The Microsoft Digital Crimes Unit (DCU) is a

Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...

sponsored team of international legal and

internet security Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules a ...

experts employing the latest tools and technologies to stop or interfere with cybercrime and cyber threats. The Microsoft Digital Crimes Unit was assembled in 2008. In 2013, a Cybercrime center for the DCU was opened in

Redmond, Washington Redmond is a city in King County, Washington, United States, located east of Seattle. The population was 73,256 at the 2020 census, up from 54,144 in 2010. Redmond is best known as the home of Microsoft and Nintendo of America. With an an ...

. There are about 100 members of the DCU stationed just in Redmond, Washington at the original Cybercrime Center. Members of the DCU include

lawyer A lawyer is a person who practices law. The role of a lawyer varies greatly across different legal jurisdictions. A lawyer can be classified as an advocate, attorney, barrister, canon lawyer, civil law notary, counsel, counselor, solic ...

data scientist Data science is an interdisciplinary field that uses scientific methods, processes, algorithms and systems to extract or extrapolate knowledge and insights from noisy, structured and unstructured data, and apply knowledge from data across a bro ...

s, investigators,

forensic analyst Forensic science, also known as criminalistics, is the application of science to criminal and civil laws, mainly—on the criminal side—during criminal investigation, as governed by the legal standards of admissible evidence and criminal p ...

s, and

engineer Engineers, as practitioners of engineering, are professionals who invent, design, analyze, build and test machines, complex systems, structures, gadgets and materials to fulfill functional objectives and requirements while considering the l ...

s. The DCU has international offices located in major cities such as:

Beijing } Beijing ( ; ; ), alternatively romanized as Peking ( ), is the capital of the People's Republic of China. It is the center of power and development of the country. Beijing is the world's most populous national capital city, with over 21 ...

Berlin Berlin ( , ) is the capital and largest city of Germany by both area and population. Its 3.7 million inhabitants make it the European Union's most populous city, according to population within city limits. One of Germany's sixteen constitue ...

, Bogota,

Delhi Delhi, officially the National Capital Territory (NCT) of Delhi, is a city and a union territory of India containing New Delhi, the capital of India. Straddling the Yamuna river, primarily its western or right bank, Delhi shares borders w ...

Dublin Dublin (; , or ) is the capital and largest city of Republic of Ireland, Ireland. On a bay at the mouth of the River Liffey, it is in the Provinces of Ireland, province of Leinster, bordered on the south by the Dublin Mountains, a part of th ...

Hong Kong Hong Kong ( (US) or (UK); , ), officially the Hong Kong Special Administrative Region of the People's Republic of China ( abbr. Hong Kong SAR or HKSAR), is a city and special administrative region of China on the eastern Pearl River Delt ...

Sydney Sydney ( ) is the capital city of the state of New South Wales, and the most populous city in both Australia and Oceania. Located on Australia's east coast, the metropolis surrounds Sydney Harbour and extends about towards the Blue Mountain ...

, and

Washington, D.C. ) , image_skyline = , image_caption = Clockwise from top left: the Washington Monument and Lincoln Memorial on the National Mall, United States Capitol, Logan Circle, Jefferson Memorial, White House, Adams Morgan, ...

The DCU's main focuses are

child protection Child protection is the safeguarding of children from violence, exploitation, abuse, and neglect. Article 19 of the UN Convention on the Rights of the Child provides for the protection of children in and out of the home. One of the ways to e ...

copyright infringement Copyright infringement (at times referred to as piracy) is the use of works protected by copyright without permission for a usage where such permission is required, thereby infringing certain exclusive rights granted to the copyright holder, s ...

and

malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...

crimes. The DCU must work closely with

law enforcement Law enforcement is the activity of some members of government who act in an organized manner to enforce the law by discovering, deterring, rehabilitating, or punishing people who violate the rules and norms governing that society. The term en ...

to ensure the perpetrators are punished to the full extent of the law. The DCU has taken down many major botnets such as the Citadel, Rustock, and Zeus. Around the world malware has cost users about $113 billion and the DCU's jobs is to shut them down in accordance with the law.

