REDMOND, USA, 16 JUNE 2010 -- Asian CIOs need to get more creative to fight the rising tide of cyber crime, said Microsoft's Digital Crimes Unit.
Microsoft senior attorney, Digital Crimes Unit (DCU) senior attorney, Richard Boscovich, said: "CIOs and companies in general need to become more creative in order to fight online fraud."
"Because cyber crime is a distributed, global activity, the DCU is a worldwide team of lawyers, investigators, technical analysts, and other specialists whose mission is to make the Internet safer and more secure through strong enforcement, global partnerships, policy and technology solutions that help," Boscovich said.
"From a legal and liability perspective, CIOs and CSOs [chief security officers] should want to ensure, regardless of the applications the organisation is running, that all patches are implemented on a timely schedule and up-to-date," he said. “In addition, the most important thing is to advise employees about security policies in place and to follow safe guidelines."
“However, at DCU, we know that the people behind cyber crime are becoming even more sophisticated and creative in their schemes,” said Boscovich. “To combat this, we must apply similar or greater creativity.”
Takedown of Waledac botnet syndicate
"An example of taking a more creative approach, on different levels, is the ongoing take down of the Waledac botnet syndicate from earlier this year,” said Boscovich. “The strategy—using technical and cross-border, legal moves—we are employing is novel, but it is the right thing to do from an eco-perspective, and also one that benefits users, and defends against fraud, as well as other threats to online safety."
“Botnets deliver many kinds of criminal attacks and in our operation against the Waledac botnet, called Operation b49, Microsoft obtained a court order in February 2010 to sever 277 domains believed to be part of this particular botnet," he said.
"Operation b49 effectively severed between 70,000 and 90,000 computers from the Waledac botnet, and was the first initiative in Microsoft's Project MARS, which is a broad effort to annihilate botnets," he added.
"Of course, each region and country has its own set of rules, which sometimes makes it difficult to construct a legal framework and the technical counter-measures needed to take down a complex cross-border criminal threat," Boscovich said. "Incidentally, Waledac was spread through social engineering, whereby people were tricked into visiting a site."
"A ‘bad guy’ domain needs a process to tackle the registrant, who will be listed at the private non-profit organisation ICANN [Internet Corporation for Assigned Names and Numbers],” he added. “This brings in the challenge of meeting different sets of rules. It became crucial for us to try and get control of the domains legally: we used a theory under common law, existing in the US and UK concerning ex parte temporary restraining orders."
"The registrants were in China, but the registree was in the US,” said Boscovich. “The 277 domains were cut off by the legal process. In conjunction with the legal process, our industry and academic partners started a process of ‘poisoning’ the peer to peer table, which was to give commands to the bots."
"The bots therefore lost communication with the bot herder," he said. "In China, 20 other domains were still waiting to be dealt with. We reached out to China Cert, which pulled the remaining domains just in time."
"The operation was successful and this approach can be replicated," he said. "We established a long list of industry (such as Symantec) and academic partners, including German law enforcement and academics from the University of Bonn."
"The strategy is that one way to address the bot issue is to have higher levels included with a technical perspective,” he said. “Operation b49 proved a theory that our two-pronged strategy must be used, especially as this particular botnet was structured by a command structure rather like P2P (peer to peer) communication."
"The operation still is in a follow-up phase, as all the bots that are out there that have been cut off are still infected," he said, adding that certain high-level moves were in place at the time of the interview.
Cat-and-mouse games
"When it comes to crime and victimisation, cyber crime is a global problem," Boscovich said. "Whether in Singapore, Brazil, Australia or anywhere. Cyber crime is a constant cat-and-mouse game."
"Criminals are from all over the world, and not connected to just one country," he said, adding that botnets have become easily available; they are available as online kits. “Going after the herders is difficult as nine times out of 10, the information provided during such domain registration is fake."
"Other times, we will work with an enforcement agency as well as take appropriate civil action in cases where cyber crime results in cost to Microsoft," he said. "Governments have a host of different tools, which are different from ours."
"We work in a responsible fashion with law enforcement agencies around the world. Cyber crime is a global activity rather than gangs in specific countries," said Boscovich, adding that, for example, Microsoft has had meetings with IMPACT [a global governmental alliance against cyber crime – IMPACT (International Multilateral Partnership Against Cyber Threats) based in Malaysia, which has resulted in a memorandum of understanding.
As another example, Boscovich said they moved to tackle click laundering, which converts fraudulent clicks on 'parked websites of adverts' into legitimate clicks in order to obtain monies from publishers. "Click laundering is a serious problem within the advertising industry. Microsoft does not tolerate this type of fraud."
"To champion a healthier Internet, we sought to tackle competitive click fraud in June 2009, which was the Eric Lam lawsuit involving sophisticated click fraud campaigns," he said. "Click laundering highlights an emerging and complex form of publisher click fraud, and one that involved Microsoft filing lawsuits against publisher RedOrbit and John Doe."
"In Sept 2009, we filed five lawsuits, the first of their kind, targetting camouflaged malicious code within seemingly harmless online adverts," he said, adding that Microsoft delivered PSAs [public service announcements] through the search engine Bing to help alert people to scams.
"Other services to provide information and heighten awareness among potential victims use out-of-the box tactics," he said. “For instance, the Nigerian strategy was to try to educate the people trying to commit online fraud. We used a targeted video featuring a Nigerian pop band to deliver the message. A pop song 'Maga No Need Pay' reaches young Nigerians about advance fee fraud. Maga is slang for 'sucker' in Nigeria. This has more than a 108,000 views on YouTube so far."
"In September 2010, we will be participating in a conference in Nigeria with the Nigerian government about advance fee fraud," he said. “Microsoft attends many security conferences around the world throughout the year to share case studies and best practices.”
Boscovich said in December 2009, Microsoft donated its PhotoDNA technology to the National Centre for Missing & Exploited Children to help disrupt the distribution of graphic child pornography on the Internet. "Every time such an image is viewed, it is tantamount to revictimisation of the child in the original image."
He said this programme takes an image, then hashing it with the algorithm to search computers. "This takes a photo's DNA, rather like taking a fingerprint. If two pictures share the DNA, we know they are the same. This technique helps find images across large areas."
There were many other cases in progress that could not be released at this time, he added.
Partnership position in cyber crime war
"Establishing partnership positions towards the achievement of common goals is pivotal in the battle of cyber crime and the underground economy," said IDC ASEAN research manager, Roger Ling. "Until there is seamless integration and flow from provisioning (vendors) to enforcement (government), the disconnect will serve as a loophole to escape the long arm of the law."
"Vendor involvement to raise awareness and to shape policies will be essential to support strategic efforts," said Ling. "The increasingly common participation of security vendors to highlight the plight of security threats serves as a platform to educate the general public. Adding to that, global vendors with multiple footprints across the globe can also serve as liaison where territorial coverage is concerned."