Movatterモバイル変換

[0]ホーム

Jump to content

Microsoft Digital Crimes Unit

Add links

Coordinates:47°38′23″N122°7′42″W / 47.63972°N 122.12833°W /47.63972; -122.12833

From Wikipedia, the free encyclopedia

Internet security organization

Microsoft Digital Crimes Unit

Building 92 at Microsoft Corporation headquarters in Redmond, Washington
Abbreviation	DCU
Purpose	An international legal and technical team of attorneys, investigators, and forensic analysts, with expertise across the areas of malware, botnets, IP crimes, and technology-facilitated child exploitation
Headquarters	Microsoft Redmond Campus
Location	Redmond, Washington, United States
Coordinates	47°38′23″N122°7′42″W / 47.63972°N 122.12833°W /47.63972; -122.12833
Region served	Worldwide
Parent organization	Microsoft

TheMicrosoft Digital Crimes Unit (DCU) is aMicrosoft sponsored team of international legal andinternet security experts employing the latest tools and technologies to stop or interfere with cybercrime and cyber threats. The Microsoft Digital Crimes Unit was assembled in 2008. In 2013, a Cybercrime center for the DCU was opened inRedmond, Washington.^[1] There are about 100 members of the DCU stationed just in Redmond, Washington at the original Cybercrime Center. Members of the DCU includelawyers,data scientists, investigators,forensic analysts, andengineers.^[1] The DCU has international offices located in major cities such as:Beijing,Berlin,Bogota,Delhi,Dublin,Hong Kong,Sydney, andWashington, D.C.^[2] The DCU's main focuses arechild protection,copyright infringement andmalware crimes.^[1]^[2] The DCU must work closely withlaw enforcement to ensure the perpetrators are punished to the full extent of the law. The DCU has taken down many major botnets such as the Citadel, Rustock, and Zeus. Around the world malware has cost users about $113 billion and the DCU's job is to shut them down in accordance with the law.^[1]

Areas of emphasis

[edit]

There are three areas on which the DCU concentrates:^[3]

Child protection, combatingchild sexual abuse facilitated through information technology
Copyright infringement and otherintellectual property infringements
Malware crimes, particularlybotnets,internet bots used for malicious purposes

Trespass to Chattel

[edit]

Trespass to Chattel is a legal term for how the Microsoft Digital Crimes Unit takes down its cyber criminals. Chattel is old English for cattle, which was considered to be valuable property to the owner. Essentially meaning that any property that is not land is referred to as chattel or "cattle". When spam or malware infects a user's computer or network that is considered to be "trespass to chattel" because they aretrespassing on the user's property. The cybercrime is that the criminal has trespassed on the user's computer or network because they are responsible for the spam or malware they intended to harm the user with. The DCU's legal team has to pursue thecyber criminal in court using these old legal doctrines and laws to charge them with the crime of trespassing.^[1]

The Botnet

[edit]

Abotnet is a network of compromised computer (Zombies) that are controlled without the user's knowledge. These are usually used to do repetitive tasks such as spam but can also be used for distributing malware andDistributed Denial of Service(DDOS) attacks. These botnets are controlled by a single criminal or a network of criminals.^[4] The Microsoft Digital Crimes Unit is constantly hunting down Botnet networks that are used for these tasks. The DCU has dealt with botnets forspamming,key-logging and data ransom. The DCU has also taken down botnets such as Citadel, Rustock, and Zeus. It is an everyday fight for the DCU to continue to locate new threats from botnets and take them down.^[5]

Takedown of the Rustock Botnet

[edit]

On March 18, 2011, the Microsoft Digital Crimes Unit took down theRustock Botnet. The Rustock botnet was responsible for over half of thespam worldwide sent to users and had controlled over 1 million computers. This spam had viruses attached to the emails and some werephishing emails. Microsoft with the help of theU.S. Marshals got warrants to seize the identified localcommand-and-control servers and do analysis on them. The DCU and U.S. marshals raided the servers located inChicago,Columbus,Dallas,Denver,Kansas City,Scranton, andSeattle. After the DCU had seized the servers and terminated them the entire world had a large decrease in spam. Since then there has been no spam from the Rustock Botnet.^[6]^[7]

Takedown of the Zeus Botnet

[edit]

On March 25, 2012, the Microsoft Digital Crimes Unit took down theZeus Botnet. This investigation was also known as Operation b71. The Zeus botnet is responsible for stealing more than $100 Million from over 13 million infected computers. The botnet was installed on the user's computer frompirated versions ofWindows or hidden through a download online. The Zeus botnet works by waiting for the user of the computer to open aweb browser and attempt to do somebanking oronline shopping then show a similar looking webpage with a field to enter the login information. The login information is then sent to a Zeus server and the criminal can access the user's accounts. The DCU, accompanied byU.S. Marshals, shut down the botnet by raiding twocommand-and-control server facilities locatedScranton,Pennsylvania andLombard, Illinois. From there the DCU made a case to prosecute 39 unnamedcyber criminals who were responsible for this botnet by accessing the servers and retrieving the stolen data. After this botnet was shut down the starter code has since been sold on the black market to make other variations of this botnet such as Citadel and many more. Therefore, the Zeus botnet code itself is still active and has evolved.^[8]

