The Syrian Electronic Army, a group that has recently hacked several Microsoft services, including the Skype blog and employee email accounts, has published a collection of documents which it claims it contains conversations between the Redmond-based software giant and the FBI.
The papers show that Microsoft is getting paid with hundreds of thousands to provide access to user data, with the FBI giving up to $200 (€145) for access to each account.
According to figures shown in these papers, which are said to represent invoices delivered by Microsoft’s Global Criminal Compliance team to FBI’s Digital Intercept Technology Unit, the software giant received no less than $281,000 (€203,000) in November 2013.
What’s more, the leaked documents reveal some of the details that Microsoft is sharing with FBI agents, which include login data, first and last name, state, ZIP, country, timezone, IP address, and date registered.
One of the conversations published online and allegedly coming from a hacked email account belonging to Microsoft shows a message submitted by the FBI and asking Redmond for clarification on an issue experienced when trying to access a specific user account.
“First of all, thanks for such a quick response on the search warrant. I have been trying to access the records all day today. The instructions are excellent. However, after I Input the access key, the following message appears: “Sorry, this service is unavailable at this time.” Any suggestions? Thank you.”
The message is signed by the “Federal Bureau of Investigation” and comes from an email which is apparently registered on the fbi.gov domain.
Microsoft is yet to issue a comment on this, but the company has always stated that it doesn’t provide access to user accounts to intelligence agencies unless a federal court asks the company to do so, which means that your data is fully secure.
Of course, if these documents are indeed real, they raise quite a lot of questions, so Microsoft clearly needs to come up with a very good response to make sure that users do know that it cares about their privacy.
In addition, one would also wonder how come Microsoft and the FBI are using such a vulnerable means of communication to share user records, so again, Redmond needs to provide some details on what’s exactly being shown in these screenshots and explain whether they’re authentic or not.
The SEA, on the other hand, has a good track on Microsoft hacks, so you shouldn’t be very surprised if there are indeed some accurate figures in these screenshots.