Microsoft Conducts More Raids to Stop Criminals Behind Botnets

April 6, 2012

An article in the New York Times outlines the latest counterattack by Microsoft and law enforcement agencies as they work to shut down what the article calls “one of the most pernicious forms of online crime today — botnets, or groups of computers that help harvest bank account passwords and other personal information from millions of other computers.”

Congratulations to Microsoft for their dedication to helping all internet users have a safer, more trusted experience.

As this raid highlights, the often heard desire to blame some rogue country for facilitating online crime, or at least to blame an underdeveloped country for failing to maintain proper oversight of their internet traffic, is unwarranted. This week’s sweep targeted command and control servers in Scranton, Pennsylvania and Lombard, Illinois. How banal is that?

Heading up the initiative from Microsoft was Richard Domingues Boscovich, senior attorney in Microsoft’s Digital Crimes Unit on the official Microsoft. Here are excerpts from the company’s official blog:

“As you may have read, after a months-long investigation, successful pleading before the US District Court for the Eastern District of New York and a coordinated seizure of command and control servers in Scranton, Pennsylvania and Lombard, Illinois, some of the worst known Zeus botnets were disrupted by Microsoft and our partners worldwide.

Valuable evidence and intelligence gained in the operation will be used both to help rescue peoples’ computers from the control of Zeus, as well as in an ongoing effort to undermine the cybercriminal organization and help identify those responsible.

Cybercriminals have built hundreds of botnets using variants of Zeus malware. For this action – codenamed Operation b71 – we focused on botnets using Zeus, SpyEye and Ice-IX variants of the Zeus family of malware, known to cause the most public harm and which experts believe are responsible for nearly half a billion dollars in damages. Due to the unique complexity of these particular targets, unlike our prior botnet takedown operations, the goal here was not the permanent shutdown of all impacted targets. Rather, our goal was a strategic disruption of operations to mitigate the threat in order to cause long-term damage to the cybercriminal organization that relies on these botnets for illicit gain.”

This is the fourth high-profile takedown operation in Microsoft’s Project MARS (Microsoft Active Response for Security) initiative – a joint effort between DCU, Microsoft Malware Protection Center (MMPC), Microsoft Support and the Trustworthy Computing team to disrupt botnets and begin to undo the damage they cause by helping victims regain control of their infected computers. As with our prior takedowns, Microsoft will use intelligence gained from this operation to partner with Internet service providers (ISPs) and Community Emergency Response Teams (CERTs) around the world to work to rescue peoples’ computers from Zeus’ control. This intelligence will help quickly reduce the size of the threat that each of these botnets pose, and make the Internet safer for consumers and businesses worldwide.”

You play a role in online security

Are you contributing to the botnet problem? If any of the following statements sound familiar, you are a botnet risk.

  • Your anti-virus and anti-malware tools haven’t been updated since you bought your computer.
  • You’ve ignored those pesky popups telling you that your computer, browser, or programs need updating to get the latest security fixes installed.
  • You love chain emails, and answering survey’s and quizzes.
  • You respond to spammers asking them to stop spamming you.
  • You trust links you come across in emails, Twitter & Facebook and in online ads.
  • You don’t know a phish from a fish, a worm from a grub, or what a botnet is.

4 simple steps can make all the difference in your level of security protection – and in the protection of the whole internet

  1. Start by ensuring your computers are up-to-date with all available patches, fixes, and upgrades.
  2. Then confirm your browsers are up-to-date with all available patches, fixes, and upgrades.
  3. Next, check to see that your security software is up-to-date with all available patches, fixes, and upgrades.
  4. Now, strengthen your spam filters, and smarten up about spam so you don’t click on malicious links.

Learn more about how to protect yourself and your devices in these blogs:

Are You Sure Your PC is Malware Free??

Are You a Malware Magnet? 4 simple steps can make all the difference

Every 3 Seconds an Identity is Stolen – Don’t Be Next

Need help understanding botnets?

See my blogs What are Bots, Zombies, and Botnets? And  McAfee Infographic Makes Botnets Understandable.

Here’s a quick illustration to get you started…

Note: I was a Microsoft Employee for 13 years, until the fall of 2006. I have written both positive and less favorable articles on Microsoft, but hold an abiding respect for the company’s ongoing commitment to security and to providing a responsible, trustworthy environment for consumers.



