Inside Microsoft’s Cybercrime Centre and how it protects you online

Share on facebook
Share on twitter
Share on linkedin
Share on email

If you had to conduct a poll among your online friends today, it would almost certainly reveal that that at least two of them have either been a victim of a cybercrime.

That claim may sound astonishing, but it’s not too far-fetched as 12.7 million Americans fell victim to online fraud last year.

Cybercrime and espionage costs companies around the world $445 billion annually, and nefarious online activities show no signs of ever stopping. Microsoft created its Cybercrime Centre and Digital Crimes Unit to combat this.


Tucked away in the rather innocuous Redwest-C building on its Redmond campus, it is at the heart of the mega tech company’s drive to keep Microsoft users safe while navigating the online world.

By using data to gain insight into how cyber criminals operate, the Centre works to leverage US civil law and evidence to fight cybercrime across the globe. To do that efficiently, teams work hand-in-hand with various security partners, industry researchers, and law enforcement.


“Cyber security is the hot topic now as the issue has moved from server room to the board room. Security breaches can cost companies millions of dollars in lost revenue, damage the brand, and it could cost the company a lot of customers,” said Patti Chrzan, who is the senior director for strategic programs at Microsoft’s Digital Crimes Unit.

Chrzan was the lead “tour guide” for a group of international journalists (which included who had the opportunity to walked around the facility to see just how exactly Microsoft wants to put the brakes on online theft and breaches.

It does have a bit of a tough task, considering the fact that malware can sit on a desktop computer for on average of about 200 days before being detected – which includes businesses and individuals – and results in $3 trillion in lost productivity and growth.

But thankfully the Cybercrime Centre isn’t working alone. “We partner with other teams in the company like the malware protection team and industry teams, to protect our assets and our customers. We work in 2 areas: protecting vulnerable populations and fighting malware/reducing digital risk.”

Patti Chrzan, senior director for strategic programs at Microsoft’s Digital Crimes Unit.
Patti Chrzan, senior director for strategic programs at Microsoft’s Digital Crimes Unit.

The biggest headache for Microsoft (and many cyber security companies out there) is the massive infections rates of malware.

Malware can be distributed with both digital and through physical copies of the software. At this moment in the tour, Chrzan pointed the journalists towards a large room with brown envelopes stacked on shelves, all clearly marked ‘EVIDENCE’.

[Image – Supplied]
The envelopes contain all materials that have been gathered during various investigations, such as counterfeit software products.

“It usually only takes about three months or so after a product release before it gets pirated. We do test purchasing and big data activation to track product registration patterns to find criminals,” she said.

Chrzan relayed an investigation where Microsoft used big data to track down one person who activated thousands of product keys from one location. It was physically impossible that the person bought all the copies, and it turned out he illegally procured a stack of product keys, and was checking to see which ones were still active.

The Situation Room, where high-level security decisions are made. [Image - Supplied]
The Situation Room, where high-level security decisions are made. [Image – Supplied]
By using its own Power Maps and Excel, Microsoft managed to create a map of the activations and built an algorithm to look out for this kind of behaviours.

“We can use this to map and track the distinct count of product keys on a given number of devices. Big data and data visualization has allowed us to find other people and expand our investigations –most recently helping us to contribute and break up the largest counterfeiting case in the US.”

On the forensics side of the office, there are several workspaces in the centre for partners to work from as it helps to be co-located – and share knowledge. Out of interest, the network that the labs connect to is completely off Microsoft’s corporate network.

[Image – Supplied]
Microsoft can only truly fight cybercrime and malware if it knows what it is dealing with.

“We work to get devices purposely infected and then begins the cyber forensics, reverse engineering, legal solutions, and cleaning solutions. It is how we work to accelerate operations,” Chrzan explained.

Naturally Microsoft does a lot more than tracking and mapping malware, but like a secret government base, the journalists were given the broadest tour possible without divulging too many details on how Microsoft discovers, tracks and investigates cybercrime.


While you might not immediately see an impact on your daily life from the work that the Cybercrime Centre, the results from the forensic investigations do make their way into Windows Defender – and other online security platforms with which they have partnered.

“The Cybercrime centre is a place where a lot of experts can come together to work on complicated issues – and keep people safe.”



Hypertext creates relevant business and consumer technology content for our readers. We live at the crossroads of invention, culture, mobile, 3D printing and more, where the greatest ideas of today inspire the innovations of tomorrow.


[mailpoet_form id="1"]