Chinese Government Broke Into Hotmail Accounts of International Critics
Nonprofit // Web Services // United States
Several years ago, after witnessing the email hacks, Microsoft decided not to tell the victims, allowing the Chinese authorities to continue their surveillance campaign, former company employees say.
The hackers, at the time, were targeting, in particular, international leaders of China’s Tibetan and Uighur minorities.
The first public suspicions about attacks against China’s opponents came in May 2011. That's when security firm Trend Micro announced it had found a malware-laced email sent to someone in Taiwan.
The malicious program took advantage of a previously undetected flaw in Microsoft’s own web pages and then commanded Microsoft’s free, consumer email services to forward copies of the user’s incoming mail to an account controlled by the attacker.
Former employees say Microsoft found that some interceptions had begun in July 2009 and had compromised the emails of top Uighur and Tibetan leaders in multiple countries, as well as Japanese and African diplomats, human rights lawyers and others in sensitive positions inside China.
Microsoft officials did not dispute that most of the attacks came from China, but said some came from elsewhere. They did not give further detail.
In 2011, Microsoft forced users to pick new passwords without disclosing the reason.
The former employees said it was “likely the hackers by then had footholds in some of the victims' machines and therefore saw those new passwords being entered,” Reuters reports.
Microsoft said the company had believed the password resets would be the fastest way to restore security to the accounts.
"Our primary concern was ensuring that our customers quickly took practical steps to secure their accounts, including by forcing a password reset," they said in a statement.
It is unclear what happened to the email users and their correspondents as a result of Microsoft's failure to warn them about suspected government hacking. But some of those affected said they now are deeply worried about the risks.
"Unrest in Xinjiang, the Chinese region bordering Kazakhstan that is home to many Uighurs, has cost hundreds of lives in recent years. Beijing blames Islamist militants, while human rights groups say harsh controls on the religion and culture of the Uighurs have led to the violence," Reuters writes.
Reuters interviewed five of the Hotmail hacking victims that were identified as part of Microsoft’s investigation.
Most of them recalled the password resets, but none viewed the action as an indication that anyone had read his or her email, let alone that it may have been accessed by the Chinese government.
One victim was Tseten Norbu of Nepal, a former president of the Tibetan Youth Congress. Another victim was Seyit Tumturk, the World Uyghur Congress vice president who lives in Turkey. Microsoft investigators also discovered emails had been forwarded from the account of Peter Hickman, a former American diplomat who arranged speeches by international figures in Washington for many years.