2011 National Gang Threat Assessment – Emerging Trends and The Internet

November 7, 2011

The FBI’s National Gang Intelligence Center (NGIC)has just released their 2011 gang assessment and trends report view printable version (pdf), and it is another sobering read, particularly as it highlights the ways and means in which gangs are leveraging internet technology to expand their reach and the types of crimes they commit.

Here are the reports key findings:

Gangs are expanding, evolving and posing an increasing threat to US communities nationwide.

Many gangs are sophisticated criminal networks with members who are violent, distribute wholesale quantities of drugs, and develop and maintain close working relationships with members and associates of transnational criminal/drug trafficking organizations.

Gangs are becoming more violent while engaging in less typical and lower-risk crime, such as prostitution and white-collar crime. Gangs are more adaptable, organized, sophisticated, and opportunistic, exploiting new and advanced technology as a means to recruit, communicate discretely, target their rivals, and perpetuate their criminal activity. Based on state, local, and federal law enforcement reporting, the NGIC concludes that:

  • There are approximately 1.4 million active street, prison, and OMG gang members comprising more than 33,000 gangs in the United States. This represents a 40 percent increase from an estimated 1 million gang members in 2009. Gang membership increased most significantly in the Northeast and Southeast regions, although the West and Great Lakes regions boast the highest number of gang members.
  • Gangs are responsible for an average of 48 percent of violent crime in most jurisdictions and up to 90 percent in several others, according to NGIC analysis. Major cities and suburban areas experience the most gang-related violence. Aggressive recruitment of juveniles and immigrants, alliances and conflict between gangs, the release of incarcerated gang members from prison, advancements in technology and communication, and Mexican Drug Trafficking Organization (MDTO) involvement in drug distribution have resulted in gang expansion and violence in a number of jurisdictions.
  • Gangs are increasingly engaging in non-traditional gang-related crime, such as alien smuggling, human trafficking, and prostitution. Gangs are also engaging in white collar crime such as counterfeiting, identity theft, and mortgage fraud, primarily due to the high profitability and much lower visibility and risk of detection and punishment than drug and weapons trafficking.
  • Many gang members continue to engage in gang activity while incarcerated. Family members play pivotal roles in assisting or facilitating gang activities and recruitment during a gang members’ incarceration. Gang members in some correctional facilities are adopting radical religious views while incarcerated.
  • Gangs encourage members, associates, and relatives to obtain law enforcement, judiciary, or legal employment in order to gather information on rival gangs and law enforcement operations. Gang infiltration of the military continues to pose a significant criminal threat, as members of at least 53 gangs have been identified on both domestic and international military installations. Gang members who learn advanced weaponry and combat techniques in the military are at risk of employing these skills on the street when they return to their communities.
  • Gang members are acquiring high-powered, military-style weapons and equipment which poses a significant threat because of the potential to engage in lethal encounters with law enforcement officers and civilians. Gang members also target military and law enforcement officials, facilities, and vehicles to obtain weapons, ammunition, body armor, police gear, badges, uniforms, and official identification.
  • Gangs are becoming increasingly adaptable and sophisticated, employing new and advanced technology to facilitate criminal activity discreetly, enhance their criminal operations, and connect with other gang members, criminal organizations, and potential recruits nationwide and even worldwide.

Current Gang-Related Trends and Crime

Many gangs have advanced beyond their traditional role as local retail drug distributors in large cities to become more organized, adaptable, and influential in large-scale drug trafficking. Gang members are migrating from urban areas to suburban and rural communities to recruit new members, expand their drug distribution territories, form new alliances, and collaborate with rival gangs and criminal organizations for profit and influence.

Local neighborhood, hybrid and female gang membership is on the rise in many communities. Prison gang members, who exert control over many street gang members, often engage in crime and violence upon their return to the community. Gang members returning to the community from prison have an adverse and lasting impact on neighborhoods, which may experience notable increases in crime, violence, and drug trafficking.

Gang Membership and Expansion

Law enforcement in several jurisdictions attribute the increase in gang membership in their region to the gangster rap culture, the facilitation of communication and recruitment through the Internet and social media, the proliferation of generational gang members, and a shortage of resources to combat gangs.

