HOME

TheInfoList



Click Here for Items Related To - Microsoft Digital Crimes Unit
OR:
Microsoft Digital Crimes Unit on:   [Wikipedia]   [Google]   [Amazon]

The Microsoft Digital Crimes Unit (DCU) is a
Microsoft Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...
sponsored team of international legal and
internet security Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules ...
experts employing the latest tools and technologies to stop or interfere with cybercrime and cyber threats. The Microsoft Digital Crimes Unit was assembled in 2008. In 2013, a Cybercrime center for the DCU was opened in
Redmond, Washington Redmond is a city in King County, Washington, United States, located east of Seattle. The population was 73,256 at the 2020 United States census, 2020 census. Redmond is best known as the home of Microsoft and Nintendo of America. The city h ...
. There are about 100 members of the DCU stationed just in Redmond, Washington at the original Cybercrime Center. Members of the DCU include
lawyer A lawyer is a person who is qualified to offer advice about the law, draft legal documents, or represent individuals in legal matters. The exact nature of a lawyer's work varies depending on the legal jurisdiction and the legal system, as w ...
s,
data scientist Data science is an interdisciplinary academic field that uses statistics, scientific computing, scientific methods, processing, scientific visualization, algorithms and systems to extract or extrapolate knowledge from potentially noisy, struct ...
s, investigators, forensic analysts, and
engineer Engineers, as practitioners of engineering, are professionals who Invention, invent, design, build, maintain and test machines, complex systems, structures, gadgets and materials. They aim to fulfill functional objectives and requirements while ...
s. The DCU has international offices located in major cities such as:
Beijing Beijing, Chinese postal romanization, previously romanized as Peking, is the capital city of China. With more than 22 million residents, it is the world's List of national capitals by population, most populous national capital city as well as ...
,
Berlin Berlin ( ; ) is the Capital of Germany, capital and largest city of Germany, by both area and List of cities in Germany by population, population. With 3.7 million inhabitants, it has the List of cities in the European Union by population withi ...
, Bogota,
Delhi Delhi, officially the National Capital Territory (NCT) of Delhi, is a city and a union territory of India containing New Delhi, the capital of India. Straddling the Yamuna river, but spread chiefly to the west, or beyond its Bank (geography ...
,
Dublin Dublin is the capital and largest city of Republic of Ireland, Ireland. Situated on Dublin Bay at the mouth of the River Liffey, it is in the Provinces of Ireland, province of Leinster, and is bordered on the south by the Dublin Mountains, pa ...
,
Hong Kong Hong Kong)., Legally Hong Kong, China in international treaties and organizations. is a special administrative region of China. With 7.5 million residents in a territory, Hong Kong is the fourth most densely populated region in the wor ...
,
Sydney Sydney is the capital city of the States and territories of Australia, state of New South Wales and the List of cities in Australia by population, most populous city in Australia. Located on Australia's east coast, the metropolis surrounds Syd ...
, and
Washington, D.C. Washington, D.C., formally the District of Columbia and commonly known as Washington or D.C., is the capital city and federal district of the United States. The city is on the Potomac River, across from Virginia, and shares land borders with ...
The DCU's main focuses are
child protection Child protection (also called child welfare) is the safeguarding of children from violence, exploitation, abuse, abandonment, and neglect. It involves identifying signs of potential harm. This includes responding to allegations or suspicions ...
,
copyright infringement Copyright infringement (at times referred to as piracy) is the use of Copyright#Scope, works protected by copyright without permission for a usage where such permission is required, thereby infringing certain exclusive rights granted to the c ...
and
malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
crimes. The DCU must work closely with
law enforcement Law enforcement is the activity of some members of the government or other social institutions who act in an organized manner to enforce the law by investigating, deterring, rehabilitating, or punishing people who violate the rules and norms gove ...
to ensure the perpetrators are punished to the full extent of the law. The DCU has taken down many major botnets such as the Citadel, Rustock, and Zeus. Around the world malware has cost users about $113 billion and the DCU's job is to shut them down in accordance with the law.


Areas of emphasis

There are three areas on which the DCU concentrates: *
Child protection Child protection (also called child welfare) is the safeguarding of children from violence, exploitation, abuse, abandonment, and neglect. It involves identifying signs of potential harm. This includes responding to allegations or suspicions ...
, combating
child sexual abuse Child sexual abuse (CSA), also called child molestation, is a form of child abuse in which an adult or older adolescent uses a child for sexual stimulation. Forms of child sexual abuse include engaging in Human sexual activity, sexual activit ...
facilitated through information technology *
Copyright infringement Copyright infringement (at times referred to as piracy) is the use of Copyright#Scope, works protected by copyright without permission for a usage where such permission is required, thereby infringing certain exclusive rights granted to the c ...
and other
intellectual property infringement An intellectual property (IP) infringement is the infringement or violation of an intellectual property right. There are several types of intellectual property rights, such as copyrights, patents, trademarks, industrial designs, plant breeders ri ...
s *
Malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
crimes, particularly
botnet A botnet is a group of Internet-connected devices, each of which runs one or more Internet bot, bots. Botnets can be used to perform distributed denial-of-service attack, distributed denial-of-service (DDoS) attacks, steal data, send Spamming, sp ...
s, internet bots used for malicious purposes


