After Chinese hackers were able to hack into U.S. government email accounts last week, Microsoft’s security systems are now under fire from Congress.
A cyber gang based in China was accused of stealing emails from senior U.S. officials in a major security breach through a weakness in Microsoft MSFT.O software.
The attacks were allegedly able to access the email accounts of top State Department employees and U.S. Commerce Secretary Gina Raimondo, the Cybersecurity and Infrastructure Security Agency announced on July 12.
Chinese Hackers Breach US Government Databases
Microsoft said that the breach took advantage of a still-undisclosed security issue with the company’s online email service and not through hacking computers or stealing passwords.The tech firm accused “Storm-0558,” a Chinese hacking outfit, of forging digital authentication tokens to access email accounts running on the firm’s Outlook service starting in May.
The group has also focused on espionage against governments in Europe and has accessed the cloud-based Outlook email systems of 25 organizations, including multiple government agencies in the EU.
The CCP normally denies involvement in hacking operations in China, even if actual evidence or context is presented.
Congress Concerned About Microsoft’s Contract With Federal Agencies
Members of Congress have been raising concerns for months over government departments’ increasing reliance on Microsoft for cybersecurity tools and services.“The Senate Intelligence Committee is closely monitoring what appears to be a significant cybersecurity breach by Chinese intelligence,” he said in a statement, said Sen. Mark Warner (D-Va.), chairman of the Senate Select Committee on Intelligence, who called for heightened efforts to counter the cyber threat posed by China following the hack.
“It’s clear that the PRC is steadily improving its cyber collection capabilities directed against the U.S. and our allies. Close coordination between the U.S. government and the private sector will be critical to countering this threat,” said
Senator Ron Wyden (D-OR) said that Microsoft should offer all its customers full forensic capabilities, saying that “charging people for premium features necessary to not get hacked is like selling a car and then charging extra for seatbelts and airbags.”
Congressional legislators have also complained that the move shuts out other vendors and use of off-the-shelf security software could pose a risk.
The Pentagon replaced the program with Microsoft’s in-house security tools, which are typically offered with its business software packages and cost taxpayers $543 million.
The Maryland congressman also asked whether the deal made the U.S. military dependent on a single IT provider, whose software may be inferior to rivals, while the operational costs rise over time.
“It is critical that DOD pursue a fair and open competition that ensures procurements for cybersecurity solutions are based on technical merits and are not limited to a single one-size-fits-all enterprise solution,” Ruppersberger wrote in the February 23 letter, a copy of which was obtained by Newsweek.
The Epoch Times reached out to Microsoft for comment.
More Companies and Governments Look to Microsoft for Security Needs
Private individuals, companies, and governments for years have been using Microsoft to manage their emails, spreadsheets, and other data off their own servers.The Redmond, Washington-based tech company’s suite of office software has been touted as cost-effective and easy to integrate at the same time.
The process of transferring an organization’s data and services to a big tech firm has been termed by the industry as “moving to the cloud.”
Cloud systems have been welcomed by small organizations that lack the resources to run their own IT or security departments.
However, smaller competitors have accused Microsoft of squeezing them out of the market through lucrative contracts and creating a monopoly over the cybersecurity sector.
Rival firms warn that the company’s growing lock on the market and the favoritism that it receives from the private and public sectors are putting too many eggs into one basket and endangering security.
“Organizations need to invest in security,” CrowdStrike’s Adam Meyers wrote to CNBC.
“Having one monolithic vendor that is responsible for all of your technology, products, services and security can end in disaster.”
Amit Zavery, a Google VP and head of Google’s Cloud division and who happens to work for one of Microsoft’s chief rivals, called on the U.S. government to rethink its deal with the tech giant.“Security is a team sport, but it’s hard to defend when only one team is giving up goals. “Monoculture” in govt productivity software creates an easy attack surface. I hope this latest in a series of incidents pushes the U.S. govt to look at alternatives, said Zavery, in a post on Twitter.
