Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Wednesday July 26 2017, @11:03PM   Printer-friendly
from the threat-group dept.

On Friday, representatives of the notorious hacking entity known as Fancy Bear failed to appear in a federal court in Virginia to defend themselves against a civil lawsuit brought by Microsoft.

As the Daily Beast first reported on Friday, Microsoft has been waging a quiet battle in court against the threat group, which is believed to be affiliated with the GRU, Russia's foreign intelligence agency. For now, the company has managed to seize control of 70 domain names, but it's going after many more.

The idea of the lawsuit, which was filed in August 2016, is to use various federal laws—including the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA), and American trademark law—as a way to seize command-and-control domain names used by the group, which goes by various monikers, including APT28 and Strontium. Many of the domain names used by Fancy Bear contain Microsoft trademarks, like microsoftinfo365.com and hundreds of others.

In June 2017, Microsoft asked the judge to issue a default judgement in its favor, since the individuals behind Fancy Bear have not made themselves known. According to the Daily Beast, Microsoft and its lawyers have made several attempts to serve the unknown "John Does" via e-mail. According to the Daily Beast, those e-mails have been opened dozens of times and were equipped with a tracking beacon. Microsoft's lawyers have also conveniently posted all the court documents on a public website, inviting the defendants to contact them via postal mail, e-mail, or even fax.

Source: https://arstechnica.com/tech-policy/2017/07/microsoft-targets-fancy-bears-domains-in-trademark-lawsuit/


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 0) by Anonymous Coward on Wednesday July 26 2017, @11:14PM (5 children)

    by Anonymous Coward on Wednesday July 26 2017, @11:14PM (#544914)

    How do you enforce a court judgement if you don't even know who they are?
    What does the court judgement even do?

    >crowdstrike
    Yeah, I'll take that with a megaton of salt.

    • (Score: 2) by NewNic on Wednesday July 26 2017, @11:28PM (3 children)

      by NewNic (6420) on Wednesday July 26 2017, @11:28PM (#544918) Journal

      You get the domain registrar to hand over the domain name.

      --
      lib·er·tar·i·an·ism ˌlibərˈterēənizəm/ noun: Magical thinking that useful idiots mistake for serious political theory
      • (Score: 2) by JNCF on Wednesday July 26 2017, @11:37PM

        by JNCF (4317) on Wednesday July 26 2017, @11:37PM (#544922) Journal

        Hello, Namecoin!

      • (Score: 3, Interesting) by frojack on Thursday July 27 2017, @12:42AM

        by frojack (1554) on Thursday July 27 2017, @12:42AM (#544940) Journal

        You get the domain registrar to hand over the domain name.

        Why does this strike me as a trick you can use exactly ONE Time, before they start registering elsewhere?
        And is turnabout fair play here?
        When the Russian Government starts seizing Microsoft names, at least we will have confirmation of who Fancy Bear was.
        But does that help anyone when some Magistrate in France decides they want to use the same tactic?

        --
        No, you are mistaken. I've always had this sig.
      • (Score: 0) by Anonymous Coward on Thursday July 27 2017, @12:50AM

        by Anonymous Coward on Thursday July 27 2017, @12:50AM (#544942)

        So a game of whack-a-mole? I don't see why the supposed group can't just rename itself multiple times or even subcontract their work to obfuscate their trails through multiple fronts.

    • (Score: 0) by Anonymous Coward on Thursday July 27 2017, @05:21AM

      by Anonymous Coward on Thursday July 27 2017, @05:21AM (#545015)

      For a minute I was like "What the heck does MS have against fancy "beer"?"

  • (Score: 0) by Anonymous Coward on Wednesday July 26 2017, @11:23PM (4 children)

    by Anonymous Coward on Wednesday July 26 2017, @11:23PM (#544916)

    Is there a tactical advantage to using a url that looks like something Msft official?

