cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Shields Down Conversation Number One

Product Manager
Product Manager

I have wanted to start an ongoing conversation about security on Geek Speak for a long time. And now I have! Consider this the beginning of a security conversation that I encourage everyone to join. This bi-monthly blog will cover security in a way that combines the discussions we hear going on around us with the ones we have with colleagues and friends. I’d love for you to share your thoughts, ask questions, and ENGAGE! Your input will make this series that much richer and more interesting.

You can bring up any topic or share any ideas that you would like for me to talk about. Please join me in creating some entertaining reading with a security vibe. Let’s start…NOW!

Let me dive into something that I feel is going to impact hacking behaviors. Microsoft is attempting to find clever, more intense ways to go after hackers. This may not sound surprising, but think about this: They are filing legal suits over trademarks. What? That’s right. They are suing known hacker groups for trademarks. Although you can’t drag hackers to court, you can observe and disrupt their end game.

Okay, so they went after the group that was allegedly involved with the United States voting process. So far, Microsoft has taken over at least 70 different Fancy Bear, or FB, domains!

Why does this matter? Why should we care? Because FB literally became the man in the middle, legally speaking. By using Microsoft’s products and services, they opened themselves up to be taken over by... that’s right: Microsoft!

Since 2016, Microsoft has mapped out and observed FB’s server networks, which means they can indirectly cause their own mayhem. Okay, so they aren’t doing THAT, but they are observing and disrupting foreign intelligence operations. Cheeky, Microsoft. Cheeky!

Now, for me, I’m more interested in when they decide they can flip it over into their hands to eavesdrop and scan out networks. The United States’ Computer Fraud and Abuse Act gives Microsoft quite a blanket to keep warm under. But we can go into that later, as it is currently in use at Def Con...

Now, I started the conversation. It’s your turn to keep it going. Share your thoughts about Microsoft, security, hackers, etc. below.

27 Comments

Thanks Dez​ , We'll put it to good use i am sure. 

For me the hacking game is just a sore point.   My concerns are not with what Microsoft will do with people breaking the law, it more what the government will be allowed to do under the Microsoft umbrella to us that are not.   We are a far cry from predicting crime, however that hasn't stopped people from taking information out of context and using it as a smudge or smear campaign against them.   Ruining the likes of good honest people seems to be more the norm than the exception.

Should we fear the country hacking sure, should we be smart with our personal and professional data yes, but we cannot be everywhere all the time.   Remember the days when people got spyware just from browsing to yahoo.com a.k.a. worst company ever?   When do the monsters, the real ones get to be held accountable to their reverse hacking agenda, or be held responsible because ignorance is not bliss, its ignorance?

I want to freedom and security.   The issue is you can’t have freedom when you are not obedient to the rules. Since no one seems to be playing by them we are all prisoners to the system at large.

Level 10

It's great Microsoft is looking to stop hackers, now if only they could fix their windows environments and the constant patches.

Level 20

Well if Fancy Bear is the Russian military hacking org then it's great the MS has stepped up to block their C&C domains etc.!

It also doesn't hurt for Microsoft to add incentive for people to report vulnerabilities.  Anything you learn here, and share with Microsoft--do we get a cut?

Microsoft Finally Offers To Pay Hackers For Security Bugs With $100,000 Bounty

Level 20

We need more power Scotty!  Our shields are down!!!

Level 13

One day Microsoft is going to hold all your data ransom

MVP
MVP

As long as they use their powers for good....

Level 21

I think it's great to see Microsoft causing this kind of disruption!  Within Azure Microsoft has also been building a very powerful AI system and I can only imagine what might be possible when they start (and maybe they already have) leveraging that to go after these guys.

Curious as to what provision MS used to get relief or reparations to impact FB's "assets"? Computer Fraud and Abuse Act (CFAA) - Internet Law Treatise From the perspective of the law how was Microsoft impacted by FB's activities? As they would have to be an affected party in order to bring suit otherwise they have now grounds. From the EFF article:

Loss includes

  • Response costs
  • Damage assessments
  • Restoration of data or programs
  • Wages of employees for these tasks
  • Lost sales from website
  • Lost advertising revenue from website

Loss might include

  • Harm to reputation or goodwill
  • Other costs if reasonable

If the actions were against another entity how does MS come into the game?

