REDMOND, Wash., April 28, 2008 – The Internet has transformed the way we live – opening unprecedented possibilities for communications, commerce and information sharing. Innovations such as wikis, blogs and social networking sites have created vibrant new communities where individuals gather to connect, do business and create. Unfortunately, innovations have also fuelled global cybercrime. Increasingly sophisticated criminals take advantage of innovations to mount ever more complex attacks. This presents a rapidly evolving challenge, and Microsoft’s partnership with law enforcement is a critical part of the solution.
As part of the effort to help law enforcement fight online crime, Microsoft is hosting Law Enforcement Technology (LE Tech) 2008, an intensive three-day training which brings together nearly 400 law enforcement officials from over 35 countries to equip law enforcement with the latest technology tools and information they need to conduct cybercrime investigations. Attendees will hear from experts about how to investigate crime on personal computers, servers, mobile phones, and the Internet, and will hear how Microsoft’s latest tools and technologies can help law enforcement more effectively fight cybercrime.
Tim Cranton, Associate General Counsel, Microsoft Worldwide Internet Safety
PressPass spoke with associate general counsel of Microsoft’s worldwide Internet Safety programs, Tim Cranton, about the charter of his Internet Safety Enforcement Team, the LE Tech event and the importance of public-private partnerships in fighting cybercrime.
PressPass: What is the Internet Safety Enforcement Team? How does this team fit into Microsoft’s overall security vision?
Cranton: Over six years ago as Microsoft launched the Trustworthy Computing Initiative, we recognized the importance of enforcement as a key component of a comprehensive security strategy designed to make the Internet safer and more secure for everyone. Thus the concept of the Internet Safety team and the definition of our charter began. Today, the Internet Safety Enforcement Team is made up of roughly 35 professionals around the globe including former prosecutors, investigators, software engineers and business professionals whose full-time job is to make the Internet a safer place.
Our charter is to partner with governments and the technology industry on prevention, investigations and enforcement to help stop spam, phishing, malicious code, botnets, online child exploitation, spyware and other cybercrimes. LE Tech is a great example of how we do that.
PressPass: Why is Microsoft partnering with law enforcement to host a training event like LE Tech?
Cranton: LE Tech is part of a broader partnership strategy in which Microsoft offers tools, training and technical support to help law enforcement stay one step ahead of the criminals. We offer what we do best – technology – to help law enforcement do what they do best – investigate and prosecute crimes. We understand from our law enforcement partners that cybercriminals are technically sophisticated, leaving a ‘digital divide’ between the resources and manpower that the criminals use to perpetrate crimes versus the resources that law enforcement agencies have to defend against them.
Through training events like this week’s LE Tech, we hope to close that digital divide and help ensure that law enforcement keeps an edge over criminals. To date, we’ve provided training to over 6,000 officers representing 110 different countries. Today’s law enforcement officials are on the front lines in the battle against cybercrime and now, more than ever, need to be equipped with the latest tools and technology to fight increasingly sophisticated criminal activity.
PressPass: Can you elaborate on why public-private partnerships are now becoming so important to fighting cybercrime?
Cranton: Since forming our group in 2002, we have seen that industry can provide real value by offering technical knowledge to complement and amplify law enforcement’s expertise. We understand from our law enforcement partners, for example, that nearly every crime they investigate has a digital component of some kind. Even crimes committed entirely offline usually include some pieces of digital evidence, whether on a cell phone, computer or otherwise. Law enforcement needs our help to explain the technology behind this evidence. This is simply the nature of crime in the digital age. Neither one of us can make a significant difference on our own, but together we can have a real impact.
At the RSA security conference earlier this month, Microsoft proposed a long-term vision called End to End Trust, which aspires to build a more trusted and secure Internet. This aspiration requires more than just technology improvements; it also depends critically upon public-private partnerships in reaching a solution. Enabling End to End Trust requires that we continue to build on technological progress to align innovations more closely with broader social, economic and political forces. We in the industry need to do more than just band together; we also must work with customers, partners, governments and other important constituencies on a roadmap for taking Trustworthy Computing to the Internet. This is essentially the charter of my team: bringing together industry and government to discuss and build solutions that advance enforcement to make the Internet safer and more secure for everyone.
