A Little-Known Microsoft Program Could Expose the U.S. Defense Department to Chinese Hackers
A Little-Known Microsoft Program Could Expose the U.S. Defense Department to Chinese Hackers
A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers
Microsoft is using engineers in China to help maintain the Defense Department’s computer systems — with minimal supervision by U.S. personnel — leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found.
The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage.
But these workers, known as “digital escorts,” often lack the technical expertise to police foreign engineers with far more advanced skills, ProPublica found. Some are former military personnel with little coding experience who are paid barely more than minimum wage for the work.
[...]
“If I were an operative, I would look at that as an avenue for extremely valuable access. We need to be very concerned about that,” said Harry Coker, who was a senior executive at the CIA and the National Security Agency. Coker, who also was national cyber director during the Biden administration, added that he and his former intelligence community colleagues “would love to have had access like that.”
[...]
Over the years, various people involved in the work, including a Microsoft cybersecurity leader, warned the company that the arrangement is inherently risky, those people told ProPublica. Despite the presence of an escort, foreign engineers are privy to granular details about the federal cloud — the kind of information hackers could exploit. Moreover, the U.S. escorts overseeing these workers are ill equipped to spot suspicious activity, two of the people said.
[...]
