This week on Privacy Please, we talk about how Microsoft Outlook, the popular cloud email service, faced a series of outages on Monday after a reported hack by a pro-Russian group called Anonymous Sudan. The group claimed to have launched a distributed denial-of-service (DDoS) attack on Outlook as part of a campaign against US companies and infrastructure.
This week on Privacy Please, we talk about how Microsoft Outlook, the popular cloud email service, faced a series of outages on Monday after a reported hack by a pro-Russian group called Anonymous Sudan. The group claimed to have launched a distributed denial-of-service (DDoS) attack on Outlook as part of a campaign against US companies and infrastructure.
Cam:
Alrighty then ladies and gentlemen welcome back to another episode of Privacy Please. I am your co-host Cameron Ivy hanging out with a good friend and confidant Mr. Gabriel Gums. Gabe how you doing man?
Gabe:
Decent, I'm well, how are you?
Cam:
You know, life goes on. We wake up, we live another day. Got a roof over our heads, so I'm happy. I'm good. Living the dream.
Gabe:
I'll take it.
Cam:
But I don't know if, I don't know how everybody else is feeling out there that's an Outlook user, that's for sure.
Gabe:
Ooh, ooh, ooh. It's tough. I mean, probably happy. So there was an outage. There was an outage,
Cam:
Mm-hmm.
Gabe:
an outlook was down. And there were probably a bunch of people like, yes, I haven't gotten emails all day. It's nice.
Cam:
nice little
Gabe:
It's
Cam:
vacay.
Gabe:
not awful. Yeah, yeah, it's decent, it's decent. I mean, there are a bunch of folks that like started getting worried like, what the hell, I haven't gotten emails all day.
Cam:
Yeah. Question mark, question mark,
Gabe:
Question mark,
Cam:
exclamation
Gabe:
question mark,
Cam:
mark.
Gabe:
question mark, yeah, yeah. But it was an outage. So let's rewind the clock first. Let's go back,
Cam:
Yeah.
Gabe:
let's go back a few months. We'd have to go into the canon and check it out, but if I'm not mistaken, the sood seer went on about digital shrapnel being one of those problems the world was gonna have to deal with in 2023, right? And what did he mean? What did that salty sood seer mean when he said, digital shrapnel was a problem. P.S. for those who aren't religious listeners, hi mom. Those who don't listen to every single episode, I joke like mom listens to any episodes. Anyway,
Cam:
Hahaha
Gabe:
the salty suit seo is, he makes an appearance roughly once a year and he makes some predictions as to what kind of things may happen in the world. So far it's been a decent year for him. which I don't know if that's good because some of his predictions are like, eek, I hope that doesn't happen. And one of them was very much the, yeah, look, there's gonna be some digital shrapnel. I'll give the same disclaimer I give every time I give credit to the suits here for being correct. You know, you can almost see these things coming, unfortunately, right? You can see these things coming and the physical world has been strife with a lot of friction, straight up war.
Cam:
Right.
Gabe:
And no one... I don't think there's anyone in our industry that ever expected it to stay only on the physical battleground. In fact, it's been in the digital battleground for a very long time, for a very long time. And so we see active strikes against targets here and there, and we see those in the terms of, quote, nation states, and we see those in hacktivists even. And so the latest round of digital shrapnel is hacktivism. It's hacktivism. It's a group calling itself Anonymous Sudan. styled after said anonymous, but localized to really, I guess, highlight who they are geographically in the world and what that means geopolitically, as opposed to just taking the larger umbrella moniker that is just anonymous, right?
Cam:
Yeah.
Gabe:
And so, anonymous Sudan claims to have taken Microsoft security. and bypassed it on their way to knocking out several of the services, most notably Outlook, for about four and a half hours. Four and a half hours yesterday.
Cam:
It's a long time.