Tim Cranton (right), Director of the Internet Safety Enforcement Team at Microsoft, demonstrates COFEE (Computer Online Forensic Evidence Extractor), a new forensic tool, for Executive Director of Police Services, Interpol, Jean-Michel Louboutin (left) at the Law Enforcement Technology 2008 conference. COFEE provides investigators with a means to easily and quickly extract “live” data from a suspect’s computer at the point of seizure, before turning it off. Redmond, Wash., April 28, 2008.
PressPass: What results are generated through these partnerships? Does the public-private sector partnership model really make a difference in the fight against cybercrime?
Cranton: Absolutely. Microsoft and our law enforcement partners are making a clear difference in the fight against cybercrime. We hear about those successes every day from our law enforcement partners on the front lines. So while it’s unlikely that cybercrime will ever disappear any time soon, we can still make clear strides towards a safer and more secure Internet.
One area we are clearly having successes in is our work to identify and anticipate new trends in cybercrimes. For example, we noticed a growing number of botnets and other malicious code designed to take over computers connected to the Internet. Responding to this threat, we were then able to build tools to gather information about these networks. We demonstrated these tools at the last LE Tech conference in 2006 and will be highlighting a case today in which these tools were used to generate real results for law enforcement. Quebec police used the information from LE Tech 2006 to track down and arrest17 hackers responsible for a network that took control of nearly a half million computers around the world. The network caused tens of millions of dollars in damage, but without the partnership between Microsoft and Quebec authorities, it could have caused much, much more damage.
In another case that was just sentenced last week, Microsoft partnered with the City of New York for their investigation of a Manhattan man for operating a sophisticated “phishing” operation. The defendant targeted his victims by writing fake job descriptions and soliciting personal information from the applicants. Based in part on information provided by Microsoft investigators, the New York District Attorney’s Office obtained three guilty plea felony convictions for this attack.
These are just two recent examples of the type of the very real impact public-private partnerships can make.
PressPass: Beyond trainings like LE Tech, what is Microsoft doing to help Law Enforcement protect online citizens?
Cranton: In addition to improved access to the latest information and technology, we regularly hear from government and law enforcement officials that they need better tools for sharing information between different agencies. In 2006, Microsoft took the first step in addressing that need by launching the Law Enforcement Portal, a Web-based service for law enforcement only that gives law enforcement officials secure access to Internet crime-related information, as well as training and technical support to assist in investigations.
At LE Tech today, we will also be talking about the tools we are providing to law enforcement. For example, our security team in the Asia-Pacific region, led by senior investigator Anthony Fung, developed the Computer Online Forensic Evidence Extractor, or “COFEE.” The tool provides investigators with a means to easily and quickly extract “live” data from a suspect’s computer at the point of seizure, before turning it off.
COFEE, a preconfigured, automated tool fits on a USB thumb drive. Prior to COFEE the equivalent work would require a computer forensics expert to enter 150 complex commands manually through a process that could take three to four hours. With COFEE, you simply plug into a running computer to extract the data with the click of one button –completing the work in about 20 minutes.
Over 2,000 law enforcement officers have now registered COFEE and the tool is used in over 15 countries. This is exactly the type of impact we hope to have through the work we do.
PressPass: So what’s next for Microsoft’s Internet Safety Enforcement Team?
Cranton: As we look ahead, we need to build upon our successes with partners like INTERPOL and other law enforcement around the world. We also need to expand the dialogue with other industry leaders and government to build edge-to-edge trust on the Internet. Through continued partnerships and dialogue with stakeholders from across industry and government we can secure a more trusted, safer and more secure internet, protecting its fundamental value as a meeting place and marketplace.