Last month Microsoft released its strategy to fight criminal hackers with the announcement of its new Cybercrime Center at its Redmond, Washington home. Today Microsoft announced that it filed yesterday its first civil lawsuit in the U. S. District Court of Western Washington against Sichuan Changhong Electric Co., a Sichuan, China-based manufacturer of household appliances such as refrigerators and TVs for cyber hacking, reports the Seattle Times.
Microsoft is accusing Changhong of using product keys, a series of numbers and letters that a user enters into a computer in order to activate Microsoft software, that were stolen from organizations that had legitimately purchased licenses for the software. Organizations such as a U.S. public university, a U.S. public-school district, a U.S.-based engineering company and an Asia-based semiconductor manufacturer, were all unidentified in the suit.
Microsoft believes it's the first time any company has used the Computer Fraud and Abuse Act to go after those allegedly stealing software product keys. The law prohibits unauthorized access to a protected computer system such as those used in interstate commerce.
The level of proof required under that law to show product keys were stolen would not have been possible even a few years ago, Microsoft says. Now because of its Cybercrime unit’s ability to combine legal and technical expertise as well as cutting -edge tools and technology, a new era of effectively fighting crimes in the Internet is here.
This high-security center brings together engineers, digital forensics experts and lawyers trained in fighting software pirates under its new Digital Crimes Unit inside the 16,800-square foot, high security facility home in Redmond, Washington.
When they became suspicious eight months ago they were looking into patterns involving a known stolen product key and traced it back to an educational institution in the U.S. that had legitimately purchased the product key.
The cyber forensics team then plotted onto maps where that organization's licenses were being activated. Those maps showed big spikes in activation attempts in places far from the U.S.
The cyber team wanted to find a pattern of where the product key was used, but they needed to build their own algorithm to track the occurrences of this product key.
The algorithm showed that repeated attempts were by Changhong after failed attempts until success.
‘That's what I'm looking for,’ said Zoe Krumm, a member of the cyber forensics team. ‘They try multiple keys within minutes of each other until they find a pass.’
The data collected, along with data visualization tools and the work of data scientists and investigators, ‘allowed us to know when a company like Changhong has attempted over 2,000 times to activate unlicensed software with over 200 product keys,’ said Matt Lundy, Microsoft's assistant general counsel for the digital-crimes unit.
Microsoft is seeking a jury trial and a judgment that would bar Changhong from using product keys that it hasn't purchased to access Microsoft's servers in the future.
Changhong has not responded to any inquiries from the media at this time.