Canberra to query Microsoft on Hotmail breach

James Riley
Wednesday, 07 October 2009 12:57

Business IT - Security

Microsoft is to be queried by a parliamentary committee investigating cyber-crime over an embarrassing phishing attack on its Hotmail service that allowed unauthorised access to the personal details of up to 10,000 email users.

The House of Representatives Communications committee will conduct public hearings in Sydney on Thursday and Friday. Among those appearing are the Internet Corporation for Assigned Names and Numbers (ICANN), Symantec, McAfee and Lockstep Technologies.

Microsoft will appear before the committee on Friday. Also appearing are the Australian Bankers Association, the Commonwealth Bank and Westpac, as well as the NSW Police and the Victorian Privacy Commissioner.

At least one committee member told iTWire they were aware of the Hotmail breach and planned to ask the company about the phishing attack and measures taken to curb such breaches.

Microsoft confirmed a week ago that its Hotmail online email service had been targeted by a phishing attack and that it had taken subsequent measures to protect users personal details and passwords.

Communications Minister Stephen Conroy asked the committee to the inquiry into cyber crime last May to inform policy about whether current cyber security measures of Government and industry were adequate.

Committee chair Belinda Neal said criminals were becoming more sophisticated, and the potential losses to online crime had grown more substantial as more people conducted business online.

"The Internet is rapidly expanding at the same time that broadband speeds will increase, so we must stay on top of the security issues," Ms Neal said.

"Policy- and law-makers need to join with the internet service providers, IT companies, domain name registrars, law enforcement and consumers in a candid dialogue about roles and responsibilities."

In its submission to the committee, Microsoft says it wants government to consider a single authority to oversee cyber security issues in Australia – either through the Department of Prime Minister and Cabinet, or by following the US model with the appointment of the appointment of a 'cyber security tsar.'

"Where regulation is concerned, ideally, the government and private sector should jointly determine the level of security provided by markets, the level of security needed to protect national security, and how the gap between what the market will provide and what national security demands can be filled most effectively," Microsoft said.