Mi­crosoft push­ing to halt bot­net cy­ber­crime

Daily Press - - Businessda­y - By Frank Ba­jak

Mi­crosoft an­nounced le­gal ac­tion Mon­day seek­ing to dis­rupt a ma­jor cy­ber­crime dig­i­tal net­work that uses more than 1 mil­lion zom­bie com­put­ers to loot bank ac­counts and spread ran­somware, which ex­perts con­sider a threat to the U.S. pres­i­den­tial elec­tion.

The oper­a­tion to knock off­line com­mand-and-con­trol servers for a global bot­net that uses an in­fra­struc­ture known as Trick­bot to in­fect com­put­ers with mal­ware was ini­ti­ated with a court or­der Mi­crosoft ob­tained in Vir­ginia fed­eral court Oct. 6. Mi­crosoft ar­gued that the crime net­work is abus­ing its trade­mark.

Cy­ber­se­cu­rity ex­perts said that while Mi­crosoft’s use of a U.S. court or­der to per­suade in­ter­net providers to take down the bot­net servers is laud­able, it’s not apt to be suc­cess­ful be­cause too many won’t com­ply.

Paul Vixie of Far­sight Se­cu­rity said via email “ex­pe­ri­ence tells me it won’t scale — there are too many IP’s be­hind un­co­op­er­a­tive na­tional bor­ders.”

The an­nounce­ment fol­lows a Wash­ing­ton Post re­port Fri­day of a ma­jor — but ul­ti­mately un­suc­cess­ful — ef­fort by U.S. Cy­ber Com­mand to dis­man­tle Trick­bot last month with di­rect at­tacks rather than ask­ing on­line ser­vices to deny host­ing to do­mains used by com­mand-and-con­trol servers.

A U.S. pol­icy called “per­sis­tent en­gage­ment” au­tho­rizes U.S. cy­ber­war­riors to en­gage hos­tile hack­ers in cy­berspace and dis­rupt their oper­a­tions with code, some­thing Cy­ber­com did against Rus­sian mis­in­for­ma­tion jock­eys dur­ing U.S. midterm elec­tions in 2018.

Cre­ated in 2016 and used by a loose con­sor­tium of Rus­sian-speak­ing cy­ber­crim­i­nals, Trick­bot is a dig­i­tal su­per­struc­ture for sow­ing mal­ware in the com­put­ers of un­wit­ting in­di­vid­u­als and web­sites.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.