In mid-November, Microsoft unveiled a facility on its Redmond, Wash., campus that had become the new home for its Digital Crimes Unit. It took the opportunity to offer up new details about the multi-agency initiative that disrupted the huge Citadel botnet earlier this year. What Microsoft hasn’t yet talked much about is the role the cloud played in the Citadel project and how the cloud enables the company to tackle cyber crime. I had a chance to hear more about it from Richard Boscovich, assistant general counsel for Microsoft’s Digital Crimes Unit, this week. The Digital Crimes Unit has some dedicated hardware on-premises, although Boscovich revealed only a few specifics. “We do in fact use quite a lot of storage power, a lot of compute power,” he said. “We have a Hadoop cluster on SQL server and a parallel data warehouse right here on-premises. We’re talking terabytes of storage.” Still, that’s not always enough. “Even with that, we have to go to the cloud to get some more capacity when we do some of these take downs,” he said. “One interesting aspect of being able to scale in the cloud is you’re able to provision computers or virtual servers quickly, without the need of having hardware here in the DCU. We leveraged that ability of scalability in the recent takedown of Citadel,” he said. That kind of scalability also helps with the increased traffic that Microsoft sees after a takedown, when cyber criminals attack Microsoft for disrupting their activity. Without the cloud, it would have taken much longer to disrupt Citadel, a botnet that Microsoft said siphoned $500 million from people around the world whose computers it infected. “In the past, we would have been between a rock and a hard place,” said Boscovich, who went on to describe the typical, drawn-out process that most businesses have to procure new hardware. “That would of course slow us down,” he said. “The cloud saves us a lot of time and makes us much more nimble and able to move much faster.” The DCU uses Azure in other ways too. Microsoft works with authorities around the world to inform them when computers in their regions are being infected. When Microsoft works on a takedown, its goal is to quickly stop the harm done by the malware and work to correct the problem, Boscovich said. Microsoft collects the IP addresses of infected computers and geolocates them. If it has a partnership with authorities in that region, it will notify them so that they can reach out to the impacted individuals. As the IP address data is being collected, it’s sent real-time to Azure, which Microsoft’s partners use to access the data. “They’re getting up to the minute – in actuality a 30-second delay – information about infected IPs that we see located within their countries,” he said. Given the sensitive nature of the DCU’s activities, its use of Azure shows that the cloud can be used for projects with strict security needs, he said. “Everyone’s moving to the cloud. The issue everybody has is, is it safe enough and scalable. This demonstrates and underscores that yes, we’re providing this important information around the world via Azure,” he said. Via: itworld
-
Recent Posts
- Google selects Coinbase to take cloud payments with cryptocurrencies and will use its custody tool
- Alert! Hackers Exploiting GitLab Unauthenticated RCE Flaw in the Wild
- A Major Internet Outage Appears To Have Knocked Down Amazon And Dozens Of Other Sites
- Understanding the system requirements and the security benefits of Windows 11
- Amazon devices will soon automatically share your Internet with neighbors
Recent Comments
- LEE on 3.7 Million People Affected by Massive Data Breach at Banner Health
- Nick Moore on Alphabet’s Outline lets you build your own VPN
- Jeff Birks on Google goes beyond two-step verification with new USB Security Key
- Eli on Nootrobox wants to boost your brain power with vitamin D
- Vic on Nootrobox wants to boost your brain power with vitamin D
Archives
- November 2022
- November 2021
- July 2021
- June 2021
- May 2021
- April 2021
- January 2021
- October 2020
- August 2020
- June 2020
- May 2020
- February 2020
- January 2020
- November 2019
- October 2019
- August 2019
- July 2019
- March 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
Blogs I Read
Leave a Reply