Hacker breach of Microsoft's free e-mail service highlights need for more security

Fears about the security of personal e-mail accounts have been raised after hackers broke into Microsoft's free Hotmail electronic…

Fears about the security of personal e-mail accounts have been raised after hackers broke into Microsoft's free Hotmail electronic mail service two days ago.

According to Irish network security specialist, Priority Data, the breach has highlighted the need for encryption to authenticate electronic messages. The Hotmail service, which boasts 40 million users, had to shut down for five hours after the Swedish Expressen newspaper reported a security flaw. There are believed to be two million registered Hotmail users between Britain and Ireland. About 200,000 are located in the Republic.

The breach meant the e-mails belonging to owners of free e-mail accounts could be read by anyone. The hackers posted a Web address - originally in Sweden, but later mirrored in other states - which allowed access to Hotmail accounts simply by inputting a user name. Usually a password is also required to access private accounts.

After logging into the system, people could send, receive and delete e-mails within that account.

READ MORE

Late on Monday a previously unknown group, Hackers Unite, claimed responsibility for publicising Hotmail's security breach. The group said it wanted to draw attention to Microsoft's "spotty security" reputation.

Microsoft has firmly denied the breach was the result of a software oversight. However, one free Internet e-mail service provider told The Irish Times, Hotmail was hacked because of an "absolute dunce flaw" in the software code.

"Microsoft's oversight was so basic it was horrendous. It was ridiculously simple to break into."

According to Ms Gillian Kent, group marketing manager, the Microsoft Network (MSN): "Someone hacked into an older server carrying older code. We resolved the problem immediately, but it is the case that wherever software is in the world, someone will find a way into it."

Priority Data said the incident highlighted how security breaches were bound to take place in the absence of proper authentication of e-mail senders and receivers.

However, Ms Kent says differences in encryption standards globally need to be resolved before the Hotmail service, which operates worldwide, can adopt them. "Digital signatures restrict where people can send messages and our whole service is about making it available to all."

Mr Alec Florence, managing director of Priority Data, said: "We can't trust the Internet as a reliable public information structure unless the information is encrypted, with a trusted third party acting as a verifier."

There are currently a handful of companies providing encryption and authentication services, including Irish company, Baltimore Technologies. A spokesman for Ireland.com, the free Web based e-mail service provider, said the introduction of encryption might potentially reduce audiences because different jurisdictions had conflicting restrictions on encrypted information. As a result, encrypted e-mails may not transfer successfully to particular regions.

"It also puts an awful lot of pressure on the computer processing power within organisations trying to encrypt and decrypt thousands of messages as they travel between sender and receiver."

He added that other free e-mail sites would not present as attractive a target to hackers as Microsoft. Microsoft, because of its size and incumbency in the software world, tends to fall prey to the wrath of computer hackers on a regular basis.

Hotmail can be accessed from any Internet-ready computer anywhere in the world and is therefore attractive among travellers and businessmen.

Madeleine Lyons

Madeleine Lyons

Madeleine Lyons is Property Editor of The Irish Times