Skip to main content

Hacked invoices show how much Microsoft charges the FBI for your information

Hacked invoices show how much Microsoft charges the FBI for your information

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

The Syrian Electronic Army recently revealed documents that show how much Microsoft charges a secret FBI division to legally collect and view customer information. The SEA, which is known for hacking Western companies and their social media accounts, allowed The Daily Dot to analyze the emails and invoices documenting months of transactions between Microsoft's Global Criminal Compliance team and the FBI's Digital Intercept Technology Unit (DITU) before the group went public with them.

Each time the DITU requested customer information, Microsoft charged anywhere from $50 to $200 for the transaction. Monthly totals reached in the hundreds of thousands of dollars, with the most recent invoice for November 2013 totaling $281,000. Neither Microsoft or the DITU would confirm the validity of the documents, but a specialist told The Daily Dot that he saw no indication that the documents were fake.

"There's nothing unusual here."

It's no secret that Microsoft and companies like it can legally charge for information requests from the government, and the company told The Verge that this is standard procedure. "Regarding law enforcement requests, there’s nothing unusual here," a Microsoft spokesperson said in an email. "Under US law, companies can seek reimbursement for costs associated with complying with valid legal orders for customer data. We attempt to recover some of the costs associated with any such orders."

These documents show how frequently the government calls on tech companies for information, and how nonchalantly they do business. The DITU allegedly requested information from Microsoft hundreds of times a month, and it appears that the government can buy customer information by simply shooting the right person an email. The SEA last hacked Microsoft in January taking over the company's Twitter and email accounts, saying the group wanted to distract employees so it could be "successful in our main mission." It's unlikely that releasing these documents was the main mission, but it's just another way the SEA can keep distracting Microsoft while exposing ways the US government can legally access citizens' information.