In the fight against Russian hackers, Microsoft is using its vast legal resources to go after the tools used by mysterious hacker group Fancy Bear, and not the group itself. According to the Daily Beast, Microsoft filed suit against the hacking team in court last year, “accusing it of computer intrusion, cybersquatting, and infringing on Microsoft’s trademarks.”
But don’t expect a 400-pound hacker to take the stand in an American courtroom anytime soon. The tactic is designed to allow Microsoft to cut Fancy Bear off from the servers it needs to carry out its cyberattacks and intrusions. The Daily Beast reports that so far, Microsoft has wrested 70 command-and-control points away from the hackers, who may or may not be agents of the Russian government.
It has also taken control of domains used by the group, such as livemicrosoft.net and rsshotmail.com, both of which use trademarked Microsoft assets. As soon as Microsoft began sinkholing these domains, Fancy Bear would register new ones, turning the court proceedings into a type of whack-a-mole that currently requires an independent monitor to oversee takedown requests.
Fancy Bear has been nearly untraceable, and Microsoft’s subpoena powers have provided little information about who the hackers are or where they reside (they make payments with bitcoin or prepaid credit cards). But so long as companies like Microsoft keep finding ways to move them around, they create more opportunities for the hackers to slip up.