Microsoft is using engineers in China to help maintain the Defense Department’s computer systems — with minimal supervision by U.S. personnel — leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found.
A ProPublica investigation has uncovered that Microsoft is relying on engineers based in China to help maintain sensitive computer systems for the U.S. Department of Defense, with only minimal oversight from U.S. personnel. This arrangement, which Microsoft deems critical to winning the Pentagon’s cloud computing business, could potentially expose some of the country’s most sensitive data to espionage and hacking by China.
The system relies on U.S. workers with security clearances, known as “digital escorts,” to supervise the Chinese engineers and serve as a firewall against malicious activities. However, ProPublica found that these escorts often lack the advanced technical skills needed to effectively monitor the foreign workers, who possess far greater coding expertise. Some escorts are ex-military with little software engineering experience, earning barely above minimum wage.
While Microsoft claims it has disclosed details of this escort model to the government, former U.S. officials interviewed said they were unaware of the arrangement. Cybersecurity experts were also surprised, noting that this setup presents a prime opportunity for Chinese operatives to infiltrate U.S. networks.
The Defense Department mandates that only U.S. citizens, nationals or permanent residents handle its most sensitive data. Microsoft’s digital escort program appears to be a workaround to leverage its global workforce while still bidding for Pentagon contracts. Here’s how it works:
A China-based Microsoft engineer submits a digital “ticket” to perform maintenance. A U.S.-based escort picks up the ticket. The two meet virtually, where the engineer relays commands for the escort to input into the federal cloud system, without the escort necessarily understanding the code. This provides an opening to potentially insert malicious code that goes undetected.
While Microsoft states it has monitoring safeguards in place, insiders warn the knowledge gap between the engineers and escorts is too vast to mitigate the risks. Staffing firms like Insight Global that supply the escorts look for candidates with security clearances, not coding skills. One escort called it “trusting that what they’re doing isn’t malicious” without really being able to tell.
Concerns about the security risks were raised to Microsoft multiple times over the years, even by one of its own cybersecurity leaders, but the company expanded the escort program anyway. Experts say any visibility into Pentagon networks presents a huge espionage risk, especially given the rising tensions with China and its sweeping authority to compel citizens to aid intelligence efforts.
Read more at ProPublica here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.
Read the full article here
