Link : http://www.computerweekly.com/news/2240215443/RSA-2014-Microsoft-and-partners-defend-botnet-disruption
Microsoft, security firm Agari and the Financial Services Information Sharing and Analysis Center (FS-ISAC) have defended their actions to disrupt criminal botnets at RSA Conference 2014 in San Francisco.
This approach to security is controversial, with opponents arguing that collateral damage is too high and researchers complaining that such actions limit their opportunity to learn more from botnets in action.
“Our goal is always to protect the ecosystem and people whose computers have become infected with botnet malware,” said Richard Boscovich, assistant general counsel at Microsoft’s Digital Crimes Unit.
“We measure the effectiveness of this campaign by the fact that financial partners reported between 86% and 98% reduction in fraud after our action against the Citadel botnet,” he said.
Microsoft also observed a drop in activity by other botnet operators in the wake of the Citadel operation.
“This demonstrates that disruption works in a similar way to the traditional model of law enforcement where action against some criminals deters others,” said Boscovich.
Dismissing criticism that such operations are tantamount to playing Whack-A-Mole, he said: “At the very minimum, the disruptive approach eliminates the less sophisticated cyber criminals, reducing the noise, which enables us to concentrate on the bigger threats.”
The FS-ISAC joined the operation because it wanted to take action as an association after hundreds of its members had reported total losses of around $477m, said Errol Weiss, board member of FS-ISAC.