Microsoft vs. botnets: Vendors as CSI could become weird

Does Microsoft's public-private approach to taking down botnets scale? And if so what's the role of tech vendors?
Written by Larry Dignan, Contributor

Microsoft and financial services groups---along with U.S. Marshals---have announced raids on servers that were used to deliver botnets and allegedly conduct cybercrime.

The raid, touted by Microsoft, and detailed in depth by Stephen Shankland at CNET News, could elicit two reactions as the tech news cycle plays out. First, there's the kudos to Microsoft and the thought that more tech vendors should aim to disrupt cybercrime. And then there's the weird feeling that vendors can be too tangled up in law enforcement.

A botnet attack map from Microsoft's complaint via CNET. Credit: Microsoft complaint.

Microsoft's motives are clear. The software giant presses complaints and law enforcement agencies to crack down on cybercrime. Why? Microsoft is usually the biggest target. However, that situation could change. Windows is targeted today and tomorrow it could be Google's Android and Apple's iOS. Will there be a trio of tech giants going on ride alongs too?

Your reaction to Microsoft's raid with Financial Services – Information Sharing and Analysis Center (FS-ISAC) and NACHA – The Electronic Payments Association, as well as Kyrus Tech Inc. may break down into those two aforementioned buckets. Here's a look at the two possible reactions.

The kudos

Tech vendors could form Justice League vs. cybercrime. Credit: DC

Tech vendors could form Justice League vs. cybercrime. Credit: DC

On the surface, it's fascinating that Microsoft has a digital crime unit that can conduct "legal and technical action" against botnets.

Microsoft presses legal action---this time in the U.S. District Court for the Eastern District of New York---shares investigations with authorities. This raid took out servers in Scranton, PA and Lombard, Ill. The servers allegedly delivered Zeus botnets.

For Microsoft, the latest raid represents the fourth botnet takedown. A precedent has been set. Now Microsoft is going for strategic disruption of botnet and cybercrime operations.

If you applaud Microsoft's actions then a natural extension here is to wonder what would happen if Google, Apple, Microsoft and Cisco---maybe Intel and IBM too---joined forces to take out marauding botnet servers. That group of tech giants could form the core of a cybercrime Justice League if you will. We'll draw straws over which vendor gets to play Superman.

In any case, Microsoft's raids, complaints and coordination with partners are impressive. Perhaps that approach should be replicated.

And then there's the queasiness

Where things get odd in this Microsoft vs. the botnets scenario is that in many respects the role of law enforcement can become murky. Do we really want vendors on ride-along raids?

Microsoft raids botnet servers with law enforcement. Apple works with San Francisco cops to track down a lost iPhone prototype.

Tech vendors meeting CSI could get a little weird should this collaboration scale. What's possible when law enforcement agencies and tech giants collaborate? The outcomes are both good (cybercrime takedowns) and bad (surveillance and Big Brother outcomes).

There's also the realization that law enforcement is most likely completely outgunned on cybercrime. Is it worrisome that law enforcement needs Microsoft prodding and help to dent cybercrime?

Most of these efforts can be boiled down to private-public partnership on law enforcement and security issues. Nevertheless, Microsoft's cybercrime CSI routine can seem a bit odd---especially if it is replicated by other tech giants.

Where do I stand on these two arguments? I come down somewhere in between. It's nice to see botnet takedowns, but project forward a bit and you can see potential problems ahead. For now, it's worth pondering the tech vendor as botnet Justice League role.

Editorial standards