Microsoft to warn users of suspected hacking

Microsoft will begin warning users of its consumer services including Outlook.com email when the company suspects that a government has been trying to hack into their accounts.

The policy change comes days after Reuters asked the company why it had decided not to tell victims of a hacking campaign, discovered in 2011, that had targeted international leaders of China’s Tibetan and Uighur minorities, in particular.

According to two former employees of Microsoft, the company’s own experts had concluded several years ago that Chinese authorities had been behind the campaign but the company did not pass on that information to users of its Hotmail service, which is now called Outlook.com.

In its statement, Microsoft said neither it nor the US government could pinpoint the sources of the hacking attacks and that they didn’t come from a single country.

The policy shift at the world’s largest software company follows similar moves since October by internet giants Facebook, Twitter, and, most recently, Yahoo.

Google pioneered the practice in 2012 and said it now alerts tens of thousands of users every few months.

For two years, Microsoft has offered alerts about potential security breaches without specifying the likely suspect.

Microsoft said: “As the threat landscape has evolved our approach has too, and we’ll now go beyond notification and guidance to specify if we reasonably believe the attacker is ‘state-sponsored’.”

In a blog post, Microsoft said: “We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be ‘state-sponsored’ because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others.

The Hotmail attacks targeted diplomats, media workers, human-rights lawyers, and others in sensitive positions inside China, according to the ex-employees.

Microsoft had told the targets to reset their passwords but did not tell them they had been hacked. Five victims interviewed by Reuters said they had not taken the password reset as an indication of hacking.

Online free-speech activists and security experts have long called for more direct warnings, saying that they prompt behavioural changes from email users.


Lifestyle

Dr Sarah Miller is the CEO of Dublin’s Rediscovery Centre, the national centre for the Circular Economy in Ireland. She has a degree in Biotechnology and a PHD in Environmental Science in Waste Conversion Technologies.‘We have to give people positive messages’

When I was pregnant with Joan, I knew she was a girl. We didn’t find out the gender of the baby, but I just knew. Or else, I so badly wanted a girl, I convinced myself that is exactly what we were having.Mum's the Word: I have a confession: I never wanted sons. I wanted daughters

What is it about the teenage years that are so problematic for families? Why does the teenage soul rage against the machine of the adult world?Learning Points: It’s not about the phone, it’s about you and your teen

Judy Collins is 80, and still touring. As she gets ready to return to Ireland, she tells Ellie O’Byrne about the songs that have mattered most in her incredible 60-year career.The songs that matter most to Judy Collins from her 60-year career

More From The Irish Examiner