For those interested, the CFAA has some really interesting aspects that drive authorization warnings and highlight the need for well documented and published security policies.18 U.S. Code § 1030 - Fraud and related activity in connection with computers

Level 8

If Trademark is being used, then the argument would be that they are hurt by association with criminals. It hurts their brand if you can't trust "livemicrosoft[.]net". Just like Apple fighting Apple (Apple the company vs Apple the Beatles lable), the respective companies were fighting over association with each other. This is clear harm to reputation.

Level 10

Privacy is an illusion, from the day we are born we are logged into a data stream, given a numerical designation (the first of many) and that data, whether we like it or not is monetized by any entity that can get it's hand on it. As long as our data holds value to someone there is always be a market for it and I know of no corporate entity that will not use our data for either internal analytics and/or sell/trade to third parties. The most we can do is our best to guard what data we can, when we can, to limit our exposure to the black hats AND the Grey hats (personally i don't believe White hats exist anymore or even if they ever did).

"It's all fun and games until the machines revolt"

Level 8

I hope that, when Microsoft (MS) knew what they were about to do, they took perfect captures of Fancy Bear's (FB) command-and-control servers, so when the hackers tried to get into their servers, THEY were tricked into thinking it was a "legitimate" hacker resource. Imagine Russian hackers logging in as usual (giving MS their logins) and realizing they had been tricked into giving away their IPs and logins. MS could use those logins on the real hacker servers to find out what other shenanigans FB was up to. 

Microsoft has taken an active hand in protecting their customers from criminals, in a world where our governments seem unable to. I say kudos to MS for applying lessons learned from their Digital Crimes Unit in taking down botnets, they did it legally, by attacking the trickery behavior (similar yet different URLs). This isn't stealing legitimate traffic from businesses by hijacking domains, this is reclaiming domains from people OBVIOUSLY trying to trick lazy admins. This is a good thing, not a frightful sign of big business overreach. They even have a judge assigned to them for oversight, to ensure MS doesn't go farther than is appropriate while remaining agile.

The only problem here is, MS is the ONLY one doing this. Since FB is hedging away from MS domain names, and skewing toward less litigious companies, or non-tech names, MS won't be able to keep this fight going. So while amusing, this doesn't accomplish anything long term. Not unless they can crack actual identities. Its tricky to trick the tricksters. 

Level 8

I agree that everyone is clambering after our data. But the idea, that even if I safeguard what I put out there, it doesn't matter since some mal-actor can place software on my system to report back on my activity, looking for something to blackmail me over, angers me. I honestly prefer the Microsoft's of the world selling analytics, to faceless schmucks trying to extort me or ruin my life. If I'm angry enough, I can sue Microsoft. I may not win, but I can have my day in court. And MS knows to go easy too, because they know if ENOUGH people become angry and sue together, it will hurt them. That's why they care about their brand. Anonymous types have NO accountability. There is no recourse. All you can do is hope you never end up interesting enough to be in their sites.

That creates fear. If people are afraid to speak or act against hackers because they might notice you and ruin your life. The fear that hacker groups wield is cyber terrorism. And it's effective.

Level 14

I want to believe that Microsoft is doing all of this for good.  However, I strongly believe that there is no such thing as a white hat hacker.  Data gathered can always be used for devious purposes.  This has been proven time after time.

Level 8

It isn't altruism. What we are experiencing is a common goal. As data owners, we want groups like FB to have a harder time collecting and manipulating data. And MS wants a strong brand, and an association with looking out for their customers. We are mutually benefited from Microsoft shutting down Fancy Bear's efforts. Which is the best possible scenario, since I don't have to pay MS to help me. They are helping themselves.

Level 14

Sounds like a fun gig.  I wonder if Microsoft has any part time remote access slots open.

