Microsoft has said that it has no way of knowing if its botnet takedowns will disrupt police investigations.
The company said legal restrictions prevent police and Microsoft from disclosing information about botnet investigations, making it impossible to guarantee that pulling command and control (C&C) servers would not disrupt law enforcement efforts.
According to Richard Boscovich, assistant general counsel for Microsoft's digital crimes unit, the company had its “finger on the pulse”. He said its takedowns were sensitive to efforts within the research communities.
Redmond was criticised by security professionals after it pulled two command and control servers used by the Zeus botnet. Some said that move, which was designed to disrupt not destroy the botnet, had hindered police investigations.
Microsoft typically works with the security community to investigate botnets, but will limit the number of people it notifies prior to pulling rogue servers offline. This is necessary because it pursued takedowns through ex-parte temporary restraining orders that allowed botnet infrastructure to be seized without having to notify botmasters.
Boscovich said that it was much faster than pursuing criminal action and could lead to "immediate disruption and stopping of harm".
The unit's senior program manager T.J Campana said the takedowns were vital to fighting online crime. “Ripping away infrastructure is a great way to get to criminals,” he said.
Darren Pauli travelled to Redmond as a guest of Microsoft. This story originally appeared at scmagazine.com.au