Microsoft’s recent takedown of the ZeuS botnet has caused a lot of controversy, mostly because of the way the company addressed the issue.
In April, security journalist Brian Krebs reported that a large part of the security industry blamed Microsoft for using sensitive information for its own agenda without explicit permission from the source, possibly even interfering with the investigations of international law enforcement organizations.
The other problem was that the Redmond company made a deal with a federal judge that would allow it to seize domain names and servers in return for trying to reveal the identities of the suspected cybercriminals.
Now, Krebs reveals that at least 15 of the individuals had email accounts on Hotmail or MSN, which were not a problem to track down, but among the other ones, 39 John Does owned Google accounts.
“Google has received a subpoena for information related to your Google account in a case entitled Microsoft Corp., FS-ISAC, Inc. and NACHA v. John Does 1-39 et al., US District Court, Northern District of California, 1:12-cv-01335 (SJ-RLM) (Internal Ref. No. 224623),” reads part of the notice sent by Google.
“To comply with the law, unless you provide us with a copy of a motion to quash the subpoena (or other formal objection filed in court) via email at email@example.com by 5pm Pacific Time on May 22, 2012, Google may provide responsive documents on this date.”
Jon Praed, founding partner of Internet Law Group, has stated that Microsoft should have done a better job in respecting the community, but on the other hand he welcomes the efforts the firm has placed into this operation.
“Privacy needs lots of attention as an issue, and it is clearly true that the average, law-abiding citizen is generally woefully protected wrt privacy,” Praed wrote in a comment to Krebs’ article.
“However, it is also true that the average bad guy is vastly over-protected by simplistic applications of privacy policies that were written, not to protect the bad guy, but to protect the rest of us. Privacy policies need exceptions, and the general public needs to understand enforcing those exceptions are sometimes as important as enforcing the general rule.”