Areas of emphasis

There are three areas on which the DCU concentrates: *

Child protection Child protection is the safeguarding of children from violence, exploitation, abuse, and neglect. Article 19 of the UN Convention on the Rights of the Child provides for the protection of children in and out of the home. One of the ways to e ...

, combating

child sexual abuse Child sexual abuse (CSA), also called child molestation, is a form of child abuse in which an adult or older adolescent uses a child for sexual stimulation. Forms of child sexual abuse include engaging in sexual activities with a child (whet ...

facilitated through information technology *

Copyright infringement Copyright infringement (at times referred to as piracy) is the use of works protected by copyright without permission for a usage where such permission is required, thereby infringing certain exclusive rights granted to the copyright holder, s ...

and other

intellectual property infringement An intellectual is a person who engages in critical thinking, research, and reflection about the reality of society, and who proposes solutions for the normative problems of society. Coming from the world of culture, either as a creator or a ...

s *

Malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...

crimes, particularly

botnet A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...

internet bots An Internet bot, web robot, robot or simply bot, is a software application that runs automated tasks (scripts) over the Internet, usually with the intent to imitate human activity on the Internet, such as messaging, on a large scale. An Internet ...

used for malicious purposes

Trespass to Chattel

Trespass to Chattel Trespass to chattels is a tort whereby the infringing party has intentionally (or, in Australia, negligently) interfered with another person's lawful possession of a chattel (movable personal property). The interference can be any physical cont ...

is a legal term for how the Microsoft Digital Crimes Unit takes down its cyber criminals. Chattel is old English for cattle, which was considered to be valuable property to the owner. Essentially meaning that any property that is not land is referred to as chattel or "cattle". When spam or malware infects a user's computer or network that is considered to be "trespass to chattel" because they are

trespassing Trespass is an area of tort law broadly divided into three groups: trespass to the person, trespass to chattels, and trespass to land. Trespass to the person historically involved six separate trespasses: threats, assault, battery, wounding, ...

on the user's property. The cybercrime is that the criminal has trespassed on the user's computer or network because they are responsible for the spam or malware they intended to harm the user with. The DCU's legal team has to pursue the

cyber criminal A cybercrime is a crime that involves a computer or a computer network.Moore, R. (2005) "Cyber crime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing. The computer may have been used in committing the ...

in court using these old legal doctrines and laws to charge them with the crime of trespassing.

The Botnet

is a network of compromised computer (

Zombies A zombie (Haitian French: , ht, zonbi) is a mythological undead corporeal revenant created through the reanimation of a corpse. Zombies are most commonly found in horror and fantasy genre works. The term comes from Haitian folklore, in whic ...

) that are controlled without the user's knowledge. These are usually used to do repetitive tasks such as spam but can also be used for distributing malware and Distributed Denial of Service(DDOS) attacks. These botnets are controlled by a single criminal or a network of criminals. The Microsoft Digital Crimes Unit is constantly hunting down Botnet networks that are used for these tasks. The DCU has dealt with botnets for

spamming Spamming is the use of messaging systems to send multiple unsolicited messages (spam) to large numbers of recipients for the purpose of commercial advertising, for the purpose of non-commercial proselytizing, for any prohibited purpose (especial ...

, key-logging and data ransom. The DCU has also taken down botnets such as Citadel, Rustock, and Zeus. It is an everyday fight for the DCU to continue to locate new threats from botnets and take them down.

Takedown of the Rustock Botnet

On March 18, 2011, the Microsoft Digital Crimes Unit took down the

Rustock Botnet The Rustock botnet was a botnet that operated from around 2006 until March 2011. It consisted of computers running Microsoft Windows, and was capable of sending up to 25,000 spam messages per hour from an infected PC. At the height of its activiti ...

