[throwastone]

The author goes on to describe DNS spoofing in the following paragraph. Perhaps this was used for the live.com attack. He even says, "Within 20 minutes he’s obtained the login details, including passwords for my Live.com, SNS Bank, Facebook, and DigiD accounts."

[Piskvorrr]

Even with spoofed DNS, the HTTPS certificates would not match (J. Random Hacker is unlikely to lug around a compromised, trusted root CA certificate, much less show it off to a passerby).