In its new policy, Microsoft will inform users of online services that whether or not they have become a target of government-sponsored attackers. When you will use Microsoft’s online email and file-storage service, you can get a special heads-up that may state if your account is hit by a state-sponsored hacker. It will be more like a warning that user must take additional steps to protect their accounts.
Already, the tech giant informs people using Outlook.com email and OneDrive if they have been hacked. But the company is now coming up with a new policy in which it will specify if a nation state is involved. On Wednesday, the company announced the policy change.
Scott Charney, a high-level security executive at the company, was of the view, “We're taking this additional step of specifically letting you know if we have evidence that the attacker may be 'state-sponsored' because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others”.
Charney affirmed that if one receives a notification then it does not mean that his/her account has been hacked. But it does mean that the company has evidence that the account has been targeted and it is very important to keep your account secure.
The precautionary steps include a strong password and regularly changing passwords and adding an extra security code to accounts by turning on two-step verification and running an antivirus program. After Facebook, Google and Twitter, it is Microsoft that has joined the league to inform users about potential state-sponsored attacks.
Google has been using the scheme since 2012. Facebook has started in October and Twitter earlier this month. The policy change has come into effect at the time when cyberspying and cyberwarfare have become more of a threat to people across the world.
In other news Reuters reported, the company also confirmed for the first time that it had not called, emailed or otherwise told the Hotmail users that their electronic correspondence had been collected. The company declined to say what role the exposure of the Hotmail campaign played in its decision to make the policy shift.
The first public signal of the attacks came in May 2011, though no direct link was immediately made with the Chinese authorities. That's when security firm Trend Micro Inc (4704.T) announced it had found an email sent to someone in Taiwan that contained a miniature computer program.
In a statement provided to Cio-Today, Microsoft vowed to warn users if there is any reason to believe their accounts have been “targeted or compromised by an individual or group working on behalf of a nation state.” Redmond changed its policy after a report by Reuters alleged that the company chose not to tell thousands of Hotmail users that their e-mail accounts had been hacked by government officials in China.
In 2011, Microsoft cybersecurity experts reportedly found evidence of attacks on Hotmail accounts used by human rights lawyers, diplomats in Japan and Africa, as well as Tibetan and Uighur leaders. according to Reuters. But instead of informing users that their accounts had been hacked, Microsoft just decided to ask affected users to change their passwords.
Microsoft said Wednesday that it will now notify people if their accounts have been targeted or compromised by a government. "We're taking this additional step of specifically letting you know if we have evidence that the attacker may be 'state-sponsored' because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others," Scott Charney, a vice president at the company, said in a blog post, according to a report from the CNN Philippines.