Step Inside Microsoft’s Digital Crimes Unit
Author: Kyle Iboshi
Published: 6:06 PM PST November 7, 2017
Updated: 11:34 PM PST November 7, 2017

KGW App users: Tap to view

REDMOND, Wash. — The sign on a glass door read: Restricted Area. Authorized Personnel Only.

To get inside, we needed an escort with a special security badge.

A few steps later, there was another door. This one was bigger and heavier -- the type of door you’d see protecting a bank vault. It, too, was locked and required special access.

As the thick door slowly swung open, we entered the highly restricted forensics lab for Microsoft’s Digital Crimes Unit. The modern-looking glass and chrome lab is like the TV show CSI. There are yellow envelopes marked “Evidence” and shelves filled with counterfeit Microsoft products.

The digital detectives in the crime unit work with sophisticated technology to track down cybercriminals.

“This is where our investigators and data analysts really collaborate to understand what is going on in cybercrime,” said Courtney Gregoire, assistant general counsel at the Microsoft Digital Crimes Unit.

Microsoft’s Digital Crimes Unit is made up of tech experts, data scientists, former law enforcement and lawyers. This specially trained unit fights computer viruses, malware, hackers, counterfeit software and even child exploitation.

“This is real-life detective work going on here,” said Gregoire.

The brightly lit lab is lined with glass tables and computer monitors. One wall is covered with scribbled notes on a glass dry-erase board. The other wall has a huge monitor displaying phony pop-up ads with the Microsoft name and logo.

“These are actually what a consumer might see when their browser starts telling them to call fraudulent tech support,” said Gregoire.

How the Scams Work

Tech support scams are one of the most common threats for consumers. Microsoft receives roughly 12,000 complaints a month about tech support scams.

“Two out of three people globally said they had some experience with a tech support scam. That means they may have seen an email, received a phone call or gotten a pop-up,” said Gregoire.

Typically, the scammers try to convince consumers there’s a problem with your computer. The criminals may call, create a pop-up message on your computer or set up fake websites to fool you into believing your computer is infected. Then, they ask you to pay them to fix the nonexistent problem.

“Sometimes they’re asking for payment through a typical credit card or money order. Sometimes they are asking for iTunes gift cards,” said Gregoire. “All of these should be red flags to the consumer.”

Courtney Gregoire stands in front of Microsoft's cybercrimes threat map 
Courtney Gregoire stands in front of Microsoft's cybercrimes threat map 

To fight back, the Digital Crimes Unit scrapes the Internet every day looking for phony tech support ads and pop-up messages. The team looks for trends and patterns.

The digital detectives often conduct test purchases, posing as consumers. They want to find out who is behind the scam and where they are operating. The Digital Crimes Unit collects evidence and builds a case to try and bring down these cybercriminals.

The Target

Portland resident Carri Bugbee normally doesn’t answer unwanted phone calls, but her caller ID said “Microsoft.” She answered.

“The person immediately said, ‘I’m calling because you have a problem with your computer,’” she recalled.

Bugbee immediately knew it wasn’t Microsoft and there was nothing wrong with her computer, but she continued to listen. She peppered the man with questions as he tried to get remote access to Bugbee’s computer so he could snoop around looking for valuable information.

“I’m frankly surprised that they didn’t hang up on me right away,” said Bugbee.

Bugbee didn’t fall for the scam and didn’t lose any money, but others do. The Federal Trade Commission estimates that more than $24.6 million has been lost to tech support scams in the last two years.

On average, a typical consumer will lose about $280.

The Scammers

Most of these criminal networks operate overseas, but federal authorities have busted call centers in the US.

“If people knew the inner workings of who they were actually speaking to on the phone, there’s no doubt in my mind that 95 percent of those people would have hung up as soon as they got on with us,” said a man who claimed to work in a call center.

The man, identified only as David, was interviewed by the AARP. He explained that telemarketers at his call center would charge victims hundreds of dollars for phony services.

“Anybody that you’d actually get on the phone with as a consumer had no actual background in knowing computers and what you would consider an expert,” said David.

The Global Network

Cybercrime has become more widespread and more sophisticated. A giant, interactive map inside Microsoft’s Cybercrime Center shows malware-infected computers around the globe.

Bright yellow and orange dots highlight major cities in Europe, South America and North America. As the screen zooms in, you can see infected computers by region, then city and then block-by-block in downtown Seattle.

“We are looking at threats that have hit in the last 30 days,” explained Gregoire. “Cybercrime knows no borders.”

Published Nov. 7, 2017