Surely you’re aware of the ZeuS botnet case now in which a group of hackers from around the world are running a botnet ring that has infected thousands, if not millions, of computers. Microsoft has taken a proactive approach to finding the culprits by raiding the locations where these people were thought to be operating from.
The Krebs on Security blog reveals that the case has moved along further than originally thought. It appears that Microsoft is now issuing subpoenas to the people listed in their documents as having run the botnet ring. These botmasters have started to receive emails from Google stating that heir information may be handed over to the court.
Krebs says the order has angered many in the cybersecurity community who have been working for years to uncover the people behind the ZeuS botnet. Microsoft charging in as an Internet vigilante has impacted the work that law enforcement can actually do in the case. By publishing the details of the suspected botmasters, Microsoft also betrays the trust of the cybersecurity community who have worked hard to secure the personal information of said hackers.
The main issue here according to Krebs is that cybersecurity experts feel Microsoft overstepped their boundary as a private corporation. The company published information that was shared with the confidence that it wouldn’t be published. Current cases open by law enforcement could be pushed back or cancelled by Microsoft’s actions.
The main point here is that Microosft is trying to be the Batman of the cybersecurity world. Just like with the actual Batman, law enforcement isn’t a fan. Unlike Batman, Microsoft seems to not be doing that great of a job with their law enforcement. Sure, they’re getting names and prosecuting people, but are they the right people and can law enforcement still do their job.
It makes you wonder why we need CISPA anyway. It doesn’t look like Microsoft wants to share information with law enforcement when they can just start investigating and enforcing the law on their own.