Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security China Microsoft

China's Microsoft Hack May Have Had A Bigger Purpose Than Just Spying (npr.org) 43

An anonymous reader shares a report: Steven Adair hunts hackers for a living. Back in January, in a corner-of-his-eye, peripheral kind of way, he thought he saw one in his customer's networks -- a shadowy presence downloading emails. Adair is the founder of a cybersecurity company called Volexity, and he runs traps to corner intruders all the time. So he took a quick look at a server his client was using to run Microsoft Exchange and was stunned to "see requests that we're not expecting," he said. There were requests for access to specific email accounts, requests for confidential files. He followed all this requested information to a virtual server off-site. "The hair is almost rising on my arms right now when I think about it," Adair told NPR later. "This feeling of like, oh, crap this is not what should be going on." What Adair discovered was a massive hack into Microsoft Exchange -- one of the most popular email software programs in the world. For nearly three months, intruders helped themselves to everything from emails to calendars to contacts. Then they went wild and launched a second wave of attacks to sweep Exchange data from tens of thousands of unsuspecting victims. They hit mom-and-pop shops, dentist offices, school districts, local governments -- all in a brazen attempt to vacuum up information.

Both the White House and Microsoft have said unequivocally that Chinese government-backed hackers are to blame. NPR's months-long examination of the attack -- based on interviews with dozens of players from company officials to cyber forensics experts to U.S. intelligence officials -- found that stealing emails and intellectual property may only have been the beginning. Officials believe that the breach was in the service of something bigger: China's artificial intelligence ambitions. The Beijing leadership aims to lead the world in a technology that allows computers to perform tasks that traditionally required human intelligence -- such as finding patterns and recognizing speech or faces. "There is a long-term project underway," said Kiersten Todt, who was the executive director of the Obama administration's bipartisan commission on cybersecurity and now runs the Cyber Readiness Institute. "We don't know what the Chinese are building, but what we do know is that diversity of data, quality of data aggregation, accumulation of data is going to be critical to its success."

This discussion has been archived. No new comments can be posted.

China's Microsoft Hack May Have Had A Bigger Purpose Than Just Spying

Comments Filter:
  • You have to do a lot of hard work spying the old fashioned way to get enough data to train your AI to spy for you.

    Then it's time to take over the world.
    • by ShanghaiBill ( 739463 ) on Thursday August 26, 2021 @05:25PM (#61733837)

      It is pure conjecture that the Chinese are collecting this data to "train an AI". Occam's Razor says otherwise.

      Also, if your system is hacked because of lackadaisical security, just blame "Chinese government-backed hackers" for a get-out-of-jail-free card.

      • "Also, if your system is hacked because of lackadaisical security, just blame "Chinese government-backed hackers" for a get-out-of-jail-free card."

        What I came to post. The NPR article, or a Microsoft blog it refers to, both offer no information in support of the Chinese government-backed claim.

      • by sphealey ( 2855 )

        - - - - - It is pure conjecture that the Chinese are collecting this data to "train an AI". Occam's Razor says otherwise. - - - -

        In combination with other cracks over the last 10 year - particularly the US Government Office of Personnel Management database download - it seems far more likely that some intelligence agency is building a Facebook-type shadow database which contains profile records for not just everyone whose information is collectable online (easy!), but a shadow profile of people who do not

      • "Also, if your system is hacked because of lackadaisical security, just blame "Chinese government-backed hackers" for a get-out-of-jail-free card." - how does that work? The only reason why they get a free pass every time is because they used Microsoft software and/or services and as we all know, no one gets fired for buying Microsoft.
      • by sg_oneill ( 159032 ) on Friday August 27, 2021 @12:45AM (#61734583)

        Dude, just because security agencies arent sharing classified information, doesn't mean it doesn't exist.

        Its healthy to be sceptical of these people. But I dont see the advantage in lying. I'd say most of these agencies would prefer it if china was behaving itself. Chinese manufacturing is frankly the basis of a lot of western wealth. Losing that would be an economic catastrophe, and frankly an economic war the US wouldn't win. Decades of neoliberal capital flight as seen to that. In that respect I'd be more likely to think the agencies are *minimising* how bad it really is.

        I worked at a large mining company that was regularly being assailed by foreign hackers trying to get in, these hackers rarely used Tor and always traced to addresses in china. Now maybe it was hijacked servers in china, but private data sharing with other groups indicated that these addresses where regular offenders in some very sophisticated hacks. It looked pretty clear that *somebody* was trying to get into our databases looking for information about primary exports. That doesnt sound like script kiddies to me.

