Get the latest tech news

A Little-Known Microsoft Program Could Expose the Defense Department to Hackers

The Pentagon bans foreign citizens from accessing highly sensitive data, but Microsoft bypasses this by using engineers in China and elsewhere to remotely instruct American “escorts” who may lack expertise to identify malicious code.

National security and cybersecurity experts contacted by ProPublica were also surprised to learn that such an arrangement was in place, especially at a time when the U.S. intelligence community and leading members of Congress and the Trump administration view China’s digital prowess as a top threat to the country. In its statement, Microsoft said it meets regularly with its contractors “to discuss operations and surface questions or concerns.” The company also noted that it has additional layers of “security and monitoring controls” including “automated code reviews to quickly detect and prevent the introduction of vulnerabilities.” Last year, about three months after government investigators released their report on the 2023 hack into U.S. officials’ emails, a former Insight Global contractor named Tom Schiller contacted a Defense Department hotline and wrote to several federal lawmakers to warn them about digital escorting.

Get the Android app