Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hackers Steal Law Enforcement Documents From Microsoft

timothy posted about 6 months ago | from the traffic-ticket-inquiry dept.

Microsoft 53

wiredmikey writes "Microsoft on Friday said that attackers breached the email accounts of a "select number" of employees, and obtained access to documents associated with law enforcement inquiries. According to the company, a number of Microsoft employees were targeted with attacks aiming to compromise both email and social media accounts '..We have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed,' said Adrienne Hall, General Manager at Microsoft's Trustworthy Computing Group. 'It appears that documents associated with law enforcement inquiries were stolen,' Hall said. Targeted attacks like this are not uncommon, especially for an organization like Microsoft. What's interesting about this is that the incident was significant enough to disclose, indicating that a fair number of documents could have been exposed, or that the company fears some documents will make their way to the public if released by the attackers—which may be the case if this was a 'hacktivist' attack."

cancel ×

53 comments

Sorry! There are no comments related to the filter you selected.

Ahh... (5, Funny)

the_skywise (189793) | about 6 months ago | (#46066371)

""Microsoft on Friday said that attackers breached the email accounts of a "select number" of employees,"
I see Microsoft uses hotmail internally too..

Re:Ahh... (2, Interesting)

Anonymous Coward | about 6 months ago | (#46066593)

I see Microsoft uses hotmail internally too..

Maybe, but what I'm really hoping for is their version of Snowdon to step forward and blow the whistle on a lot more of their nefarious activities.

They're a deeply unethical, deceptive and dangerous company that's been doing a lot of damage for a long time. I'm sure there are people working for them that have consciences and would be considering stepping forward.

If you're one of them, now would be a good time...

Re:Ahh... (0)

Anonymous Coward | about 6 months ago | (#46066697)

They're a deeply unethical, deceptive and dangerous company that's been doing a lot of damage for a long time. I'm sure there are people working for them that have consciences

Big firm recruitment processes are about having the right (or wrong) values rather than technical skill.

So, no, it's likely that there are not people working for any big firm who have any sort of conscience.

Why do you think the Snowden affair took so long to arrive? Because it's so utterly unusual for a decent person to end up at a place like this.

As the old saying goes, anyone can be taught a skill, but it's much harder to be taught values.

The same applies in politics: anyone wanting to lead a country has the necessary qualities for immediate qualification. Solving this problem is harder than stating it, of course.

Re:Ahh... (1)

Smallpond (221300) | about 6 months ago | (#46067849)

When I was an engineering student I was required to take an ethics course, so yes, you can teach values.

Re:Ahh... (2)

davester666 (731373) | about 6 months ago | (#46068303)

But can you learn them?

Re:Ahh... (1)

MobSwatter (2884921) | about 6 months ago | (#46071465)

So... Not being open source is evil? I can see that M$ would have just as much power to fight NSA letters as anyone else. Once you get one, it seems to compare with getting AIDS. Not really healthy for anyone's business model or the economy and your ability to participate in it, open source or not, I'm quite certain Phillip Zimmerman could chime in here.

Re:Ahh... (1)

circletimessquare (444983) | about 6 months ago | (#46066631)

Google DDoSed those hotmail accounts too yesterday?

win ftw (1)

mraeormg (3480869) | about 6 months ago | (#46066913)

Yes, they have finally migrated hotmail off of BSD servers.

Betting time! (5, Insightful)

fuzzyfuzzyfungus (1223518) | about 6 months ago | (#46066391)

So, 'documents associated with law enforcement inquiries' seem like something of interest to two classes of people:

(A): Anyone curious about how shocked, shocked, Microsoft actually is about massive electronic eavesdropping by the feds.

(B): Technically sophisticated targets or likely targets of some law enforcement operation looking for information pertaining to their own case.

Any guesses? One of those botnet groups that Microsoft periodically tries to disrupt checking to see if they need to start retaining a lawyer, or coming soon to wikileaks?

Re:Betting time! (4, Interesting)

kbrannen (581293) | about 6 months ago | (#46066553)

How about (C), a new form of "Freedom of Information Act". :)

Re:Betting time! (1)

Anonymous Coward | about 6 months ago | (#46066625)

(D): All of the above.

Re:Betting time! (3, Funny)

fuzzyfuzzyfungus (1223518) | about 6 months ago | (#46066777)

But it just isn't the same without the lawyers, and the obstructionism, and all those black highlighters. Kids these days, they'll never know the joy of being spitefully shipped boxes of badly photocopied documents tangentially related to your inquiry and seemingly intended to defeat it by sheer volume and unsearchability!

