Microsoft Uses US Courts to Disrupt Chinese Hackers

John Lister's picture

Microsoft has taken control of websites - or rather their domain names - believed to be uses by Chinese hackers. It's the latest example of a tactic that overcomes the usual problems of dealing with an international online threat.

According to Microsoft, the "Nickel" group is based in China and is a "nation-state actor": in other words, it at the very least has the backing of the Chinese government. It uses a variety of tactics to try to spy on victims and intercept their data.

Targets include government agencies and human rights groups. Microsoft somewhat understatedly says there's "often a correlation between Nickel's targets and China's geopolitical interests."

It might seem odd that Microsoft is pursuing action against hackers in a somewhat political situation. However, it had two big goals in doing so. The first is that a more secure Internet makes it more likely people will be confident using its various online-based services. The second is that making it harder for hackers to operate makes it less likely there'll be successful exploitations of Microsoft software, particularly business tools.

China Uncooperative

Given the political situation and the natural lack of cooperation, disrupting the hackers or bringing them to justice through China's legal system isn't a realistic option. Instead, Microsoft is taking advantage of the fact that many domain names, particularly .com, are allocated and registered in the US and thus subject to its legal system.

In this latest move, Microsoft persuaded a federal court to give it control of the domains, which have now been reconfigured to point to Microsoft's own secure servers. Although the compromised websites themselves still exist, they won't be reachable through the domain name. (Source: arstechnica.com)

According to Microsoft, it's now filed 24 such lawsuits covering 10,000 domain names controlled by "ordinary" cyber criminals and almost 600 controlled by hackers backed by a nation state. (Source: microsoft.com)

Pre-Emptive Strikes

The move follows a previous tactic where a US court gave Microsoft control of infrastructure used by a Russian cyber criminal gang. This let it discover an algorithm which the gang was using to generate new domain names to register and abuse.

Microsoft says it was then able to produce a list of six million names that the gang would try to register in the next two years. Microsoft passed on this list to domain registrars around the world who blocked them from being registered.

What's Your Opinion?

Is this a smart tactic by Microsoft? Do you think it will make much difference or is it just a game of whack-a-mole? Should government agencies be doing this work and getting control of domains rather than private companies like Microsoft?

Rate this article: 
Average: 4.9 (9 votes)

Comments

buzzallnight's picture

Is this a smart tactic by Microsoft? Yes

Do you think it will make much difference or is it just a game of whack-a-mole? It will help

Should government agencies be doing this work and getting control of domains rather than private companies like Microsoft?

Do you have any other choices??????????????

davetech828_15468's picture

Why is Microsoft doing this? I thought this was the type of thing that was done by the
NSA! They were subposed to have all kinds of hot-shot computer brains. Why don't we retaliate?