With terrifying speed and stealth, cyber criminals can infect millions of PCs with malware, turning them into a vicious zombie army mobilised to commit crimes like identity theft, financial fraud, and worse.
The scope is staggering says Microsoft.
So much so that half of online adults have been victims of botnets and other kinds of cybercrime attacks in the past year.
In all, cybercrime costs the global economy up to US$500 billion annually, and is often linked to organised crime rings involved in piracy, child exploitation and other dirty deeds.
For many years Microsoft, like many other tech companies, has helped lead the fight against cybercrime.
Last summer, the company worked in parallel with the FBI to take down the massive Citadel botnet, which had infected 5 million PCs and stole about a half billion dollars from people and businesses.
The company’s new Cybercrime Center in Redmond, which opened this week, will act as a new headquarters for similar collaborative efforts between Microsoft, law enforcement, customers and partners.
The high-tech headquarters may look like something from the set of CSI, but “it’s a real-life showcase for what Microsoft’s business intelligence and big data tools can do,” says Brad Smith, general counsel and executive vice president of Microsoft’s Legal and Corporate Affairs.
“We wanted to protect our customers,” adds Richard Boscovich, assistant general counsel for Microsoft’s Digital Crimes Unit (DCU).
“As a result, we’re hopefully identifying or producing evidence that we can provide to national and international law enforcement so they can not only identify these criminals but apprehend them.”
Bosco, as most people call him, is a former lawyer with the U.S. Attorney’s Office in Miami.
He came to Microsoft in 2008 as “not a big computer user” and somewhat unsure as to what direction his new job would take. That didn’t last long.
Within months, he’d used a novel legal approach to help stop one of the world’s largest spambots (nicknamed Rustock) that was infecting up to 2.5 million computers a day.
In short, Boscovich asked a judge for a temporary restraining order against the spammers, which would require them to show up to a hearing to defend themselves.
The spammers, of course, didn’t show, which opened the door for Microsoft to “win by default” and take control of hundreds of domains that spammers were using to infect computers.
Working with Internet service providers, Microsoft then informed the infected customers and pushed out tools to help them clean their computers.
“They were basic, common law principles – well, maybe one or two modern laws – used in a totally unique way to address a 21st century problem,” Boscovich says.
“That was the fun part. I never envisioned seizing computer servers used as a botnet command and control center by using the Lanham Act’s trademark violations.”
For more information regarding Microsoft's new cyber crime HQ click here