When Microsoft's not making software or technological marvels in its labs, it's fighting crimes with its Digital Crimes Unit. This morning we learned about one of its missions, from The New York Times, which sounds more like a scene in a movie than something that goes on at a geeky computer company. "Microsoft employees, accompanied by United States marshals, raided two nondescript office buildings in Pennsylvania and Illinois on Friday, aiming to disrupt one of the most pernicious forms of online crime today — botnets, or groups of computers that help harvest bank account passwords and other personal information from millions of other computers," write The Times' Nick Wingfield and Nicole Perlroth. Raiding a crime scene isn't exactly something we associate with Microsoft, but the company has a whole Digital Crimes Unit devote to this type of thing.
From the sounds of it, Microsoft is like the Batman of cyber-crime. Dissatisfied with the way traditional law enforcement agencies have handled Internet evil, the company looks into these security holes itself. "The sweep was part of a civil suit brought by Microsoft in its increasingly aggressive campaign to take the lead in combating such crimes, rather than waiting for law enforcement agencies to act," continue Wingfield and Perlroth. And, like Batman it has the money to do it -- it once offered a $250,000 reward for information related to the identification and conviction of hackers operating a group of bots.
This Zeus counter-offensive was just one of many successful cyber-crime initiatives to come out of the Digital Crimes Unit. In February 2010, Microsoft announced operation b49, "the groundbreaking legal and technical efforts led by Microsoft in cooperation with academic and industry experts around the world to shut down the notorious Waledac botnet," as a Microsoft blog post puts it. The Digital Crimes Unit has also succeeded in dismantling two additional botnet groups named Rustock and Kelihos.
Though Microsoft operates outside of law enforcement, like any superhero dealing with its off-brand villains, the Windows-maker works with government agencies to get the job done. "Because of the anonymity enabled by the Internet, cybercrime can be committed from almost anywhere while impacting victims almost anywhere, which means the crimes often fall outside of any one single jurisdiction," explains Microsoft in a blog post. "Therefore, the need for cross-agency collaboration continues to be a rich source of discussion at DCC, because the challenge of fighting cybercrime is amplified by the fact that it’s essentially borderless," continues the post. In this Zeus case, for example, a warrant from a federal job authorized this sweet, report Wingfield and Perlroth. And, Microsoft worked with the FBI for its three other successful "operations" to take-down the evil bots, handing evidence over to the FBI in the Rustock case.
Like any superhero, Microsoft believes its work benefits good, not evil. "In recent years, we’ve watched cybercrime evolve in ways that make it comparable to organized crime – a network of bad actors – forming an infrastructure that enables a wide variety of criminal activity," explains Microsoft in a blog post. Though, based on our knowledge of hackers from the '90s movie Hackers, we bet the hackers don't quite agree.