Microsoft Battles Fancy Bear Hackers – With Lawyers

Analysis: Malicious Code-Writing Teams Versus Billable Hours: Fair Fight?

To battle Russian hackers, Microsoft has moved to strip them of their malicious infrastructure. To do so, however, the technology giant isn’t hunting the attackers down. Instead, it’s taking them to court. Two cybersecurity attorneys rate Microsoft’s efforts.

To do so, however, Microsoft isn’t hunting the attackers down. Instead, it’s taking them to court.

“There’s an old saying that litigation is war by other means,” cybersecurity attorney Mark Rasch, who in 1991 created the Computer Crime Unit at the U.S. Department of Justice, tells Information Security Media Group.

Call it death by a thousand domain name seizures.

Here’s how it works: Microsoft last year launched a civil action again unnamed hacker “John Does” tied to the “internet-based cyber-theft operation referred to as ‘Strontium,'” according to recently unsealed court documents that have been helpfully released online by the technology giant.

Strontium – aka APT28, Fancy Bear, Pawn Storm, Sednit, Sofacy, and the Tsar Team – is the name of a group of cyber-espionage hackers who appear to be tied to the Russian government. The group has been connected to attacks related to the 2016 U.S. presidential election, the recent French elections, other governments, as well as NATO, among many others (see Tainted Leaks: Researchers Unravel Cyber-Espionage Attacks).

To disrupt the attack infrastructure used by the group, Microsoft alleges in court documents that Strontium has created command-and-control domains tied to its attacks, which often involve spear phishing, that are “designed to cause harm to Microsoft, its customers and licensees, and the public.” The technology giant is alleging that the attackers have violated a number of statutes, including the Computer Fraud and Abuse Act and the Electronic Communication Privacy Act. In a novel move, it’s also alleging trademark violations, and that the attackers have by imitating various Microsoft properties – including Windows, Outlook and OneDrive – in an effort to deceive users.

Continue reading…