Microsoft Turns on Nation State Attack Warnings after China Criticism

Microsoft has finally bowed to pressure and will now warn customers if it thinks their accounts are being targeted by nation state spies, following reports that it had failed to do so in the past to Hotmail users hit by Chinese hackers.

Trustworthy Computing vice president, Scott Charney, explained in a blog post that the notifications would enhance Redmond’s current warnings of attacks that could indicate compromise by a third party.

He added: “We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be ‘state-sponsored’ because it is likely that the attack could be more sophisticated or more sustained than attacks from cyber-criminals and others. These notifications do not mean that Microsoft’s own systems have in any way been compromised.

“If you receive one of these notifications it doesn’t necessarily mean that your account has been compromised, but it does mean we have evidence your account has been targeted, and it’s very important you take additional measures to keep your account secure. You should also make sure your computer and other devices don’t have viruses or malware installed, and that all your software is up to date.”

Charney recommended customers turn on two-step verification; use strong passwords, regularly changing them; monitor recent account activity; be careful of suspicious emails or sites; and keep computer software and AV up-to-date.

Microsoft’s decision brings it in line with the likes of Google, Twitter, Facebook and Yahoo. The decision to notify customers of possible nation state attacks comes as former employees told Reuters that Microsoft refused to act despite concluding that the Hotmail accounts of thousands of customers—including Tibetan and Uighur leaders—were hacked by the Chinese authorities.

The attacks in 2011 apparently exploited a Microsoft flaw to forward copies of all incoming mail to the hackers.

However Microsoft claimed that it never concluded that the attacks were made by the Chinese Government, and disputed the Reuters report. In an email to Infosecurity, a Microsoft spokesperson said: “Our focus is on helping customers keep personal information secure and private. Our primary concern was ensuring that our customers quickly took practical steps to secure their accounts, including by forcing a password reset.

“We weighed several factors in responding to this incident, including the fact that neither Microsoft nor the US Government were able to identify the source of the attacks, which did not come from any single country.  We also considered the potential impact on any subsequent investigation and ongoing measures we were taking to prevent potential future attacks.”

Photo © JuliusKielaitis 

What’s Hot on Infosecurity Magazine?