a more sophisticated DCU — How Microsofts cybercrime unit has evolved to combat increased threats Microsoft has honed its strategy to disrupt global cybercrime and state-backed actors.
Lily Hay Newman, wired.com – Dec 17, 2023 12:05 pm UTC Microsoft’s Cybercrime Center.Microsoft reader comments 55
Governments and the tech industry around the world have been scrambling in recent years to curb the rise of online scamming and cybercrime. Yet even with progress on digital defenses, enforcement, and deterrence, the ransomware attacks, business email compromises, and malware infections keep on coming. Over the past decade, Microsoft’s Digital Crimes Unit (DCU) has forged its own strategies, both technical and legal, to investigate scams, take down criminal infrastructure, and block malicious traffic.
The DCU is fueled, of course, by Microsoft’s massive scale and the visibility across the Internet that comes from the reach of Windows. But DCU team members repeatedly told WIRED that their work is motivated by very personal goals of protecting victims rather than a broad policy agenda or corporate mandate.
In just its latest action, the DCU announced Wednesday evening efforts to disrupt a cybercrime group that Microsoft calls Storm-1152. A middleman in the criminal ecosystem, Storm-1152 sells software services and tools like identity verification bypass mechanisms to other cybercriminals. The group has grown into the number one creator and vendor of fake Microsoft accountscreating roughly 750 million scam accounts that the actor has sold for millions of dollars.
The DCU used legal techniques it has honed over many years related to protecting intellectual property to move against Storm-1152. The team obtained a court order from the Southern District of New York on December 7 to seize some of the criminal groups digital infrastructure in the US and take down websites including the services 1stCAPTCHA, AnyCAPTCHA, and NoneCAPTCHA, as well as a site that sold fake Outlook accounts called Hotmailbox.me.
The strategy reflects the DCUs evolution. A group with the name Digital Crimes Unit has existed at Microsoft since 2008, but the team in its current form took shape in 2013 when the old DCU merged with a Microsoft team known as the Intellectual Property Crimes Unit. Advertisement
Things have become a lot more complex, says Peter Anaman, a DCU principal investigator. Traditionally you would find one or two people working together. Now, when youre looking at an attack, there are multiple players. But if we can break it down and understand the different layers that are involved it will help us be more impactful.
The DCUs hybrid technical and legal approach to chipping away at cybercrime is still unusual, but as the cybercriminal ecosystem has evolvedalongside its overlaps with state-backed hacking campaignsthe idea of employing creative legal strategies in cyberspace has become more mainstream. In recent years, for example, Meta-owned WhatsApp and Apple both took on the notorious spyware maker NSO Group with lawsuits.
Still, the DCU’s particular progression was the result of Microsoft’s unique dominance during the rise of the consumer Internet. As the group’s mission came into focus while dealing with threats from the late 2000s and early 2010slike the widespread Conficker wormthe DCU’s unorthodox and aggressive approach drew criticism at times for its fallout and potential impacts on legitimate businesses and websites.
There’s simply no other company that takes such a direct approach to taking on scammers, WIRED wrote in a story about the DCU from October 2014. That makes Microsoft rather effective, but also a little bit scary, observers say.
Richard Boscovich, the DCUs assistant general counsel and a former assistant US attorney in Floridas Southern District, told WIRED in 2014 that it was frustrating for people within Microsoft to see malware like Conficker rampage across the web and feel like the company could improve the defenses of its products, but not do anything to directly deal with the actors behind the crimes. That dilemma spurred the DCUs innovations and continues to do so.
Whats impacting people? Thats what we get asked to take on, and weve developed a muscle to change and to take on new types of crime, says Zoe Krumm, the DCUs director of analytics. In the mid-2000s, Krumm says, Brad Smith, now Microsofts vice chair and president, was a driving force in turning the companys attention toward the threat of email spam.
The DCU has always been a bit of an incubation team. I remember all of a sudden, it was like, We have to do something about spam. Brad comes to the team and hes like, OK, guys, lets put together a strategy. Ill never forget that it was just, Now were going to focus here. And that has continued, whether it be moving into the malware space, whether it be tech support fraud, online child exploitation, business email compromise. Page: 1 2 Next → reader comments 55 WIRED Wired.com is your essential daily guide to what’s next, delivering the most original and complete take you’ll find anywhere on innovation’s impact on technology, science, business and culture. Advertisement Channel Ars Technica ← Previous story Related Stories Today on Ars