China’s Microsoft Hack May Have Had A Bigger Purpose Than Just Spying

Enlarge this image

When investigators discovered the hack on Microsoft Exchange servers in January, they thought it was about stealing emails. Now they believe China vacuumed up reams of information in a bid to develop better artificial intelligence, or AI.

Matt Chinworth for NPR


hide caption

toggle caption

Matt Chinworth for NPR

Enlarge this image

Steven Adair, the founder of a Virginia-based cybersecurity company called Volexity, was the first to discover the Microsoft Exchange hack in the wild. «The hair is almost rising on my arms right now when I think about it,» he says.

Claire Harbage/NPR


hide caption

toggle caption

Claire Harbage/NPR

Enlarge this image

The hackers were part of a group out of China that Microsoft calls Hafnium. Tom Burt, a vice president at Microsoft who manages the digital crimes unit, says Hafnium emerged on the scene in June 2020.

Jovelle Tamayo for NPR


hide caption

toggle caption

Jovelle Tamayo for NPR


Untangling Disinformation
A ‘Worst Nightmare’ Cyberattack: The Untold Story Of The SolarWinds Hack


National Security
The U.S. Has Formally Accused China Of A Massive Cyberattack On Microsoft

If you have to release a fix anytime before a Patch Tuesday, Kawaguchi said, you ruin somebody’s weekend. Instead of going to a movie, they need to be in the office testing whatever Microsoft has created to make sure it doesn’t somehow lock up something else they have running on their network.

But the metastasis of the Exchange attack at the end of February meant Kawaguchi’s team couldn’t wait. It had to build a fix, release it and push it out to customers right away.

What made this difficult is that, initially, those in-house Exchange servers around the world weren’t something Microsoft could see or had access to. If the affected servers had been in the cloud, the company could have just pushed out a patch and applied it itself. But because they weren’t, Microsoft had to find a way to convince some 350,000 IT administrators running Exchange locally to stop whatever they were doing and patch right away. And that was proving to be hard.

Even putting all that aside, patches are like a ticking time bomb. They don’t just protect systems, they alert criminals around the world how to get into unpatched systems. «Going public you can’t just tell the good guys,» Kawaguchi said. «When we release a patch, the bad guys start reverse engineering it immediately. So we always know when we release that’s the starting gun of a race.»

A government response

Meanwhile, anxiety about the hack was beginning to ripple through the highest levels of the Biden administration. National security adviser Jake Sullivan tweeted out a message urging IT departments to install the patches. The Cybersecurity and Infrastructure Agency released an emergency directive that warned if the malicious activity was left unchecked, it could «enable an attacker to gain control of an entire enterprise network.»

The White House convened a task force — in fact, Microsoft’s Burt was on it — to figure out ways to impress upon the nation’s Exchange administrators just how serious this was.

Even the FBI got involved. It secured a court order so it could legally scan the internet, find servers the Chinese had breached and then proactively remove whatever they might have left there — all without informing the victims first.

«This is an active threat,» press secretary Jen Psaki told reporters at the White House while all this was going on. «Everyone running these servers — government, private sector, academia — needs to act now to patch them.»

Kawaguchi said later, «I think this was probably the first time a tool we built was specifically pointed to in a White House press release. There were aspects of this incident and this campaign that were definitely novel.»

Enlarge this image

«This is an active threat,» White House press secretary Jen Psaki, pictured here in March, told reporters as the hack started to spread. «Everyone running these servers … needs to act now to patch them.»

Samuel Corum/Getty Images


hide caption

toggle caption

Samuel Corum/Getty Images

Enlarge this image

It’s been an open secret for years among intelligence officials that China has been on a campaign to steal massive amounts of data. The Justice Department charged Chinese government-based hackers this year with intellectual property theft.

Toby Scott/SOPA Images/LightRocket via Getty Images


hide caption

toggle caption

Toby Scott/SOPA Images/LightRocket via Getty Images

Microsoft’s Burt says a specialized piece of information was needed to make the Exchange hack work — the specific email address of local Exchange server administrators. Officials say they believe the Chinese got those addresses during a previous cyberattack.

Jovelle Tamayo for NPR


hide caption

toggle caption

Jovelle Tamayo for NPR

In 2017, Chinese scholars were writing more research papers on AI than any other country in the world. China has more than 1,000 AI firms, second only to the U.S., and its universities are churning out computer scientists at breakneck speed.

China has built-in advantages in the information race. It has more than 1 billion people it can (and does) collect information about, and U.S. officials said it has been supplementing all that with large-scale data heists. (The Justice Department indicted four Chinese military hackers this year over intellectual property theft and economic espionage.)

The Cyber Readiness Institute’s Todt said, against that backdrop, the second phase of the Exchange hack — when hackers hoovered up emails and information from tens of thousands of companies — shouldn’t be a surprise.

Stealing information from small- and medium-size businesses out in the American heartland doesn’t immediately suggest espionage. Instead, officials believe the Chinese gather this information to help them construct the informational mosaic they need to build world-class AI. It explains their tendency, Todt said, «to gather and aggregate data and as much as possible and not discriminating where that data comes from.»

The reason we should care about that is because of the role AI plays in our everyday lives. It is becoming the mechanism by which insurance rates are calculated, credit is given, mortgages are approved and health care data is calculated. And Todt said Americans should take a moment to reflect on what it would mean to have a technology that will touch our lives in a myriad of ways built by someone else and, more specifically, China.

«As it builds out its AI, China can social engineer to its priorities, to its mission,» she said. «And that mission may be different from ours.»

admin

Добавить комментарий