With the Russian scandal, and President Trump’s perceived reluctance to really prioritize going after the alleged Russian state run attempt to hack and obfuscate our 2016 elections, there appear to be no counter measures to dissuade this bad cyber behavior. But according to a Daily Beast investigation, Microsoft has been stealthily waging a counter-attack against the cyber espionage group known as Fancy Bear for about a year. American cyber security company CrowdStrike, which has been involved in response efforts to several high-profile hackings, has said with a medium level of confidence that Fancy Bear is associated with Russia’s covert military intelligence agency known as GRU, and was responsible for the Democratic National Committee cyber attacks among other notable targets.
While Microsoft has plenty of cyber security software offerings and experts, their approach to going after Fancy Bear (which not surprisingly goes by many aliases) is somewhat surprising. Harkening back to how the Feds finally put Al Capone behind bars, Microsoft has taken a deft legal approach and has set their lawyers loose to literally gain ground on this cyber espionage group. In 2016 Microsoft lawyers filed suit in federal court against Fancy Bear with charges of cybersquatting, computer intrusion, and infringement of Microsoft’s trademarks. While dragging an anonymous espionage group to court literally is unlikely, it ended up serving a higher purpose.
The clever strategy has allowed Microsoft to gain ownership of 70 different command-and-control points from Fancy Bear without actually taking physical control of the servers that run them. Fancy Bear doesn’t own these servers either as they rent them from various data centers scattered throughout the world. But Fancy Bear might learn a thing or 2 about poking a bigger bear, as they often targeted Windows platforms with its malware. Fancy Bear seemingly became so fixated on Microsoft, that they choose many of their domain names based on the Seattle based tech giants, product names. This gave Microsoft legal standing to go after them and gain control over the Internet domain names that route to Fancy Bear’s vital command centers. By redircting the command center servers to Microsoft servers they gain a view of all the peripheral activities of suspected foreign intelligence operations and cut the hackers off from their targeted victims. So as a court filing explained, when malware is activated and an infected computer tries to connect to a Fancy Bear command-and-control server via one of the domain names, it will instead be rerouted to a secure server that Microsoft owns and manages. Microsoft’s motion (legal request) for a final default judgment and permanent injunction against Fancy Bear, will be heard his week by a federal judge in Virginia.
