Disruption is the best way of tackling botnet-based cybercrime, according to Microsoft's Digital Crimes Unit (...
Taking down the Waledac botnet of hijacked computers in February 2010 was a proof-of-concept strategy that Microsoft and its partners continue to use.
Microsoft DCU, made up of lawyers, program managers and technical experts, pioneered the approach to use civil law to seize and shut down botnet command and control servers.
Botnets are the weapon of choice for attackers, according to Richard Boscovich, senior attorney at the Digital Crimes Unit.
"While it is difficult to attack large networks of enterprises and governments, there is a much better chance of success if you can use the power of millions of botnet computers," he said.
The key thing is to disrupt the botnet, take down the infrastructure, and increase the cost [to the cyber attackers]
Richard Boscovich, senior attorney, Microsoft DCU
Consequently, the main goal for bad actors is to increase their power by compromising as many computers as possible to be part of their botnets.
"The key thing is to disrupt the botnet, take down the infrastructure, and increase the cost of doing business," said Boscovich.
The disruptive approach is very important, he said, because it hits attackers by reducing their return on investment. It also takes them time and money to regroup and redevelop hijacking malware.
This approach not only has the effect of stopping the harm immediately, but also enables Microsoft to work with victims to clean computers and refer the intelligence gathered to law enforcement authorities.
The criminal investigations into those behind the Kelihos and other botnets are still ongoing, said Boscovich.
Responding to criticism that Microsoft disrupted other law enforcement operations associated with the downed botnets, he said Microsoft is working to ensure that interference with other groups is minimised.