Takedown of the Citadel Botnet

[edit]

On June 6, 2013, the Microsoft Digital Crimes Unit took down the Citadel botnet's 1000 servers. The Citadel botnet had infected an estimated 5 million computers using akey-logging program to steal the information. Citadel is responsible for stealing at least $500 million from online personalbank accounts in over 80 countries. They stole from banks such asAmerican Express,Bank of America,PayPal,HSBC,Royal Bank of Canada andWells Fargo. The Citadel code emerged from the cybercrime kit known as Zeus which is sold as a starter code on the black market for thousands. The creators of Citadel are unknown but the DCU has prepared a large amount of charges to prosecute them. The DCU has since then helped users update their systems to get rid of the malware that may still be on their computers but is inactive.^[9]

Actions against the ZeroAccess botnet

[edit]

On December 5, 2013, the Microsoft Digital Crimes Unit, theFBI,Europol, and other industry partners attempted to disrupt theZeroAccess botnet.^[10] Although the efforts took down 18 hosts that were part of the ZeroAccess command and control network, because of thepeer-to-peer nature of the botnet, ZeroAccess remains active.^[11]

References

[edit]

^^a ^b ^c ^d ^e"Inside Microsoft's Digital Crimes Unit - Small Business Trends".smallbiztrends.com. 19 April 2015. Retrieved2018-10-22.
^^a ^b"Microsoft Launches Cybercrime Center - InformationWeek".InformationWeek. Retrieved2018-10-22.
^"Microsoft Digital Crimes Unit".microsoft.com. Redmond, WA:Microsoft. Retrieved2013-11-15.
^Lerner, Zach (Fall 2014)."Microsoft The Botnet Hunter: The Role of Public-Private Partnerships in Mitigating Botnets"(PDF).Harvard Journal of Law & Technology.28:237–261.
^Greene, Tim."Inside Microsoft botnet takedowns".Network World. Retrieved2018-10-22.
^Wilson, Dean (18 March 2011)."Microsoft was behind the Rustock botnet takedown".The Inquirer. Archived from the original on March 21, 2011. Retrieved2018-10-22.
^Raywood, Dan (18 March 2011)."Microsoft confirms takedown of Rustock botnet".SC Media. Retrieved2018-10-22.
^"The long arm of Microsoft tries taking down Zeus botnets".CNET. 2012-03-25. Retrieved2018-10-22.
^"FBI and Microsoft hit theft botnet".BBC News. 2013-06-06. Retrieved2018-10-22.
^Stewart, Christopher S.; Marr, Merissa (2013-12-05)."Microsoft Takes Action Against Alleged Ad-Fraud 'Botnet' ZeroAccess".online.wsj.com. New York, NY:The Wall Street Journal). Retrieved2013-12-07.
^Gallagher, Sean (2013-12-06)."Microsoft disrupts botnet that generated $2.7M per month for operators; Update: researchers say not all C&C servers seized, and P2P makes takedown moot".arstechnica.com. New York, NY:Condé Nast. Retrieved2013-12-07.

External links

[edit]

Microsoft Corporation

People

Founders	Bill Gates Paul Allen
Board of directors	Satya Nadella (Chairman and CEO) Reid Hoffman Hugh Johnston Teri List Catherine MacGregor Mark Mason Sandi Peterson Penny Pritzker Carlos A. Rodriguez Charles Scharf John W. Stanton Emma Walmsley
Senior leadership team	Satya Nadella (CEO) Takeshi Numoto (CMO) Scott Guthrie Carolina Dybeck Happe (COO) Amy Hood (CFO) Kevin Scott (CTO) Brad Smith (CLO) Harry Shum Phil Spencer Kathleen Hogan (CPO)
Corporate VPs	Joe Belfiore Richard Rashid (SVP) César Cernuda
Employee groups	Global LGBTQIA+ Employee & Allies at Microsoft Microsoft and unions

Products

Hardware	Azure Kinect HoloLens LifeCam Surface Duo Go Hub Laptop Laptop Go Neo Pro Studio Xbox
Software	Clipchamp Dynamics 365 Havok Microsoft 365 Office Teams Open source software Power Platform Servers Start Tay List of video games Visual Studio Visual Studio Code Windows Xbox OS
Programming languages	BASIC VB.NET VBA VBScript Visual Basic C# C/AL a.k.a. Navision Attain F# MVPL Power Fx PowerShell Q# Transact-SQL TypeScript Visual J++ Visual J#
Web properties	Azure Bing Copilot GitHub Learn Channel 9 Developer Network TechNet LinkedIn LinkedIn Learning MSN Outlook.com Store Translator

Company

Conferences	Build Ignite Inspire MIX PDC WinHEC
Divisions	.NET Foundation AI Digital Crimes Unit Engineering groups Mobile Skype unit Gaming Activision Blizzard Xbox Game Studios ZeniMax Media Garage Outercurve Foundation Press Research Retail stores
Estates	Microsoft campus Microsoft India Microsoft Japan