Microsoft phishing attack nets law enforcement requests

Microsoft acknowledged that employees with access to law enforcement request documents have been compromised in a phishing attack. The company would not confirm a culprit.


Microsoft employees handling secret law enforcement request documents were suckered by phishing attacks, giving hackers access to the documents, the company acknowledged in a blog post late Friday January 24.

The attackers gained purposeful access to specific Microsoft employee email accounts.

The company said, "It appears that documents associated with law enforcement inquiries were stolen."

While some outlets report that the culprit is, or may be, the Syrian Electronic Army, ZDNet requested a confirmation Monday morning, but Microsoft would not confirm the SEA's possible involvement.

Microsoft did confirm to ZDNet, however, that news outlets claiming to have spoken with the blog post's author Adrienne Hall regarding the Syrian Electronic Army are incorrectly reporting that Hall is male (that's ;Ms. Hall, dear reader).

Microsoft said, "If we find that customer information related to those requests has been compromised, we will take appropriate action. Out of regard for the privacy of our employees and customers – as well as the sensitivity of law enforcement inquiries – we will not comment on the validity of any stolen emails or documents."

Microsoft stated that certain employee "social media and email accounts were subjected to targeted phishing attacks" but would not comment on the type or style of phishing attacks used on its employees.

Microsoft maintains operations and a physical presence in more than 100 countries around the world.

To target specific a Microsoft employee handling law enforcement documents and social engineer a phishing attack through social media and email channels would require a level of sophistication beyond simply brute forcing a password to get into a Twitter account.

Some news outlets have suggested the culprits could be hacktivists. Yet the attack's profile is more in league with that of a nation state or sophisticated entities, who would want access to law enforcement requests for their own intelligence gathering purposes.

This intel would be to find out if the criminals themselves are being targeted -- to see if the authorities are "on to" them.

Microsoft stated in its most recent Law Enforcement Requests Report that the overwhelming majority of law enforcement requests it receives seek information related to its free consumer services used by individuals in their personal capacity such as: web-mail accounts (Hotmail/, SkyDrive cloud storage; Messenger, and Skype. We also receive requests related to Xbox Live users.

About the report it adds, "Unfortunately, we are not currently permitted to report detailed information about the type and volume of any national security orders (e.g. FISA Orders and FISA Directives) that we may receive so any national security orders we may receive are not included in this report."

Microsoft did not specify the date range of the requests that were stolen.

For the first six months of 2013, the law enforcement requests Microsoft received requested information about 66,539 Microsoft and Skype accounts or identifiers.

Microsoft added, "These numbers do not include any national security orders (e.g. FISA Orders and FISA Directives) because Microsoft is not allowed to disclose detailed information about the type and volume of national security orders that it might receive.

"The data show that law enforcement sought information about only a tiny fraction of the millions of end users of our enterprise services, such as Office 365. In all 19 cases, the legal demands were from law enforcement entities located in the U.S., and sought data about accounts associated with enterprise customers located in the United States."

In addition, to date, Microsoft has not disclosed enterprise customer data in response to a government request issued pursuant to national security laws.