The group of hackers loyal to Syrian President Bashar al-Assad has stolen documents relating to government data requests, Adrienne Hall, Microsoft’s Trustworthy Computing Group General Manager, wrote in a blog post. According to the post, the SEA used phishing attacks to gain access to some Microsoft employees’ social media accounts and email addresses, and through that, were able to get a hold of some government requests for user data.
Up until now, the SEA’s attacks on Microsoft haven’t shown much more than the group’s ability and willingness to vandalize the company’s media properties, including the Official Microsoft Blog, Official Office Blogs and a handful of Twitter accounts.
Hall said that Microsoft hasn’t yet found any evidence that the SEA had stolen consumer information, though the company will notify any affected consumers if it turns out that personal data was taken.
The SEA, for its part, said on Twitter that “The documents will prove that it’s not just ‘law enforcement inquiries,’” which echoes earlier claims about surveillance that the group made during previous attacks on Microsoft.
It also may complicate matters for the company, which recently began advocating for an international agreement regarding digital surveillance, and plans to lobby Congress for stricter reforms of the U.S. government’s surveillance programs.
Still, it’s unclear yet if or when the public will get to see what the SEA stole. The group wrote on Twitter that they will be disclosing the documents on a “media site,” but wouldn’t yet say which one.
It’s also possible the documents won’t be posted by the staff of a media organization. The SEA recently took over CNN’s Twitter feed for a few moments, and it wouldn’t be surprising if they decided to pull something similar to unveil the documents they stole from Microsoft.
In the event that the SEA does disclose any documents, we may not know whether they’re the real deal. Hall said in her post that Microsoft will not comment on the validity of the documents in the interest of maintaining confidentiality of personal information as well as their obligations to the requesting governments.