On June 5, Microsoft announced that, along with leaders of the financial-services industry, other information-technology firms and the FBI, it had “successfully disrupted more than a thousand botnets that are responsible for stealing people’s online banking information and personal identities.”
The counter-attack focused on botnets carrying a breed of malicious software called Citadel. Botnets, Microsoft explained in its press release, are computer networks infected by malware that’s controlled by cyber wrongdoers called “bot herders.”
The “coordinated disruption” of the robot computers stemmed from a probe that Microsoft, which has its own digital crimes unit, and its banking and tech partners launched in early 2012. After looking into this threat, Microsoft and its partners discovered that once a computer was infected with Citadel malware, that malware began monitoring and recording a victim’s keystrokes.
Microsoft found that besides being responsible for more than $500 million in losses to people and businesses spanning the world, the Citadel malware affected more than five million people.
But before launching its attack on the bot herders, Microsoft had to go to court. The company filed a civil suit against the perpetrators operating the Citadel botnets, thus gaining authorization from the U.S. District Court for the Western District of North Carolina to cut off communication between 1,462 Citadel botnets and the millions of infected computers. On June 5, escorted by U.S. Marshals, Microsoft operatives seized data and proof from the botnets, which included servers from two data-hosting facilities in New Jersey and Pennsylvania.
The “cooperative action is part of a growing proactive effort by both the public and private sector to fight cybercrime, help protect people and businesses from online fraud and identity theft, and enhance cloud security for everyone,” the company said.
Indeed, Microsoft’s efforts are in the vanguard of what risk management experts are calling a more aggressive corporate approach to preventing the damage from cybercrime.
Daniel Garrie, an executive managing partner at Law and Forensics, a boutique legal strategy and forensics firm, says, in fact, that he’s seeing medium-sized as well as big businesses engaged in what he calls “active defense.”
He defines the term as companies “taking proactive measures to thwart or limit or reduce the amount of potential liability and damage that is a result of them being hacked.”
In two ways, however, Microsoft may be anomaly in this arena, experts say. For one thing, unlike almost anyone besides the firms it partners with in its crime-fighting activities, it has no problem with making them public. For another, the resources it can muster seem unparalleled outside the government sector.