. The Rustock botnet was responsible for over half of the

spam Spam may refer to: * Spam (food), a canned pork meat product * Spamming, unsolicited or undesired electronic messages ** Email spam, unsolicited, undesired, or illegal email messages ** Messaging spam, spam targeting users of instant messaging ( ...

worldwide sent to users and had controlled over 1 million computers. This spam had viruses attached to the emails and some were

phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...

emails. Microsoft with the help of the

U.S. Marshals The United States Marshals Service (USMS) is a federal law enforcement agency in the United States. The USMS is a bureau within the U.S. Department of Justice, operating under the direction of the Attorney General, but serves as the enforceme ...

got warrants to seize the identified local

command-and-control Command and control (abbr. C2) is a "set of organizational and technical attributes and processes ... hatemploys human, physical, and information resources to solve problems and accomplish missions" to achieve the goals of an organization or en ...

servers and do analysis on them. The DCU and U.S. marshals raided the servers located in

Chicago (''City in a Garden''); I Will , image_map = , map_caption = Interactive Map of Chicago , coordinates = , coordinates_footnotes = , subdivision_type = Country , subdivision_name ...

Columbus Columbus is a Latinized version of the Italian surname "''Colombo''". It most commonly refers to: * Christopher Columbus (1451-1506), the Italian explorer * Columbus, Ohio, capital of the U.S. state of Ohio Columbus may also refer to: Places ...

Dallas Dallas () is the List of municipalities in Texas, third largest city in Texas and the largest city in the Dallas–Fort Worth metroplex, the List of metropolitan statistical areas, fourth-largest metropolitan area in the United States at 7.5 ...

Denver Denver () is a consolidated city and county, the capital, and most populous city of the U.S. state of Colorado. Its population was 715,522 at the 2020 census, a 19.22% increase since 2010. It is the 19th-most populous city in the Unit ...

Kansas City The Kansas City metropolitan area is a bi-state metropolitan area anchored by Kansas City, Missouri. Its 14 counties straddle the border between the U.S. states of Missouri (9 counties) and Kansas (5 counties). With and a population of more ...

Scranton Scranton is a city in the Commonwealth (U.S. state), Commonwealth of Pennsylvania, United States, and the county seat of Lackawanna County, Pennsylvania, Lackawanna County. With a population of 76,328 as of the 2020 United States census, 2020 U ...

, and

Seattle Seattle ( ) is a seaport city on the West Coast of the United States. It is the seat of King County, Washington. With a 2020 population of 737,015, it is the largest city in both the state of Washington and the Pacific Northwest regio ...

. After the DCU had seized the servers and terminated them the entire world had a large decrease in spam. Since then there has been no spam from the Rustock Botnet.

Takedown of the Zeus Botnet

On March 25, 2012, the Microsoft Digital Crimes Unit took down the Zeus Botnet. This investigation was also known as Operation b71. The Zeus botnet is responsible for stealing more than $100 Million from over 13 million infected computers. The botnet was installed on the user's computer from

pirated Copyright infringement (at times referred to as piracy) is the use of works protected by copyright without permission for a usage where such permission is required, thereby infringing certain exclusive rights granted to the copyright holder, s ...

versions of

Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...

or hidden through a download online. The Zeus botnet works by waiting for the user of the computer to open a

web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used on ...

and attempt to do some

banking A bank is a financial institution that accepts deposits from the public and creates a demand deposit while simultaneously making loans. Lending activities can be directly performed by the bank or indirectly through capital markets. Because ...

online shopping Online shopping is a form of electronic commerce which allows consumers to directly buy goods or services from a seller over the Internet using a web browser or a mobile app. Consumers find a product of interest by visiting the website of the r ...

then show a similar looking webpage with a field to enter the login information. The login information is then sent to a Zeus server and the criminal can access the user's accounts. The DCU, accompanied by

, shut down the botnet by raiding two

server facilities located

Pennsylvania Pennsylvania (; ( Pennsylvania Dutch: )), officially the Commonwealth of Pennsylvania, is a state spanning the Mid-Atlantic, Northeastern, Appalachian, and Great Lakes regions of the United States. It borders Delaware to its southeast, ...

and

Lombard, Illinois Lombard is a village in DuPage County, Illinois, United States, and a suburb of Chicago. The population was 43,165 at the 2010 census. The United States Census Bureau estimated the population in 2019 to be 44,303. History Originally part of ...

