Microsoft Did Not Inform Hotmail Hack Victims Regarding China-Sponsored Attack Years Ago

Microsoft Did Not Inform Hotmail Hack Victims Regarding China-Sponsored Attack Years Ago

Microsoft (NASDAQ: MSFT) has recently revealed that a state-sponsored attack from Chinese officials had targeted more than one thousand Hotmail email accounts several years ago. However, the tech giant did not inform the victims immediately.

Former employees of Microsoft have unveiled that Microsoft failed to tell the email victims that they were being hacked by malicious attackers. This led to the hackers being able to freely continue their hacking on the victims, which included leaders of Uighur and Tibet minorities.

State-sponsored attacks are not at all new. Some attacks are spotted while some may still be ongoing without the victims' knowledge. In any case, everyone should be made aware.

Microsoft told Reuters on Wednesday that they would now change their policy regarding government-backed hacking attempts. They will now tell their customers if they believe that a cyber attack is being conducted.

No Sure Answer On Where Attacks Originated

Frank Shaw, spokesman for Microsoft, said that they were never sure of where the Hotmail attacks came from, which is why they were not able to inform the email victims of the attack. The victims had their emails collected without their knowledge.

There was no certainty when the attacks started, but it was first spotted in May 2011. Trend Micro (NASDAQ: TMICY) announced that they detected an email containing a small, malicious program that was sent to someone in Taiwan.

Trend Micro spotted more than a thousand victims of the mini malware at the time. The program exploited one flaw in Microsoft web pages that allowed a hacker to stealthily send out copies of all incoming email of an unsuspecting recipient.

The victims didn't know that all of their incoming emails were being forwarded to an unknown hacker's account as well. This meant that every electronic correspondence regardless of importance were being collected and read by others.

Before the security firm could come out and reveal their findings, Microsoft had already fixed the vulnerability on their side. However, the Redmond-based company had also started their own investigation in the same year.

Uighur and Tibetan Minority Leaders Targeted

Microsoft found out that there had been interception of emails under their radar as far back as July 2009. Tibetan and Uighur leaders in several countries had their email accounts compromised. Besides the leaders, there were human rights lawyers and African and Japanese diplomats who had been hacked.

Former employees of the tech giant also revealed that there were other people with position inside China that were hacked. One report from the Dell SecureWorks Counter Threat Unit Research Team found out that several of the attacks had IP addresses originate from a Chinese network, which had been linked to major cyber espionage campaigns including one against the RSA division from EMC Corp.

"The fact that three IP different addresses at the same ISP overlapped in a short time frame seems to indicate shared infrastructure used by both the RSA breach actors and other actors using the RegSubsDat malware," the report read.

Other Sources Of Attack Besides China

One conclusion was that the attacks had originated from China. Microsoft did not deny that fact, but had said that some of the hacking attacks still came from other parts of the globe besides China as well.

The Windows operating system maker explained that the United States Government and their own experts could not identify the main source of the Hotmail attacks.

Microsoft said: "We also considered the potential impact on any subsequent investigation and ongoing measures we were taking to prevent potential future attacks. As the threat landscape has evolved our approach has too, and we'll now go beyond notification and guidance to specify if we reasonably believe the attacker is `state-sponsored.'"

Officials From China Dispute Claims and Rumours

Chinese authorities were quick to dismiss the accusations that they have sponsored cyber attacks. Lu Kang, the spokesman from the Chinese Foreign Ministry, said that their government is a "resolute defender" in the cyber security realm and does not support such attacks.

Lu added that they will be willing to cooperate with the involved parties if they have conclusive evidence to show. However, Lu said that there will be "no benefit to solving the problem" if all of the accusations are based on rumours only.

Social Media Networks and State-Sponsored Attacks

Earlier in December 2015, Twitter (NASDAQ: TWTR) has taken the initiative to email some of its users, informing them that they may have been victims of a state-sponsored attack. The email said that some malicious actors have been trying to collect private information from their accounts.

Besides Twitter, Facebook (NASDAQ: FB) had also announced in October 2015 that they will be informing their users if there is an attempt to access their accounts by the government. With tech companies and online giants increasingly becoming aware of state-sponsored attacks, Microsoft's sudden interest to do the same is just right on time.

Why didn't Microsoft warn the victims early on? The former employees said that the company did not want to throw accusations and anger the Chinese government.

Microsoft tried to help the victims by forcing them to pick new passwords, but the hackers seemed to have access to the new passwords as well. This meant that the victims were still unsafe despite a password change.

There aren't any updates on what happened to the information collected from the email accounts years ago. However, it is clear that some of the victims are afraid of the potential consequences that could happen as their private correspondences have been compromised by hackers.

"The Internet service providers and the email providers have an ethical and a moral responsibility to let the users know that they are being hacked. We are talking in people's lives here," said World Uyghur Congress VP Seyit Tumturk, who was a victim in the Hotmail hack.

Microsoft did not provide any more details regarding why they chose to change their policy now regarding the state-sponsored attacks. They refused to admit if the recent Hotmail hack reveal had something to do with their decision.

Customers who use the tech giant's email service may be warned in the future if Microsoft believes they have been victims of a government-backed attack. However, they do not guarantee that they will have evidence that the account has been compromised.


Scroll to Top