Cybersecurity Expert Asks Microsoft To Freely Provide Additional Forensic Data

Illustration of Microsoft Inc. (photo: Doc. pexels)

JAKARTA - Cybersecurity expert Steven Adair is facing a difficult challenge. One of his clients, who works in the field of human rights, received notification from Microsoft that the employee's email account had been hacked. The client asked Adair to investigate the case.

Adair, who previously worked in cyber defense at NASA's United States Space Agency before establishing his own company, Volexity, immediately started an investigation but had difficulties.

"We checked every detail regarding the behavior of these users," Adair told Reuters on Thursday, July 13. "But we found nothing."

The hackers who managed to hack Adair's client's email were a set of sophisticated cyber spies recently named by Microsoft as the perpetrators of email theft from top-level US officials, including State Department employees and Commerce Minister Gina Raimondo.

Microsoft said the attack was not carried out by stealing computers or passwords, but by leveraging undisclosed security concerns related to online email services commonly used by the company.

Because Adair's clients don't pay premium security packages from Microsoft, detailed forensic data isn't available, and Adair doesn't have a way to figure out what happened. "At that time, we were just spectators," he said.

Currently, Adair encourages Microsoft to provide additional data to his clients for free. This campaign is increasingly intense after the attack, especially among governments that are dissatisfied with the software company's security practices.

US Senator Ron Wyden said Microsoft should offer all of its customers full forensic capabilities, saying that it "charges the costs on premium features needed not to be hacked such as selling cars and then collecting extras for seat belts and airbags."

Microsoft has yet to provide a response to messages seeking comment on Adair's experience, Wyden's comments, or other criticisms of the company's security.

In a blog post that first revealed an attack on Tuesday night, July 11, Microsoft said that "accountability starts with us" and that they continue to self-evaluate, learn from incidents, and strengthen their defenses.

Over the years, individuals, organizations and governments have moved email, spreadsheets, and other data from their own servers to Microsoft services, taking advantage of cost savings and integration with the company's sprawling office apparatus suite.

At the same time, Microsoft has promoted the use of its own internal security products, prompting some clients to abandon the deemed excessive antiviral program.

The process of moving organizational data and services to large technology companies is sometimes called "moving to the cloud". This can improve security, especially for small organizations that don't have the resources to run their own IT or security departments.

However, competitors under pressure by Microsoft's security offer warn of how the industrial and government sector effectively places all of its eggs in one basket.

"Organizations need to invest in security," said Adam Meyers of cybersecurity firm CrowdStrike in an email distributed to journalists on Wednesday, July 12. "Relying on a monolithic vendor responsible for all your technology, products, services and security could end in disaster."

Frustration also increases with Microsoft's licensing structure, which charges customers additional fees for the ability to view detailed forensic logs as Adair of Volexity cannot access. This issue has been a point of contention between the company and the US government since the attack on business software firm SolarWinds was revealed in 2020.

Adair said he understood that Microsoft wanted to make money from their premium security products. However, he said that with more people being able to identify cyber threats, it would be an advantage for the company and its customers.

He noted that the hackers, who were named Storm-0558, were only caught because someone in the State Department who had access to Microsoft's top logging saw irregularities in their forensic data.

"Strengthening customers and security companies so they can work together is probably the best way," said Adair.