CyberEye

By Patrick Marshall

Blog archive

Powerful new government cybersecurity system: U.S. courts

Microsoft this week got a temporary restraining order against alleged operators of a botnet, allowing the software company to take over the malicious domain and block the Nitol botnet and nearly 70,000 other subdomains.

The case is interesting for a number of reasons, not least of which is that Nitol was discovered by Microsoft’s Digital Crimes Unit to be preinstalled on a computer bought in China, along with several other types of malware that had been incorporated into counterfeit copies of Windows XP and Windows 7.

Nitol was actively running and attempting to connect with a command and control server, allowing researchers to study it and its operators. Microsoft found that the United States has the second largest number of C&C servers (behind China), located primarily in California, Texas, Georgia and Pennsylvania.


Related coverage:

Administration unveils plan for battling botnets


But to my mind, the most interesting part of the story is Microsoft’s continued and successful use of the courts as a cybersecurity tool. The company’s Project MARS (Microsoft Active Response for Security) goes after threats to its customers with lawsuits to shut down the malicious nets. The Nitol bust is its second botnet takedown in six months.

On Sept. 10 the U.S. District Court for the Eastern District of Virginia granted Microsoft’s request for a temporary restraining order against Nitol’s operators, allowing the company to host the 3322.org domain, which hosts the majority of the C&C servers on a new domain name system. This will let Microsoft block malicious traffic while letting legitimate subdomains operate without interruption. Microsoft also is seeking preliminary and permanent injunctions.

Federal computer security law often is criticized as out of date with the current cyber threat environment, and cybersecurity legislation that would amend it has gone nowhere in Congress. But Microsoft has successfully used the existing Computer Fraud and Abuse Act, Common Law Trespass and other criminal statutes to take action against the roots of malicious networks.

In March, the company, along with the U.S. Marshals Service, took down several botnets using variants of the Zeus malware. A year earlier, Microsoft led the takedown of the massive Rustock botnet, which had infected more than a million computers worldwide, later turning the case over to the FBI.

Botnets have not disappeared, of course, and are not likely to disappear any time soon. And computer crime laws (and cybersecurity requirements) need to be updated. But Project MARS shows that court action through existing laws can be a potent cybersecurity tool against malicious networks that cross national borders.

Posted by William Jackson on Sep 14, 2012 at 9:39 AM


Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.