Nationwide Gang Presence

Source: NGIC and NDIC 2010 National Drug Survey Data

Threat Posed by Gangs, According to Law Enforcement.

The NGIC collected intelligence from law enforcement officials nationwide in an attempt to capture the threat posed by national-level street, prison, outlaw motorcycle, and neighborhood-based gangs in their communities.

Source: 2011 NGIC National data

Gang-Related Drug Distribution and Trafficking

Gang involvement and control of the retail drug trade poses a serious threat to public safety and stability in most major cities and in many mid-size cities because such distribution activities are routinely associated with lethal violence. Violent disputes over control of drug territory and enforcement of drug debts frequently occur among gangs in both urban and suburban areas, as gangs expand their control of drug distribution in many jurisdictions, according to NDIC and NGIC reporting. In 2010, law enforcement agencies in 51 major US cities reported moderate to significant levels of gang-related drug activity.

NDIC survey data indicates that 69 percent of US law enforcement agencies report gang involvement in drug distribution.

NDIC reporting suggests that gangs are advancing beyond their traditional role as local retail drug distributors in large cities and becoming more influential in large-scale drug trafficking, resulting in an increase in violent crime in several regions of the country.4

  • Law enforcement reporting indicates that gang-related drug distribution and trafficking has resulted in an increase of kidnappings, assaults, robberies and homicides along the US Southwest border region.

Juvenile Gangs

Many jurisdictions are experiencing an increase in juvenile gangs and violence, which is often attributed, in part, to the increased incarceration rates of older members and the aggressive recruitment of juveniles in schools. Gangs have traditionally targeted youths because of their vulnerability and susceptibility to recruitment tactics, as well as their likelihood of avoiding harsh criminal sentencing and willingness to engage in violence.

  • Juvenile gang members in some communities are hosting parties and organizing special events which develop into opportunities for recruiting, drugs, sexual exploitation, and criminal activity.

Gang Alliances and Collaboration

Collaboration between rival gangs and criminal organizations and increased improvement in communications, transportation, and technology have enabled national-level gangs to expand and secure their criminal networks throughout the United States and in other countries. 

Gang Sophistication

Gang members are becoming more sophisticated in their structure and operations and are modifying their activity to minimize law enforcement scrutiny and circumvent gang enhancement laws. Gangs in several jurisdictions have modified or ceased traditional or stereotypical gang indicia and no longer display their colors, tattoos, or hand signs. Others are forming hybrid gangs to avoid police attention and make to it more difficult for law enforcement to identify and monitor them, according to NGIC reporting.

Many gangs are engaging in more sophisticated criminal schemes, including white collar and cybercrime, targeting and infiltrating sensitive systems to gain access to sensitive areas or information, and targeting and monitoring law enforcement.

Gangs and Alien Smuggling, Human Trafficking, and Prostitution

Gang involvement in alien smuggling, human trafficking, and prostitution is increasing primarily due to their higher profitability and lower risks of detection and punishment than that of drug and weapons trafficking. Over the past year, federal, state, and local law enforcement officials in at least 35 states and US territories have reported that gangs in their jurisdictions are involved in alien smuggling, human trafficking, or prostitution.e

Alien Smuggling

Many street gangs are becoming involved in alien smuggling as a source of revenue. According to US law enforcement officials, tremendous incentive exists for gangs to diversify their criminal enterprises to include alien smuggling, which can be more lucrative and less risky than the illicit drug trade. Over the past two years numerous federal, state, and local law enforcement agencies nationwide have reported gang involvement in incidents of alien smuggling. In some instances, gang members were among those being smuggled across the border into the United States following deportation. In other cases, gang members facilitated the movement of migrants across the US-Mexico border.f

An immigrant is smuggled in a vehicle

In October 2009, ICE agents in Los Angeles, California, arrested suspects linked to a drug trafficking and alien smuggling ring with close ties to the Drew Street clique of the Avenues (Sureño) street gang in Los Angeles. The ring allegedly smuggled more than 200 illegal aliens per year into the United States from Mexico, concealing them in trucks and hidden compartments of vehicles and then hiding them in a store house in Los Angeles

Source: FBI

Human Trafficking

Human trafficking is another source of revenue for some gangs. Victims—typically women and children—are often forced, coerced, or led with fraudulent pretense into prostitution and forced labor. Some gangs in the New England area are combining human trafficking and drug trafficking operations, where females are used to courier drugs and participate in prostitution.


