Hacktivists have hijacked the blog and twitter accounts of Microsoft’s Skype internet voice and video calling...
The group, claiming to be the Syrian Electronic Army (SEA) hacktivist group that supports Syrian president Bashar al-Assad, posted anti-surveillance and anti-Microsoft messages.
"Don't use Microsoft emails (Hotmail, Outlook). They are monitoring your accounts and selling the data to the governments," one of the messages said.
Microsoft is among several top US technology firms trying to distance themselves from allegations by whistleblower Edward Snowden that they co-operated with US spy agencies.
Skype has since removed the postings and acknowledged that it had been hacked, but the firm emphasised that "no user information was compromised".
Independent security advisor Graham Cluley speculates that in likelihood, the SEA managed to trick Skype’s social media team into handing over a password using a targeted phishing attack, unlocking both access to the service’s blog and Twitter account.
“Maybe Skype’s team would be sensible to investigate solutions such as two-factor authentication, and use unique passwords in future,” he wrote in a blog post.
More on two-factor authentication
- Limitations of two factor authentication (2FA) technology
- Dropbox to implement two-factor authentication after security breach
- Two-factor authentication alternatives
- Enterprise mobile access: Considerations for two-factor mobile authentication
- Alternative authentication: New authentication methods for enterprises
- Secure tokens: Preventing two-factor token authentication exploits
Analysts said the attacks, concentrated on western media organisations, were likely to be aimed at generating publicity.
The latest attacks relate to revelations by Snowden that the US National Security Agency (NSA) had "backdoor" access to the servers of nine major technology companies.
In particular, reports based on the leaked documents claimed that the NSA had access to Microsoft products such as Hotmail, Outlook.com, Skydrive and Skype.
In a related move, a UK citizen has begun legal action against Microsoft that will test its legal right to disclose private data on UK citizens to the NSA.
The case is based on UK journalist Kevin Cahill’s belief that Microsoft breached the security of his email account and that, by obeying US laws, Microsoft has contravened the UK Data Protection Act.
Since the Snowden revelations, Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple have repeatedly denied their involvement.
In December 2013, most of these firms formed a Reform Government Surveillance alliance, which is calling for urgent reforms of all internet surveillance programmes, such as Prism in the US and Tempora in the UK.
In a letter to the US president and Congress, the alliance argued current internet surveillance "undermines” freedom.
The letter said documents leaked by Snowden “highlighted the urgent need to reform government surveillance practices worldwide".
"The balance in many countries has tipped too far in favour of the state and away from the rights of the individual,” the letter said.
The firms are concerned that public loss of trust in technology will hurt their businesses, and are calling on governments to help restore that trust.