. From there the DCU made a case to prosecute 39 unnamed

cyber criminals A cybercrime is a crime that involves a computer or a computer network.Moore, R. (2005) "Cyber crime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing. The computer may have been used in committing the ...

who were responsible for this botnet by accessing the servers and retrieving the stolen data. After this botnet was shut down the starter code has since been sold on the black market to make other variations of this botnet such as Citadel and many more. Therefore, the Zeus botnet code itself is still active and has evolved.

Takedown of the Citadel Botnet

On June 6, 2013, the Microsoft Digital Crimes Unit took down the Citadel botnet's 1000 servers. The Citadel botnet had infected an estimated 5 million computers using a key-logging program to steal the information. Citadel is responsible for stealing at least $500 million from online personal

bank account A bank account is a financial account maintained by a bank or other financial institution in which the financial transactions between the bank and a customer are recorded. Each financial institution sets the terms and conditions for each type o ...

s in over 80 countries. They stole from banks such as

American Express American Express Company (Amex) is an American multinational corporation specialized in payment card services headquartered at 200 Vesey Street in the Battery Park City neighborhood of Lower Manhattan in New York City. The company was found ...

Bank of America The Bank of America Corporation (often abbreviated BofA or BoA) is an American multinational investment bank and financial services holding company headquartered at the Bank of America Corporate Center in Charlotte, North Carolina. The bank w ...

PayPal PayPal Holdings, Inc. is an American multinational financial technology company operating an online payments system in the majority of countries that support online money transfers, and serves as an electronic alternative to traditional paper ...

HSBC HSBC Holdings plc is a British multinational universal bank and financial services holding company. It is the largest bank in Europe by total assets ahead of BNP Paribas, with US$2.953 trillion as of December 2021. In 2021, HSBC had $10.8 tri ...

Royal Bank of Canada Royal Bank of Canada (RBC; french: Banque royale du Canada) is a Canadian multinational financial services company and the largest bank in Canada by market capitalization. The bank serves over 17 million clients and has more than 89,000& ...

and

Wells Fargo Wells Fargo & Company is an American multinational financial services company with corporate headquarters in San Francisco, California; operational headquarters in Manhattan; and managerial offices throughout the United States and intern ...

. The Citadel code emerged from the cybercrime kit known as Zeus which is sold as a starter code on the black market for thousands. The creators of Citadel are unknown but the DCU has prepared a large amount of charges to prosecute them. The DCU has since then helped users update their systems to get rid of the malware that may still be on their computers but is inactive.

Actions against the ZeroAccess botnet

On December 5, 2013, the Microsoft Digital Crimes Unit, the

FBI The Federal Bureau of Investigation (FBI) is the domestic Intelligence agency, intelligence and Security agency, security service of the United States and its principal Federal law enforcement in the United States, federal law enforcement age ...

, Europol, and other industry partners attempted to disrupt the

ZeroAccess botnet ZeroAccess is a Trojan horse computer malware that affects Microsoft Windows operating systems. It is used to download other malware on an infected machine from a botnet while remaining hidden using rootkit techniques. History and propagation Th ...

. Although the efforts took down 18 hosts that were part of the ZeroAccess command and control network, because of the

peer-to-peer Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the network. They are said to form a peer-to-peer n ...

nature of the botnet, ZeroAccess remains active.

References

External links

Exploitation CrimesIP CrimesMalicious Software Crimes
* {{Microsoft Computer security organizations Microsoft divisions