Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
The Syrian Electronic Army (SEA) hacked Microsoft last month. The information they dug up reveals how negligent companies are with user data sharing. And it also shows how much law enforcement pays Microsoft for court ordered user data sharing.
Careless with User Data Sharing
Law enforcement agencies like the FBI regularly make requests for user data sharing from big companies like Microsoft. The SEA hack produced several documents that show Microsoft’s interactions with law enforcement from around the world. Among the data they were able to access were user email addresses, account holders’ names, locations, and IP addresses, criminal subpoenas, and access keys. Experts believe that these keys are the passwords that give agencies like the FBI access to the packets that are turned over to comply with user data sharing. In the hands of hackers, these keys mean major data breaches suffered by users.
The recent hack by SEA is the third targeted attack on data related to requests from law enforcement agencies. The fact that hackers were able to access the information proves that Microsoft and other companies are not being careful. They are not securing the files related to orders that they receive for user data. It also makes data security experts suspect that these companies are not being careful when they process user data either. This makes user data vulnerable to breaches, which is an obvious privacy concern. User data sharing must be secure so the data passes only to government agencies. Now it is evident that Microsoft at least is not being careful enough with user data sharing processes.
Microsoft maintains that the data privacy of their users is their main concern. They also said that they are working on educating their employees to improve security. They declined to comment on the documents released by SEA. And they refuse to confirm that the user data SEA claims to have taken is really from their user data sharing files. But the company did admit that the social media accounts and emails of a few employees were subjected to phishing attacks. And the company’s Trustworthy Computing Group General Manager Adrienne Hall also said that in those attacks, some material related to user data sharing with law enforcement were taken.
FBI Pays for Microsoft User Data
Some people already know that agencies like the FBI pay Internet companies for user data sharing. But it was previously unknown how much companies like Microsoft really pay for each request for user data sharing . During the recent SEA hack, some email messages and invoices from the company’s Global Criminal Compliance group were taken. SEA shared the invoices with the online newspaper the Daily Dot, and Gizmodo also has a complete list of them. The invoices came from the Digital Intercept Technology Unit, a top secret division of the FBI.
According to the hacked invoices, the FBI is paying Microsoft exorbitant amounts for user data sharing. It is legal for Microsoft to charge fees for the processing of user data sharing requests. But the invoices show that Microsoft charges $200 for each request. This is taxpayer money, and it totals in the millions of dollars every year.