Closing the circle on digital crime

Mae was excited to land a job at a big internet company. From a sprawling campus in California, her new employer links personal emails, social media and finances with its operating system to create a unique online identity for every user. However, all was not as it seemed and Mae found herself out of her depth in what she thought was the opportunity of a lifetime.

If you’re thinking this all sounds like a Hollywood film, you would be right. The Circle, based on the 2014 novel of the same name and starring Emma Watson, Tom Hanks and Bill Paxton (in his last film role before his death), will be released next month.

It’s little surprise that the producers believe this sinister tale of privacy and surveillance in a modern, digital world will be a hit with cinema-goers – cyber-security is big news, and needs budgets to match.

Cybercrime costs EU member states €265 billion a year, according to Europol. Globally, the figure is thought to be more than €900 billion. In 2017, cyber-security is a much greater challenge than just keeping company records safe online. It has become an important line of defence for authorities in their fight against terrorism, and in protecting anyone with an internet connection from scams and fraud.

Last month, the Queen opened the National Cyber Security Centre in London; the first time the UK has brought together its cyber expertise in one place, transforming how the country tackles cyber security issues. Part of GCHQ, the Government’s intelligence agency, the site emphasises the national commitment to pre-empting and averting online criminal activity, which is becoming increasingly sophisticated.

This level of vigilance is something Microsoft has championed for almost a decade via its specialist Digital Crime Unit (DCU), a dedicated security services operation that has grown five-fold in that time. With a presence across the world and an EMEA centre in France, the DCU employs more than 100 experts, including lawyers, investigators, data scientists, engineers, analysts and business professionals.

There are two main facets to the DCU’s work – malware-related protection (where computers are deliberately infected to wreak havoc and/or harvest sensitive data), and protecting internet users, particularly children and the elderly, who are often specifically targeted because they may be less risk-aware or lack the digital skills to protect themselves.

In the war against malware, Microsoft DCU has been instrumental in taking down huge, international botnets (armies of malware-infected computers, coordinated by command-and-control servers), by helping to trace them back to their origins, using sophisticated data analytics. (Each day, DCU servers are pinged around 700 million times by computers that are infected by malware.)

High-profile successes include the Ramnit banking Trojan, intercepted two years ago following an international campaign led by Europol’s Cybercrime Centre, EC3. The Ramnit botnet, designed to harvest online banking log-ins, passwords and personal files, had infected 3.2 million computers worldwide. Microsoft and partners including Symantec and AnubisNetwords assisted Europol and national investigators from Germany, Italy, the Netherlands and the UK, in locating and shutting down the servers involved, and redirecting hundreds of domain addresses used by the botnet’s operators. Malware investigators from the DCU used Microsoft’s cloud-based data analytics tools and telemetry to collect and analyse infection data in near real-time, which it then fed to the agencies involved.

EMEA is a strong focus for the DCU’s work: Microsoft’s formal partnership with Europol dates back three years, following successful collaboration with the latter’s EC3 operation and other international agencies to disrupt the virulent ZeroAccess botnet. Investigations spanning Latvia, Luxembourg, Switzerland, the Netherlands and Germany, aided by Microsoft’s input, led to search warrants and seizure orders on computers traced to 18 IP addresses.

There is nothing similar in the IT industry, according to Juan Hardoy, head of Microsoft’s EMEA DCU in Paris and an Assistant General Counsel at the company. He says Microsoft invests around $1 billion each year in digital safety –  across its DCU and Cybercrime Center (see box), to product design and development, encryption and meeting standards set by the International Society of Automation, to “best-in-class” data centres for Microsoft Azure cloud services. “This demonstrates our commitment to protecting everyone, everywhere,” he says. “Relative to the size of Microsoft, the DCU team may appear modest, but for a digital crime unit, it’s huge. How many other IT companies employ malware engineers, analytics and cyber forensic people in their legal departments?”

The developer of one of the world’s leading cloud ecosystems, not to mention device operating platforms and office productivity suites, Microsoft is perfectly placed to be at the forefront of digital crime prevention. This position also creates a virtuous cycle – for every new criminal threat that the DCU helps identify and eliminate, Microsoft gains new insights and expertise that can be fed back into its own developments, giving its products the latest cybersecurity features.

It isn’t just about the technology, though. Significantly, the DCU is part of Microsoft’s legal department.  This reflects its higher purpose – upholding public safety, and balancing this with the need to safeguard personal privacy for example. DCU teams work tirelessly with international partners including Europol, Interpol and the FBI to help catch criminals and bring them to justice. They influence crime detection on a broad scale, and provide insight that informs new legal theories, civil cases and court orders. This transcends any one particular technology or brand.

“We have state-of-the-art tools and techniques (see box) to analyse, visualise and provide insights to help the legal profession understand victims, how crimes are committed and how to tackle them,” Hardoy notes.

The DCU collaborates closely with a whole host of industry partners ranging from security and anti-virus companies to non-government organisations and law enforcement agencies. As part of its efforts to proactively increase child protection, the company licenses technology (for free) to combat child abuse online – for example, its cloud-based PhotoDNA solution, developed in cooperation with Dartmouth College in the US, helps identify and remove illegal images of children. The technology is the result of a partnership with the National Centre for Missing and Exploited Children which dates back several years. It allows agencies to scan and log abusive images of children, assigning each photo a unique digital ‘fingerprint’ that can then be scanned for and detected on devices and services, even if the images have been edited in some way. To date PhotoDNA has helped detect millions of illegal images online, and more than 100 organisations, including Facebook and Twitter,  use it to keep their platforms safe, guided and trained by Microsoft.

Hardoy believes this kind of concerted effort is the only way the world will stay ahead of new and evolving digital risks, given the pace of change and the speed with which harmful activity can spread now. “There is still a significant need for an efficient international framework that law enforcement agencies can use to tackle this type of crime, enabling them to share intelligence yet balance this with protecting the individual’s right to privacy,” he says, noting that Microsoft DCU plays a proactive role in related debates, in Brussels and internationally.

Hardoy feels proud to work for an organisation which so highly values the need to protect everyone, especially the most vulnerable in society. “It’s a fantastic thing to be part of,” he says. “Real-time crime detection and prevention has never been so critical, and thanks to Microsoft’s cloud technology and data analytics capabilities, we’re ideally positioned to detect new threats as they emerge so law enforcement agencies can act swiftly. The win-win for our customers and partners is that we’re also able to use those discoveries to improve our own cloud platform and solutions, giving them the highest levels of protection, and confidence, both now and in the future.”

.

Microsoft Digital Crimes Unit at a glance