JavaScript disabled. Please enable JavaScript to use My News, My Clippings, My Comments and user settings.

If you have trouble accessing our login form below, you can go to our login page.

If you have trouble accessing our login form below, you can go to our login page.

Microsoft unveils cybercrime centre to defend against online criminals


Joseph Menn

Zoom in on this story. Explore all there is to know.

A PPI display in Microsoft's cybercrime centre situation room.

A PPI display in Microsoft's cybercrime centre situation room. Photo: Microsoft

The maker of the most popular computer operating system in the world is launching a new strategy against criminal hackers by bringing together security engineers, digital forensics experts and lawyers trained in fighting software pirates under one roof at its new cybercrime centre.

Microsoft's expanded Digital Crimes Unit inside the 16,800-square foot, high-security facility combines a wide array of tactics: massive data gathering and analysis, gumshoe detective work, high-level diplomacy and creative lawyering.

The new centre officially opened on Thursday (US time), in the latest attempt to close the gap created in the past decade as criminal hackers innovated in technology and business methods to stay ahead of adversaries mired in the slow-moving world of international law enforcement.

Microsoft's cybercrime centre situation room.

Microsoft's cybercrime centre situation room. Photo: Microsoft

The biggest difference between Microsoft's original Digital Crimes Unit (DCU) labs and the new facility is the ability to cater for other like-minded cybercrime-fighting parties. The centre has permanent lodgement for other vendors, law enforcement and agencies so that closer collaboration can take place when needed.

"It now gives us the ability to bring people together in a physical location, there's a personal connection when we're working in the malware lab and doing collaborative investigative work with criminal and law enforcement agencies," said Richard Boscovich, assistant general counsel, DCU.

Already, many of the biggest victories against organised online criminals have come when private companies have worked together to seize control of the networks of zombie computers, called botnets, that carry out criminal operations. Though it is at times derided for the security shortfalls in its own products, Microsoft has led more of those seizures than any other company.

"Cybercrime is getting worse," associate general council David Finn told Reuters during a visit to the Redmond, Washington, campus building this week. But Finn hopes that by mixing specialists from various professional arenas, Microsoft can get better.

The centre features a lab for dissecting malicious software samples that is accessible only with fingerprint authorisation. In another room, a monitor tracks the countries and internet service providers with the greatest number of machines belonging to some of the worst botnets. There's even an evidence room, police-style.

Next to a situation room with a wall-sized, touch-screen monitor sit rows of empty offices for visiting police, Microsoft customers or other allies expected to join specific missions for days or weeks at a time.

There are hundreds or thousands of botnets, and Microsoft is trying to get only the biggest or most damaging, or else to pursue fights that would establish key precedents.

In the past few years "at least half of the major, significant takedowns have been driven by Microsoft," said Steve Santorelli, a former Microsoft investigator and Scotland Yard cybercrime detective who now works at a security non-profit group called Team Cymru.

Microsoft has tangled with a Mexican mafia family that proudly put brand labels on pirated Xbox game CDs, a ring that took online payments via a parking garage in Malaga, Spain, and a Russian virus writer paid with a paper bag full of cash - by a 12-year-old boy on a bike.

Outside security experts praised the cross-pollination of fraud, security and software specialists.

"That kind of integration is only for the better. The financial sector has been thinking along those lines as well," said Greg Garcia, a former cybersecurity official at the Department of Homeland Security and at Bank of America who now advises the banking industry's main cybersecurity coordination group, known as FS-ISAC.

The digital crimes unit doesn't tackle government spying, where Microsoft is among the major internet companies that have turned over large amounts of data on users to the US National Security Agency (it is suing for the right to disclose how much). And another unit within Microsoft is in charge of making the company's products less susceptible to hacking.

Boscovich said the unit has three clear objectives: fight malware, fight software piracy and help fight child sex exploitation committed with the help of the internet.

Piracy squad to protect Windows

About 80 of the crime unit's 100 staffers have focused on the piracy of Microsoft products, with far fewer devoted to deconstructing the methods of criminals attacking Microsoft users and stopping them when possible.

But time and again, the piracy squad has found counterfeiters who were using botnets that also sent spam or attacked websites with denial-of-service attacks, or who slipped malicious software into copied Microsoft wares, or who had other ties to broader security issues.

In one test, undercover Microsoft employees bought 20 new computers in China like consumers would. All had pirated versions of Windows, and all had at least traces of malicious software pre-installed. An expanded pool of 169 machines included 18 percent ready to receive electronic commands as part of a botnet called Nitol.

More critically, the piracy people bring experience with unusually powerful US copyright laws. With a strong preliminary showing in court that their goods are being misrepresented, copyright owners can win orders allowing them to seize the offending property without prior notice.

In an innovative and aggressive twist, Microsoft has been using that law to seize website addresses, including those used by criminals to control botnets.

"Microsoft really has done a very positive job in a couple of areas, and one of those is construction of legal frameworks that create precedents that allow future actions," said Jeff Williams, head of security strategy at Dell's SecureWorks Counter Threat Unit.

The Nitol case was remarkable in that it and other botnets were connecting to 70,000 addresses at a Chinese web domain-name seller called Microsoft won the right to filter all connections to those addresses and blocked more than 7 million attempts in 16 days. The owner of 3322 agreed to settle Microsoft's lawsuit and to drop other bad addresses identified by Microsoft or Chinese Internet security officials in the future.

Microsoft also felled a botnet called Rustock, once one of the biggest sources of spam on the planet. More recently, it teamed with banks to seriously hurt two operations that sell do-it-yourself kits for crafting smaller botnets that have stolen hundreds of millions of dollars from online accounts.

The takedowns are often dramatic, with armed raids on multiple locations where servers are housed. If there are many control computers and they don't get disconnected within minutes of one another, the surviving machines can issue new commands and recreate the entire network.

During one raid in Pennsylvania, an executive at the bad webpage's hosting company was cooperating when the site's owner realised what was happening and changed his password from afar, locking out the official. The Microsoft team pulled out the cables to save the day.

Boscovich, a former federal prosecutor, said they are working on new means to take down even more sophisticated botnets. 

"There are IOC-based bots, HTTP-based bots, peer-to-peer, encryption, they are signing their packets... [Criminals] are going to even greater levels of sophistication and even greater levels of partnerships are required to fight them."

"You'll be seeing some interesting stuff in the near future," Boscovich promised. "This is an area where what is good for the business is good for society."


- with Lia Timson*

(*) travelled to the Microsoft campus as a guest of the company.


Be the first to comment.

Make a comment

You are logged in as [Logout]

All information entered below may be published.

Error: Please enter your screen name.

Error: Your Screen Name must be less than 255 characters.

Error: Your Location must be less than 255 characters.

Error: Please enter your comment.

Error: Your Message must be less than 300 words.

Post to

You need to have read and accepted the Conditions of Use.

Thank you

Your comment has been submitted for approval.

Comments are moderated and are generally published if they are on-topic and not abusive.

This Column is advertiser content
Featured advertisers