Microsoft Uses US Courts to Disrupt Chinese Hackers
Microsoft has taken control of websites - or rather their domain names - believed to be uses by Chinese hackers. It's the latest example of a tactic that overcomes the usual problems of dealing with an international online threat.
According to Microsoft, the "Nickel" group is based in China and is a "nation-state actor": in other words, it at the very least has the backing of the Chinese government. It uses a variety of tactics to try to spy on victims and intercept their data.
Targets include government agencies and human rights groups. Microsoft somewhat understatedly says there's "often a correlation between Nickel's targets and China's geopolitical interests."
It might seem odd that Microsoft is pursuing action against hackers in a somewhat political situation. However, it had two big goals in doing so. The first is that a more secure Internet makes it more likely people will be confident using its various online-based services. The second is that making it harder for hackers to operate makes it less likely there'll be successful exploitations of Microsoft software, particularly business tools.
China Uncooperative
Given the political situation and the natural lack of cooperation, disrupting the hackers or bringing them to justice through China's legal system isn't a realistic option. Instead, Microsoft is taking advantage of the fact that many domain names, particularly .com, are allocated and registered in the US and thus subject to its legal system.
In this latest move, Microsoft persuaded a federal court to give it control of the domains, which have now been reconfigured to point to Microsoft's own secure servers. Although the compromised websites themselves still exist, they won't be reachable through the domain name. (Source: arstechnica.com)
According to Microsoft, it's now filed 24 such lawsuits covering 10,000 domain names controlled by "ordinary" cyber criminals and almost 600 controlled by hackers backed by a nation state. (Source: microsoft.com)
Pre-Emptive Strikes
The move follows a previous tactic where a US court gave Microsoft control of infrastructure used by a Russian cyber criminal gang. This let it discover an algorithm which the gang was using to generate new domain names to register and abuse.
Microsoft says it was then able to produce a list of six million names that the gang would try to register in the next two years. Microsoft passed on this list to domain registrars around the world who blocked them from being registered.
What's Your Opinion?
Is this a smart tactic by Microsoft? Do you think it will make much difference or is it just a game of whack-a-mole? Should government agencies be doing this work and getting control of domains rather than private companies like Microsoft?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
My Opinion
Is this a smart tactic by Microsoft? Yes
Do you think it will make much difference or is it just a game of whack-a-mole? It will help
Should government agencies be doing this work and getting control of domains rather than private companies like Microsoft?
Do you have any other choices??????????????
Microsoft goes to court
Why is Microsoft doing this? I thought this was the type of thing that was done by the
NSA! They were subposed to have all kinds of hot-shot computer brains. Why don't we retaliate?