      • i'm sure they are looking at other things like, new accounts closely matching gathered account names, old social media accounts suddenly becoming active (plenty of ill spirited perverts on discord for example)...and they have admitted in the past to similar practices when similar hacks have happened while admitting some actions were for training purposes ....ironic how they wont open their internet to outside data points, to train machines, but everyone else's data should be open and available, to train mac
      • What if it is 'just' spying? If you want to conquer a country you need to know how it operates. Or if you want to take over their industry, you need to steal trade secrets and operating procedures. It's a lot easier to do now that everything is digital - no need to even get your people hired into organisations!
      • Any large company will not be surprised. The big miners have entire teams dedicated to defending against attacks from Chinese hackers. There is plenty of evidence.
  • Round 2. (Score:3, Funny)

    by Ostracus ( 1354233 ) on Thursday August 26, 2021 @04:42PM (#61733705) Journal

    "We don't know what the Chinese are building, but what we do know is that diversity of data, quality of data aggregation, accumulation of data is going to be critical to its success."

    Trump 2: The AI president.

    • Artificial intelligence is a good first step towards the real thing.

    • "One day, machines will exceed human intelligence." -- Ray Kurzweil

      "Only if we meet them half-way." -- Dave Snowden

      Trump's election & continued popularity seems to indicate that Americans are indeed willing to meet AI half-way.

      • Where did you get those quotes. I was trying to source them and I found your 2018 post and rays but not daves.

        • The Dave Snowden quote was an off the cuff remark he made during a conference a few years ago in Berlin. It was recorded so you may be able to find it on YouTube or Vimeo. He's well worth reading/watching. Has some great insights into managing complexity within organisations.
    • by AmiMoJo ( 196126 )

      Don't even joke about it. After 2016 all the effort went into detecting bots and networks of fake accounts, and the big social networks aren't even very good at that.

      If someone develops an AI that can create plausible accounts and posts that aren't just copy/paste we are in real trouble.

  • by gweihir ( 88907 ) on Thursday August 26, 2021 @05:14PM (#61733795)

    ... then they are so screwed that the rest of the world does really only need wait for them to notice how stupid they have been. AI (Artificial Ignorance) will never be able to replace humans. It just is missing that essential "insight" component. Even a complete human moron is far superior to what AI will ever be capable of doing in that space. Now, there may be other, yet undiscovered approaches to getting human-like intelligence in machines, but it looks increasingly unlikely to even be possible at all. Current AI approaches can certainly not do it.

    • by VeryFluffyBunny ( 5037285 ) on Thursday August 26, 2021 @05:40PM (#61733897)
      Well if the Chinese use the US population to train their AI, we can expect some pretty wacky, random behaviour from it.
    • by Tablizer ( 95088 )

      Even a complete human moron is far superior to what AI will ever be capable of doing

      But the USA makes some pretty top-dog morons.

    • by AmiMoJo ( 196126 )

      China actually seems to understand this stuff far better than most Western governments. In fact they just started a public consultation on proposals to regulate recommendations, for example: http://www.cac.gov.cn/2021-08/... [cac.gov.cn]

      The level of deep understanding of the issues and how to solve them is impressive.

      - Users must be able to view the keywords and other metrics that recommendations are based on.
      - Users must be able to delete those keywords easily.
      - Users must be informed when and why content is recommende

      • China actually seems to understand this stuff far better than most Western governments. In fact they just started a public consultation on proposals to regulate recommendations, for example: http://www.cac.gov.cn/2021-08/... [cac.gov.cn]

        The level of deep understanding of the issues and how to solve them is impressive.

        - Users must be able to view the keywords and other metrics that recommendations are based on. - Users must be able to delete those keywords easily. - Users must be informed when and why content is recommended by algorithm. It must be clearly labelled. - Recommendations can't be designed to encourage excessive consumption (i.e. sell you shit). - Opt out showing generic suggestions must be available. - No recommending extremist/anti-vaxx/global warming denialists etc. - No bots, no fake likes, no click farms. - Algos controlling work (e.g. Uber drivers) must avoid creating brutal conditions or perverse incentives. - No discrimination by algorithm, they must treat everyone equally. - Mandatory security and safety inspections.

        Really the only objectionable parts are the usual social control stuff and the fact that the fines for violating these rules are too low. The bulk of it is something I wish our politicians understood. It's possible that rather than nefarious schemes, China is mostly interested in not letting algorithms get out of control like they have elsewhere.

        on the surface? you bet. but how much of these reforms will be relevant to the average citizen. china NEVER distributes regulation evenly or to benefit those outside china....

