Microsoft expands global role supporting law enforcement, government, and businesses fighting cybercrime.

Microsoft has unveiled its latest effort to combat cyberthreats with the outlet of its new Cyber Crime Center. The state-of-the-art operations facility, located on Microsoft’s Redmond, Wash., campus, provides specialists with an array of advanced tools to imagine and identify cyberthreats around the globe.

The center will not be simply for Microsoft, though. Along with the technical experts who can track criminal activities, the middle is operating closely with law enforcement agencies, customers, and academics to develop tips on how to keep the general public safe from cyber criminals. Microsoft is likewise including legal experts who can advise the most effective how to navigate international law.

“The guts provides an unprecedented opportunity to assemble those with different expertise — engineers, investigators, lawyers, etc. — and equip them with the smartest tools and technology available,” Bonnie MacNaughton, assistant general counsel for the Digital Crimes Unit (DCU), told InformationWeek.

[ Is it time for Congress to reconsider privacy protection laws? Its own watchdog group thinks so. Read Consumer Privacy Protections Need Review, GAO Tells Congress. ]

The DCU team is made from nearly 100 lawyers, investigators, forensic analysts, and business professionals all over the world. The corporate has established a dozen satellite offices or regional labs in major cities, including Beijing, Berlin, Bogota, Dublin, Hong Kong, Sydney, and Washington, D.C. It may provide the most recent technology and monitor developments internationally — two aspects that may be challenging for US law enforcement.

Housed in the Cyber Crime Center, the DCU team brings cybercrime experts around the areas of IP, botnets, malware, and child exploitation under one umbrella, “in order that when focus areas intersect … we will work better together to eliminate cyber threats to Microsoft’s businesses, customers, and the whole digital ecosystem,” said MacNaughton.

Many federal agencies are engaged on aspects of cyberthreats: the dept of Homeland Security’s US Computer Emergency Readiness Team (US-CERT), the FBI’s Cyber Crime division, the key Service network of Electronic Crimes Task Forces, and Immigration and Customs Enforcement, to call a couple of, do everything from tracking threats, to cyber forensics, to taking down internationally wanted criminals.

Almost every country has its own cybercrime program, let alone Interpol, NATO, and other regional alliances.

Where does Microsoft’s center fit into this veritable galaxy of cyber law enforcement?

“The DCU understands that Congress has traditionally seen fit for personal entities to give protection to themselves, and their customers, through legal action,” MacNaughton said. “Microsoft is extraordinarily deliberate about pursuing disruptive measures throughout the civil judicial system, because the U.S. Congress envisioned when it created a civil section of the RICO and Lanham acts. By effectively leveraging these civil causes of action, Microsoft has sought to bring additional pressure against a determined and complicated adversary.”

But the corporate knows that only law enforcement agencies can really crack down on cybercriminals.

“[We work] closely with law enforcement to combat cybercrime, and whenever possible we use the evidence gathered in civil actions to refer cases to law enforcement for criminal prosecution,” MacNaughton said. “As an instance, within the Rustock and Zeus botnet cases, after closing our civil cases we made a criminal referral to the FBI.” Those are two of 7 botnets tied to criminal organizations committing consumer, financial, and advertising fraud, in response to Microsoft briefing materials. The others include Citadel, Bamital, Nitol, Kelihos, and Waledac.

In another worldwide botnet investigation targeting cybercriminals out of Eastern Europe, Microsoft and monetary services industry leaders laid low with the Citadel botnet investigated and filed their very own civil case, MacNaughton said. Then they worked with the FBI and coordinated a world disruption of the Citadel zombie network and close down nearly 90% of enslaved computers.

“When Microsoft seizes the command and control infrastructure of a botnet, it severs the relationship between the cybercriminals running it and the computers they infected with that botnet’s malware,” she said. “These infected computers continue to aim to examine into the botnet command for instructions until they’re cleaned of the malware. Daily, Microsoft’s system receives hundreds of millions of attempted check-ins” from infected computers.

The company shares data gathered by its Azure-based Cyber Threat Intelligence Program (C-TIP) with ISPs and CERTs, giving them better situational awareness of cyber threats.

Microsoft officials also noted that due to joint operations with Interpol, the FBI, ICE/HSI, Scotland Yard, and the Medicines and Healthcare Products Regulatory Agency (MHRA), greater than 20,000 illegal online pharmacies selling dangerous counterfeit drugs were identified through Microsoft’s SitePrint tool and subsequently taken down.

Consumerization 1.0 was “we do not need IT.” Today, we’d like IT to bridge the space between consumer and business tech. Also within the Consumerization 2.0 issue of InformationWeek: Stop worrying in regards to the role of the CIO. (Free registration required.)

More Insights