Trespass to Chattel

Trespass to Chattel is a legal term for how the Microsoft Digital Crimes Unit takes down its cyber criminals. Chattel is old English for cattle, which was considered to be valuable property to the owner. Essentially meaning that any property that is not land is referred to as chattel or "cattle". When spam or malware infects a user's computer or network that is considered to be "trespass to chattel" because they are
trespassing Trespass to land, also called trespass to realty or trespass to real property, or sometimes simply trespass, is a common law tort or a crime that is committed when an individual or the object of an individual intentionally (or, in Australia, ...
on the user's property. The cybercrime is that the criminal has trespassed on the user's computer or network because they are responsible for the spam or malware they intended to harm the user with. The DCU's legal team has to pursue the cyber criminal in court using these old legal doctrines and laws to charge them with the crime of trespassing.


The Botnet

A
botnet A botnet is a group of Internet-connected devices, each of which runs one or more Internet bot, bots. Botnets can be used to perform distributed denial-of-service attack, distributed denial-of-service (DDoS) attacks, steal data, send Spamming, sp ...
is a network of compromised computer ( Zombies) that are controlled without the user's knowledge. These are usually used to do repetitive tasks such as spam but can also be used for distributing malware and Distributed Denial of Service(DDOS) attacks. These botnets are controlled by a single criminal or a network of criminals. The Microsoft Digital Crimes Unit is constantly hunting down Botnet networks that are used for these tasks. The DCU has dealt with botnets for
spamming Spamming is the use of messaging systems to send multiple unsolicited messages (spam) to large numbers of recipients for the purpose of commercial advertising, non-commercial proselytizing, or any prohibited purpose (especially phishing), or si ...
, key-logging and data ransom. The DCU has also taken down botnets such as Citadel, Rustock, and Zeus. It is an everyday fight for the DCU to continue to locate new threats from botnets and take them down.


Takedown of the Rustock Botnet

On March 18, 2011, the Microsoft Digital Crimes Unit took down the Rustock Botnet. The Rustock botnet was responsible for over half of the
spam Spam most often refers to: * Spam (food), a consumer brand product of canned processed pork of the Hormel Foods Corporation * Spamming, unsolicited or undesired electronic messages ** Email spam, unsolicited, undesired, or illegal email messages ...
worldwide sent to users and had controlled over 1 million computers. This spam had viruses attached to the emails and some were
phishing Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticate ...
emails. Microsoft with the help of the U.S. Marshals got warrants to seize the identified local command-and-control servers and do analysis on them. The DCU and U.S. marshals raided the servers located in
Chicago Chicago is the List of municipalities in Illinois, most populous city in the U.S. state of Illinois and in the Midwestern United States. With a population of 2,746,388, as of the 2020 United States census, 2020 census, it is the List of Unite ...
, Columbus,
Dallas Dallas () is a city in the U.S. state of Texas and the most populous city in the Dallas–Fort Worth metroplex, the List of Texas metropolitan areas, most populous metropolitan area in Texas and the Metropolitan statistical area, fourth-most ...
,
Denver Denver ( ) is a List of municipalities in Colorado#Consolidated city and county, consolidated city and county, the List of capitals in the United States, capital and List of municipalities in Colorado, most populous city of the U.S. state of ...
,
Kansas City The Kansas City metropolitan area is a bi-state metropolitan area anchored by Kansas City, Missouri. Its 14 counties straddle the border between the U.S. states of Missouri (9 counties) and Kansas (5 counties). With and a population of more t ...
,
Scranton Scranton is a city in and the county seat of Lackawanna County, Pennsylvania, United States. With a population of 76,328 as of the 2020 United States census, 2020 census, Scranton is the most populous city in Northeastern Pennsylvania and the ...
, and
Seattle Seattle ( ) is the most populous city in the U.S. state of Washington and in the Pacific Northwest region of North America. With a population of 780,995 in 2024, it is the 18th-most populous city in the United States. The city is the cou ...
. After the DCU had seized the servers and terminated them the entire world had a large decrease in spam. Since then there has been no spam from the Rustock Botnet.


