Partner Article

Microsoft faces state sponsored hacking attacks

Joining companies such Google, Twitter, Facebook and Yahoo, Microsoft will now warn users of suspected hacking attacks by governments.

Microsoft Corp has informed that it will warn its user base, including those using its Outlook.com services of suspected government hacking into their accounts.

This change of policy was triggered by Reuters when it questioned Microsoft as to why it did not alert the victims of China’s Tibetan and Uighur minorities of a hacking campaign by the Chinese state, especially since Microsoft had discovered the hacks way back in 2011.

As per two former Microsoft employees, Microsoft’s own cybersecurity experts had come to the conclusion several years ago that those behind the hacking campaign were none other than the Chinese authorities. However, despite coming to this conclusion, it did not warn the users of its Outlook.com and Hotmail services of the same.

As per Microsoft, neither it nor the U.S. Government could accurately pinpoint the source of the hacking attacks. Microsoft’s statement said it would be thus premature to conclude that the hacking attacks came from a single country.

Actually, the change of policy of warning its user base of hacking attacks by state players only mirrors the moves made by Twitter Inc., Facebook Inc. and most recently Yahoo Inc.

This practice was pioneered by Google way back in 2012, and it warns its users of such attacks every few months. On its part, for two years, Microsoft had provided alerts on potential security breaches without specifically saying the likely suspect who’s behind the attacks.

In its reply to Reuters, Microsoft said : “As the threat landscape has evolved our approach has too, and we’ll now go beyond notification and guidance to specify if we reasonably believe the attacker is ‘state-sponsored’.”

Furthermore, Microsoft has also reportedly said in a blog post : “We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be ‘state-sponsored’ because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others.”

According to the two former Microsoft employees, the Hotmail attacks had targeted human rights lawyers, diplomats, media workers and others who held sensitive posts inside China.

Although Microsoft had told the victims that they should reset their password, they had however failed to tell them that they are under attack and that their account has been hacked. Security experts and online activists have since long called for more explicit warnings, saying this would be more beneficial since the victims are more likely to pay attention to them.

This was posted in Bdaily's Members' News section by Nicolas Menguy .