Gabe:
It's a long time. It's a really long time. It's a really long time in cloud performance world, in SaaS provider world, right? Like everyone's expectations of services are that they are up. And we know that there's outages like, ah, look, can't get to it. Twitter for 20 minutes yesterday, an hour, whatever. Outlook powers a lot of the world's communications.
Cam:
Let me ask you this, Gabe. Coming from, you can call me Curious Cat today. Rawr.
Gabe:
series.
Cam:
My mind is thinking like, and this might be something you might not know, but where my brain went, when it comes to, first of all, two things. I think we should start a hacker series on kind of like serial killers, but for hackers, and dive into some of these hacker companies. If, you know, I'm just, I'm shooting out of the gun here, but anyways, my brain went to like, do you think that these are planned at a certain time, at a certain part of a year? Or do you think that these are like, we finally got in, let's do it. Like, are these planned for certain days, for certain, like are they planned out years ahead? That kind of thing, like, you know, like an actual attack, a physical attack.
Gabe:
They're planned. They didn't take them down and launch that message the same day they got it. Not likely, not likely. Why do I say not likely? Well, first, if they are as skilled as we are to believe they are, and I am to believe they are based on the allegations so far, is Microsoft is the world's largest security company. I think we talk about that with some frequency on this show, just as a reminder that they're not just... They're not just this technology's company, they're not just this IT company, they're not just the financial backers to check GPT. They are the single largest security company on the planet. Larger than Palo Alto and RSA, RSA is an old name in that business at this point, but whatever, but larger than those guys. And so to defeat their security is not a tiny thing. That is to say Microsoft is well funded and they are well tooled and they are well disciplined. So this would have taken some planning, sort of taken some planning.
Cam:
Yeah.
Gabe:
I'm certain there's some elements of luck in all kinds of other things, because that's how it goes. That's just how life is, but this would have taken some planning. How long in advance? I couldn't tell you. I couldn't even guess because the truth is, A, we don't know enough about the attack at this point. But B, you'd have to take everything you know at face value and with a grain of salt because we're not likely to learn a lot of the technical details around how they got in. Maybe we do,
Cam:
Yeah.
Gabe:
maybe we do. But if it's, but you know, the thing that's important about this attack is this organization. It's not their first attack. Over the weekend, they actually attacked the number of hospitals also. in the US. And so, you know, their message was very clearly, everyone is a target. Those were their words. Their words were, everyone is a target. And that's to be taken seriously. That's to be taken seriously. They...
Cam:
Yeah,
Gabe:
Yeah.
Cam:
it was blowing up on Twitter. And just coming from one of the tweets, it said, it's happened. Monday broke outlook. Drafts are disappearing.
Gabe:
Yeah, I did.
Cam:
Scheduled emails are shuffling between drafts. And Outbox is chaos. I've seen it kind of act like that before. I wasn't a witness of it yesterday or Monday. But. Being out for four and a half hours, that's a pretty big issue, especially considering what did they get out of it?
Gabe:
Some
Cam:
What
Gabe:
of
Cam:
was
Gabe:
those
Cam:
the
Gabe:
other
Cam:
purpose?
Gabe:
behaviors are kind of weird too though now, right? Like outboxes and inboxes scrambling around. Like that's, it feels
Cam:
What does
Gabe:
like
Cam:
that
Gabe:
more
Cam:
usually
Gabe:
than...
Cam:
mean from a-
Gabe:
I don't know. I just, I mean, I do know, but I don't know. But I,
Cam:
Yeah.
Gabe:
it's, it's the difference between like someone blocking your front door from you being able to get into it and someone blocking your front door and... You're already inside the house, but you notice the living room furniture is in the bedroom there.
Cam:
Now that just sounds like paranormal activity.
Gabe:
Well, I mean, like, I don't know, maybe, there may be some technical things on the hood that I don't understand about how Outlook works. But when, but when inboxes and drafts and like when,
Cam:
Yeah.
