You will now receive alerts if state-sponsored hackers attack your Microsoft Account [Updated]
Whenever you access the internet, you are under attack. There are tons of evildoers out there just waiting to hack or scam you. Between malware and social engineering, it can feel like the wild west on the web. In other words, bad guys are everywhere -- be cautious.
While some of these hackers are merely amateurs looking to wreak havoc or profit monetarily, there is something far more devious. State-sponsored hackers and terrorists could be targeting you with more sophisticated techniques. This could be for political reasons, such as espionage, or even stealing corporate secrets. Starting today, if Microsoft suspects sate-sponsored attacks on your Microsoft Account, it will let you know. This includes both Outlook.com email and OneDrive cloud storage.
"We already notify users if we believe their accounts have been targeted or compromised by a third party, and we provide guidance on measures users can take to keep their accounts secure. We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be 'state-sponsored' because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others. These notifications do not mean that Microsoft’s own systems have in any way been compromised", says Scott Charney, Corporate Vice President, Trustworthy Computing, Microsoft.
Charney further explains, "if you receive one of these notifications it doesn't necessarily mean that your account has been compromised, but it does mean we have evidence your account has been targeted, and it's very important you take additional measures to keep your account secure. You should also make sure your computer and other devices don't not have viruses or malware installed, and that all your software is up to date".
Recipients of these alerts should be vigilant and follow Microsoft's recommended steps. However, they should also wonder why they are being targeted by a nation state. If you are a politician, reporter or executive at a large corporation, you should probably alert your superiors and IT teams. Don't blow it off or pay it no mind -- you may regret it.
Unfortunately, Microsoft is refusing to share which groups are conducting the hacking or what methods they are using. The company cites legal reasons for this, which makes sense, as it may be evidence in a larger matter. Still, it is frustrating to be left in the dark regarding the identity of your attacker. With that said, you may be able to hire a lawyer to use legal action to try and force Microsoft to disclose the details.
Are you glad that Microsoft is now warning users of state-sponsored hacks? Tell me in the comments.
[UPDATE #1] A bombshell report from Reuters details some failures by Microsoft regarding the protection of its users. The company allegedly knew that state-sponsored hacking was occurring and did not alert its users as such. This Reuters investigation may have triggered Microsoft's newly announced stance on this type of hacking.
Reuters shares the following disheartening accusation against Microsoft. If true, the company may face a severe backlash from its users.
One of the reasons Microsoft executives gave internally in 2011 for not issuing explicit warnings was their fear of angering the Chinese government, two people familiar with the discussions said.
BetaNews has reached out to Microsoft for more information.
[UPDATE #2] A Microsoft spokesperson reached out to BetaNews with the following statement, which is also in the Reuters report.
Our focus is on helping customers keep personal information secure and private. Our primary concern was ensuring that our customers quickly took practical steps to secure their accounts, including by forcing a password reset. We weighed several factors in responding to this incident, including the fact that neither Microsoft nor the U.S. Government were able to identify the source of the attacks, which did not come from any single country. We also considered the potential impact on any subsequent investigation and ongoing measures we were taking to prevent potential future attacks
In other words, Microsoft denies knowing without a doubt that it was the Chinese government behind the hacks. While Reuters frames this as a failure on Microsoft's part, I would disagree. True, the company could have done a better job in warning the users of general hacking attempts, but it would be wrong to inform the user that the Chinese government was targeting them without definitive proof. With that said, had Microsoft's new state-sponsored hacking policy been in place back then, it wouldn't have helped these users anyway, since the company was not sure of the source.