Re:Betting time! (1)

erroneus (253617) | about 6 months ago | (#46067737)

Did anyone have any doubt that Microsoft willingly cooperates with the NSA and all other 3-letter-agencies? It would be more shocking to find out they haven't been helping. And didn't we see some Snowden or other information released some time ago showing the reason some Microsoft bugs were not patched quickly was because the NSA wasn't done exploiting them yet?

The only thing confusing about this to me is that I was under the impression that pretty much all law enforcement [shared] data was going through a DHS clearing house now. If anyone recalls the story about the Florida CCW guy who left his gun at home and was harassed by Maryland cops, the cop was able to collect ALL of that data before he even pulled the guy over. (Yeah, I know the story says he didn't mention it until after the License and Registration bit, but other information suggests it was the fact that he had the CCW was the impetus for pulling the man over in the first place.) But more than that, there have been Snowden or other releases which show that DHS and other 3LAs have been supplying local police with data and then instructed to obfuscate and lie about how they came by their evidence. So to have LEO requests coming straight to Microsoft would suggest other things.

I hope these stolen document surface soon.

Re:Betting time! (0)

Anonymous Coward | about 6 months ago | (#46071939)

In one of the Snowden slides you can see that Microsoft was the first large tech company to sell out its customers to the NSA. I bet they couldn't wait to do it if there were some money involved.

Re:Betting time! (1)

Kirth (183) | about 6 months ago | (#46079667)

Simple: White hats publish, black hats don't.

Do we know that this is authentic? (4, Insightful)

Anonymous Coward | about 6 months ago | (#46066395)

Has anyone confirmed that the blog post disclosing this incident is actually authentic?

One of the linked-to articles links to another article from the Seattle Times dated January 21, 2014 and entitled "Official Microsoft blog hacked again by Syrian Electronic Army [seattletimes.com] ".

So at least one official Microsoft blog was apparently compromised within the past few days. If it happened once, there's the possibility that it could happen again.

I would feel more comfortable trusting the information about this incident if it weren't coming from a Microsoft blog post, too. I think that confirming this information via some other official channel would allow more trust to be placed in its authenticity.

Re:Do we know that this is authentic? (2)

VortexCortex (1117377) | about 6 months ago | (#46067993)

Nice try NSA. You've already shown your hand. We know you can love kittens on any website in the world, it's obvious that you've snuggled this poor commenter's post to spread your delightful agenda.

apply for 'ordinary citizen' security profile (0)

Anonymous Coward | about 6 months ago | (#46066439)

no need for further surprises? if you use POT (Personal Open Terminal) you can bet your .asp you have won & still wind up on the gallows? better to obtain the confession & re-unommission form asap

If microsoft==true then ??? (3, Interesting)

nyckidd (213326) | about 6 months ago | (#46066495)

If Microsoft can't educate their employees on how to avoid phishing / social engineering attacks what does this say for the rest of the world? Considering the fact that they have already had a number of other widely publicized incidents in the media recently, shouldn't they be on high alert?

I really hope at some point they decide to release actual details on what really occured, because love or hate them, Microsoft could be the company that actually does something that might actually get through to end users.

Annual report says MS unconcerned about security (4, Informative)

raymorris (2726007) | about 6 months ago | (#46066583)

It does not appear that Microsoft is "on high alert".

I recently read over the annual reports from major tech companies, looking at the business risks they report. This is an indication of how high level executives see the risks the company faces. Google, for example, has several paragraphs covering the damage to the brand, costly remediation, and potential liability if users' private information were breached, if confidential information about new product research leaked, etc.

Microsoft lists the following risks to their business:

Competition. If large organizations start using Google Docs etc. that would severely hurt Microsoftprofits.

Product flops. Products they are developing could flop the way Surface and Windows 8.

Legal action. MS is still in trouble in Europe for unlawful behavior.

Patent infringement. MS may be infringing on other companies patents.

Nowhere did it mention security as a risk that MS executives have on their radar screen at all. This is in marked contrast to Google and some others. Several "old guard" companies make no mention of how security issues could affect their business, while newer companies seem to be slightly more aware.

Re:Annual report says MS unconcerned about securit (1)

nyckidd (213326) | about 6 months ago | (#46066663)

One could argue that the "damage to the brand, costly remediation, and potential liability" that google details specifically just falls under Microsoft's competition, legal action and (possibly) product flops. "We're Microsoft. Only the little people deal with details!"

On the other hand, Google spells out a lot of things they are doing or are going to do to us.. and yet we click and use the products anyway..

Re:Annual report says MS unconcerned about securit (1)

icebike (68054) | about 6 months ago | (#46067085)

Annual reports are the very LAST PLACE anyone would expect to find pertinent information.

