- Malicious code injection: Escorts may unknowingly execute scripts that compromised system integrity.
- Espionage potential: Chinese language engineers had visibility into system structure and workflows, providing a vector for intelligence assortment.
- Compliance laundering: The escort mannequin allowed Microsoft to technically meet federal necessities whereas sidestepping their intent.
Harry Coker, former CIA and NSA government, referred to as this system a “pure alternative for spies.” Jeremy Daum of Yale Regulation Faculty emphasised that Chinese language regulation makes it tough for residents or firms to withstand authorities knowledge requests, “That’s the chance baked into cross-border help.”
As a long-in-the-tooth former HUMINT officer myself, I’ll say it plainly: If I had created a channel the place trusted insiders piped code into techniques of curiosity, I’d have created an intelligence superhighway, one so environment friendly and self-sustaining, it will rival the notorious self-licking ice cream cone. Magnificence is the duvet: believable cyber administrative or compliance duties.
In Microsoft’s protection and primarily based on the broad lack of know-how throughout the DoD, there doesn’t appear to have been any guardrails to stop this from occurring as former DoD CIO John Sherman through the Biden administration advised ProPublica, “I most likely ought to have identified about this.” He opined that the system is a significant security danger for the division and referred to as for a “thorough evaluation by DISA, Cyber Command, and different stakeholders.”
