“Paper Trail” Podcast: Microsoft’s “Digital Escorts” Left DOD Vulnerable to Chinese Hackers — ProPublica
Arrow Right
Caret
Close
Search ProPublica Search Close<br>ProPublica is a nonprofit, investigative newsroom that exposes<br>corruption. We report in all 50 states and partner with local newsrooms. Our work spurs real-world impact and has received numerous awards, including nine Pulitzer Prizes.
Topics We Cover<br>See All<br>Abortion<br>Civil Rights<br>Courts<br>Criminal Justice<br>Debt<br>Democracy<br>Education<br>Environment<br>Health Care<br>Health Insurance<br>Immigration<br>Labor<br>Mental Health<br>Military<br>Police<br>Politics<br>Pregnancy<br>Prison<br>Racial Justice<br>Regulation<br>Sex and Gender<br>Technology
Our Biggest Series<br>See All<br>Life of the Mother<br>How Abortion Bans Lead to Preventable Deaths
The New Immigration<br>How Recent Arrivals at the Border Have Changed the Country and Its Attitudes
Friends of the Court<br>SCOTUS Justices’ Beneficial Relationships With Billionaire Donors
Description
A source told reporter Renee Dudley something she found hard to believe: that Microsoft was running tech support for the Department of Defense through China, the country’s biggest cybersecurity adversary. The arrangement was called “digital escorting.” She thought it sounded like a conspiracy theory — until she started looking into it. This is the story of what she found and how her investigation changed government policy.
Read the original story here.
Transcript
Editor’s Note: “Paper Trail” is produced as an audio series. If you are able, we encourage you to listen to the series. Transcripts are for reference only and may contain typos. Please confirm accuracy before quoting.
Jessica Lussenhop: ProPublica. Investigative journalism in the public interest.
I have, like most people, I assume, a pretty healthy fear of getting hacked. Ugh, even saying that out loud makes me nervous, like I’m speaking it into existence … but it’s become this fact of our online lives. I’ve gotten three alerts this year about my personal information being hacked.
Nobody’s hacking me, to be clear. I’m not important or rich enough for that. People are hacking the big companies I trusted to keep my information safe. And there’s seemingly nothing I can do about it! Nothing except complain.
Renee Dudley: Everybody loves to complain about Microsoft.
Lussenhop: Really?
Dudley: Yeah.
Lussenhop: This is my ProPublica colleague, who does a lot more than complain when she learns about a big hack.
Dudley: I’m Renee Dudley, and I am a cybersecurity and technology reporter at ProPublica.
Lussenhop: Lately Renee’s been more like our Microsoft reporter.
Dudley: Techies have long held that Microsoft is a legacy company with weaknesses that are just waiting to be exploited by hackers.
Lussenhop: Microsoft is one of the world’s biggest companies and a major supplier of technology to one very important customer.
Dudley: The federal government is actually one of Microsoft’s biggest, if not its biggest, customer and has been for years.
Lussenhop: The Pentagon uses Microsoft for email, calendars, storing files. And Microsoft’s weaknesses that everyone loves to complain about? They’ve already been exploited by our biggest cyber adversaries.
Like in 2017, we learned North Korean hackers targeted 150 countries including the U.S. and the U.K. — creating mayhem in the British health service. In 2020, we learned Russian hackers got access to reams of sensitive U.S. government data. And then there’s China — our most active and persistent cyberthreat. In 2023, Chinese government-backed hackers were able to get their hands on about 60,000 State Department emails from Microsoft Outlook.
Congress held a hearing where a Microsoft executive took responsibility for the hack and promised to address security weaknesses.
All of this is why Renee was surprised when she was on the phone with a Microsoft contact of hers and they told her something kind of wild.
Dudley: A Microsoft source told me, sort of apropos of nothing, we’d been talking about this other story. They said, you know, there’s some crazy stuff going on. You wouldn’t believe this, but Microsoft is running IT support and service for the Defense Department through China. And I was like, “What are you talking about?”
Lussenhop: What they were basically saying is any time the government’s Microsoft products needed updating or fixing, there was a chance that engineers in China were the ones doing it. Meaning engineers there could have access to the U.S. government’s sensitive files.
Dudley: My initial reaction was this cannot be true because it just sounds so far-fetched. I mean, I know that Microsoft has global operations. I know that it’s a massive tech company. They’ve got workers all over the globe. But I’m also by this point familiar with the Defense Department’s rules that prohibit non-U.S. citizens from working on highly sensitive information that we would not want our enemies to know: you know, military secrets and the like.
Lussenhop: These...