        • by AmiMoJo ( 196126 )

          Country doesn't design its laws to benefit people living in other countries. Yeah I don't think that quite as unusual as you seem to think.

          As for how it helps the average citizen, well not falling down the conspiracy BS rabbit hole certainly seems like a benefit.

          • Country doesn't design its laws to benefit people living in other countries. Yeah I don't think that quite as unusual as you seem to think.

            As for how it helps the average citizen, well not falling down the conspiracy BS rabbit hole certainly seems like a benefit.

            But they are not above going to the international community to "demand" their help for the sake of the "poor in their country", the UN comes to mind, on the matter of being "allowed" to help develop common IT infrastructure. Only to attack it, then deny that as conspiracy I guess.

      • by gweihir ( 88907 )

        Sounds nice, is pretty meaningless for "AI". For example, the first 3 all fall completely on their face for a neural net.

        Also, "deep understanding"? All these issues and recommendations have been excessively discussed in public.

  • by layabout ( 1576461 ) on Thursday August 26, 2021 @05:28PM (#61733843)
    I used to see technology (encryption, networks etc.) as a tool for freedom and enabling spread of information. China showed how it can be weaponized to oppressed people with a very fine degree of granularity. I think the Chinese president Pooh bear is right that the future is not democracy because it's incompatible with a technologically advanced civilization.
    • I think the Chinese president Pooh bear is right that the future is not democracy because it's incompatible with a technologically advanced civilization.

      That's a rotten to the core absurdity. Advanced technology is a tool that has many uses, both good and bad. It can support a democracy/republic, or it can destroy it.

      What is incompatible with a technologically advanced democracy is an apathetic electorate that doesn't hold its leadership to account for its use of that technology, and allows that leadership to abuse it. An electorate that votes against its own self-interest (we've actually seen many people here on Slashdot argue for their employer's right to

    • The same can be said for virtually any information. Should I share the secrets of fire? Someone could get hurt if I do. Honestly there will always be people that will find ways to exploit anything, anyone at anytime for personal gain without regard for anyone but them. China is going to have its hands full with the destabilization of Afghanistan, they are neighbors and China does not always have a great record with Islamic people. Uighurs I believe have some issues at the moment there.
    • by h4rr4r ( 612664 )

      Yes, people get older and wiser over time.
      Spread of information is not always a good thing. See the anti-vaxxers and the damage they are doing to our nation and it's economy.

    • by AmiMoJo ( 196126 )

      I find what Russia did in the US and UK far scarier than what China does. The way a relatively small, low cost effort snowballed into something that resulted in an armed insurrection against the government, and the biggest act of self-harm a developed nation has ever inflicted on itself...

      Even now half the people are in denial about it, and we don't really know how to stop it happening again next time.

  • Clearly, the Chinese Small Dong is rising! We must lop it off at the base before they can get it fully erected! Now, where is my cigar cutter?
  • I hope that a host of trojan horses were mixed in with all the info scooped up

  • Comment removed based on user account deletion
  • by saccade.com ( 771661 ) on Thursday August 26, 2021 @06:19PM (#61734001) Homepage Journal
    If the spies scooped up mountains of email, this would be particularly useful for creating highly targeted spear-phishing attacks. Yikes.
  • Amazing that the insurance industry even allows anyone to use Microsoft Exchange or other Microsoft products with out voiding their commercial liability insurance.
  • "Microsoft Exchange -- one of the most popular email software programs in the world".

    Most widely used, certainly.

  • by tiqui ( 1024021 ) on Friday August 27, 2021 @03:44AM (#61734823)

    State-sponsored hackers with a very sophisticated capability to hack Windows? How could they possibly [china.org.cn] do this, and did anybody warn [zdnet.com] this was possible?

    Microsoft has, like many American tech firms, long had dreams of making an even higher pile of cash by being in the China "market" (which cannot exist in a Communist country, which China claims it is) where there are billions of "consumers" (who SHOULD only consume "according to their needs". right?) and this craven desire has driven insane recklessness and unprincipled actions - they've shown the source to windows to a number of governments, some of which [china.org.cn] are quite evil. The world's worst dictators can be trusted to have their expert coders see the sources, but YOU cannot be trusted (Windows is NOT open-sourced, even though YOUR life may depend on it, given that it's almost certainly running at your local hospital and your doctor's office).

    Question EVERYTHING large powerful entities tell you...

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...