Cybercrime has become big business with cybercriminals; not just by profiting from stealing directly from their victims, but also by selling their "products" and "services" to one another in their own burgeoning cybercrime economy. Through public/private partnerships, the Digital Crimes Unit (DCU) is disrupting criminal infrastructure and building stronger cooperative efforts to transform the fight against all forms of cybercrime.
The Microsoft Active Response for Security (MARS) initiative is focused on combining legal and technical acumen to proactively disrupt criminal infrastructure. This includes taking down botnets (armies of malware-infected PCs operating secretly under the remote control of a criminal), seizing the infrastructure and domains criminals use to control them and taking the information we gain in those efforts to help better protect the Internet community and our customers. Project MARS is a joint effort between the Microsoft Digital Crimes Unit, Microsoft Malware Protection Center, Customer Support Services and Trustworthy Computing. Recent examples of MARS include: Operation b49 (the Waledac takedown), Operation b107 (the Rustock takedown) and Operation b79 (the Kelihos takedown).
Microsoft Cybercrime Center
DCU has designed a collaborative and secure space where experts from across Microsoft’s product groups can work side by side with each other, DCU, and industry partners to develop and execute cybercrime disruption strategies. The Microsoft Cybercrime Center provides hi-tech investigative resources and access to intelligence on infected PCs and associated malware that product and service teams can use to combat account and platform compromise and service abuses, including denial of service attacks, ad fraud, and botnet creation.
Cybercrime Threat Intelligence
DCU has been driving a sustained fight against botnets for almost a decade, and in recent years, we adopted a more proactive and disruptive strategy aimed at protecting our customers. Through a program called Project MARS, we created a botnet cleanup effort supported by our Microsoft colleagues in Trustworthy Computing and the Microsoft Malware Protection Center to work with ISPs and CERTs around the world to help owners of malware-infected computers regain control of their systems. By sharing our Cyber-Threat Intelligence with ISPs and CERTs, we have been able to provide the information necessary to help hundreds of thousands of people around the world. As our efforts evolve, DCU continues to explore new ways to make this type of information available to those who can help our customers better protect themselves. To that end, we are currently testing a new system which aims to deliver actionable, real-time intelligence on currently tracked threats to customers and partners.
Online Advertising Crime
It is estimated that roughly a quarter of all ad clicks across the industry are fake, either done by botnets or by some other illegitimate means – and it is well known that ad platforms are increasingly being used to infect people’s computers with malicious software. With this in mind, the Microsoft Advertising Traffic Quality team, Microsoft Malware Protection Center, and DCU have experts at the Microsoft Cybercrime Center working collaboratively on new ways to detect, mitigate, and prevent threats such as click fraud and malvertising in Microsoft’s ad platform to protect our customers and advertisers.
Efforts to support the community
Microsoft is not alone in the fight against cybercrime. DCU is also investing in the development of valuable support opportunities for the expert global community fighting digital crime.
Digital Crimes Community Portal
Designed to enhance the connection and relationships across the various agencies and organizations worldwide needed to fight digital crime, the Digital Crimes Community Portal provides ongoing support year round to ensure that those in the community have a go-to resource for sharing information on the latest developments in the battle against cybercrime.
Digital Crimes Consortium
With support from sponsors, DCU hosts an annual weeklong conference known as the Digital Crimes Consortium (DCC). DCC draws hundreds of experts from law enforcement, government, academia, and industry from around the world in a rare opportunity to come together to address issues facing disruption and enforcement efforts on these borderless crimes.
Computer Online Forensic Evidence Extractor (COFEE)
Designed by Microsoft exclusively for use by law enforcement, COFEE brings together a number of common digital forensics capabilities into a fast, easy-to-use, automated tool for first responders on the scene of a crime. The tool is distributed at no charge through partnerships with INTERPOL and the National White Collar Crime Center (NW3C).