    • (Score: 2) by MostCynical on Wednesday July 26 2017, @11:28PM (3 children)

      by MostCynical (2589) on Wednesday July 26 2017, @11:28PM (#544919) Journal

      Makes hacing easier. Microsoft uses hundreds, possibly thousands of websites for checking the "health" of its/your OS, so using URLs that "look" right makes changing things easier.
      It is very unlikely any sysadmins, home users, or even Microsoft themselves know how many URLs Microsoft are using, and what for.

      --
      "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
      • (Score: 2) by kaszz on Wednesday July 26 2017, @11:40PM (2 children)

        by kaszz (4211) on Wednesday July 26 2017, @11:40PM (#544923) Journal

        If they kept themselves to naziemetry.microsoft.com it would be much easier for people to know which sites that are good telemetry ;-)

        Or they could just clean up their shit.. (code & practice)

        • (Score: 5, Insightful) by MostCynical on Wednesday July 26 2017, @11:52PM (1 child)

          by MostCynical (2589) on Wednesday July 26 2017, @11:52PM (#544927) Journal

          Not sure when this behaviour started, but sometime between 1975 and now, it became self-fulfilling: didn't matter what Microsoft did to customers, they kept coming back.
          Bloatware? Removing functionality? Making updates worse (and worse..)? Telemetry? Auto-updates? Etc etc..

          Apparently, you can fool most of the people, most of the time.

          --
          "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
          • (Score: 2) by kaszz on Thursday July 27 2017, @07:28AM

            by kaszz (4211) on Thursday July 27 2017, @07:28AM (#545036) Journal

            Most people are fools? ;-)

            But let's not forget the executive class with power and lesser clue. No one gets fired for buying IBM and then someone offers new shiny bits for that machine.. *like moths to the light* ..

  • (Score: 3, Funny) by PartTimeZombie on Wednesday July 26 2017, @11:56PM (3 children)

    by PartTimeZombie (4827) on Wednesday July 26 2017, @11:56PM (#544928)

    ...inviting the defendants to contact them via postal mail, e-mail, or even fax.

    Maybe Microsoft hopes Fancy Bear are from 1998?

    • (Score: 3, Funny) by realDonaldTrump on Thursday July 27 2017, @02:14AM (2 children)

      by realDonaldTrump (6614) on Thursday July 27 2017, @02:14AM (#544967) Homepage Journal

      I'd love to hear from Fancy Bear. They can write to my office: The Trump Organization, 725 Fifth Avenue New York, NY 10022. Call 1-212-832-2000 or fax 1-212-935-0141. DO NOT EMAIL! 🇺🇸

      • (Score: 1, Touché) by Anonymous Coward on Thursday July 27 2017, @03:58AM (1 child)

        by Anonymous Coward on Thursday July 27 2017, @03:58AM (#545004)

        What about Twitter?

        • (Score: 1) by realDonaldTrump on Thursday July 27 2017, @04:27PM

          by realDonaldTrump (6614) on Thursday July 27 2017, @04:27PM (#545251) Homepage Journal

          I'll tell you, I think someone's hacked into my Twitter accounts. That's one of the things I want to talk about with Fancy Bear. 🇺🇸

  • (Score: 0) by Anonymous Coward on Thursday July 27 2017, @07:51AM

    by Anonymous Coward on Thursday July 27 2017, @07:51AM (#545051)

    According to the Daily Beast, Microsoft and its lawyers have made several attempts to serve the unknown "John Does" via e-mail. According to the Daily Beast, those e-mails have been opened dozens of times and were equipped with a tracking beacon.

    This sentence is almost self contradictory. So we have some super elite state organized cyber espionage group... that autoloads images in their emails (which is the only viable means of setting an email "tracking beacon"). These red scare orientated 'evil hacker' stories rarely make any sense at all. Tracking these people invariably involves the alleged hackers engage in less precautions than a security conscious regular user engages in. It's just all so contradictory. The stories don't really make any logical sense. Said "tracking beacon" could also have been accessed in countless other ways that don't involve these individuals having received their summons. Meh, I want a technocracy.

(1)