Its jus boiler plate. Written months or years ago. A mere wrapper around obfuscated somewhat current numbers specifically designed to leave the reader guessing.

Re:Annual report says MS unconcerned about securit (1)

Anonymous Coward | about 6 months ago | (#46067129)

Every employee at MS has compulsory training around this every year where it is clearly highlighted how these incidents can affect MS, there customers and their business. It is something they have done for a long time now. But no matter how well trained there will always people that make errors, as seems to have been the case with this incident.

Re:Annual report says MS unconcerned about securit (0)

Anonymous Coward | about 6 months ago | (#46067177)

For google there user's data is their product. If that is lost then google are up shit creek. If anything I think googles statements show how immature a company they are in this area. Companies like MS have been dealing with these attacks for longer than google has existed, MS is one of the most attacked companies on the planet and they have a lot of IT, procedures and training in place at all levels to prevent and mitigate this risk.

Re:Annual report says MS unconcerned about securit (2)

VortexCortex (1117377) | about 6 months ago | (#46068047)

Nowhere did it mention security as a risk that MS executives have on their radar screen at all.

Of course not. Why would they be? They're the ones who make Windows.

Re: If microsoft==true then ??? (0)

Anonymous Coward | about 6 months ago | (#46072157)

microsoft is not logically equivalent to truth.

Good. (0)

Anonymous Coward | about 6 months ago | (#46066527)

I'll look forward to the release of this information.

Monday's announcement: (5, Funny)

pla (258480) | about 6 months ago | (#46066537)

"So you know how we swore up and down for years that we didn't intentionally weaken Windows encryption for the NSA? Yeah, about that..."

Re:Monday's announcement: (2)

Tasha26 (1613349) | about 6 months ago | (#46066619)

Won't be long before NSA gets hit too. Afterall, they're the ones who opened pandora's box!

Re:Monday's announcement: (2)

DoofusOfDeath (636671) | about 6 months ago | (#46068251)

The U.S. intelligence agencies torture people. That's a disincentive to hacking them.

Re:Monday's announcement: (0)

Anonymous Coward | about 5 months ago | (#46117813)

The U.S. intelligence agencies torture people. That's a disincentive to hacking them.

Only if you don't have someone you would like to see tortured.

In other news: Disneyland is makebelieve.

Re:Monday's announcement: (0)

Anonymous Coward | about 6 months ago | (#46067067)

NSA can VNC/Spec Ops your Windows Desktop over Port 80. True story.

e-mail for law enforcement? (1)

Anonymous Coward | about 6 months ago | (#46066549)

people use e-mail to exchange law documents? I thought everyone uses fax or postal mail to send legal documents. I'm lost.

Re:e-mail for law enforcement? (2)

Overzeetop (214511) | about 6 months ago | (#46066693)

Yes, all the time (I am an expert witness). And they coordinate documents, meetings, etc. via email too.

Re: e-mail for law enforcement? (1)

dave562 (969951) | about 6 months ago | (#46068111)

Absolutely. I run legal doc review systems. The systems house everything from standard Office doc types and email, it obscure formats that sometimes require custom viewers to review. Lawyers are like everyone else, they use email to communicate. The only difference is that their email signatures say "privileged and confidential" so that if they are collected during forensic discovery, they can claim attorney client privilege and keep them from being used as evidence (in most cases).

Finally! (3, Insightful)

Tasha26 (1613349) | about 6 months ago | (#46066615)

Don't care if it was an actual hack or a pretend-hack to leak information. Someone needs to lift the curtain on these thousands of law enforcement requests to Microsoft, Google, Yahoo and F***book.

Re:Finally! (0)

Anonymous Coward | about 6 months ago | (#46067499)

It would be quite the embarrassment for our gestapo boys if those other companies also got "hacked" over the weekend...

captcha: unionize

We have the so called "law enforcement documents" (0, Troll)

th3pr0 (3512955) | about 6 months ago | (#46066653)

I'm from the Syrian Electronic army, we have the documents this article spoke of and will be sending them to the media. We have every intention of releasing them for the public to see. They call them "law enforcement" documents to pretend they have done nothing wrong, but the facts will be clear soon when it shows the correlation to the "PRISM" program discussed in Snowden's leaks. What you have here is Microsoft's confirmation that these documents are genuine. They are attempting to preempt their publication by putting forward a plausible back story. Just wait and see....

Re:We have the so called "law enforcement document (-1)

Anonymous Coward | about 6 months ago | (#46066793)

You are not, you're a random jackass. Now fuck off and die like the random jackass you are.

