Every day criminals exploit innocent, unsuspecting people by secretly overtaking their computers to carry out crimes. Networks of bad actors have assembled an efficient, resilient infrastructure of computing power called botnets to enable Internet-based organized crimes ranging from the distribution of malware to phishing solicitations and online theft. In order to address the criminal threat posed by botnets, the public and private sectors are announcing new, collaborative efforts to keep consumers safe online.
Today, Microsoft General Counsel Brad Smith joined U.S. Cybersecurity Coordinator Howard Schmidt, U.S. Secretary of Homeland Security Janet Napolitano, Federal Communications Commission Chairman Julius Genachowski, National Institute of Standards and Technology Director Pat Gallagher and industry leaders at the White House to unveil new efforts to combat botnets. The Industry Botnet Group, a coalition of private sector partners, released their guiding principles at the event as part of the fight against botnets. Below is video from the event. You can watch Brad Smith’s comments starting at about the 35:15 mark.
At the White House event, Microsoft’s Brad Smith emphasized that botnets are a complex, dynamic problem that requires the private sector to work creatively and collaboratively with the public sector and academia. Each partner in this effort must leverage their unique capabilities to disrupt and ultimately undermine the effectiveness of botnets as a criminal tool. This goal must be accomplished with privacy protections so that we do not adversely impact freedom of expression and association.
The entire Internet and e-commerce ecosystem has a collective interest in protecting people – our customers – from the scourge of botnets. As Brad Smith noted, responsible cooperation between industry and the public sector serves as a powerful force to combat this very real threat and protect the people industry serves. By working together through efforts such as the one announced today, we can make the costs associated with creating, maintaining and using botnets prohibitively expensive while also lowering their gains.
For its part, Microsoft has a three pronged approach, which we believe has been quite successful:
- We have evolved our technology to be more resilient so that botnets are more difficult and costly to build and maintain. Microsoft’s Security Development Lifecycle has helped to make our products significantly harder for criminals to attack successfully.
- We leverage legal process and technology to take botnets away from the criminals, so they cannot realize their desired financial returns. Microsoft’s Digital Crimes Unit has helped to transform the fight against digital crime through key partnerships and legal and technical breakthroughs that disrupt the way cybercriminals operate. To date, this approach has produced key victories, including takedowns of some of the most prolific botnets on the planet.
- We use information learned from botnet takedowns so that infected computers can be cleaned. Microsoft has partnered with numerous ISPs and CERTs around the world to help notify affected customers and connect them with tools to clean their devices.
As with any crime, individuals also have an important role to play in protecting themselves from becoming botnet victims. In the physical world, we protect ourselves by locking our doors, maintaining awareness of our surroundings and rejecting proposals that seem too good to be true. The same principles apply in the digital world. Common sense safety practices and tools, such as running up-to-date, legitimate software and enabling antivirus protections, can go a long way toward limiting the spread of botnets.
Undoubtedly, we are in the early stages of this battle against botnets, but the Industry Botnet Group Principles announced today are an important milestone in our efforts. While botnets will continue to find creative ways to conduct their attacks, we can jointly work to make botnets less effective for the criminals who seek to use them. By doing so, we can provide users with the peace of mind that the public and private sectors are cooperating to protect their interests so they can feel confident in continuing to adopt and benefit from advancements in technology.