Analysis: Microsoft's War on Fraud

Creative Legal Hunt for Botnets Stirs Debate

By , March 28, 2012.
Analysis: Microsoft's War on Fraud

While Microsoft's new initiative to take down Zeus malware-related botnets is being touted as a unique approach to fight financial fraud, some industry experts question its long-term viability.

Operation B71 is a collaborative effort among Microsoft Corp.'s Digital Crimes Unit, the Financial Services - Information Sharing and Analysis Center, NACHA - The Electronic Payments Association, and security vendors Kyrus Tech Inc. and F-Secure. [See Microsoft Leads Zeus Takedown.]

See Also: Data Breach Battle Plans for Financial Services

The premise behind the initiative: Microsoft's legal theory that botnets, and the cybercrime rings behind them, should be treated and prosecuted like any organized crime group. And the approach so far has been met with success. Microsoft announced on March 25 that it has seized command and control servers that have been running some of the most damaging variations of Zeus botnets, which propogate malware that can lead to incidents of identity theft, account takeover and, ultimately, financial fraud.

But Gartner fraud analyst Avivah Litan says she's not ready to start congratulating Operation B71 just yet. "I think it's good, but there are always going to be more and new ways criminals use to get in," she says. Relying on a single approach - even a successful one - is a set-up for failure.

A Creative Approach?

Supporters say Microsoft's steps to pursue new legal angles will outweigh potential shortcomings. By leaning on the Racketeer Influenced and Corrupt Organizations Act and the Lanham [Trademark] Act, Microsoft has opened more prosecutory doors.

With RICO, Microsoft and its co-plaintiffs have asked the court to view botnets as being equivalent to organized crime. With Lanham, they're saying when a bank's or organization's website is spoofed, or when phishing e-mails are sent, then the hackers behind the spoofing and phishing have infringed copyright.

"This is Microsoft's infrastructure that the cybercriminals are using," says Greg Garcia, Operation B71 spokesman for FS-ISAC and NACHA. "And they are violating the trademarks of the financial organizations. They are basically forging their trademarks when they send out e-mails that appear to be coming from them, or send them to sites that appear to be the banks' sites."

Coming up with creative ways to fight malware and botnets, and ultimately financial fraud, has its pros and cons.

"There are a lot of different laws on the books," Garcia says. "But RICO refers to access-to-device fraud," something like a password or user ID.

"This is the first time RICO has been invoked, and it's a novel approach," he adds. "Basically, what it's saying is that if a botnet is used for nefarious purposes, it should be considered organized crime."

Need for Oversight

But Litan worries about the potential legal and investigative snafus the Microsoft precedent could create. From an investigative perspective, giving Microsoft so much control could backfire. "I know some people who said they were upset with this, because Microsoft came in and took over, even on crimes and groups other folks had been tracking."

Could having Microsoft at the helm of it all hurt or hinder prosecutory power and investigations in the future? Perhaps, says David Navetta, an IT security attorney who specializes in financial fraud linked to cyberhacks and breaches.

"By taking out servers that are part of a botnet, innocent individuals and companies using that server may be taken out as well," says Navetta. "That is why I think it is important to have some judicial oversight over maneuvers like Operation B71."

Navetta says Operation B71's bright spot is reflected in the cross-sector collaboration with law enforcement and the courts it has created.

"It is encouraging to see," Navetta says.

Power in Numbers?

In part, the encouragement Navetta expresses was fueled by the authority a District Court in eastern New York late last week granted to Microsoft for the seizure and control of servers and systems linked to cybercrimes and botnets. Ultimately, the court sided with claims Microsoft and its co-plaintiffs, which include FS-ISAC and NACHA, made in a civil suit against several cybercrime groups, some of which are identified only by known aliases.

FS-ISAC and NACHA joined Microsoft because of the increasing number of online compromises that often lead to financial fraud.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE New Strategies for Fighting DDoS

Neustar has just released its State of DDoS report. What are the highlights? Margee Abrams of...

Latest Tweets and Mentions

ARTICLE New Strategies for Fighting DDoS

Neustar has just released its State of DDoS report. What are the highlights? Margee Abrams of...

The ISMG Network