takedown hurt related law enforcement and private research investigations, Dutch researchers allege. Will a proposed code of conduct for botnet takedowns help in the future?

Microsoft's unprecedented aggressive legal strategy in botnet takedowns came under fire from researchers in the Netherlands, charging that the software giant's most recent botnet dismantlement operation has ultimately damaged international law enforcement and private research investigations.

Michael Sandee, principal security expert at Netherlands-based Fox-IT, wrote in a blog post Thursday that, rather than truly injuring the Zeus botnet operations last month, Microsoft instead has hampered investigations into these operations by its actions last month of removing and confiscating two of the command-and-control (C&C) servers under a federal court order. With U.S. marshals escorting them, a team from Microsoft, FS-ISAC (which represents 4,400 financial institutions), and electronic payments association NACHA on March 23 physically removed C&C servers used in the operation that were running out of two hosting services centers--one in Scranton, Pa., and the other in Lombard, Ill.--which resulted in the takedown of two IP addresses of the C&C infrastructure.

Microsoft acknowledged at the time that the operation would not stop Zeus-based operations, and that the goal was not to permanently kill all of the Zeus botnets targeted in the operation, but instead to disrupt this segment of the operation.

But Fox-IT's Sandee says Microsoft's actions did harm to the good guys. "Microsoft has endangered the success of countless ongoing investigations in both the private as the public sector all over the world from east to west," Sandee said in his post. "Obviously as most of these folks are located in Russia and Eastern Europe, the cooperation between parties in those regions and in western countries on both public and private sector side has been hurt more than you can expect, and also years of trust building has potentially been lost ... In our discussions with law enforcement officers, private investigators, and members of [non-governmental organizations] researching these threats from across the globe, we have found nothing but disappointment and disbelief regarding the irresponsible actions executed by Microsoft. Various other researchers have outed their disappointment."

Richard Boscovich, senior attorney for Microsoft's digital crimes unit, said in a statement that Fox-IT's post "is based at least in part on some factual misunderstandings about the operation which we are more than happy to discuss with Fox IT."

Boscovich says he can't comment on details of the case because it's a legal matter, but noted that the details in the court filings are not all of the evidence and intelligence gathered in the operation.

Read the rest of this article on Dark Reading.

At a time when cybercrime has never been more prolific and sophisticated, budgets are being cut. In response, IT is taking a hard look using third-party services--outsourcing--to meet security challenges. Our Making The Security Outsourcing Decision report outlines the various security outsourcing options available. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Apprentice
4/14/2012 | 7:43:33 PM
re: Microsoft Hampered Zeus Botnet Investigations, Researchers Say
The Honeynet Project created a code of conduct for botnet takedowns. Would be good for the security industry to work together and come up with a standard everyone can adopt and live with.
Brian Prince, InformationWeek/Dark Reading Comment Moderator
rodell jr640
50%
50%
rodell jr640,
User Rank: Apprentice
4/13/2012 | 2:39:59 PM
re: Microsoft Hampered Zeus Botnet Investigations, Researchers Say
The Best thing about this investigation is that amends can be made and settlements can be secured, wherever the Liabilities are, and the Best part of all things pertaining to this extraction and removal of this code that was killing many people is,- "The fact that someone was resposible" and may have had my Blessing and I will repay too. ADmiral O'Dell Birdwell is a Peace Maker and a Peace Keeper and I am a Man of My word too. Microsoft did what they did because of a SErious harm being done to the Whole world, which We had many partners to consider and will rcover everything through Good bussiness Practices and Help many People too. I am Broken Spear, and I am a small part of this takedown and will Shield everyone whom has a Complaint, that is of Good Bussiness Practice, for the sake of Recovering from this ending cyber war, against The EVil Empire, in a way that everyone Bennefits including Microsoft.
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.