Microsoft to warn of nation-state hacks

The move could put it at odds with UK government proposals to limit what tech firms can say about surveillance.

Microsoft will start warning people if it suspects a government is trying to hack into their email and other online accounts.

Users will be informed if their Outlook, OneDrive and other consumer-facing services are being targeted.
Anyone who received such a warning should take additional steps to keep their data safe, it said.
The move could put it at odds with UK government proposals to limit what tech firms can say about surveillance.
Several other companies, including Twitter, Facebook, Google and Yahoo have previously pledged to alert people about government requests for data.

Data watching

Microsoft said although it already let people know if it believed their accounts had been targeted or compromised by cyber-thieves, it needed to go further if a nation-state was responsible.
It needed to make a distinction because it was “likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others”,wrote Microsoft’s Scott Charney in a blogpost.
Mr Charney added that the notifications would not necessarily mean that attackers had broken into an account. Instead, it could just signify that an account had been targeted

Microsoft said it would not share details of what might lead it to conclude that nation-states were behind an attack but said it would send out the notices if “evidence reasonably suggests” such an entity was responsible.

It added that users should make sure the software on all their devices was up to date, use anti-virus software and scan for malware on all computers and gadgets they regularly used among other steps.
Alerting people about suspected nation-state attacks might cause Microsoft problems in Britain if a proposed law that regulates government snooping is passed.
The draft Investigatory Powers Bill aims to update the way the state, police and spies gather data to fight crime, terrorism and other threats.
Provisions in the law would make it illegal for firms to tell customers they were being targeted if the company did not obtain official permission to do so.
Microsoft declined to comment on whether its notification policy would bring it into conflict with the proposed law.
The software firm’s policy announcement comes soon after it was quizzed about why it did not tell victims of a 2011 hacking campaign that it believed China was behind the attack. Instead it just advised the users to change their passwords.
In a statement released to Reuters, it said that “as the threat landscape has evolved our approach has too”.