Microsoft to flag state-sponsored hacking of its users' accounts

In a policy change, the tech giant will let users of online services such as Outlook.com email know if they've become targets of government-sponsored attackers.

Edward Moyer Senior Editor
Edward Moyer is a senior editor at CNET and a many-year veteran of the writing and editing world. He enjoys taking sentences apart and putting them back together. He also likes making them from scratch. ¶ For nearly a quarter of a century, he's edited and written stories about various aspects of the technology world, from the US National Security Agency's controversial spying techniques to historic NASA space missions to 3D-printed works of fine art. Before that, he wrote about movies, musicians, artists and subcultures.
Expertise Wordsmithery. Credentials
  • Ed was a member of the CNET crew that won a National Magazine Award from the American Society of Magazine Editors for general excellence online. He's also edited pieces that've nabbed prizes from the Society of Professional Journalists and others.
Edward Moyer
3 min read

Is a nation state behind those hacking hands?

C.J. Burton/Corbis

If you're using Microsoft's online email and file-storage services, you'll now get a special heads-up if your accounts are hit by state-sponsored hackers, a warning that you should take additional steps to secure your accounts.

The world's biggest software company had already been telling people using Outlook.com email and OneDrive storage if they'd been targeted or hacked. Now it will specifically say if it looks like a nation state might be involved.

Microsoft announced the policy change in a blog post Wednesday and explained it by saying such attacks can be especially problematic.

"We're taking this additional step of specifically letting you know if we have evidence that the attacker may be 'state-sponsored' because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others," wrote Scott Charney, a high-level security executive at the Redmond, Washington-based company.

The stepped-up practice goes into effect as cyberspying and cyberwarfare become more of a threat to people around the world. Last year's hacking of Sony Pictures, which the FBI attributed to North Korea, led President Barack Obama to impose sanctions on the country. Edward Snowden's revelations about the US National Security Agency's spy programs have caused more companies to question the government's actions. And the use of the Internet by the Islamic State has led to demands for more aggressive political and military tactics and a call for social networks like Twitter and Facebook to better police their sites.

Getting notice from Microsoft of a potentially state-sponsored attack, Charney said, "doesn't necessarily mean that your account has been compromised, but it does mean we have evidence your account has been targeted, and it's very important you take additional measures to keep your account secure."

Those steps include using a strong password and changing your password often, adding an extra security code to your accounts by turning on two-step verification, and running an antivirus program. Microsoft's other suggestions can be found here.

Microsoft joins Facebook, Google and Twitter in notifying users of potential state-sponsored attacks. Google has been doing so since 2012. Facebook started the practice in October, and Twitter began telling its members earlier this month.

The policy change comes at about the same time as a Reuters news report citing former Microsoft employees who say that in 2011, the company failed to tell more than 1,000 Hotmail users, including international leaders of China's Tibetan and Uighur minorities, that their accounts had been hacked by Chinese authorities. Instead, Microsoft decided to simply force those affected to reset their passwords because the company's "primary concern was ensuring that our customers quickly took practical steps to secure their accounts," a company spokesman said Thursday in an e-mailed statement.

"We weighed several factors in responding to this incident, including the fact that neither Microsoft nor the US government were able to identify the source of the attacks, which did not come from any single country," the spokesman said. "We also considered the potential impact on any subsequent investigation and ongoing measures we were taking to prevent potential future attacks."

CNET's Connie Guglielmo contributed to this report.