Microsoft will notify its users when it detects a hack carried out by nation states or governments.

The declaration cements Microsoft’s growing position in the tech industry as a leading privacy and consumer rights champion. Redmond is currently fighting a demand by US law enforcement that it hands over email records of a customer stored offshore in an Irish data centre.

Hacker Identification

Microsoft has added potential fuel to that fire with its warning to governments around the world that it will blow the whistle on any attempts to access its services. Specifically, it will go public if it suspects a government has been trying to hack into accounts such as Outlook.com email.

The decision comes just days after Reuters asked Microsoft why it had decided not tell victims of a hacking campaign, discovered in 2011, that had targeted international leaders of China’s Tibetan and Uighur minorities in particular.

That report cited two former Microsoft employees, who said Redmond’s own experts had concluded that Chinese authorities had been behind the campaign. But Microsoft did not pass on that information to users of its Hotmail service (now called Outlook.com.)

Google in comparison triggered an international incident back in 2010, when it discovered a cyber-attack in which the Gmail accounts of dozens of human rights activists in China were allegedly accessed. Fingers were rapidly pointed at the Chinese government, although it denied it was behind the attack.

Name And Shame

But now Microsoft has pledged it will name and shame governments in a blog posting by Scott Charney, corporate VP of Trustworthy Computing at Microsoft.

“We’re committed to helping our users keep their personal information secure and private,” wrote Charney. “A key part of our work is identifying and preventing unauthorised access to your Microsoft Account (including Outlook.com email and OneDrive) by anyone other than you.”

“We’re taking an additional step today,” he wrote. “We will now notify you if we believe your account has been targeted or compromised by an individual or group working on behalf of a nation state.”

Microsoft already alerts users if it believes an account has been targeted or compromised by a third party, but it is now taking this additional step of specifically letting the user know if it has evidence that the attacker may be “state-sponsored”.

State-sponsored attacks tend to be more sophisticated or more sustained than attacks from cybercriminals and others.

Microsoft advised users to turn on two-step verification to make it harder for hackers to access an account; use a strong password and change it often; watch for suspicious activity on their account; and be wary suspicious emails and websites.

It also said it is important to keep the computer and Web browser up to date, and run an anti-virus program.

Think you know about privacy issues? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago