Microsoft admits to being hacked too

Microsoft admitted that like Apple and Facebook, it too was recently hacked.

Once upon a time, Microsoft claimed that falling prey to social engineering tactics and then being hacked was a "rookie mistake." But now is the time for companies to jump on the bandwagon, to admit they were targeted by cyberattacks and successfully infiltrated. The stage is so crowded with 'giants' at this point, that there are fewer 'bad press' repercussions than if only one major company had admitted to being breached. Microsoft now admitted, hey we were hacked too.

"As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion," wrote Matt Thomlinson, General Manager of Microsoft's Trustworthy Computing Security. Unlike the New York Times and the Wall Street Journal there was no mention of Chinese hackers. Is there a moral to these sad tales? Perhaps only that anyone can become a victim.

However, back in 2011, John Howie, Microsoft's senior director in the Online Services Security & Compliance (OSSC) team, basically claimed that unlike RSA or Sony, Microsoft sites are unhackable and can't be DDoSed. In regards to the breach at RSA, Howie told Computing News, "RSA got hacked because someone got socially engineered and opened a dodgy email attachment. A rookie mistake." Furthermore "Sony was coded badly and failed to patch its servers. These are rookie mistakes." Howie added, "At Microsoft we have robust mechanisms to ensure we don't have unpatched servers. We have training for staff so they know how to be secure and be wise to social engineering."

Thomlinson's very short post on the Microsoft Security Response Center blog was titled "Recent Cyberattacks:"

Consistent with our security response practices, we chose not to make a statement during the initial information gathering process. During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing. 

This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries (see our prior analysis of emerging threat trends). We continually re-evaluate our security posture and deploy additional people, processes, and technologies as necessary to help prevent future unauthorized access to our networks.

Security firm Mandiant blew some minds and the lid off with its very detailed report blaming Chinese Army hackers for some Advanced Persistent Threats (APT): "APT1: Exposing One of China's Cyber Espionage Units." Then Forbes interviewed Richard Bejtlich, chief security officer at Mandiant, and discovered that the Chinese hackers outlined in the report as being responsible for hacking 115 U.S. targets are not even China's A-team. Andy Greenberg asked how the 'less than elite' APT1 compared "to the American hacker forces in the NSA or the U.S. Cyber Command." Bejtlich replied, "Our best guys are better than APT1 for sure. But our best guys are probably the same as their best guys, who are the same as the Russian's or the Israeli's best guys."

China, of course, denied the allegations, called Mandiant's report a commercial stunt, and then played the 'we-own-your-country' money card. Raw Story reported that an "editorial in the state-run China Daily said: 'One cannot help but ask the real purpose of such a hullabaloo. With the U.S.economic recovery dragging its feet, it is reasonable to think that some in Washington may want to make China a scapegoat so that public attention is diverted away from the country's economic woes'."

"We're essentially punching our mortgage bankers in the mouth, which doesn't always go over well," stated George Kurtz, CEO at CrowdStrike. "But the mere fact that we are talking about [cyberespionage] and shining a light on it is going to cause some consternation on the Chinese government."

Previously, during the State of the Union address, President Obama said, "We know foreign countries and companies swipe our corporate secrets. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy." Then, regarding all of this intellectual property theft, the Obama administration warned that both China and Russia are involved in 'aggressive' cyberattacks.

Last week, the White House released "Administration Strategy on Mitigating the Theft of U.S. Trade Secrets," [PDF] which stated, "We judge that the governments of China and Russia will remain aggressive and capable collectors of sensitive US economic information and technologies, particularly in cyberspace." This new strategy is broken down into five "action" items: "Focus diplomatic efforts to protect trade secrets overseas; promote voluntary best practices by private industry to protect trade secrets; enhance domestic law enforcement operations; improve domestic legislation," and a campaign to raise public awareness about such trade secret thefts.

The Cyber Intelligence Sharing and Protection Act (CISPA) [PDF] was also reintroduced without any privacy improvements. Privacy advocates are up in arms, but that's a story for another time.

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Copyright © 2013 IDG Communications, Inc.

How to choose a SIEM solution: 11 key features and considerations