Microsoft says it will alert users when they are victims of 'state-sponsored' hacking
Microsoft has said that it will start alerting its users when it thinks that they are the victims of hacking by governments.
The company becomes the latest in a range of firms — which also includes Facebook, Twitter and Yahoo — to institute the rule.
The change of policy appears partly to be a response to the discovery of a huge hacking campaign found in 2011 that particularly targeted Chinese minority leaders. Microsoft has said that neither it nor the US government could say for sure who had done the hacking, and that it couldn’t pinpoint a single country that they came from.
Microsoft has previously alerted users to attempts to gain access to accounts and other hacking. But now it will have specific alerts when it believes that those hacking attempts have come from government.
“We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be ‘state-sponsored’ because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others,” Microsoft wrote in a blog post. “These notifications do not mean that Microsoft’s own systems have in any way been compromised.”
The company made clear that receiving such an alert does not necessarily mean that an account has been compromised. But it does mean that someone has tried to compromise it, and will serve as a reminder to users to ensure that their account remains secure.
As with the other companies that offer the feature, Microsoft has said that it will not reveal which country is suspected of the attack, or any more details about how it may have happened.
“The evidence we collect in any active investigation may be sensitive, so we do not plan on providing detailed or specific information about the attackers or their methods,” the company wrote in its blog post. “But when the evidence reasonably suggests the attacker is ‘state sponsored,’ we will say so.”
Google has long offered the feature, first instituting it in 2012. But it has been taken up recently by the other companies, apparently in response to an increasing worry about state-sponsored hacking.