Connect with us

Hi, what are you looking for?

Editor's Pick

Chinese spies who read State Dept. email also hacked GOP congressman

The suspected Chinese hackers who forged Microsoft customer identities to read the emails of State Department employees also obtained the personal and political emails of Rep. Don Bacon, a moderate Republican from Nebraska on the House Armed Services Committee.

Bacon tweeted Monday that he had been notified by the FBI that his emails were hacked by Chinese spies who took advantage of a Microsoft mistake for a month between mid-May and mid-June, which lines up with when investigators said the other breaches occurred.

Bacon said that he would “work overtime” to make sure that Taiwan receives all of the billions of dollars in U.S. weaponry that it has ordered.

“I’m a big proponent for Taiwan,” Bacon told The Washington Post by text message. “I suspect they’d like info to embarrass me or to undercut me politically. As I told FBI, I have nothing to be embarrassed about.”

Government and private sources told The Post a month ago that victims of the hacking campaign included Commerce Secretary Gina Raimondo, unnamed State Department employees, a human rights advocate and think tanks.

They also said that a congressional staffer had been targeted.

Bacon told The Post he was notified of the hacking only Monday, which suggests that new victims are still being discovered. The FBI did not respond to requests for comment. Neither did Microsoft.

Officials have described the spying as traditional espionage of the sort expected by all sides. It was about observation on issues of special concern, such as the U.S. response to escalating tensions between the autonomous island of Taiwan and China, which claims it.

But the breach has alarmed experts for another reason: It was unclear how the government could have prevented it while relying exclusively on Microsoft for cloud, email and authentication services.

Microsoft has said that the hackers obtained powerful signing keys they needed to create verified customer identities that could sidestep multifactor authentication. Combined with other Microsoft failings, millions of people could have been exposed to attack.

Officials have said that only a couple dozen entities were impersonated before the State Department found suspicious behavior in its activity logs. Microsoft was then able to search its own logs for the master key that the hackers had obtained and block future access.

Multiple members of Congress have demanded that federal agencies explain how they plan to combat similar attacks in the future and that Microsoft make logs more widely available, which it agreed to do.

Sen. Ron Wyden (D-Ore.) has gone further, asking the Justice Department and Federal Trade Commission to investigate whether Microsoft’s security practices were so poor as to be in violation of laws or its 20-year-old FTC consent decree requiring better security after the breach of what was then its single sign-on tool for authentication, Passport.

Wyden also urged the Department of Homeland Security to have its two-year-old Cyber Safety Review Board examine the Microsoft cloud breach. Last week, the board said it would take up the task.

The Department of Homeland Security referred questions to the FBI.

Leigh Ann Caldwell and David DiMolfetta contributed to this report.

This post appeared first on The Washington Post

Enter Your Information Below To Receive Free Trading Ideas, Latest News And Articles.






    Your information is secure and your privacy is protected. By opting in you agree to receive emails from us. Remember that you can opt-out any time, we hate spam too!

    You May Also Like

    Investing

    I experimented with various strategies that mainly involved long options, which would eventually depreciate and eat away at my capital.   How to start...

    Investing

    (Most traded options are American options. The underlying can be bought or sold anytime . However ‘European’ options, which can only be exercised on...

    Investing

    We’re there going to go what they are, where they came from, how they are used and some of the theory (yes, sorry) that...

    Editor's Pick

    IoT Complete is a fast and easy way to connect products. The fully integrated service enables enterprises to connect their products from certified connectivity...

    Disclaimer: gorgeousincome.com, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.


    Copyright © 2024 gorgeousincome.com