Microsoft targeted in phishing attack, likely by Syrian Electronic Army -- again

With all the talk of safe computing, Microsoft's having a hard time getting its own employees to batten down the hatches

If you think your company has a hard time keeping out the bad guys, you're not alone. On Friday, Adrienne Hall, the general manager of Microsoft's Trustworthy Computing Group, posted a warning/confession on TechNet:

Recently, a select number of Microsoft employees' social media and email accounts were subjected to targeted phishing attacks... While our investigation continues, we have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed. It appears that documents associated with law enforcement inquiries were stolen. If we find that customer information related to those requests has been compromised, we will take appropriate action.

Speculation about the source of the attacks has centered on the Syrian Electronic Army, in no small part because SEA hacked into Microsoft's Office blog last week, using spearphishing techniques to compromise employees' accounts. Earlier this month, SEA plucked off several Microsoft Twitter accounts. In a recursive kind of chutzpah, SEA posted an email between Microsoft staff about the attack as it was happening. Last Saturday, Hall confirmed the connection, telling SecurityWeek, "Our current information suggests the phishing attacks are related."

Worth noting: Microsoft has never identified the source of the attacks.

This is where it gets interesting. The "official" Syrian Electronic Army twitter account, @Official_SEA16, in a series of tweets with Softpedia contributor (and unabashed Windows fan) Bogdan Popa, claims that SEA stole more:

The documents will prove that it's not just "law enforcement inquiries"... Sure [we're going to publish the pilfered documents]. on a media site, but we are not going to name it now.

Putting the incidents together, it appears as if SEA has compromised several Microsoft employees' accounts, and Microsoft doesn't know which ones. More damning, it looks like the passwords on at least some of the compromised accounts haven't been changed -- or the SEA folks have a way of discovering new passwords. It's hard to say which possibility is worse.

In the wake of the Jan. 11 hack of the Official Microsoft Blog, Microsoft's PR company released this bit of pablum:

"A social engineering cyberattack method known as phishing resulted in a small number of Microsoft employee social media and email accounts being impacted," a Microsoft representative said Thursday via email. "These accounts were reset and no customer information was compromised. We continue to take a number of actions to protect our employees and accounts against this industry-wide issue."

Two weeks later, it looks like the 'Softies are still playing catch-up. In spite of all the resources and expertise at its disposal, Microsoft's being beat up by a presumably small band of miscreants.

If Microsoft can't plug the holes, you have to wonder who can.

This story, "Microsoft targeted by phishing attack, likely by Syrian Electronic Army -- again," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.