MVP
MVP

Nice

Level 12

Yes we (The Masses) have allowed privacy to be whittled away to the almost non-existent situation where it currently is. Much like our rights, when so many citizen are unaware of what they are or unwilling to stand up for them.  I don't think privacy is quite to the point of being an illusion though, just that it takes so much work to ensure your private data or PID is protected, many people don;t have the understanding or savy to know how they can protect this or at least ensure those with access to it are doing their due diligence to protect that which they have harvested.

Coincidentally enough, CBC (Canadian Broadcasting Corp) has a story up story stating "Data is the New Oil - Your Personal information is now the World's most available Commodity"   'Data is the new oil': Your personal information is now the world's most valuable commodity - Techno...

Seriously it should be a wake up call to everyone, and how each of us should be taking steps to protect this data. The lack of usable consumer tools (I am taking about tools that are both secure and straightforward for non-technical folks) that address personal data privacy is a big part of the issue , and create an easy  target for hacker or Corporations, sometimes the Corporations are much more of a threat than the nefarious and media-maligned hackers.  I am not saying hackers are not an issue, just that many of the largest gatherers of personal data do not do what they should to secure this or are outright selling it to third-party's who are only interested in their bottom line.

As to MS' approach:

“If your enemy is secure at all points, be prepared for him. If he is in superior strength, evade him. If your opponent is temperamental, seek to irritate him. Pretend to be weak, that he may grow arrogant. If he is taking his ease, give him no rest. If his forces are united, separate them. If sovereign and subject are in accord, put division between them. Attack him where he is unprepared, appear where you are not expected .”

  ― Sun Zhu - The Art of War

Level 12

Well that is the question - Will they?

Level 12

I think the bigger problem is: Why publicly acknowledge it ? Why Show your hand? or is there more going on here?

Level 12

I think you might be putting way too much trust into Microsoft (or any other super large Corporation), I find it better to always take things with a grain of salt, and hedge my bets. But maybe that's just been my experience

Product Manager
Product Manager

I'd say there is definitely more going here...

Level 10

EmpMicrosoft.jpg

Level 10

I apologize, due to existing contracts with Microsoft, those responsible for the previous meme have been sacked.

Level 12

There is some Truth! 

pastedImage_0.png

I am loving these Security conversations. I am finding them to be a great reference for my budding security strategy. Starting small, taking manageable bites, and laying a roadmap for what's down the road with the help of these articles.

About the Author
I started in networking and security around 2002 by taking Cisco Certified Network Associate and Security+ courses from Central Vo-tech. This is where I fell in love with technology in general. From there I venture out to internships and started using the Engineers Toolset from SolarWinds which made me wonder about software. The company I was with purchased Cirrus which is now Network Configuration Manager (NCM) and I was officially hooked. I searched out for SolarWinds and well you guessed it I started working for them and believe it or not in sales. That was the only position open but I knew I wanted to be here. So I quickly worked my way in to the support side and became the first Sales Engineer and then the first Applications Engineer. Since I am a very curious person I have since in my 9 years of being at SolarWinds decided to pursue more education. Security is always a fascination to me so I started taking classes on INFOSEC Assessment Methodology (IAM) and INFOSEC Evaluation Methodology (IEM) of the NSA. Then I went and took the CIW Masters for web development and ventured to databases. MCITP SQL Server and Development certifications that led me to a database development degree in college. I’m pretty much a jack of all trades and LOVE IT! This all applied to my work with SolarWinds as I wanted to be able to help customers solve their issues or needs. So knowing more information allowed me to do this successfully. I also dabbled in Cisco UCS management and currently taking classes to venture toward a CCIE (crossing fingers). NCM is a product that I have worked with since its beginning. I even had the opportunity to fly to the NSA to create templates for some of their devices. I used to be the sole MIB database controller so I’m definitely your huckleberry on MIBs and OIDs. As an Applications Engineer I focused on Network Performance Monitor, Network Configuration Manager, Web Performance Monitor, Enterprise Operations Console, Patch Manager, User Device Tracker, and the Engineers Toolset. See why I like to constantly learn new things I had a lot to be on top of! SolarWinds is a passion of mine still to this very day. My new role as a Product Manager for NCM is home to me. Funny how I circled around back to my favorite product that got me here in the first place. :) My goal is to educate and work with customers to leverage our products to their fullest degree!