Microsoft has no way of knowing if its botnet takedowns will disrupt police investigations.
The company said legal restrictions prevent police and Microsoft from disclosing information about botnet investigations, making it impossible to guarantee that pulling command and control servers would not disrupt law efforts.
But the company had its “finger on the pulse” according to the assitant general counsel for Microsoft’s Digital Crimes Unit, Richard Bosocovich. He said its take downs were sensitive to efforts within the research communities.
Redmond copped flak from security professionals after it pulled two command and control servers used by the Zeus botnet.
Some said that move, which was designed to disrupt not destroy the botnet, had hindered police investigations.
Microsoft typically works with the security community to investigate botnets but will limit the number of people it notifies prior to pulling rouge servers offline.
That was necessary because it pursued take downs through ex-parte temporary restraining orders which allowed botnet infrastructure to be seized without having to notify bot masters.
It was much faster than pursuing crimninal action and could lead to "immediate disruption and stopping of harm" Bosocovich said.
The unit's senior program manager T.J Campana said the take downs were vital to fighting online crime.
"Ripping away infrastructure is a great way to get to criminals," he said.
Darren Pauli travelled to Redmond as a guest of Microsoft.