Takedown of the Zeus Botnet

On March 25, 2012, the Microsoft Digital Crimes Unit took down the Zeus Botnet. This investigation was also known as Operation b71. The Zeus botnet is responsible for stealing more than $100 Million from over 13 million infected computers. The botnet was installed on the user's computer from pirated versions of
Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
or hidden through a download online. The Zeus botnet works by waiting for the user of the computer to open a
web browser A web browser, often shortened to browser, is an application for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's scr ...
and attempt to do some
banking A bank is a financial institution that accepts Deposit account, deposits from the public and creates a demand deposit while simultaneously making loans. Lending activities can be directly performed by the bank or indirectly through capital m ...
or
online shopping Online shopping is a form of electronic commerce which allows consumers to directly buy goods or services from a seller over the Internet using a web browser or a mobile app. Consumers find a product of interest by visiting the website of th ...
then show a similar looking webpage with a field to enter the login information. The login information is then sent to a Zeus server and the criminal can access the user's accounts. The DCU, accompanied by U.S. Marshals, shut down the botnet by raiding two command-and-control server facilities located
Scranton Scranton is a city in and the county seat of Lackawanna County, Pennsylvania, United States. With a population of 76,328 as of the 2020 United States census, 2020 census, Scranton is the most populous city in Northeastern Pennsylvania and the ...
,
Pennsylvania Pennsylvania, officially the Commonwealth of Pennsylvania, is a U.S. state, state spanning the Mid-Atlantic (United States), Mid-Atlantic, Northeastern United States, Northeastern, Appalachian, and Great Lakes region, Great Lakes regions o ...
and
Lombard, Illinois Lombard is a village in DuPage County, Illinois, United States, and a suburb of Chicago. The population was 44,476 at the 2020 United States census, 2020 census. History Lombard was originally named "Babcock's Grove", after the Babcock brothers ...
. From there the DCU made a case to prosecute 39 unnamed cyber criminals who were responsible for this botnet by accessing the servers and retrieving the stolen data. After this botnet was shut down the starter code has since been sold on the black market to make other variations of this botnet such as Citadel and many more. Therefore, the Zeus botnet code itself is still active and has evolved.


Takedown of the Citadel Botnet

On June 6, 2013, the Microsoft Digital Crimes Unit took down the Citadel botnet's 1000 servers. The Citadel botnet had infected an estimated 5 million computers using a key-logging program to steal the information. Citadel is responsible for stealing at least $500 million from online personal
bank account A bank account is a financial account maintained by a bank or other financial institution in which the financial transaction A financial transaction is an Contract, agreement, or communication, between a buyer and seller to exchange goods, ...
s in over 80 countries. They stole from banks such as
American Express American Express Company or Amex is an American bank holding company and multinational financial services corporation that specializes in payment card industry, payment cards. It is headquartered at 200 Vesey Street, also known as American Expr ...
,
Bank of America The Bank of America Corporation (Bank of America) (often abbreviated BofA or BoA) is an American multinational investment banking, investment bank and financial services holding company headquartered at the Bank of America Corporate Center in ...
,
PayPal PayPal Holdings, Inc. is an American multinational financial technology company operating an online payments system in the majority of countries that support E-commerce payment system, online money transfers; it serves as an electronic alter ...
,
HSBC HSBC Holdings plc ( zh, t_hk=滙豐; initialism from its founding member The Hongkong and Shanghai Banking Corporation) is a British universal bank and financial services group headquartered in London, England, with historical and business li ...
,
Royal Bank of Canada Royal Bank of Canada (RBC; ) is a Canadian multinational Financial institution, financial services company and the Big Five (banks), largest bank in Canada by market capitalization. The bank serves over 20 million clients and has more than ...
and
Wells Fargo Wells Fargo & Company is an American multinational financial services company with a significant global presence. The company operates in 35 countries and serves over 70 million customers worldwide. It is a systemically important fi ...
. The Citadel code emerged from the cybercrime kit known as Zeus which is sold as a starter code on the black market for thousands. The creators of Citadel are unknown but the DCU has prepared a large amount of charges to prosecute them. The DCU has since then helped users update their systems to get rid of the malware that may still be on their computers but is inactive.


Actions against the ZeroAccess botnet

On December 5, 2013, the Microsoft Digital Crimes Unit, the
FBI The Federal Bureau of Investigation (FBI) is the domestic Intelligence agency, intelligence and Security agency, security service of the United States and Federal law enforcement in the United States, its principal federal law enforcement ag ...
,
Europol Europol, officially the European Union Agency for Law Enforcement Cooperation, is the law enforcement agency of the European Union (EU). Established in 1998, it is based in The Hague, Netherlands, and serves as the central hub for coordinating c ...
, and other industry partners attempted to disrupt the ZeroAccess botnet. Although the efforts took down 18 hosts that were part of the ZeroAccess command and control network, because of the
peer-to-peer Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the network, forming a peer-to-peer network of Node ...
nature of the botnet, ZeroAccess remains active.


See also

*
Attack (computing) A cyberattack (or cyber attack) occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content. The rising dependence on increasingly complex and inte ...
* Child protective services *
Computer worm A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will ...
*
Distributed Denial of Service In computing, a denial-of-service attack (DoS attack) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conne ...


References


External links


Exploitation CrimesIP CrimesMalicious Software Crimes
{{Microsoft Computer security organizations Microsoft divisions