Gabe:
when messages start moving around without the user's knowledge or, or sanctioning, that's weird. That's that feels like more than just a denial of service.
Cam:
Yeah, it reminds me of when you're playing online and your connection's bad or somebody else's connection's bad and you can tell that the player is glitching or someone's running up against the wall and you can't kill them
Gabe:
Right.
Cam:
if you're playing a shooter. That's funny. So what does this mean, Gabe? I mean, something like this, this is big, right? This is not something small, even though I think we talked about it. You said it yourself. Why isn't this being talked about more?
Gabe:
Yeah,
Cam:
Um...
Gabe:
I don't know. It does feel to me, maybe I exist in echo chambers that are differently voiced. I don't know. It doesn't seem like it's getting the headlines that I would expect. And I say that from a concern standpoint. But when I talk to folks one-on-one, they're concerned. They're very concerned. They're concerned because... It's not just the randomness of the targets, but the destructive nature that the hacktivist activity is specifically aiming to do. Yeah,
Cam:
Ahem.
Gabe:
they wanna disrupt operations. They want your businesses to fail.
Cam:
Mm-hmm.
Gabe:
These are very anti-US groups. These groups are based on just their own language and statements, quote, quote. We can target any US company we want. Americans do not blame us. Blame your government for thinking about intervening in Sudanese internal affairs. All
Cam:
Mm-hmm.
Gabe:
right. We hope you enjoyed it, Microsoft. That's the way that message ended.
Cam:
Who is that sent to though?
Gabe:
That was sent to Microsoft.
Cam:
Just like a
Gabe:
It
Cam:
generic
Gabe:
was,
Cam:
email?
Gabe:
yeah, I think they posted it in their telegram. It was more of like,
Cam:
Okay.
Gabe:
hey, we're posting this
Cam:
Ah.
Gabe:
to the world for you to read, Mr. Microsoft. The fate of your services is in our hands. We decide when to shut it down and when to leave it open. Anonymous Sudan said. That's a pretty powerful accusation.
Cam:
Yeah.
Gabe:
What they're suggesting is they still have some control. They're suggesting. that they are an advanced persistent threat. That's what that means.
Cam:
Sorry, I'm just reading.
Gabe:
Lovelace Health Systems in New Mexico was hit over the weekend.
Cam:
Mm-hmm.
Gabe:
Hudson Regional Hospital in New Jersey. Exeter Hospital in New Hampshire was hit.
Cam:
That's
Gabe:
They're threatening
Cam:
huge.
Gabe:
to hit chat GPT next, which again, is one of the assets that Microsoft has a huge investment in, but is also just one of those very popular tools today that certainly US-centric companies are devouring.
Cam:
I don't know if you mentioned this, but they went after Lyft.
Gabe:
No, I didn't, Lyft, that's right.
Cam:
Yeah.
Gabe:
Yeah, I know, this isn't their first attack.
Cam:
Sure.
Gabe:
It won't be their last. Excuse me. Even though, again, like Lyft being a large company and that too being news, and it was news, yeah, I think it's a big deal when Microsoft is breached at this level.
Cam:
Here's a good fact, and I agree with you. So Outlook is the world's largest, or I'm sorry, world's third most popular email client with about 400 million active users. Microsoft services have faced at least three outages since the start of this year. That's interesting.
Gabe:
a lot. So what
Cam:
They're
Gabe:
was
Cam:
being
Gabe:
the number of users?
Cam:
heavily
Gabe:
300
Cam:
targeted.
Gabe:
million?
Cam:
400 million?
Gabe:
100 million.
Cam:
Who's above them? Gmail? I would imagine.
Gabe:
I guess, yeah, maybe some of the ones have been around longer, Gmail,
Cam:
Would you
Gabe:
whatever.
Cam:
consider
Gabe:
I can
Cam:
the free
Gabe:
go on
Cam:
ones?
Gabe:
with.
