Microsoft Uses Chinese Engineers To Maintain Defense Department Systems Under Minimal US Oversight
- Reference: 0178381162
- News link: https://slashdot.org/story/25/07/15/1345208/microsoft-uses-chinese-engineers-to-maintain-defense-department-systems-under-minimal-us-oversight
- Source link:
"We're trusting that what they're doing isn't malicious, but we really can't tell," one current escort told the publication. The arrangement, critical to Microsoft winning federal cloud computing contracts a decade ago, handles sensitive but unclassified government data including materials that directly support military operations. Former CIA and NSA executive Harry Coker called the system a natural opportunity for spies, saying "If I were an operative, I would look at that as an avenue for extremely valuable access."
[1] https://www.propublica.org/article/microsoft-digital-escorts-pentagon-defense-department-china-hackers
Re: (Score:2)
Jesus, man. Is butthurt really your entire personality?
Your political misery is not even tangentially related to this post, yet here you are with this horseshit.
This post is about Microsoft and it's poor to nonexistent security practices when dealing with a very high security client(DoD). It's nothing about U.S politics or immigrants or anything else you whinge about.
Re: (Score:2)
This was to solve the dietary problem where American's were consuming too much produce and unprocessed food. Now that it's finally too expensive, we'll get back to hot-dogs and bologna as God intended.
Two Reasons (Score:3)
1. Indians are getting expensive.
2. There are not enough H1Bs(See #1.)
Re: (Score:3)
> 1. Indians are getting expensive.
> 2. There are not enough H1Bs(See #1.)
I have a friend who works for a US company that has started hiring remote workers in Nepal because "people in India are too expensive". He has no idea what they will do when people in Nepal get "too expensive". His company basically froze hiring in India and while the current Indian workers aren't in any immediate danger of losing their jobs, he told me all of them got moved into contracting jobs that his company can end at any time. He was in low level management for a while and in his current job he
Re:Two Reasons (Score:5, Informative)
> 1. Indians are getting expensive.
> 2. There are not enough H1Bs(See #1.)
3. American corporations put profit above all else.
4. Corporations enjoy the best government, the best legislation, and the laxest enforcement their money can buy when it comes to oversight and enforcement.
5. The "fines" which pass for deterrence and punishment are laughably small.
Microsoft does the cheapest crap they can (Score:3)
... that they think they can get away with. So this is absolutely no surprise. Caveat Emptor.
I evaluated a system like this for a major bank about 15 years ago. We concluded that you need two people (!) with significantly higher skill and systems knowledge (!) that per person supervised and in addition a system where every line the non-trusted person types gets released by the "escorts" after analysis for it to become effective. We did run some experiments with two experts and the "malicious" person was easily able to slip things past the "supervisor". The bank still accepted the system because it was cheaper. And yes, they had a major (non-published) security incident later as a result were one engineer did install a backdoor under this system and was only caught weeks later. The backdoor was just for remote work, so they got lucky. (The person that installed the backdoor was not very smart.) But it nicely shows that such a supervision system does not work unless you invest high effort and then any cost savings are gone.
How, just how do we outsource our security? (Score:2)
Seriously WTF. The contortions they go through to outsource. First, it's apparently cheaper to hire a dummy with a security clearance (so-called escort) and a Chinese programmer than just hire a U.S. citizen! Actual security be damned! Management, including the U.S. government thinks this is a good idea (detractors voicing concern are ignored as usual).
Second, if you have to review even moderately complex code, it usually takes more time to review than write it, even if you are more skilled than the
Re: (Score:2)
Profits uber alles! No, really. Security is less important than making money.
The cloud makes it better (Score:1, Troll)
If you don't understand that, then you are stuck in the old paradigm. Watch this [1]video [youtube.com] if you want to see an expert explain the strategy for transitioning to the cloud.
[1] https://m.youtube.com/watch?v=_73NU6OlNuw&pp=0gcJCfwAo7VqN5tD
Re: (Score:2)
please pay attention, we are on the AI bandwagon now.
This sentence puts the hammer in facepalm. (Score:4, Funny)
> "We're trusting that what they're doing isn't malicious, but we really can't tell," one current escort told the publication.
We truly are living in the stupidest timeline. Who in their right god damned mind would let this happen?
Re: (Score:3)
Globalists - who are of course out of their GDed minds.
That is who let this happen. It all stems from the same anti-nationalist mentality that emerged after the second world war and was allowed to take over western academia.
The thinking goes if everyone depends on everyone else nobody will fight any more. Of course reality is not all dependence is created equal. Leaders like Xi understand depending on a consumer market is different then depending on supplier. Sure if they decided to start WWIII we'd quit
Re: (Score:3)
Nationalism will doom the planet. Globalism is the way forward for humanity. Consider, 500 years ago, it would take days to travel to two cities within the same country (for example Berlin to Munich.) Now, people can travel to any country in the world in less than 24 hours. Within a few centuries there would inevitably be little to no cultural differences. Tribalism will lead to evil -- note various cultures will still be studied and preserved the same way people do Celtic dance today.
Deeply insufficient (Score:3)
> "We're trusting that what they're doing isn't malicious, but we really can't tell," one current escort told the publication.
The purpose of their presence is obviously a CYA move by Microsoft so they can say, "well we had people watching them" when it hits the fan.
Anyone using Microsoft Azure should assume all their data is being collected for use by the CCP.
> National security and cybersecurity experts contacted by ProPublica ...
> A Microsoft contractor called Insight Global posted an ad in January seeking an escort to bring engineers without security clearances “into the secured environment” of the federal government and to “protect confidential and secure information from spillage,” an industry term for a data leak. The pay started at $18 an hour.
Yeah, this seems like a pretty clear violation of the law. Someone is going to jail for this and anyone who knew about it is losing their security clearance.
and what about the other system ? (Score:2)
you know the one that allowed the current one to be put in place, the politicians are so bent Im suprised they can remeber who bought them this week,
What could possibly go wrong? (Score:2)
Do I even have to spell this out? WTF is wrong with the military command that would allow this?
Security Through Theatrics (Score:2)
> We're trusting that what they're doing isn't malicious, but we really can't tell," one current escort told the publication.
Narrator: some of them are doing malicious things.
Security theater at its finest. At least the escort can tell that they are not obviously goofing off, maybe the only thing Micro$oft cares about.
Meanwhile Europe let (Score:2)
US companies manage our critical infrastructure. Or is it really to China?
That's ridiculous (Score:4, Funny)
We use North Koreans pretending to be Chinese to manage the European infrastructure.
As always big business and profit will always take precedence over safety and security.
Re: (Score:2)
Oh?
Tell me more!