Prostitution is also a major source of income for many gangs. Gang members often operate as pimps, luring or forcing at-risk, young females into prostitution and controlling them through violence and psychological abuse. Prostitution is reportedly the second largest source of income for San Diego, California, gangs. According to November 2010 open source reporting, African-American street gangs in San Diego are pimping young females to solicit males.18


Contraband Cell Phones

Smuggled cell phones are a continuing problem for prison administrators in correctional facilities throughout the country. Smuggled cell phones and Smart Phones afford incarcerated gang members more influence and control over street gangs through unrestricted access and unmonitored conversations via voice calling, Internet access, text messaging, email, and social networking websites. Instances of violence directed by inmates using mobile devices are also a growing concern for corrections officials. Incarcerated gang members communicate covertly with illegal cell phones to plan or direct criminal activities such as drug distribution, assault, and murder.

Cell phones smuggled into correctional facilities pose the greatest threat to institution safety, according to NGIC and BOP reporting.

  • In 2010 a New Jersey inmate was prosecuted for using a contraband cell phone to order the murder of his former girlfriend in retaliation for her cooperation with police regarding an investigation involving the inmate.

The majority of illegal cell phones in California prisons are smuggled in by visitors or correctional staff. Many cell phones have also been discovered
in legal mail and quarterly packages. In 2010, more than 10,000 illegal cell phones were confiscated from prisoners in California.

Historically, correctional staff who have been caught smuggling phones have been successfully prosecuted only when the phone was connected to a more serious charge such as drug distribution,
and district attorney offices rarely prosecute unless a more serious offense is involved. In March 2011, legislation was approved in the California State Senate to criminalize the use of cell phones in prison, including penalties for both smugglers and inmates.

Sources: US Bureau of Prisons and CDCR; California State Senate Press Release, 22 March 2011

Gangs, Technology, and Communication

Gangs are becoming increasingly savvy and are embracing new and advanced technology to facilitate criminal activity and enhance their criminal operations. Prepaid cell phones, social networking and microblogging websites, VoIP systems, virtual worlds, and gaming systems enable gang members to communicate globally and discreetly. Gangs are also increasingly employing advanced countermeasures to monitor and target law enforcement while engaging in a host of criminal activity.

Internet Use for Propaganda, Intimidation, and Recruitment

According to open sources and law enforcement reporting, since 2005, MDTOs have exploited blogs and popular websites like YouTube and MySpace for propaganda and intimidation. MDTOs have posted hundreds of videos depicting interrogations or executions of rival MDTO members. Other postings include video montages of luxury vehicles, weapons, and money set to the music of songs with lyrics that glorify the drug lifestyle. While some of these postings may offer specific recruitment information, they serve more as tools for propaganda and intimidation.
Gang members routinely utilize the Internet to communicate with one another, recruit, promote their gang, intimidate rivals and police, conduct gang business, showcase illegal exploits, and facilitate criminal activity such as drug trafficking, extortion, identity theft, money laundering, and prostitution. Social networking, microblogging, and video-sharing websites—such as Facebook, YouTube, and Twitter—are now more accessible, versatile, and allow tens of thousands of gang members to easily communicate, recruit, and form new gang alliances nationwide and worldwide.

NGIC reporting indicates that a majority of gang members use the Internet for recruitment, gang promotion, and cyber-bullying or intimidation. Many also use the Internet for identity theft, computer hacking, and phishing schemes.

  • According to NGIC reporting, gang recruitment and intimidation is heavily facilitated through the Internet. Gangs use social networking sites such as Facebook to promote their gang, post photos of their gang lifestyle, and display their bravado, which ultimately influences other youth to join gangs.

The proliferation of social networking websites has made gang activity more prevalent and lethal—moving gangs from the streets into cyber space. Gang members, criminals, and drug traffickers are using the Internet not only to recruit and build their social networks, but to expand and operate their criminal networks without the proximity once needed for communication. Likewise, youth in other regions and countries are influenced by what they see online and may be encouraged to connect with or emulate a gang, facilitating the global spread of gang culture.

