The Syrian Electronic Army (SEA) has claimed it has the law enforcement documents stolen from Microsoft.
The Syrian Electronic Army has claimed on Twitter that it has the law enforcement documents that were stolen from Microsoft in a recent phishing attack

A group of hackers who call themselves the Syrian Electronic Army (SEA) has claimed on Twitter that it is in possession of documents relating to law enforcement enquiries that were stolen from Microsoft in a recent phishing attack.

Microsoft admitted on Friday that a group of hackers stole documents associated with law enforcement inquiries earlier this month, during a "targeted" phishing attack which affected some of its employees' social media and email accounts.

"While our investigation continues, we have learned that there was unauthorised access to certain employee email accounts, and information contained in those accounts could be disclosed. If we find that customer information related to those requests has been compromised, we will take appropriate action" wrote Adrienne Hall, General Manager of the Trustworthy Computing Group within Microsoft.

Microsoft however did not identify who had stolen the documents but over the weekend, the SEA claimed on Twitter that it was in possession of the dosuments in quesiton.

"Not just law enforcement enquiries"

In a series of tweets between the SEA Twitter account and another user, the hackers claim that the documents are "not just law enforcement enquiries" and that they intend to publish the documents on an unnamed "media site".

SEA Tweets that it has the law enforcement documents stolen from Microsoft
The Syrian Electronic Army has tweeted that it has the law enforcement documents stolen from Microsoft

The SEA claimed responsibility for seizing control of the official Microsoft blog and two Microsoft company Twitter accounts on 11 January. Although Microsoft has not confirmed that the SEA was behind this attack, it is likely that the attacks by the SEA were the same attacks where the documents were stolen.


Phishing attacks occur when a user is tricked into clicking on a link in a malicious email or on social media that leads them to a malicious website. The malicious website pretends to be an official login page for social media or financial services like online banking and PayPal, or installs malware on their PC or mobile device.

It is an embarrassment for Microsoft to admit that it has had problems with phishing attacks, considering the computer giant's track record for working to bring down botnets (which send out the spam emails), such as the Citadel botnet ring it took down last year with the FBI.

The Syrian Electronic Army rose to prominence in 2013 completeing a number of high profile attacks on western media companies it claims were spreading lies about the Syrian regime - including Sky News, the BBC and the Guardian.

It's most high-profile attack came when it hacked of the AP Twitter feed which saw $140 billion wiped off the S&P 500 index for a brief period.

Assad regime

Little is known for certain about its origins or the number of people involved in the group and while it insists it has no official links to the Bashar al-Assad regime, it is widely thought that the group receives financial and logistical support from the Syrian government.

The group has continued its attacks in 2014, hacking the official Skype Twitter account and its blog, and posting the phone number of Microsoft's CEO Steve Ballmer on Twitter on 1 January.

The hackers also claimed to bring down the Microsoft Office Blogs site last Monday, posting up a screenshot on Twitter including a fake article they had inserted onto the website: