SAN FRANCISCO, Dec 30 (Reuters) The policy change comes nine days after Reuters asked the company why it had decided not tell victims of a hacking campaign, discovered in 2011, that had targeted international leaders of China’s Tibetan and Uighur minorities in particular.
According to two former employees of Microsoft, the company’s own experts had concluded several years ago that Chinese authorities had been behind the campaign but the company did not pass on that information to users of its Hotmail service, which is now called Outlook.com.
In its statement, Microsoft said neither it nor the U.S. government could pinpoint the sources of the hacking attacks and that they didn’t come from a single country.
The policy shift at the world’s largest software company follows similar moves since October by Internet giants Facebook Inc, Twitter Inc and most recently Yahoo Inc .
Google Inc pioneered the practice in 2012 and said it now alerts tens of thousands of users every few months.
For two years, Microsoft has offered alerts about potential security breaches without specifying the likely suspect.
In a statement to Reuters, Microsoft said: “As the threat landscape has evolved our approach has too, and we’ll now go beyond notification and guidance to specify if we reasonably believe the attacker is ‘state-sponsored’.”
In a blog post published late Wednesday, Microsoft said: “We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be ‘state-sponsored’ because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others.
The Hotmail attacks targeted diplomats, media workers, human rights lawyers, and others in sensitive positions inside China, according to the former employees.
Microsoft had told the targets to reset their passwords but did not tell them that they had been hacked. Five victims interviewed by Reuters said they had not taken the password reset as an indication of hacking.
Online free-speech activists and security experts have long called for more direct warnings, saying that they prompt behavioral changes from email users.
(Reporting by Joseph Menn; Editing by Jonathan Weber and Martin Howell and Richard Pullin)
Photo: Microsoft CEO Satya Nadella addresses delegates during the launch of the Windows 10 operating system in Kenya’s capital Nairobi, July 29, 2015. REUTERS/Thomas Mukoya.
Want to watch Richard Poplak’s audition for SA’s Got Talent?
Who doesn’t? Alas, it was removed by the host site for prolific swearing*... Now that we’ve got your attention, we thought we’d take the opportunity to talk to you about the small matter of book burning and freedom of speech.
Since its release, Pieter-Louis Myburgh’s book Gangster State, has sparked numerous fascist-like behavior from certain members of the public (and the State). There have been planned book burnings, disrupted launches and Ace Magashule has openly called him a liar. And just to say thanks, a R10m defamation suit has been lodged against the author.
Pieter-Louis Myburgh is our latest Scorpio Investigative journalist recruit and we’re not going to let him and his crucial book be silenced. When the Cape Town launch was postponed, Maverick Insider stepped in and relocated it to a secure location so that Pieter-Louis’ revelations could be heard by the public. If we’ve learnt one thing over the past ten years it is this: when anyone tries to infringe on our constitutional rights, we have to fight back. Every day, our journalists are uncovering more details and evidence of State Capture and its various reincarnations. The rot is deep and the threats, like this recent one to freedom of speech, are real. You can support the cause by becoming an Insider and help free the speech that can make a difference.
*No video of Richard Poplak auditioning for SA’s Got Talent actually exists. Unless it does and we don’t know about it please send it through.
Dwayne "The Rock" Johnson is an ordained minister.