Where were the cops when Microsoft busted Waledac?
Name the most important anti-crime organisation on the Internet. Not easy. An international police body? Some wing of the US government? Here’s my guess, and I base this on some evidence. It’s Microsoft’s Digital Crimes Unit a...
There is barely a significant spam, malware or, more recently, botnet bust that hasn’t got these guys’ fingerprints on it somewhere, and yet they get so little public acknowledgement that their current twitter feed has 124 followers. Some people’s pets get more attention on social media.
Who are they, where are they and what have they been doing to earn them their reputation among a limited circle of people who worry about such matters?
To quote their twitter bio, the DCU is “a worldwide team of lawyers, investigators, technical analysts and other specialists whose mission it is to make the Internet safer for everyone.” The core of this team appears to be US-focussed in terms of law breaking but contributes to investigations all over the globe, usually by feeding police investigators forensic data needed to build a case.
The most recent example was ‘operation b29’(in Microsoft speak), an audacious legal attack on the Waledac botnet to force the .com registrar VeriSign to choke the 277 domains alleged to hold up its activities.
The first extraordinary thing about this action was that Microsoft chose such an aggressive path to put the clampers on Waledac. VeriSign is a huge private US company which just happens to run the most important domain on the Internet. This sets a precedent that has been remarkably little commented upon, regardless of whether Waledac simply reconstitutes itself in some hard-to-reach corner of the Internet.
The second extraordinary thing is that it took another private company, Microsoft, under no obligation to do anything, to take even that action. Microsoft is doing work that should that in any other field of crime would be undertaken by national law-enforcement bodies. That suggests that these national bodies either can’t or won’t do such things themselves.
There’s nothing new in any of this. I wrote up the issue at the time of the Zotob worm of 2005, another case in which Microsoft was heavily involved.
The banking crisis converted many of the world’s politicians to the idea of setting global parameters for finance. Does the fact that Microsoft has become one of the most important evidence-gathering bodies in the world of cybercrime not hint that cyber-policing lives in a dangerous vacuum?