عربي English Türkçe اردو فارسى
Logo
Latest News
Technology

How Did Hackers Breach Microsoft’s Security, Create Millions of Fake Accounts?

This file photo from April 12, 2016, shows the Microsoft logo in Issy-les-Moulineaux, outside Paris, France. (AP Photo/Michel Euler, File)
This file photo from April 12, 2016, shows the Microsoft logo in Issy-les-Moulineaux, outside Paris, France. (AP Photo/Michel Euler, File)
TT
20
TT

How Did Hackers Breach Microsoft’s Security, Create Millions of Fake Accounts?

This file photo from April 12, 2016, shows the Microsoft logo in Issy-les-Moulineaux, outside Paris, France. (AP Photo/Michel Euler, File)
This file photo from April 12, 2016, shows the Microsoft logo in Issy-les-Moulineaux, outside Paris, France. (AP Photo/Michel Euler, File)

The trustworthiness of the online authentication systems used to verify whether the user is human is currently under scrutiny. Microsoft recently uncovered a group of cyber criminals in a major development that exposed the widely-used authentication technique known as “Captcha”.

Microsoft uncovered a group of hackers, "Storm-1152", that sold 750 million fake Microsoft accounts that enable cyber criminals to execute their online attacks.

- The beginning

Storm-1152 is a group of cyber hackers that operates from Vietnam. It managed to overcome all the authentication terms required to create a Microsoft account.

The group initially targets the Captcha technique, a widely-used window that requests a user to type a series of letters or numbers, or click on parts of a picture depicting buses of stairs, to verify that they are human, not robots.

But this authentication method is becoming less efficient, as Storm-1152 found a way to deceive it and create millions of fake accounts.

The hackers used “machine learning” to train their special hacking tool on clicking in the right place on the verification pictures, explained François Deruty, expert at a cybersecurity firm, Sekoia.

Then, the Storm-1152 hackers sold these fake accounts on a website for actors planning attacks, such as phishing emails and ransomware, according to Deruty.

- Famous group

The Vietnamese group is well-known. While other countries like China, Iran, Russia and North Korea make headlines in most cybersecurity attacks news, Vietnam, like India and Türkiye, has many hacking groups that make progress every year, added Deruty.

Microsoft has blocked a part of its websites on the US territories following a federal ruling that approved the closure of the servers that the group breached. “They definitely have other websites somewhere else and an international collaboration is needed to shut them down,” the expert noted.

Defenses against techniques used by cybercriminals

There are novel techniques such as the multifactor authentication, which uses codes sent via SMSs for example, but it’s a matter of time before the hackers figure out its vulnerabilities.

Other methods include security keys provided by banks for better security, but expanding these novel methods require more time and money, while Microsoft still keeps the old versions of its different programs.

Most Viewed

 
Technology

Trump Extends Deadline for TikTok Sale by 90 Days

FILE PHOTO: A TikTok logo is displayed on a smartphone in this illustration taken January 6, 2020. REUTERS/Dado Ruvic/Illustration/File Photo
FILE PHOTO: A TikTok logo is displayed on a smartphone in this illustration taken January 6, 2020. REUTERS/Dado Ruvic/Illustration/File Photo
TT
20
TT

Trump Extends Deadline for TikTok Sale by 90 Days

FILE PHOTO: A TikTok logo is displayed on a smartphone in this illustration taken January 6, 2020. REUTERS/Dado Ruvic/Illustration/File Photo
FILE PHOTO: A TikTok logo is displayed on a smartphone in this illustration taken January 6, 2020. REUTERS/Dado Ruvic/Illustration/File Photo

President Donald Trump announced Thursday he had given social media platform TikTok another 90 days to find a non-Chinese buyer or be banned in the United States.

"I've just signed the Executive Order extending the Deadline for the TikTok closing for 90 days (September 17, 2025)," Trump posted on his Truth Social platform, putting off the ban for the third time.

A federal law requiring TikTok's sale or ban on national security grounds was due to take effect the day before Trump's January inauguration.

The Republican, whose 2024 election campaign relied heavily on social media, has previously said he is fond of the video-sharing app.

"I have a little warm spot in my heart for TikTok," Trump said in an NBC News interview in early May. "If it needs an extension, I would be willing to give it an extension."

TikTok on Thursday welcomed Trump's decision.

"We are grateful for President Trump's leadership and support in ensuring that TikTok continues to be available for more than 170 million American users," the platform said in a statement.

Digital Cold War?

Motivated by a belief in Washington that TikTok is controlled by the Chinese government, the ban took effect on January 19, one day before Trump's inauguration, with ByteDance having made no attempt to find a suitor.

TikTok "has become a symbol of the US-China tech rivalry; a flashpoint in the new Cold War for digital control," said Shweta Singh, an assistant professor of information systems at Warwick Business School in Britain.

Trump had long supported a ban or divestment, but reversed his position and vowed to defend the platform -- which boasts almost two billion global users -- after coming to believe it helped him win young voters' support in the November election.

The president announced an initial 75-day delay of the ban upon taking office. A second extension pushed the deadline to June 19.

He said in May that a group of purchasers was ready to pay TikTok owner ByteDance "a lot of money" for the video-clip-sharing sensation's US operations.

Trump knows that TikTok is "wildly popular" in the United States, White House spokeswoman Karoline Leavitt told reporters Thursday, when asked about the latest extension.

"He also wants to protect Americans' data and privacy concerns on this app, and he believes we can do both things at the same time."

The president is "just not motivated to do anything about TikTok," said independent analyst Rob Enderle. "Unless they get on his bad side, TikTok is probably going to be in pretty good shape."

Tariff turmoil

Trump said in April that China would have agreed to a deal on the sale of TikTok if it were not for a dispute over his tariffs on Beijing.

ByteDance has confirmed talks with the US government, saying key matters needed to be resolved and that any deal would be "subject to approval under Chinese law."

Possible solutions reportedly include seeing existing US investors in ByteDance roll over their stakes into a new independent global TikTok company.

Additional US investors, including Oracle and private equity firm Blackstone, would be brought on to reduce ByteDance's share in the new TikTok.

Much of TikTok's US activity is already housed on Oracle servers, and the company's chairman, Larry Ellison, is a longtime Trump ally.

Uncertainty remains, particularly over what would happen to TikTok's valuable algorithm.

"TikTok without its algorithm is like Harry Potter without his wand -- it's simply not as powerful," said Kelsey Chickering, principal analyst at Forrester.

Despite the turmoil, TikTok has been continuing with business as usual.

The platform on Monday introduced a new "Symphony" suite of generative artificial intelligence tools for advertisers to turn words or photos into video snippets for the platform.