According to information obtained from multiple state and federal law enforcement sources, incarcerated gang members are accessing micro-blogging and social networking web sites such as MocoSpace and Twitter with smuggled prepaid cellular telephones and using the messaging features to coordinate criminal activity.

Street gang members are also involved in cyber attacks, computer hacking, and phishing operations, often to commit identity theft and fraud. 

Gangs and White Collar Crime

NGIC reporting indicates that gangs are becoming more involved in white collar crime, including identity theft, bank fraud, credit card fraud, money laundering, fencing stolen goods, counterfeiting, and mortgage fraud, and are recruiting members who possess those skill sets. Law enforcement officials nationwide indicate that many gangs in their jurisdiction are involved in some type of white collar crime.

  • Members of the Black Guerilla Family in Maryland used pre-paid retail debit cards as virtual currency inside Maryland prisons to purchase drugs and further the gangs’ interests, according to August 2010 open source reporting.52

Some gangs, such as the Bloods and Gangster Disciples, are committing sophisticated mortgage fraud schemes by purchasing properties with the intent to receive seller assistance loans and, ultimately retain the proceeds from the loans, or to comingle illicit funds through mortgage payments. Gang members are also exploiting vulnerabilities in the banking and mortgage industries for profit.


Street, prison, and motorcycle gang membership and criminal activity continues to flourish in US communities where gangs identify opportunities to control street level drug sales, and other profitable crimes. Gangs will not only continue to defend their territory from rival gangs, but will also increasingly seek to diversify both their membership and their criminal activities in recognition of potential financial gain. New alliances between rival gangs will likely form as gangs suspend their former racial ideologies in pursuit of mutual profit. Gangs will continue to evolve and adapt to current conditions and law enforcement tactics, diversify their criminal activity, and employ new strategies and technology to enhance their criminal operations, while facilitating lower-risk and more profitable schemes, such as white collar crime.

The expansion of communication networks, especially in wireless communications and the Internet, will allow gang members to form associations and alliances with other gangs and criminal organizations—both domestically and internationally—and enable gang members to better facilitate criminal activity and enhance their criminal operations discreetly without the physical interfacing once necessary to conduct these activities.

Globalization, socio-political change, technological advances, and immigration will result either in greater gang expansion and gang-related crime or displace gang members as they search for criminal opportunities elsewhere. Stagnant or poor economic conditions in the United States, including budget cuts in law enforcement, may undercut gang dismantlement efforts and encourage gang expansion as police agencies redirect their resources and disband gang units and taskforces, as reported by a large number of law enforcement agencies.

Maps. Gang Presence in the United States

FBI Uniform Crime Report (UCR) Violent Crime, 2009


Crime 101: What is your teen studying online?

September 30, 2010

Getting instant access to information on any topic is one of the great benefits of the Internet and a powerful educational tool.

But not all the information your child uncovers will be the kind of education you had in mind. There is of course the problem of increased access and exposure to offensive content like pornography and hate. But there is also plenty of  information to teach the curious how to break the law—and by far fewer filters in place to help detect and block this type of content.

Think it takes an experienced burglar to pick your front door lock? Think again. A web search on lock bumping yields all the info an amateur needs to get started. (A quick scan of the search results will probably get you to consider whether your home is adequately protected by your current locks!).

Do you assume your teen–or their friend–wouldn’t know how to make amphetamines? That assumption would be wrong: there are thousands of Web sites that teach how to cook meth. And according to (sponsored by the Partnership for Drug-Free America), the average meth cook teaches ten new people every year how to make the drug.

Want to know which houses are empty and what possessions they might have worth stealing? Scan the social networks.

Need help in carjacking? Ripping off laundromat coin collectors or vending machines? Faking ID’s? Fill in your crime preference here: ­­­­­_______. You know the answer: search online!

Is this yet one more reason to keep kids off the Internet? No. It is one more reason to have frequent conversations with your teens about what’s appropriate and what isn’t. No matter what filtering technology you use, it won’t replace your participation in their lives and guidance around the places they visit on the Web.

For more information about protecting your kids on the Internet, check out Protecting Kids.

May it be a great year for learning.


