“We weighed several factors in responding to this incident, including the fact that neither Microsoft nor the US government were able to identify the source of the attacks, which did not come from any single country,” the company said. Microsoft officials did not dispute that most of the attacks came from China, including a Chinese network known as AS4808 which has been publicly attributed to China by US intelligence, but said some came from elsewhere. But it did not alert the affected users to the intrusions and the scope of the snooping, allowing the hackers to continue their campaign, according to former Microsoft employees. Microsoft, after being alerted by security company Trend Micro in 2011, patched the security holes in its web services that allowed the hackers access to the emails and to reset user passwords. Targets included the emails of high-ranking Uighur and Tibetan leaders in multiple countries, African diplomats, human rights lawyers and others in sensitive positions inside China. The change follows revelations that Microsoft corporate executives concluded that over 1,000 of the company’s Hotmail email accounts had been hacked into by elements linked to Chinese authorities over three years starting in July 2009, but did not tell users. “We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be ‘state-sponsored’ because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others.” Scott Charney, corporate vice president of Microsoft’s Trustworthy Computing division, said: “We will now notify you if we believe your account has been targeted or compromised by an individual or group working on behalf of a nation state.
0 kommentar(er)
