Microsoft is striking out to hinder the hacking efforts of Fancy Bear, a group that is believed to be linked to the Russian government, and who U.S. intelligence agencies say is behind attacks on the Democratic National Committee and the Hillary Clinton campaign in the 2016 U.S. elections. As reported by The Daily Beast, Microsoft is going about its efforts in a unique way: taking legal control of Fancy Bear's command-and-control domains.
The Daily Beast reports:
The action, though, is not about dragging the hackers into court. The lawsuit is a tool for Microsoft to target what it calls "the most vulnerable point" in Fancy Bear's espionage operations: the command-and-control servers the hackers use to covertly direct malware on victim computers. These servers can be thought of as the spymasters in Russia's cyber espionage, waiting patiently for contact from their malware agents in the field, then issuing encrypted instructions and accepting stolen documents.
Since the lawsuit was launched last year, Microsoft has managed to seize more than 70 command-and-control domains from Fancy Bear, the report explains. Any time a command-and-control server attempts to connect to a seized domain, it will instead be directed to a Microsoft-controlled server.
The basis of the court filing lies in the names Fancy Bear chooses for its domains, which have historically contained some reference to Microsoft or its products. Some examples cited by the report include "livemicrosoft[.]net" or "rsshotmail[.]com."
Microsoft is actively continuing its efforts to identify and cut off Fancy Bear's access to new domains as they are created. The efforts are already having an effect, as Fancy Bear has started switching to names that are a little more general. Microsoft is planning to ask for a final judgment from the judge presiding over the case on Friday. If a permanent injunction is granted, Microsoft will gain ownership over domains that it has seized.