Cam:
Cause I know that Outlook is not free, right?
Gabe:
Outlook's free. You can get an Outlook address for free. You can get the at outlook.com.
Cam:
Oh yeah, you can. You're right. You're right.
Gabe:
Yeah. It's the old hotmail.
Cam:
Yup. Apologies.
Gabe:
Which used to be
Cam:
That's
Gabe:
the
Cam:
right.
Gabe:
old rocket mail for those of you old enough to
Cam:
Rocket
Gabe:
remember
Cam:
mail.
Gabe:
such nonsense.
Cam:
Rocket sauce.
Gabe:
Yeah.
Cam:
Rocket mail.
Gabe:
Who's bigger than them? I don't know, there aren't 400 million people in the US, of course, so that number is inclusive of more than just the US market.
Cam:
Mm. That's true.
Gabe:
It's a lot of people though. It's a lot of people. More importantly, what it is is, if it starts affecting revenue, that's a lot of revenue. All of a sudden folks start exiting Microsoft, going to their competitors.
Cam:
Maybe this will garner some attention once Microsoft actually returns some kind of response. Do you think they will?
Gabe:
I don't know.
Cam:
depends
Gabe:
I think
Cam:
on
Gabe:
it's
Cam:
how
Gabe:
gonna.
Cam:
severe it is and it could take months.
Gabe:
I think it depends really on the rest of the I don't know. Because again, it's just an allegation. It's just an allegation. They didn't it's not like they released any data and like, hey, look, we got inside and stole this data, then he released it. It's just an allegation right now. So do you need to say anything about it if you're Microsoft? You had a four and a half hour outage, so you need to say something about that. You definitely need to tell your customers what the hell happened for four and a half hours. So you'll have to say something about that.
Cam:
Do you think companies like a hacker company like this would try to take credit for something that they just jumped on something because something went wrong with Outlook? You know what I mean?
Gabe:
I understand the question. I understand the question. I will answer that with the following. History has definitely shown that activist groups of all sorts have strategically taken credit for things that they didn't do, but align with their interests. For what it's worth, the truth is all, the inverse of that has also been true though, right? Like people have sometimes, yeah, right. Like, ah, they did it. I was like, wait, what? That was just now, but yeah, no, it's a legitimate question. Like maybe it was just down and they took this opportunity to be like, ha ha, that's us.
Cam:
Yeah.
Gabe:
We're coming for you. The big bad boogeyman's out here. Look, that's a real possibility. That's a real possibility. It's a real possibility.
Cam:
Hmm. Because I mean, I don't know, be interesting. My brain goes, what if they jumped on it because they were attempting, they've been attempting to try to get into Microsoft and they haven't yet,
Gabe:
WAH!
Cam:
but they use this as some fuel to buy them even more time. And then they hit again for real.
Gabe:
Yeah.
Cam:
I don't know.
Gabe:
Well, look, we know about the other breaches that we were able to validate, right? Like they
Cam:
Yeah.
Gabe:
have a list of some heavy-hitting names that they've attacked. But I think what starts getting worrying is it's the everyday companies. It's the companies who, you know, they're large enterprises, but they're not Fortune 10, 20, 100, right? Like there are plenty of large enterprises out there who are... who are at the mercy of digital services, cloud services, and their patients and their customers and their employees are at the mercy of those things. Like again, there were a couple of hospitals hit this weekend too.
Cam:
Yeah.
Gabe:
It's like, let's pretend for a moment, let's just assume, not pretend, let's assume for a moment that one of those scenarios is true, that this hacktivist group is taking credit for something they didn't really do. Well, what about those? those hospitals that were attacked. Because that happened. That happened, right?
Cam:
Yeah,
Gabe:
So,
Cam:
that's true.
Gabe:
you know, yeah.
Cam:
Good point. And anything with hospitals is very, very
Gabe:
It gets
Cam:
sensitive.
