Microsoft Used China-Based Engineers to Support Product Recently Hacked by China

Microsoft announced last month that Chinese state-sponsored hackers exploited vulnerabilities in SharePoint to breach hundreds of companies and government agencies, including the National Nuclear Security Administration and Department of Homeland Security. The company omitted that SharePoint support is handled by China-based engineers who have maintained the software for years.

ProPublica reviewed screenshots of Microsoft's internal systems showing China-based employees recently fixing bugs for SharePoint "OnPrem," the version targeted in the attacks. Microsoft told the publication that the China-based team operates under U.S. supervision and the company is relocating this work.

But The Market Loves It

[SlashbotAgent]

You might think that this would create a negative sentiment towards Microsoft. But, the market LOVES it. MSFT up 2.5% at this moment.

When asked fro a comment no this security debacle, Satya said: IDGAF look at the share price!

Re:

[rsilvergun]

They have absolutely no meaningful competition. So they can do pretty much whatever they want.

And anytime there is any chance of any meaningful competition Microsoft just pulls out the same antitrust playbook they've been using for 50 years and we don't enforce laws in this country so it works.

We could fix this but we would have to give up the moral panics and America loves their moral panics.

"Under US Supervision"

[93 Escort Wagon]

Didn't we recently see a story about how worthless such "assurances" are because the supervisors are typically untrained monkeys?

Re: "Under US Supervision"

[50000BTU_barbecue]

To be fair, have you seen the prices on trained monkeys?

Re:

[jacks smirking reven]

Sure but if you pay cheap you end up with "...it was the blurst of times"

Re:

[93 Escort Wagon]

In which case the problem was - you simply didn't buy enough typewriters.

Re:

[rsilvergun]

That's why I exclusively hire North Koreans posing as trained monkeys.

John Oliver just did a good piece

[rsilvergun]

About deferred prosecution agreements that really highlights how our entire legal system is designed to let corporations off the hook.

Like I mentioned on another comment since most voters are preoccupied with moral panics we can't get any actual action on large corporations.

Never mind too big to fail being a problem. Like the John Oliver piece pointed out we let companies become so large that if we seriously punish them we risk tens of thousands of layoffs and because we have no safety net for worke

Re:

[fluffernutter]

The funny thing is that so many people consider America capitalist, but capitalism can only exist if those competing companies exist.

And companies and states keep using MS

[simlox]

Many, many heads of IT and other decision makers don't know anything else. We had talks here in Denmark of trying open source solutions, but it would not only mean that we have to get and all the suppliers of special purpose systems to integrate with something other than MS (Windows and Office), but we would probably have to replace lots of lots of IT people schooled in Windows. A lot of those people will defend Windows and involuntarily hurt the transition, if by nothing else by port bad Windowsisms.

Re: And companies and states keep using MS

[drinkypoo]

I work for an all Windows shop, but most of our tools are web hosted. We could change the user systems to something else and our workflows would barely have to change.

But we still don't.

Microsoft's espionage narrative...

[PubJeezy]

Microsoft's espionage narrative makes no sense given their current engineering goals. Windows Recall is a national security threat. It extends a users threat surface into the 4th dimension and offers almost no meaningful functionality to users. Microsoft is the threat facing American users, not China. Microsoft is the monopolistic tyrant stealing our data.

Microsoft has paid over $1.5 BILLION in penalties for 23 violations. Their crimes include everything you'd expect like price-fixing, employment discrimination and wage theft. But they also have been found to be violating the Foreign Corrupt Practices Act, stealing data from children and illegally selling tech to sanctioned Russians.

China isn't the problem here. Microsoft is the problem.

Re:

[Anonymous Coward]

Both can be true. If not, you're a chinese bot.

Re:

[drinkypoo]

Microsoft's espionage narrative makes no sense given their current engineering goals.

No, it makes half sense. Well, maybe a quarter. Explanation to follow some more quoting.

Windows Recall is a national security threat. It extends a users threat surface into the 4th dimension and offers almost no meaningful functionality to users.

Right, all true.

Microsoft is the threat facing American users,

No, Microsoft is a threat etc.

not China.

You've shown that Microsoft is a threat, which is reasonable. I agree.

You have done nothing whatsoever to show that China is not also a threat. Not one single word of your comment supports that assertion.

China isn't the problem here. Microsoft is the problem.

You've only shown one of those things, how did you come to that conclusion without any supporting logic?

Re:

[PubJeezy]

China cannot get access to me as an American user without an American tech/telecom company allowing them access to me, either knowingly or unknowingly. But it's hard to argue that they don't know it's happening. America's tech cartels have all demonstrated a willingness to harvest and exfiltrate their users' data via data sales or breaches. Then they hide behind absurdist liability shielding that allows them to monetize outright criminality. If China has my data it means an American company helped them get

Re:

[drinkypoo]

China cannot get access to me as an American user without an American tech/telecom company allowing them access to me, either knowingly or unknowingly. But it's hard to argue that they don't know it's happening.

It's also irrelevant.

Now I know why

[tatroc]

This explains a lot about share point.

Probably looks worse than it is.

[sabbede]

As bad as it looks, I doubt that the CCP's hackers needed help from MS support techs.

Though MS may have given them the access they needed when they started doing business over there in the first place.

If I'm wrong and the CCP told the support reps they were going to help with a massive attack, then we should be angry.

This explains a few things...

[rvern]

Like why the programming "language" for Power Apps is the worst of the worst. It took bad Excel formulas, merged with VB and came up with crap. Where inputs of multiple types dont even have the same basic properties (like background color). And CoPilot doesn't even know how to do lots of things, giving blatantly wrong answers 30-50% (or more) of the time.

Security is Microsoft's "Top Priority"

[Anonymous Coward]

Well this initiative [microsoft.com] did not seem to have much impact. If they're no good at implementing their top priority, it's hard to have any hope for the rest of the stack.

Interesting

[Konings]

This article seems anti-China. Slashdot better be careful. You don't want your funding to be canceled.

Re:

[drinkypoo]

This article seems anti-China. Slashdot better be careful. You don't want your funding to be canceled.

Slashdot is funded by cryptocuckery, which has just been outlawed in China.

This is just stupidity

[RitchCraft]

This is just stupidity on an entirely new stupid level. Microsoft should be held accountable for this breach to the fullest extent possible to send a message that this kind of stupidity will not be tolerated. Executives need to be fired over this one and possible national security charges sought. Microsoft has been acting like the CCP towards its users for way too long now. It looks like they are receiving first-hand training from the masters themselves.