In “good news that in an ideal world shouldn’t be classified as good news,” Microsoft has now announced that it will pre-warn users of its Outlook email service if the government is planning to hack their accounts.
With the company having recently been embarrassed by Reuters journalists, who took the tech giant to task about it not having informed its email users of a hacking campaign in 2011, its company policy has now been updated to reflect a change in which Outlook users will be notified if “an individual or group working on behalf of a nation state” seeks access to certain accounts.
Here’s the official statement from Microsoft, as posted on the company’s blog:
“We will now notify you if we believe your account has been targeted or compromised by an individual or group working on behalf of a nation state. We already notify users if we believe their accounts have been targeted or compromised by a third party, and we provide guidance on measures users can take to keep their accounts secure. We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be “state-sponsored” because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others.
These notifications do not mean that Microsoft’s own systems have in any way been compromised. If you receive one of these notifications it doesn’t necessarily mean that your account has been compromised, but it does mean we have evidence your account has been targeted, and it’s very important you take additional measures to keep your account secure. You should also make sure your computer and other devices don’t not have viruses or malware installed, and that all your software is up to date.
The evidence we collect in any active investigation may be sensitive, so we do not plan on providing detailed or specific information about the attackers or their methods. But when the evidence reasonably suggests the attacker is “state sponsored,” we will say so.”
While Microsoft has conceded that it will be unable to tell users if their accounts have been directly impacted by government spying, it will at least allow them to see just how often such activities are carried out, and could even prove to be a deterrent for organizations such as the United States’ National Security Agency.
The 2011 hacking campaign saw a number of individuals in China, from diplomats through to media workers, having their Hotmail email accounts (now known as Outlook email) accessed without their authorization. This decision was roundly criticized, with activists lobbying for Microsoft to update their policies in order to offer greater transparency to their users