One of the perks of working at Microsoft is that we get to do really neat things on occasion, like visiting the Microsoft Cybercrime Center. Geekery aside, this was one of the most fascinating field trips I’ve ever had. We got to look at faked software from drug cartels that were manufacturing boxed product alongside the kind of product that comes in plastic bags and damages brain cells. We got to speak to researchers who had been on fascinating raids across the globe.
And most importantly, I was able to get some best practices to protect your home and your IT department. Here’s the shortlist:
- Keep it legit. Never, never buy machines "under the counter." If someone at a retailer offers you a cheaper deal on hardware that seems off-system (like they want you to pay in cash and you don’t get a receipt generated from the retailer) or off-the-books, very likely it has contaminated or fake software that can troll your machine—and any network it's joined to—for personal information or business intelligence. Remember that even organized crime syndicates have faked Microsoft SKU labels that look legitimate but aren’t. Not only is this a chance for your identity theft or blackmail, but for espionage and stolen intellectual property. Worried? Check your product for signs of counterfeit.
Keep your friends close. If you run a large IT department, deploy your product keys securely. Have IT script the deployment of the software. Don't write the product key down and give it to anyone, because you've just lost control of your product key, forever.
Keep your employees closer. Make sure you are checking monthly the people who have access to your product keys. If you didn’t deploy your product keys by script like in step 2, and you terminate an employee that knows your product keys—particularly Volume Licenses-- notify us explaining that you have a potential leak of volume licenses. It’s easier to prevent this on the front end than after the licenses have been re-sold by a disgruntled former employee and your company has some potential serious trouble.
Rinse, repeat. Keep your operations super-clean. If you have volume licenses managed by service centers—especially service centers in other locations, have your IT department do two things every month:
Look at all of the authorized users. Once you see an anomaly, like an email address that doesn't match your expected list of users (belonging to a strange or a free email address that anyone can set up), start worrying. Figure out who it is, and if you can’t, see step 3.
You can, for particular key types, see through Microsoft’s VLSC the number of activations on your MAK keys. Match this to the number of machines as closely as you can.
If your research shows
…you might have a security problem.
Good luck, and stay watchful.