Taken in phishing attack, Microsoft’s unmentionables aired by hacktivists

Pro Syrian hacktivists have offered compelling proof that they successfully breached Microsoft's corporate network and made off with highly sensitive documents that company employees sent to law enforcement officials, according to a media report published Thursday.

Billing invoices and other documents show Microsoft charging the FBI hundreds of thousands of dollars a month to comply with legal requests for customer information, according to the article published by The Daily Dot. The publication said the stolen Microsoft material was provided by members of the Syrian Electronic Army (SEA), a hacking group that has compromised social media accounts and occasionally private networks of eBay and Viber, as well as media outlets including The Washington Post, the Associated Press, The Financial Times, the BBC, Al Jazeera, and Forbes. The group has proven itself to be extremely effective in waging highly targeted phishing attacks that extract login credentials. For an idea how intricate some SEA attacks can be, see this detailed post-mortem of a recent ransacking of Forbes.

Most of the SEA's successes result in little more than a public embarrassment for the compromised targets. But recent exploits against Microsoft and eBay, which Ars covered here and here, were more serious because they exposed confidential operations or data that could be used to further penetrate the companies or compromise operational security.

Read 3 remaining paragraphs | Comments