6 Steps to Staying Safer this Tax Season

April 3, 2010

Whether you file your taxes online or use a tax program on your computer, cybercrooks are hoping you’ll make a security or safety mistake this tax season. And they are poised to take full advantage of it if you do. Last year online scams cost Americans $559.7 million dollars, according to the FBI’s 2009 Annual Report on Internet Crime, more than double the amount scammed from in 2008.  Following a few basic precautions will significantly increase your safety.
6 Steps to Staying Safer this Tax Season:

  1. Secure your computer – if your computer is infected with malware, criminals will be stealing every piece of information you put on it.  Computer security is vital every day of the year, but especially critical before entering your most sensitive financial information.
    1. You must have anti-virus and anti-spyware software installed and up-to-date. If your computer isn’t protected from Trojans, viruses and other malware your financial information, passwords and identity will be stolen. This concept is so basic, yet only 20% of the US population adequately protects their computers. If the cost of security software is prohibitive, use a free service.
    2. Secure your internet connection – Make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. If you need a free firewall, click here. Never use a public WiFi service for any type of financial transaction or other type of sensitive information transfer.
    3. Use added protection on sensitive financial information with passwords or store on a flash drive, CD or external hard drive For added protection all year, keep your finances inaccessible to anyone who uses (or hacks into) your computer. You can do this by password protecting individual files or folders on your computer, or choose to keep this information on a flash drive or CD that you keep in your safe or other secure location.
  2. Drive, don’t be pulled to tax websites – Chances are, the internet holds the answers to your tax questions. But safely searching for tax forms, advice on deductibles, tax preparers, etc. requires that you don’t get fooled into landing on malicious sites.  Trust is Key. Know the Site. Know the User. Know the Company.
    1. Navigate to the websites yourself by conducting your own search. Always use a tool that helps you see the safety rating of the search results. There are many website safety rating services, and both Firefox and IE offer tools as well.
    2. Or, type in the URL of a trusted site. Just be careful that you don’t mistype the URL, criminals are quick to buy URL’s that are just a common typo away from the legitimate sites, and can make their fake sites appear legit.
    3. Never allow yourself to be pulled to a site by using a link sent in email, or found on someone’s blog, or by clicking on an advertisement. The website you land on may look just like the real site (just as the ad may have looked like a legitimate ad) but it may be a well crafted fake.
  3. Don’t fall for email, web, or social networking scams – tax time brings tax scams. The scams may tout tax rebates, offer great deals on tax preparation, or offer a free tax calculator tool, etc. If you did not solicit the information, it’s a scam.
    1. If the email claims to be from the IRS, it’s a scam – the IRS will not contact you via email.
    2. If the email appears to be from your employer, bank, broker, etc. claiming there is an issue with what they reported for you and you need to verify some information – it’s a scam.
    3. If you feel any temptation whatsoever to believe an online notice, check it out BEFORE responding. Use a site like Snopes and type in the email’s subject to see if the scam has been reported. If it comes from a company, find the company’s contact information yourself and call. Do Not use information contained in the email to check it out, if it’s a scam the information will be part of the scam.
  4. Never send sensitive information in email unless that sensitive information is in a password protected attachment (Word document, Excel file, etc). Basic email is not secure; it can be trapped and read by criminals. There are some email services that encrypt email, you will know if you have one of these.
    1. Do not include the attachment’s password in the email – call and share the password over the phone.
  5. Use strong passwords – A weak password is all it takes for someone to steal your information. “Password” or “123456” are not secure options, and neither are names, birthdates, words found in dictionaries, etc.. If you use the same password on multiple sites (or everywhere) you are asking for real trouble. Learn how to make strong passwords that aren’t hard to remember, just hard to guess.
  6. Use a reputable tax preparer that follows strict data security guidelines. Even when you’ve secured information on your computer, information can ‘leak’ from whomever you share your information with.
    1. If you are using a new tax preparer, check them out with the Better Business Bureau or get references and check them carefully.
    2. Ask about the data security precautions the tax preparer uses to protect your information – if their computers aren’t secure, your information isn’t either.

Of all the things you need to worry about during tax preparation, don’t make financial safety be one of them. Your actions today can significantly decrease your chances of becoming one of the 300,000 thousand or more victims expected to contact the Internet Crime Complaint Center this year.