Microsoft to warn email users of suspected hacking by governments
SAN FRANCISCOJan 01, 2016 - 12:00 am GMT+3
Jan 01, 2016 12:00 am
The tech giant will begin warning users of its consumer services including Outlook.com. The usual suspect is China. The World Uyghur Congress' vice president's account was among those compromised
Microsoft Corp experts concluded several years ago that Chinese authorities had hacked into more than a thousand Hotmail email accounts, targeting international leaders of China's Tibetan and Uighur minorities in particular - but it decided not to tell the victims, allowing the hackers to continue their campaign, according to former employees of the company.
On Wednesday, after a series of requests for comment from Reuters, Microsoft said it would change its policy and in future tell its email customers when it suspects there has been a government hacking attempt. The company also confirmed for the first time that it had not called, emailed or otherwise told the Hotmail users that their electronic correspondence had been collected.
The first public signal of the attacks came in May 2011, though no direct link was immediately made with the Chinese authorities. That's when security firm Trend Micro Inc announced it had found an email sent to someone in Taiwan that contained a miniature computer program. The program took advantage of a previously undetected flaw in Microsoft's own web pages to direct Hotmail and other free Microsoft email services to secretly forward copies of all of a recipient's incoming mail to an account controlled by the attacker. Trend Micro found more than a thousand victims, and Microsoft patched the vulnerability before the security company announced its findings publicly. Microsoft also launched its own investigation that year, finding that some interception had begun in July 2009 and had compromised the emails of top Uighur and Tibetan leaders in multiple countries, as well as Japanese and African diplomats, human rights lawyers and others in sensitive positions inside China, two former Microsoft employees said.
Some of the attacks had come from a Chinese network known as AS4808, which has been associated with major spying campaigns, including a 2011 attack on EMC Corp's security division RSA that U.S. intelligence officials publicly attributed to China.
Microsoft officials did not dispute that most of the attacks came from China, but said some came from elsewhere. They did not give further detail.
"We weighed several factors in responding to this incident, including the fact that neither Microsoft nor the U.S. government were able to identify the source of the attacks, which did not come from any single country," the company said.
The Chinese government "is a resolute defender of cyber security and strongly opposes any forms of cyberattacks", Chinese Foreign Ministry spokesman Lu Kang said, adding that it punishes any offenders in accordance with the law.
After a vigorous internal debate in 2011 that reached Microsoft's top security official, Scott Charney, and its then-general counsel and now president, Brad Smith, the company decided not to alert the users clearly that anything was amiss, the former employees said. Instead, it simply forced users to pick new passwords without disclosing the reason.
The employees said it was likely the hackers by then had footholds in some of the victims' machines and therefore saw those new passwords being entered. One of the reasons Microsoft executives gave internally in 2011 for not issuing explicit warnings was their fear of angering the Chinese government, two people familiar with the discussions said.
"The Internet service providers and the email providers have an ethical and a moral responsibility to let the users know that they are being hacked," said Seyit Tümtürk, vice president of the World Uyghur Congress, whose account was among those compromised. "We are talking in people's lives here."
Unrest in Xinjiang, the Chinese region bordering Kazakhstan that is home to many Uighurs, has cost hundreds of lives in recent years. Until Wednesday, Microsoft had rejected the idea of explicit warnings about state-sponsored hacking, such as those Google Inc began in 2012, the former employees said. In the 2011 case, the company also opted not to send a more generic warning about hacking. Reuters interviewed five of the Hotmail hacking victims that were identified as part of Microsoft's investigation: two Uighur leaders, a senior Tibetan figure and two people in the media dealing with matters of interest to Chinese officials.
Most recalled the password resets, but none took the procedure as an indication that anyone had read his or her email, let alone that it may have been accessed by the Chinese government. "I thought it was normal, everybody gets it," said one of the men, a Uighur now living in Europe. Another Microsoft-identified victim was Tumturk, the World Uyghur
Congress vice president who lives in Turkey. Microsoft investigators also saw that emails had been forwarded from the account of Peter Hickman, a former American diplomatic officer who arranged high-profile speeches by international figures at the National Press Club in Washington for many years. Hickman said he used his Hotmail account on Press Club computers to correspond with people, including the staff for the Tibetan government in exile, whose leader Lobsang Sangay spoke at the club in 2011; Tümtürk's World Uyghur Congress, whose then-president Rebiya Kadeer spoke in 2009; and the president of Taiwan, who spoke by video link-up in 2007.
About the author
Research Associate at Center for Islam and Global Affairs (CIGA) at Istanbul Sabahattin Zaim University