Gabe:
worrying. It gets worrying. That's infrastructure. That's infrastructure. That's the thing that keeps our society together.
Cam:
Yeah.
Gabe:
One of the things, one of the many things that keeps our society together.
Cam:
I don't know, it's pretty scary.
Gabe:
You know?
Cam:
I'm telling you, I think I'm gonna do some more research on these hacktivist groups. New series coming your way, listeners. I'm thinking deep dive stories on hacktivists and almost
Gabe:
Oh,
Cam:
like.
Gabe:
we should we should do the history of start
Cam:
Yes,
Gabe:
there.
Cam:
that's what I mean. Yeah. Okay.
Gabe:
There is, we have a friend who's a history buff when it comes to these, just a general history buff.
Cam:
Who we talking
Gabe:
Should,
Cam:
about?
Gabe:
we're talking about Big Loadrina.
Cam:
Oh, Ladrina, that's right. Okay, okay, okay.
Gabe:
She probably
Cam:
I didn't know
Gabe:
she
Cam:
she
Gabe:
probably
Cam:
was.
Gabe:
knows the full history of hacktivism both pre digital and right through the digital age
Cam:
like it. Shout out to Aladrina.
Gabe:
Shout out to Ladrina, we need to get her on the show.
Cam:
Mm-hmm. That's a good idea. Okay. Well anything else on this topic Gabe?
Gabe:
Look, we don't ever talk solutions, and I don't just mean products on this show, but like just solutions in general. But I think there's a significant takeaway from this, which is if you haven't already, like literally gone through full failure scenarios digitally in your business, including like vendor failing scenarios, now's a good time to start thinking about that. You know, companies that have to be like SOC 2 compliant will have gone through those types of activities. But a lot of companies still haven't really gone through those types of exercises. And it's a good activity to undergo. That would be my takeaway from this
Cam:
Yeah.
Gabe:
one. What happens when your digital world comes crumbling down? What do you do?
Cam:
That's a good point. And to that point, I'm thinking too, because obviously cloud infrastructure is huge now. It's the way that things are going. But this also reminds me of episodes back, like way episodes back. I don't know if we had some, I think it was me and you talking, we might have had a guess, but there was this shift where everything's going to go to the cloud, but then it's going to shift back down to...
Gabe:
Yeah, I remember
Cam:
On-prem
Gabe:
this conversation.
Cam:
again. Yeah, yeah, yeah.
Gabe:
Right.
Cam:
Like, which I can see happening because I mean, maybe that's just the natural order because things get too easy up here. And then we have to move everything closer.
Gabe:
There are a lot of reasons that are like literally tied to physics, why it happens, right? Like so computing
Cam:
Sure.
Gabe:
gets faster and cheaper at the edge and then some, and then it changes over time and it gets cheaper and faster at the core and like how much you can transfer like goes up and down, right? Like there's a
Cam:
Yeah.
Gabe:
lot of ebbs and flows over time that has always forced that shift. But what you're talking about is one of the other pulls, right? Like there's the pull to make things easier. And so pull us to the cloud. But the balance between that and keeping things, not just safe, but honestly indestructible. That's
Cam:
Yeah, yeah, yeah.
Gabe:
the new floor, that's the new floor. Because these guys are going around destroying things. That's the new floor, the new floor is indestructible. And I know that sounds as hyperbolic as like protect all the things, but sure, no. Indestructible, right, like doesn't mean that, it doesn't mean that it is literally physically indestructible. but it means that it is resilient to things that will try to destroy it. Resiliency maybe needs to be the new floor, but I like my hyperbolic statement of destruction is the new floor, so I'm staying with it.
Cam:
I like it. Awesome. All right, well, good stuff. Stay tuned if you wanna hear the blog cast a little bit more in detail of this episode and we thank you guys always for tuning in each and every week and we'll see you guys next week, Gabe.
Gabe:
We're riding what you can. It's good show. I like show.