Large data providers such a Microsoft, Google, or Yahoo cooperate with law enforcement and turn over data. This is nothing new and a usual process for companies to hand over data. One thing we didn’t know, is that providers charge law enforcement for data requests.
Syrian Electronic Army, the pro-hacker group who hacked Microsoft’s Twitter and official blog, breached Microsoft’s server and stole emails. Microsoft announced on their blog “[W]e have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed. It appears that documents associated with law enforcement inquiries were stolen.”.
It appears #SEA achieved something greater than expected. The pro-Syrian hackers gained access into the FBI’s secret Digital Intercept Technology Unit (DITU), where they obtained emails of Microsoft charging/invoicing the FBI for data requests. Daily Dot reported on the invoices shown below.
The leaked invoices above show that Microsoft charged the DITU $145,100 in December 2012, at a rate of $100 per data request. In August 2013, the per-request rate increased to $200 and the latest Invoice dated November 2013, showed a staggering charge of $281,000.
The earliest documents SEA leaked dated May 10, 2012, inside the documents they break down different types of legal requests, along with pricing for warrants and data requests.
As Daily Dot reached out to Microsoft about recent leaks, a Microsoft spokesperson replied “as pursuant to U.S. law, Microsoft is entitled to seek reimbursement for costs associated with compliance with a valid legal demands. … To be clear, these reimbursements cover only a portion of the costs we actually incur to comply with legal orders.” The FBI declined to comment and reiterated the documents were stolen by SEA.
Other journalists and activists have pointed out how easy it was for the Syrian Electronic Army to obtain the documents. Not in the method obtained, but the fact that the FBI and Microsoft simply send emails back and forth about the data. Others thought they would security systems in place for these types of transfers.
The pro-Syrian hackers, Syrian Electronic Army, are known for hacking high trafficked websites. Of websites include Facebook, CNN, Forbes, Time, Microsoft, Skype, eBay, PayPal, and many other high profile sites. Recently the Syrian Electronic Army alleged to gain access to United States Central Command sector (CENTCOM).