Microsoft Turns on Nation State Attack Warnings after China Criticism
Microsoft has finally bowed to pressure and will now warn customers if it thinks their accounts are being targeted by nation state spies, following reports that it had failed to do so in the past to Hotmail users hit by Chinese hackers.
Trustworthy Computing vice president, Scott Charney, explained in a blog post that the notifications would enhance Redmond’s current warnings of attacks that could indicate compromise by a third party.
“We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be ‘state-sponsored’ because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others. These notifications do not mean that Microsoft’s own systems have in any way been compromised.
If you receive one of these notifications it doesn’t necessarily mean that your account has been compromised, but it does mean we have evidence your account has been targeted, and it’s very important you take additional measures to keep your account secure. You should also make sure your computer and other devices don’t have viruses or malware installed, and that all your software is up to date.”
Charney recommended customers turn on two-step verification; use strong passwords, regularly changing them; monitor recent account activity; be careful of suspicious emails or sites; and keep computer software and AV up-to-date.
The decision to notify customers of possible nation state attacks comes as former employees told Reuters that Microsoft refused to act despite concluding that the Hotmail accounts of thousands of customers—including Tibetan and Uighur leaders—were hacked by the Chinese authorities.
The attacks in 2011 apparently exploited a Microsoft flaw to forward copies of all incoming mail to the hackers.
At the time, Microsoft didn’t inform the users that they might be being targeted by nation state spies, instead merely telling them to choose new account passwords. The concern is that the hackers may have gained enough persistence into target networks to see even these new credentials being inputted.
Microsoft’s decision brings it in line with the likes of Google, Twitter, Facebook and Yahoo.
Photo © JuliusKielaitis
Source: Information Security Magazine