Re:We have the so called "law enforcement document (1)

Anonymous Coward | about 6 months ago | (#46067193)

Assad's boys will be kicking down your door any day now.

Enjoy what little time you have left, because you and your al-qaida terrorist "rebel" friends are on the losing side.

Re:We have the so called "law enforcement document (1)

Anonymous Coward | about 6 months ago | (#46072249)

Assad's boys will be kicking down your door any day now.

Enjoy what little time you have left, because you and your al-qaida terrorist "rebel" friends are on the losing side.

I hope you're trying to be funny, but just in case, guess who're behind these ' al-qaida terrorist "rebel" friends'?

Yes, you guessed it, the USA and Saudi (same as it ever was)

not Assad.

Not Stolen (4, Interesting)

fred911 (83970) | about 6 months ago | (#46066761)

If they were stolen the owner wouldn't have possession or use of said items.

Re:Not Stolen (0)

Anonymous Coward | about 6 months ago | (#46068199)

I noticed that immediately as well. Editors! Please use words such as "access" or "copy" instead. "Steal" is both inaccurate and rather loaded.

It's impossible... (Sqore:500,000, God-given) (0)

Anonymous Coward | about 6 months ago | (#46066767)

to steal some that is a matter of public record.

CAPTCHA = 'pretend'

That's news? (0)

Anonymous Coward | about 6 months ago | (#46066839)

It's difficult to be surprised when learning about further incompetence in the security area at MS. It's par for the course for them.

what did you expect (0)

Anonymous Coward | about 6 months ago | (#46067007)

this is a perfect example of why you shouldnt use microsoft security essentials

Documents Deliberately Released? (2, Insightful)

Anonymous Coward | about 6 months ago | (#46067121)

Former Microsoft SDE here. Given universal requirements for strong passwords, security briefings on social engineering, and sensitive document protection technologies employed internally at Microsoft, it seems equally likely to me that there was no actual breach of security. I would venture that these documents were deliberately released or left unguarded for hacktavists to easily find.

Re:Documents Deliberately Released? (2, Informative)

Anonymous Coward | about 6 months ago | (#46067903)

Having worked with several MS security experts in my career, and given their near universal knowledge and somewhat Borg mentality concerning MS security practices, I would venture that you are correct. Except that it was not intentional, someone just REALLY pooched the goose and left the documents on a flash drive that got out while everyone was frantically looking for it.

Oh the stories I have... MS employees and contractors are funny.

law enforcement inquiries (1)

Mister Liberty (769145) | about 6 months ago | (#46067589)

Who, what, where, when, how. Questions, questions, questions.

Inquiries pertaining to what?

SEC, FBI, NSA?
Microsoft malfeasance?
Microsoft fraud?
Microsoft strong arm tactics?
Inquiries pertaining to Microsoft clients or consumers?

Tell you what, Microsoft, I'll be gentle on you and presume the least;
since you chose to come forward this time, I bet it's inquiries into
your own behavior and or practices.

So password1? (0)

Anonymous Coward | about 6 months ago | (#46067773)

How much do you want to bet that they got in due to stupidity of said employees using obviously guessable passwords?

Dotting i's And Crossing t's (-1)

Anonymous Coward | about 6 months ago | (#46070053)

Hummm.

I would expect to read a BIG Wall Street Journal announcement in the coming weeks.

Could be, in addition to Microsoft "types" there will be the rich and famous from DoJ and DoT and WH.

OH. Need to buy stock in Popcorn quick!

PS Isn;t wonderful that "ObamaCare" is in function "GayCare" since most gays will die between the age
of 22 to 38 and without offspring to boot! Wow. What a money win fall to Obama and ObamaCare! Yes, gays
are not, read NOT, in the upper salary and income brackets in the USA, but without folding over the proceeds
of the dead to a "survivor" the Federal Government takes the money and walks to the BANK Laughing!

Ho ho.

Its hard to know who the criminals are these days (1)

Bob_Who (926234) | about 6 months ago | (#46071411)

Setting aside the fact we won't get all of the facts, on a philosophical level I am beginning to lose a sense of victim, perpetrator, violation, motive, and crime. Frankly, I consider all players in this type of racquet and collective finger pointing and ass coverage to be a a twisted fetich for scumbags, liars, and thieves. The "legitimate" model for how these entities earn their keep and their general lack of commitment or accountability for anything else that results is typical human nature. Corporations may not be people, but they sure behave like impetuous, self centered flakes. Sort of like government and congress, for that matter. Welcome to the human race, I guess. Pity that biological evolution takes soooo long.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>