On Sunday, March 25, Microsoft announced that for the fourth time, they had gone to a federal court and successfully obtained an ex parte temporary restraining order (TRO) to seize domain names from botnet operators. For the second time, the court has also ordered U.S. Marshals to accompany Microsoft and others to serve search warrants and seize evidence that can be used in future civil or criminal actions. Critics of earlier such actions who decried them as “vigilantism”, said this was an incomplete takedown of the entire population of Zeus botnets, or had little impact on delivery of spam after a takedown, do not understand some subtle points about these actions. And they fail to learn some lessons from them.
While the actions that Microsoft has taken in using civil legal process are expensive, that does not mean Microsoft is the only entity who can do this. The computer security industry and computer security researchers often do a very poor job of explaining these same points about victims, harms, intended benefits, etc., in similar plain language that a judge, not just a computer scientist, can understand. The computer security industry and researchers have a lot to learn from the example provided in the documents filed by Microsoft and other plaintiffs with the courts. One of the hurdles is learning how to analyze the ethics of a specific case and writing an ethical justification, but we are all capable of learning from examples. [Full disclosure: I provided declarations to the court in support of two of Microsoft’s previous actions against Waledac and Rustock botnets, and previously did the same for the Federal Trade Commission.] Some have told me I am setting a high bar by suggesting this should be a standard. Yes, it is a high bar that means some hard work must be done. But if we as a community acting on behalf of protecting the public are going to “get aggressive” and “go on the offensive,” I don’t believe it is acceptable to say, “That’s too hard. We’re going forward with taking risks anyway, because we can and because we want to.” If we aren’t smart enough and capable enough of meeting this standard, we should find another field that does not involve the same risks. The court documents for the Zeus action can all be found at http://zeuslegalnotice.com/ See also: Microsoft Joins Financial Services Industry to Disrupt Massive Zeus Cybercrime Operation That Fuels Worldwide Fraud and Identity Theft, Microsoft News Press Release Gary Warner’s blog about Operation b71 Microsoft Raids Tackle Internet Crime, New York Times article The long arm of Microsoft tries taking down Zeus botnets Video explaining Operation b71 Microsoft Leads Zeus Takedown: Collaborative Effort Targets Zeus Malware Botnets