Thank you for sharing!

Your article was successfully shared with the contacts you provided.
In August, a destructive computer worm known as Zotob attacked users of the Windows 2000 operating system. It infected computers worldwide, including those at broadcasting giants ABC News and CNN. Within two weeks, law enforcement authorities in Turkey and Morocco � acting on information provided by the FBI with Microsoft Corp.’s help � arrested Farid Essebar, 18, of Morocco and Atilla Ekici, 21, of Turkey � two individuals suspected of distributing the malicious program. The Zotob case is remarkable not only because of the short time between the program’s release and the arrests, but because it illustrates the increasingly important role that public-private partnerships are playing in the battle against cybercrime. As director of Internet safety enforcement programs at Microsoft Corp., my job puts me on the front lines of our security and privacy programs, including our ongoing efforts to assist law enforcement in identifying and holding cybercriminals responsible for their deeds. Yet we all must recognize that law enforcement is only one part of the response to threats. Full protection ultimately requires a combination of technology, education, industry best practices and targeted legislation. There is clear evidence that cybercriminals are getting more sophisticated. Methods, and motives, are shifting. In the past, many hackers pursued notoriety, but today’s cybercriminals are motivated primarily by financial gain. This has brought a new set of sophisticated threats and cunning criminal techniques into the picture, from phishing to spyware. Microsoft’s global Internet safety enforcement team of 65, created in 2002, includes 25 investigators as well as lawyers and paralegals. Among our successful efforts was the pursuit of the originators of the Sasser worm, launched in May 2004. In July of this year, based in part on evidence provided by Microsoft, a German court convicted Sven Jaschan. One month later, we negotiated a $7 million settlement against Scott Richter, the self-proclaimed “Spam King,” and his company OptInRealBig.com. The Richter case remains pending at the U.S. bankruptcy court in Denver. We also welcomed the FBI’s arrest of Jayson Harris, a suspected purveyor of “phishing” Web sites. We helped identify Harris, a 21-year-old Davenport, Iowa, resident who had used his grandfather’s MSN account, and provided technical support to the FBI. Harris faces 75 counts of wire fraud charges in federal court in Iowa, and Microsoft won a $3 million judgment against him for trademark violations. The Zotob saga began when technical analysts at Microsoft’s security response center became aware of a worm on Aug. 13 and contacted our Internet safety enforcement team. Of course, time is of the essence in these cases. The team quickly provided technical and analytical support to the FBI’s Seattle and Los Angeles field offices and the FBI’s cybercrime unit in Washington, D.C. In less than a week of around-the-clock work, we provided information to help identify the responsible individuals. The FBI contacted enforcement officials in both countries to explain the case, provide information and seek assistance. Moroccan and Turkish officials arrested the suspects Aug. 26 and they now face prosecution in their home countries. OTHER EFFORTS Another example of collaboration between the private and public sectors is the 2004 creation of DigitalPhishNet.org, an alliance that targets phishers for identification, arrest and prosecution. (Phishing lures potential victims via fraudulent e-mail or instant messages to disclose sensitive data, such as Social Security numbers.) Microsoft also supported the Federal Trade Commission’s participation in the London Action Plan on International Spam Enforcement Cooperation, which supports global collaboration on network security, law enforcement and consumer education. We also continue to provide training and tools to assist Interpol and other law-enforcement agencies. For example, we have worked with the International Center for Missing and Exploited Children and Interpol to combat computer-assisted crimes against children. In-house counsel, as well as technology lawyers who advise clients on strategies for responding to cybercrime, should view enforcement as only one pillar � albeit an important one � for effective security. Other efforts should include: [ BULLET] Technology: Keep hardware and software infrastructure current. Out-of-date equipment and programs can make your company more vulnerable to attack. [ BULLET] Security: Install and maintain up-to-date current security programs, again for both hardware and software, that include protections against viruses, spyware, malware, Trojan horses and other invasive programs. Use access restrictions, password policies, etc., to prevent intrusion by hackers (internal and external). [ BULLET] Education: Educate employees about IT security. Staff must understand the risks they face on the Web. [ BULLET] Best practices: IT managers can help protect their companies against many online security risks simply by following industry best practices. [ BULLET] Support legislation: Laws that target specific deceptive or malicious online practices, or strengthen penalties, can provide additional protection. Technology lawyers can help by supporting such legislative reform efforts and advising their clients to do the same. SECURITY TIPS [ BULLET] Create passwords that are at least eight characters long with a mixture of letters, numbers and symbols. [ BULLET] Use an Internet firewall between your PC and the Internet (or other computers on your network). [ BULLET] Get computer updates and use up-to-date virus software. [ BULLET] Never open a file attached to an e-mail message or an instant message from an unrecognized sender. [ BULLET] Use a spam filter and never reply to spam (even “remove me” links). [ BULLET] Beware of spyware and other deceptive software. [ BULLET] Protect your identity. Legitimate businesses never ask for passwords, credit card numbers, Social Security numbers or other personal information in an e-mail. Tim Cranton, based in Redmond, Wash., is a senior attorney and director of the Internet safety enforcement team in Microsoft Corp.’s law and corporate affairs department. This article was originally published in Law Technology News, a Recorder affiliate based in New York City.Practice Center articles inform readers on developments in substantive law, practice issues or law firm management. Contact Associate Editor Candice McFarland with submissions or questions at [email protected].

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.