For more than a year, Microsoft has been working to shut down the hacking group Fancy Bear, believed to have ties to the Russian government, through what some might consider an unorthodox method: the courts.
According to a new report by The Daily Beast, the Redmond tech giant’s suit against the group has disrupted the “command and control” servers that the hackers use to direct their attacks. The Daily Beast reports that Microsoft has managed to capture 70 of these control points since August by taking over domain names rather than physical servers. Microsoft is then able to re-route those domains away from servers used by the hacking group to its own, where it can separate the malicious code from victims and get a window into Fancy Bear’s actions.
Fancy Bear is known for registering domain names that sound like Microsoft products, which opened them up to one of Microsoft’s legal claims, trademark infringement. The hacking group, according to The Daily Beast, has breached NATO, the Obama White House, numerous military agencies and NGOs around the world, and perhaps most famously, the Democratic National Committee.
Daily Beast reports that Microsoft’s effort against Fancy mirrors previous operations by Microsoft’s Digital Crimes Unit against criminal botnets. Microsoft began its battle against Fancy Bear soon after a report from The New York Times about a “high confidence” assessment that the Russian government was involved in a theft of emails from the DNC.
The two sides have gone back and forth, with Microsoft intercepting domains, and Fancy Bear turning around and registering new ones. Microsoft gained subpoena power in August after Fancy Bear representatives didn’t show up for a court date. As The Daily Beast reports, that has led Microsoft *to gather evidence from* “domain registrars, webmail providers, hosting firms and payment processors around the world.” But this effort hasn’t helped Microsoft identify individual hackers.
Microsoft is scheduled to be back in court today seeking a default judgment against Fancy Bear and a permanent injunction that would give Microsoft ownership of domains it has taken over as well as possession of thousands of domains that company algorithms suggest Fancy Bear may try to use.
We’ve reached out to Microsoft for comment and will update this post if we hear back.
No matter how the next court decision goes, Microsoft expects a long battle, according to The Daily Beast, and it is footing the bill for an independent court monitor involved in the case to stay on indefinitely.