Microsoft this week announced that it, too, would alert users when they are beset by state-sponsored cyber attacks, following the lead of Google, Facebook and, most recently, Yahoo. “We will now notify you if we believe your account has been targeted or compromised by an individual or group working on behalf of a nation state,” said Scott Charney, the Microsoft executive who runs the firm’s Trustworthy Computing group, in a post to a company blog Wednesday. According to Reuters, Microsoft put the new policy in place after the news service asked for comment about former Microsoft employees’ claims that the company had not warned Hotmail users in years past of state-backed attacks that hijacked their accounts. Reuters’ sources alleged that from 2009 on, more than a thousand Hotmail accounts, including those of leaders of China’s Tibetan and Uighur minorities, diplomats from Japan and unnamed African nations, and human rights lawyers, had been hacked by Chinese authorities. Microsoft confirmed to the news service that it had not told those Hotmail users that their information had been compromised. The same sources alleged that Microsoft required the affected users to reset their passwords, but did not provide a reason. The Redmond, Wash. company had not been more explicit because it feared retribution from China’s government, the former Microsoft employees said.
Microsoft has long tried to mend fences with authorities in the Communist Party-run People’s Republic of China (PRC), an effort to open that massive market to its software and services. The PRC has a reputation of being a pirate’s haven, where few pay for software, including for Microsoft’s Windows operating system. Earlier this month, for instance, Microsoft expanded an existing partnership with one of China’s largest defense and technology conglomerates, and announced a joint venture to get Windows 10 on PRC government agencies’ and state-run companies’ PCs.
As have other technology firms with similar notification policies, Microsoft declined to detail the alert trigger. “The evidence we collect in any active investigation may be sensitive, so we do not plan on providing detailed or specific information about the attackers or their methods,” said Charney. “But when the evidence reasonably suggests the attacker is ‘state sponsored,’ we will say so.”
State-run or state-funded cyber attacks have a reputation as being more sophisticated, sneakier and aimed at individuals believed to be in possession of important information — such as state or commercial secrets — and in the case of those campaigns suspected of being launched by PRC authorities, often prominent dissidents as well. Security companies regularly label an attack as “state sponsored” when it significantly rises above the usual level of competence, even though responsibility is not often cut and dried.
Charney’s rationale for the new alerts — which will affect users of Microsoft’s Hotmail — since renamed Outlook.com — email service, was along those lines. “We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be ‘state-sponsored’ because it is likely that the attack could be more sophisticated or more sustained than attacks from cyber criminals and others,” Charney said.
Charney also offered up advice on how users can protect their Microsoft accounts, which ran the usual gamut from enabling two-factor authentication to keeping an eye out for suspicious account activity, such as whether the access password has been recently changed.
Microsoft’s move mirrored those of other technology firms with email and communications services. Google instituted state-backed hacking warnings for Gmail in mid-2012, Facebook followed suit two months ago, and Yahoo climbed aboard the bandwagon on Dec. 21.