In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:
Several years ago, after witnessing the email hacks, Hotmail provider Microsoft decided not to tell the victims, allowing Chinese authorities to continue their surveillance campaign, former company employees say.
The hackers at the time were targeting, in particular, international leaders of China’s Tibetan and Uighur minorities.
The first public suspicions about attacks against China’s opponents came in May 2011. That’s when security firm Trend Micro announced it had found a malware-laced email sent to someone in Taiwan.
The malicious program took advantage of a previously undetected flaw in Microsoft’s own Webpages and then commanded Microsoft’s free, consumer email services to forward copies of the user’s incoming mail to an account controlled by the attacker.
Former employees say Microsoft found that some interceptions had begun in July 2009.
Microsoft officials did not dispute that most of the attacks came from China, but said some came from elsewhere. They did not give further detail.
In 2011, Microsoft forced users to pick new passwords without disclosing the reason.
The former employees said it was “likely the hackers by then had footholds in some of the victims’ machines and therefore saw those new passwords being entered,” Reuters reports.
It’s unclear what happened to the email users and their correspondents as a result of Microsoft’s failure to warn them about suspected government hacking.
Reuters interviewed five of the Hotmail hacking victims identified as part of Microsoft’s…