'''Primary source:
ProPublica'''
Reporting Highlights
Chinese Tech Support: Microsoft is using engineers in China to help maintain the Defense Department’s computer systems — with minimal supervision by U.S. personnel.
Skills Gap: Digital escorts often lack the technical expertise to police foreign engineers with far more advanced skills, leaving highly sensitive data vulnerable to hacking.
Ignored Warnings: Various people involved in the work told ProPublica that they warned Microsoft that the arrangement is inherently risky, but the company launched and expanded it anyway.
Microsoft is using engineers in China to help maintain the Defense Department’s computer systems — with minimal supervision by U.S. personnel — leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found.
The arrangement, which was critical to Microsoft winning the federal government’s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage.
But these workers, known as “digital escorts,” often lack the technical expertise to police foreign engineers with far more advanced skills, ProPublica found. Some are former military personnel with little coding experience who are paid barely more than minimum wage for the work.
“We’re trusting that what they’re doing isn’t malicious, but we really can’t tell,” said one current escort who agreed to speak on condition of anonymity, fearing professional repercussions.
The system has been in place for nearly a decade, though its existence is being reported publicly here for the first time.
Microsoft told ProPublica that it has disclosed details about the escort model to the federal government. But former government officials said in interviews that they had never heard of digital escorts. The program appears to be so low-profile that even the Defense Department’s IT agency had difficulty finding someone familiar with it. “Literally no one seems to know anything about this, so I don’t know where to go from here,” said Deven King, spokesperson for the Defense Information Systems Agency.
National security and cybersecurity experts contacted by ProPublica were also surprised to learn that such an arrangement was in place, especially at a time when the U.S. intelligence community and leading members of Congress and the Trump administration view China’s digital prowess as a top threat to the country.
The Office of the Director of National Intelligence has called China the “most active and persistent cyber threat to U.S. Government, private-sector, and critical infrastructure networks.” One of the most prominent examples of that threat came in 2023, when Chinese hackers infiltrated the cloud-based mailboxes of senior U.S. government officials, stealing data and emails from the commerce secretary, the U.S. ambassador to China and others working on national security matters. The intruders downloaded about 60,000 emails from the State Department alone.
With President Donald Trump and his allies concerned about spying, the State Department announced plans in May to “aggressively revoke visas for Chinese students” — a pledge that the president seems to have walked back. The administration is also trying to arrange the sale of the popular social media platform TikTok, which is owned by a Chinese company that some lawmakers believe could hand over sensitive U.S. user data to Beijing and fuel misinformation with its content recommendations. But experts told ProPublica that digital escorting poses a far greater threat to national security than either of those issues and is a natural opportunity for spies.
moar…
https://www.propublica.org/article/microsoft-digital-escorts-pentagon-defense-department-china-hackers