The past few years have seen a shift in cyber crime; it is becoming big business. Criminals are getting better, and industry has to come up with new ways to tackle the problem. One way of doing this is by understanding how adversaries are operating and what they're going after.
This is where Microsoft's Digital Crimes Unit comes in, says TJ Campana, security director of the Unit, speaking this week at the Microsoft Security Development Conference, in San Francisco. He says the unit is a "rather unique" team that focuses on disrupting some of the most difficult cyber threats facing society today, including large-scale threats such as botnets.
He says botnets have a large foothold on the Net to accomplish their ends. Many botnets utilise over a million PCs at any one time to do this, a substantial infrastructure.
"Cyber crime exploits victims directly and indirectly," he says. Directly through financial services fraud, hijacking search results, stealing Web logins and passwords, and even through using technology to spy on people. Ultimately, they want to monetise infections. By following the money, you can get to the cyber criminal, he says.
Indirect ways include spreading malware, DDoS attacks, spam and phishing, Campana says.
A major problem, he says, is that the cost of entering the cyber world is very low, while the value of the crime is really high. He cites the example of the notorious Zeus Trojan kit, which can be bought with all bits needed for around $1 000. "We want to reverse this equation, so the question is, how do we shift this paradigm?"
He says botnet takedowns are one way in which the unit can do this, such as the Waledac takedown in 2009, Kelihos in 2011, and Zeus in 2012, to name a few.
"We know that cyber criminals are using our infrastructure. At some point in the chain, someone is operating that point - a hosting provider or ISP, for example. Engaging with these partners to make it more difficult for criminals is another effective means of fighting cyber crime."
Campana adds that a combined legal/technical approach is needed. "Microsoft is a private entity; we need to use the legal process to help manage the risk. We must make sure that what we do technically to fight cyber crime is done legally, too.
"We have to work with CERTS, ISPs, law enforcement and government entities. We must engage on a global scale. Go in with a court order and seize servers, or block IP addresses. Essentially, protect our customers by severing the connection between them and the cyber criminals."
He says this shows that even private companies can have an impact on cyber crime. "Ultimately, we aim for a nearly instant reaction. From realising there is an infection, to notifying our customers and giving them a tool to fix it; we'd like to reduce [this process] to a matter of minutes. Close the loop from identification, to notification, to remediation."
Share