Microsoft Launches Cybercrime Center - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity

Microsoft Launches Cybercrime Center

Microsoft expands global role supporting law enforcement, government, and businesses fighting cybercrime.

9 Android Apps To Improve Security, Privacy
9 Android Apps To Improve Security, Privacy
(click image for larger view)

Microsoft has unveiled its latest effort to combat cyberthreats with the opening of its new Cyber Crime Center. The state-of-the-art operations facility, located on Microsoft's Redmond, Wash., campus, provides specialists with an array of advanced tools to visualize and identify cyberthreats around the world.

The center is not simply for Microsoft, though. In addition to the technical experts who can track criminal activities, the center is working closely with law enforcement agencies, customers, and academics to develop ways to keep the public safe from cyber criminals. Microsoft is also including legal experts who can advise the best ways to navigate international law.

"The center provides an unprecedented opportunity to bring together people with different expertise -- engineers, investigators, lawyers, etc. -- and equip them with the best tools and technology available," Bonnie MacNaughton, assistant general counsel for the Digital Crimes Unit (DCU), told InformationWeek.

[ Is it time for Congress to reconsider privacy protection laws? Its own watchdog group thinks so. Read Consumer Privacy Protections Need Review, GAO Tells Congress. ]

The DCU team is made up of nearly 100 lawyers, investigators, forensic analysts, and business professionals all around the world. The company has established a dozen satellite offices or regional labs in major cities, including Beijing, Berlin, Bogota, Dublin, Hong Kong, Sydney, and Washington, D.C. It can provide the latest technology and monitor developments internationally -- two aspects that can be challenging for US law enforcement.

Housed within the Cyber Crime Center, the DCU team brings cybercrime experts across the areas of IP, botnets, malware, and child exploitation under one umbrella, "so that when focus areas intersect … we can work better together to eliminate cyber threats to Microsoft's businesses, customers, and the entire digital ecosystem," said MacNaughton.

Microsoft's new Cyber Crime Center. (Photo: Microsoft)
Microsoft's new Cyber Crime Center. (Photo: Microsoft)

Many federal agencies are working on aspects of cyberthreats: the Department of Homeland Security's US Computer Emergency Readiness Team (US-CERT), the FBI's Cyber Crime division, the Secret Service network of Electronic Crimes Task Forces, and Immigration and Customs Enforcement, to name a few, do everything from tracking threats, to cyber forensics, to taking down internationally wanted criminals.

Almost every country has its own cybercrime program, not to mention Interpol, NATO, and other regional alliances.

Where does Microsoft's center fit into this veritable galaxy of cyber law enforcement?

"The DCU understands that Congress has traditionally seen fit for private entities to protect themselves, and their customers, through legal action," MacNaughton said. "Microsoft is very deliberate about pursuing disruptive measures through the civil judicial system, as the U.S. Congress envisioned when it created a civil component to the RICO and Lanham acts. By effectively leveraging these civil causes of action, Microsoft has sought to bring additional pressure against a determined and sophisticated adversary."

But the company knows that only law enforcement agencies can really crack down on cybercriminals.

"[We work] closely with law enforcement to combat cybercrime, and whenever possible we use the evidence gathered in civil actions to refer cases to law enforcement for criminal prosecution," MacNaughton said. "For instance, in the Rustock and Zeus botnet cases, after closing our civil cases we made a criminal referral to the FBI." Those are two of seven botnets tied to criminal organizations committing consumer, financial, and advertising fraud, according to Microsoft briefing materials. The others include Citadel, Bamital, Nitol, Kelihos, and Waledac.

In another worldwide botnet investigation targeting cybercriminals out of Eastern Europe, Microsoft and financial services industry leaders affected by the Citadel botnet investigated and filed their own civil case, MacNaughton said. Then they worked with the FBI and coordinated a worldwide disruption of the Citadel zombie network and shut down nearly 90% of enslaved computers.

"When Microsoft seizes the command and control infrastructure of a botnet, it severs the connection between the cybercriminals running it and the computers they infected with that botnet's malware," she said. "These infected computers continue to try to check into the botnet command for instructions until they are cleaned of the malware. Every day, Microsoft's system receives hundreds of millions of attempted check-ins" from infected computers.

The company shares data gathered by its Azure-based Cyber Threat Intelligence Program (C-TIP) with ISPs and CERTs, giving them better situational awareness of cyber threats.

Microsoft officials also noted that as a result of joint operations with Interpol, the FBI, ICE/HSI, Scotland Yard, and the Medicines and Healthcare Products Regulatory Agency (MHRA), more than 20,000 illegal online pharmacies selling dangerous counterfeit drugs were identified through Microsoft's SitePrint tool and subsequently taken down.

Consumerization 1.0 was "we don't need IT." Today, we need IT to bridge the gap between consumer and business tech. Also in the Consumerization 2.0 issue of InformationWeek: Stop worrying about the role of the CIO. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
12/4/2013 | 10:38:37 AM
Microsoft Cyber Crime Center
These days, it seems you can't appear serious about an online initiative without building an impressive Operations Center to show off to your stakeholders.  While many fault Microsoft's products for giving hackers plenty to exploit, Microsoft does deserve credit for having devoted a significant amount of intellectual capital into fighting cyber crime for many years -- and to pulling in law enforcement, legal, and other specialists behind the scenes -- long before this Cyber Crime Center opened. 

Lorna Garey
Lorna Garey,
User Rank: Author
12/4/2013 | 9:59:32 AM
Smart move
I think this is a great move for MS. Its PhotoDNA technology is particularly interesting, and the "CSI" setting will ensure a stream of good PR -- MSM journalists "get" that.

Redmond's been focused on beefing up its security chops for awhile, why not bring the efforts under one umbrella?
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll