Replies to post #449644 on Tornado Alley (PROG)

[fuagf]

2021 -- China's Microsoft Hack May Have Had A Bigger Purpose Than Just Spying

"Hackers behind Microsoft outage most likely Russian-backed group aiming to ‘drive division’ in the west"

August 26, 20215:00 AM ET
Heard on All Things Considered

By Dina Temple-Raston

Transcript


When investigators discovered the hack on Microsoft Exchange servers in January, they thought it was about stealing emails. Now they believe China vacuumed up reams of information in a bid to develop better artificial intelligence, or AI. Matt Chinworth for NPR

Steven Adair hunts hackers for a living. Back in January, in a corner-of-his-eye, peripheral kind of way, he thought he saw one in his customer's networks — a shadowy presence downloading emails.

Adair is the founder of a cybersecurity company called Volexity, and he runs traps to corner intruders all the time. So he took a quick look at a server his client was using to run Microsoft Exchange and was stunned to "see requests that we're not expecting," he said. There were requests for access to specific email accounts, requests for confidential files.

He followed all this requested information to a virtual server off-site. "The hair is almost rising on my arms right now when I think about it," Adair told NPR later. "This feeling of like, oh, crap this is not what should be going on."

What Adair discovered was a massive hack into Microsoft Exchange — one of the most popular email software programs in the world. For nearly three months, intruders helped themselves to everything from emails to calendars to contacts. Then they went wild and launched a second wave of attacks to sweep Exchange data from tens of thousands of unsuspecting victims. They hit mom-and-pop shops, dentist offices, school districts, local governments — all in a brazen attempt to vacuum up information.

Both the White House and Microsoft have said unequivocally that Chinese government-backed hackers are to blame.

NPR's months-long examination of the attack — based on interviews with dozens of players from company officials to cyber forensics experts to U.S. intelligence officials — found that stealing emails and intellectual property may only have been the beginning. Officials believe that the breach was in the service of something bigger: China's artificial intelligence ambitions. The Beijing leadership aims to lead the world in a technology that allows computers to perform tasks that traditionally required human intelligence — such as finding patterns and recognizing speech or faces.

"There is a long-term project underway," said Kiersten Todt, who was the executive director of the Obama administration's bipartisan commission on cybersecurity and now runs the Cyber Readiness Institute. "We don't know what the Chinese are building, but what we do know is that diversity of data, quality of data aggregation, accumulation of data is going to be critical to its success."

The break-in

The intruders broke into Exchange by finding a handful of coding errors that gave them entry into Exchange servers and then allowed them to take control. Vulnerable systems just needed to satisfy two conditions: They had to be connected to the internet and controlled locally by the company's IT department, something known in cyber lingo as "on premises," or "on prem." (Microsoft's Office 365 wasn't swept up in the breach because it runs in the cloud, which offers more protection.)

[...]

Even putting all that aside, patches are like a ticking time bomb. They don't just protect systems, they alert criminals around the world how to get into unpatched systems. "Going public you can't just tell the good guys," Kawaguchi said. "When we release a patch, the bad guys start reverse engineering it immediately. So we always know when we release that's the starting gun of a race."

A government response

Meanwhile, anxiety about the hack was beginning to ripple through the highest levels of the Biden administration. National security adviser Jake Sullivan tweeted ..

We are closely tracking Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defense industrial base entities. We encourage network owners to patch ASAP: https://t.co/Q2K4DYWQud

— Jake Sullivan Archived (@JakeSullivan46) March 5, 2021

.. out a message urging IT departments to install the patches. The Cybersecurity and Infrastructure Agency released an emergency directive .. https://us-cert.cisa.gov/ncas/current-activity/2021/03/03/cisa-issues-emergency-directive-and-alert-microsoft-exchange .. that warned if the malicious activity was left unchecked, it could "enable an attacker to gain control of an entire enterprise network."

The White House convened a task force .. https://www.whitehouse.gov/briefing-room/statements-releases/2021/03/17/statements-by-press-secretary-jen-psaki-deputy-national-security-advisor-for-cyber-anne-neuberger-on-microsoft-exchange-vulnerabilities-ucg/ — in fact, Microsoft's Burt was on it — to figure out ways to impress upon the nation's Exchange administrators just how serious this was.

Even the FBI got involved. It secured a court order so it could legally scan the internet, find servers the Chinese had breached and then proactively remove whatever they might have left there — all without informing the victims first.

"This is an active threat," press secretary Jen Psaki told reporters at the White House while all this was going on. "Everyone running these servers — government, private sector, academia — needs to act now to patch them."

Kawaguchi said later, "I think this was probably the first time a tool we built was specifically pointed to in a White House press release. There were aspects of this incident and this campaign that were definitely novel."


"This is an active threat," White House press secretary Jen Psaki, pictured here in March, told reporters as the hack started to spread. "Everyone running these servers ... needs to act now to patch them." Samuel Corum/Getty Images

Kawaguchi said in his nearly 20 years at Microsoft, he'd never seen an attack scale up so quickly. And the breadth of it seemed out of character; nation-state hackers tend to have very targeted goals, he said — they know what they want and they gather it up quietly. In this case, the Chinese were acting like cybercriminals seemingly unconcerned about who or what might get caught up in their attack.

[... to end ...]

In 2017, Chinese scholars were writing more research papers on AI than any other country in the world. China has more than 1,000 AI firms, second only to the U.S., and its universities are churning out computer scientists at breakneck speed.

China has built-in advantages in the information race. It has more than 1 billion people it can (and does) collect information about, and U.S. officials said it has been supplementing all that with large-scale data heists. (The Justice Department indicted .. https://www.justice.gov/opa/pr/four-chinese-nationals-working-ministry-state-security-charged-global-computer-intrusion .. four Chinese military hackers this year over intellectual property theft and economic espionage.)

The Cyber Readiness Institute's Todt said, against that backdrop, the second phase of the Exchange hack — when hackers hoovered up emails and information from tens of thousands of companies — shouldn't be a surprise.

Stealing information from small- and medium-size businesses out in the American heartland doesn't immediately suggest espionage. Instead, officials believe the Chinese gather this information to help them construct the informational mosaic they need to build world-class AI. It explains their tendency, Todt said, "to gather and aggregate data and as much as possible and not discriminating where that data comes from."

The reason we should care about that is because of the role AI plays in our everyday lives. It is becoming the mechanism by which insurance rates are calculated, credit is given, mortgages are approved and health care data is calculated. And Todt said Americans should take a moment to reflect on what it would mean to have a technology that will touch our lives in a myriad of ways built by someone else and, more specifically, China.

"As it builds out its AI, China can social engineer to its priorities, to its mission," she said. "And that mission may be different from ours."

https://www.npr.org/2021/08/26/1013501080/chinas-microsoft-hack-may-have-had-a-bigger-purpose-than-just-spying

[fuagf]

Optus to face $100 million penalty for unconscionable conduct selling products to vulnerable customers

"Hackers behind Microsoft outage most likely Russian-backed group aiming to ‘drive division’ in the west"

Corporate practice can be more dangerous than hackers. Remember the WFC:
* Many lenders providing housing loans did not closely assess borrowers’ abilities to make loan repayments.
https://www.rba.gov.au/education/resources/explainers/the-global-financial-crisis.html

By business reporter Stephanie Chalmers

Wed 18 Jun
Wednesday 18 June


Telco Optus has admitted it failed customers and should have reacted faster to the misconduct. (AAP: Bianca De Marchi)

In short:

The consumer watchdog and Optus have agreed the telco should pay a$100
million penalty, after it admitted to inappropriate sales practices and misconduct.

More than 400 customers, many vulnerable or experiencing disadvantage, were sold
phones or signed up to contracts they did not want or need, or couldn't afford or use.

What's next?

The Federal Court will need to approve the penalty and orders on customer compensation and the way sales staff are paid.

Optus has admitted to engaging in unconscionable conduct and has agreed to a $100 million penalty for selling customers phones and contracts they did not want or need.

In some cases, people were sold plans even though they lived in areas where Optus reception was unavailable.

The consumer watchdog sued the telco in October over the practices, which affected hundreds of vulnerable customers.

The Australian Competition and Consumer Commission (ACCC) said many of the affected consumers were vulnerable or experiencing disadvantage, including living with disability, being unemployed or having English as a second language.

Many of the consumers were First Nations Australians from regional, remote and very remote parts of Australia, the ACCC said.

In one instance a First Nations consumer, who spoke English as a second language, was approached by Optus staff outside a store and pressured to enter.

They were then entered into multiple phone plans and contracts for products including "high-end phones" the ACCC said, for a total minimum cost of $3,808 over 24 months.

The person did not have Optus coverage at their home address and were later pursued by a debt collector.

Optus has admitted that its sales staff acted unconscionably when selling products and services to more than 400 consumers at 16 different stores across Australia between August 2019 and July 2023.

https://www.abc.net.au/news/2025-06-18/accc-optus-admit-unconscionable-conduct-100m-penalty/105430714