Director visits Microsoft’s headquarters in Redmond, Washington, to see how the tech giant is asserting big data’s role in boosting its cyber crime credentials
A screen in the foyer of Microsoft’s cyber crime centre at its Redmond campus in Washington bears some pretty frightening statistics for company leaders the world over: “Impact of cyber attacks could be as much as $3trn (£1.95trn) in lost productivity and growth”; “Average cost of a data breach to a company – $3.5m”; “Estimated number of countries developing cyber weapons – 140”.
This week’s visit by Director to the computing giant’s anti-cyber crime crack team – made up of about 100 people including former prosecutors, law enforcement officials, big data specialists, software engineers, lawyers and paralegals – will offer reassurance to anyone fearing malevolent forces lurking in cyberspace.
Particularly impressive was the story of how the unit foiled a scheme whereby a zombie network of malware infected homes and offices across 90 countries, and began recording keystrokes and harvesting log-ins and passwords. “Over an 18-month period, the banks we worked with estimated that they lost $500m,” Richard Boscovich, an assistant general counsel for Microsoft Digital Crimes Unit, told those in attendance.
“There were more than five million IP addresses associated with affected devices.” So what was special about the unit’s response? “One of the things that has revolutionised how we fight cyber crime is the use of visualisation.” He flicks on a vast screen covering one wall, and an intricate colour-coded map (see picture, above) appears depicting the worldwide distribution of the malware-infected devices.
Naturally, large red spots depict major infections in major cities. More intriguing to the crack team, though, was what was happening in Europe. “If you look at the infection pattern, the malware didn’t follow Europe’s population distribution,” explains Boscovich. “There seems to be a very sharp border here.” He traces a line down the borders that separate eastern from western Europe, and notes the abundance of clustered hotspots to the west while the east is largely black.
“Why would a human disease follow a national frontier? Similarly, why would a random distribution of computer malware do so? Our forensic technicians looked at it, went back to the malware and tore apart the code, and discovered that the malicious software wasn’t random at all – it had been written so that it would not infect devices formatted in Russian, Cyrillic or Ukrainian languages. So [it turned out] the criminals were based in Russia and the Ukraine, and they were betting that if there were fewer victims there, law enforcement authorities there would be less likely to pursue them. This is how crafty and sophisticated cyber criminals are.”
And yet, it’s a story that suggests that the experience and perspicacity of the big players’ cyber crime units, now armed with the hefty power of big data, are more than a match for the criminals.