• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

CISA released Thorium platform to support malware and forensic analysis

 | 

Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware

 | 

Dahua Camera flaws allow remote hacking. Update firmware now

 | 

Researchers released a decryptor for the FunkSec ransomware

 | 

Apple fixed a zero-day exploited in attacks against Google Chrome users

 | 

PyPI maintainers alert users to email verification phishing attack

 | 

FBI seizes 20 BTC from Chaos Ransomware affiliate targeting Texas firms

 | 

Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company

 | 

Orange reports major cyberattack, warns of service disruptions

 | 

Hackers leak images and comments from women dating safety app Tea

 | 

Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights

 | 

Seychelles Commercial Bank Reported Cybersecurity Incident

 | 

Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

 | 

U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

 | 

Scattered Spider targets VMware ESXi in using social engineering

 | 

China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

 | 

Allianz Life data breach exposed the data of most of its 1.4M customers

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Intelligence
  • Security
  • SEA has stolen invoices that shows Microsoft charges FBI for user data

SEA has stolen invoices that shows Microsoft charges FBI for user data

Pierluigi Paganini March 21, 2014

A collection of emails hacked by the group Syrian Electronic Army shows that Microsoft charges the FBI’s Digital Intercept Technology Unit for user data.

No more than a week ago hackers of the group Syrian Electronic Army (SEA) published online documents leaked from US CENTCOM repository, now the pro President Bashar al-Assad sad hacking team successfully penetrated the FBI’s super-secret Digital Intercept Technology Unit (DITU) and it has stolen different invoices from Microsoft.

The Daily Dot revealed the disconcerting news, Microsoft seems to be paid by the US Governments for the customer information provided to the FBI.

“Microsoft often charges the FBI’s most secretive division hundreds of thousands of dollars a month to legally view customer information, according to documents allegedly hacked by the Syrian Electronic Army.”

The SEA team has targeted Microsoft many times in this year, its blog and social media were hacked and in a recent spear phishing attack, unknown attackers breached the email accounts of Microsoft staff accessing to documents on law enforcement inquiries.One of the messages spread by SEA after the Microsoft hack stated:

“Don’t use Microsoft emails (hotmail,outlook), They are monitoring your accounts and selling the data to the governments.”

After the disclosure of the PRISM surveillance program, Microsoft company as always denied to have supported Government monitoring activities, but groups of hackers like Anonymous and Syrian Electronic Army (SEA) always accused the company. Despite IT giants denied any support to the US authorities, a few days ago the agency general counsel Rajesh De confirmed that big tech companies including Yahoo and Google provided ‘full assistance’ in the legally mandated collection of data.

SEA accessed for sensitive information from FBI Digital Intercept Technology Unit (DITU), discovering a series of documents that confirm the business relationship with Microsoft. The invoices stolen and analyzed by the DailyDot reveals that Microsoft charged the DITU $145,100 in December 2012,  a cost of $100 per each data request. Curiously the price for data request is increasing in time passing from $200 in August 2013 up to $281,000 in November 2013, probably due Snowden case.

“In December 2012, for instance, Microsoft emailed DITU a PDF invoice for $145,100, broken down to $100 per request for information, the documents appear to show. In August 2013, Microsoft allegedly emailed a similar invoice, this time for $352,200, at a rate of $200 per request. The latest invoice provided, from November 2013, is for $281,000.”

The DITU was also mentioned in of of the slides leaked by Snowden as visible in the below image.

SEA Hacker FBI DITU Microsoft Invoice 4

It is alarming the frequency of the government calls on Microsoft and other tech companies for information related to their customers, as demonstrated by the invoices the sale of information is a profitable business and it is likely that other companies support Government activities.

SEA Hacker FBI DITU Microsoft Invoice
SEA Hacker FBI DITU Microsoft Invoice 2

“Only the earliest of the Microsoft invoices provided by the SEA, dated May 10, 2012, breaks down requests by type of legal request, and it shows them to all explicitly come legally, though nothing in the documents indicates the later invoices refer to illegal surveillance. User information by a subpoena costs $50, a court order $75, and a search warrant $100. The requests come from FBI offices all around the U.S.”

 

SEA Hacker FBI DITU Microsoft Invoice 3

Principal activists and cyber experts believe that the government should be transparent about how much it pays for monitoring requests, according ACLU Principal Technologist Christopher Soghoian, the documents “reiterated his stance that charging a small fee is a positive, in part because it creates more of a record of government tracking”.

In time I’m writing, there are no news on the authenticity of the documents, Microsoft and DITU refused to comment.

Pierluigi Paganini

(Security Affairs –  Sysrian Electronic Army, Microsoft)


facebook linkedin twitter

Bashar al-Assad Digital Intercept Technology Unit DITU Facebook FBI Hacking Iran monitoring NSA PRISM SEA surveillence Syrian Electronic Army Twitter

you might also like

Pierluigi Paganini August 01, 2025
CISA released Thorium platform to support malware and forensic analysis
Read more
Pierluigi Paganini July 31, 2025
Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    CISA released Thorium platform to support malware and forensic analysis

    Cyber Crime / August 01, 2025

    Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware

    APT / July 31, 2025

    Dahua Camera flaws allow remote hacking. Update firmware now

    Hacking / July 31, 2025

    Researchers released a decryptor for the FunkSec ransomware

    Malware / July 31, 2025

    Apple fixed a zero-day exploited in attacks against Google Chrome users

    Security / July 30, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT