Security Advisor

Microsoft Employee Info Being Hacked Through Xbox Live

And one security expert unravels the tangled web of related attacks.

Microsoft confirmed today that both former and current Microsoft employees had personal information stolen from hackers through their Xbox Live accounts, Microsoft's paid online service for its Xbox 360 console.

"We are aware that a group of attackers are using several stringed social engineering techniques to compromise the accounts of a handful of high-profile Xbox Live accounts held by current and former Microsoft employees," said Microsoft in a released statement. "We are actively working with law enforcement and other affected companies to disable this current method of attack and prevent its further use. Security is of critical importance to us and we are working every day to bring new forms of protection to our members."

While info on the specific "stringed social engineering" technique were not available, the most common practice involves the attacker pretending to be the targeted account holder to receive information, like log-in names and password resets.

Due to the similarities between this week's Xbox Live hacks and last year's attack on Wired reporter Mat Honan, in which he had his Google and Twitter accounts deleted, and his AppleID account compromised (leading to the complete data deletion on his iPhone, iPad and MacBook) by a hacker with a serious beef  nicknamed "Phobia," the events are believed to be connected.

And Brian Krebs, security expert and Krebs on Security blogger, was the one to put the pieces together that it was the same individual involved in both. But, that only came after his own encounter with the hacker.
After releasing a story about how stolen credit score reports of celebrities were being sold over the Internet, those involved made false break-in reports to the police, causing Krebs to be confronted by cops in a case of mistaken identity. His site was also attacked by a denial-of-service (DDoS) attack.

Instead of cowering under the mighty power of the hackers, Krebs put his security prowess to work and discovered that the DDoS attacks were perpetrated by a group that ran one of the same credit report sites he reported on earlier in the week.

So how does this connect to the Xbox Live attacks? Krebs received an e-mail last weekend from someone who he believes to be part of a ring of hackers that both operated the credit score-selling site and are a part of an Xbox gamer team called "Team Hype."

"'They hack/social engineer Gamertags off Microsoft employees by using SSNs,' the source wrote," according to Krebs. "'I didn't DDoS your site and I didn't SWAT you, Phobia has been telling everyone he did. The method he released he said he gets SSNs, then calls phone companies and redirects the number and than gets xbox phone support to call number and confirm. I heard he got pissed that you released the site he uses. Also Trojan told a buddie of mines fear (on AIM) something about a dead body in your closet about your swat.'"

While a bit hard to understand due to the hacker writing in a style more commonly reserved for 12-year-old girls, Krebs did confirm that the sender of the e-mail was telling the truth because of certain information that the sender provided that only Krebs' Internet Provider would have known.

Unfortunately, little else is known about "Phobia" besides the connections between the Xbox Live hack, last year's attack on Mat Honan and the recent headaches of Brian Krebes.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube