Microsoft Security Action Arouses Major Controversy

Dennis Faas's picture

Security experts say they're upset with Microsoft after the Redmond, Washington-based firm recently took actions to disable botnets associated with the 'Citadel' malware.

The problem: Microsoft also disrupted important research being carried out by security experts.

Citadel is a form of keylogging malware used by hackers to steal login information and passwords, thereby giving cybercriminals access to banking accounts and other web services.

It's estimated that more than one thousand botnets were using the Citadel malware to carry out cybercriminals' attacks. At the time Microsoft acted on the issue, Citadel-related attacks had affected approximately five million people and had resulted in the loss of $500 million.

Operation b54 Disables Botnets, Security Operations

In an attempt to drastically reduce Citadel's impact, Microsoft led an operation -- dubbed 'Operation b54' -- designed to disable the many botnets using the malware. The results were controversial, to say the least. (Source:

Some security experts were grateful that Microsoft was willing to help them fight cybercrime. Others, however, were livid that the firm took action without consulting them.

The problem was that Microsoft's actions negatively affected many active anti-malware research operations. An anonymous researcher for Swiss security organization says Microsoft's campaign hindered rather than helped his group's work.

"In my opinion, [Microsoft's] operation didn't have any big noteworthy impact on Citadel, rather than disturbing research projects of several security researchers and non-profit organizations, including," the researcher said. (Source:

"In my opinion, Operation b54 was nothing more than a PR campaign by Microsoft."

Extent of Operation b54's Impact Unknown

Microsoft's operation was also controversial because it adjusted system settings on infected computers.

Even though the intent was to aid victims -- Microsoft helped them downloaded antivirus software -- some security researchers say the firm should not be making changes to users' settings without first consulting them.

"For some of the more hardcore security research people, that's a very dangerous precedent to set," noted Chester Wisniewski, a security advisor for Sophos. (Source:

As for the effectiveness of Microsoft's actions, Wisniewski was skeptical.

"This is a big blow to the criminals, but it certainly isn't going to put them out of business," he said.

Rate this article: 
No votes yet