Microsoft's "Digital Escorts" Left DoD Vulnerable to Chinese Hackers
6 hours ago
- #cybersecurity
- #government-contracts
- #investigative-journalism
- Microsoft reportedly used engineers based in China to provide IT support and services for the U.S. Department of Defense's cloud systems, a practice known as 'digital escorting'.
- Digital escorting involved a U.S.-based worker with security clearance copy-pasting code from a China-based engineer into Defense Department systems, creating a potential security vulnerability.
- The investigation, led by ProPublica reporter Renee Dudley, uncovered the practice through job ads, LinkedIn profiles, patent documents, and interviews with digital escorts.
- Microsoft defended the arrangement as government-approved, but the Defense Information Systems Agency (DISA) initially claimed no knowledge of it until directed to a specific security plan document.
- Following the publication of the story, Microsoft stopped using China-based engineers for Defense Department cloud support, and a new law was signed banning adversarial country-based personnel from accessing Pentagon cloud systems.