Bonum Certa Men Certa

Unwarranted Media Hysteria Over (Allegedly) China Almost Sneaking Compromised xz Into Stable, Production Operating Systems (It Failed) While the US Government Blames Microsoft for Allowing China to Break Into Vital Government Systems Via Windows

posted by Roy Schestowitz on Apr 03, 2024

Shifting attention much, Microsoft-funded media? Microsoft: my dog ate my homework. So what if our whole internal infrastructure and all of Azure got compromised? "LOOK OVA' THAR!"

Beautiful white and brown dog lying under the table

THIS morning we wrote about how nearly 2 decades ago rms (Richard Stallman), who had given public talks about GNU since the mid-80s, warned that proprietary operating systems like Windows were a "back door" threat and, to make matters worse, you would not even know, no matter if that got detected or not (this already happened to Microsoft) [1, 2].

The "mainstream" (corporate, advertisers-funded and typically oligarch-owned) media won't mention any of this and instead it has helped distract from severe Microsoft Exchange issues. There is now a follow-up (see [1-4] below), but the media is shifting attention to "Linux" and it blames "Open Source" because some random user on Microsoft's GitHub (proprietary) pulled off a social engineering attack, aided by Microsoft systemd (also GitHub) and made "famous" by a Microsoft employee.

"Not only is there the 17k Microsoft Exchange server problem," an associate notes this morning, "but there is also the recent report excoriating Microsoft over its mishandling of the China-origin breach of its infrastructure."

See the links below.

"Allegedly" in the title of this post is because (while China is confirmed for the Microsoft breach) we don't even know what happened to xz. GitHub (Microsoft) makes it harder by hiding the evidence. The issue here or the culprit remains unattributed, an associate has said. "Red China is as likely as Israel, Russia, Netherlands, or US."

"However, in the other break-in [Microsoft], it is directly attributable to Red China."

Funnily enough, the corruptible media portrays the source of the FUD, Microsoft, as the saviour here. As if a campaign of misinformation or strategically-timed drama is something to be commended/praised for.

We're collectively paying the price for having very bad media/press. Media standards in the West have fallen closer to Red China's levels.

  1. Scathing federal report rips Microsoft for shoddy security, insincerity in response to Chinese hack

    In a scathing indictment of Microsoft corporate security and transparency, a Biden administration-appointed review board issued a report Tuesday saying “a cascade of errors” by the tech giant let state-backed Chinese cyber operators break into email accounts of senior U.S. officials including Commerce Secretary Gina Raimondo.

    The Cyber Safety Review Board, created in 2021 by executive order, describes shoddy cybersecurity practices, a lax corporate culture and a lack of sincerity about the company's knowledge of the targeted breach, which affected multiple U.S. agencies that deal with China.

  2. Cyber review board blames cascading Microsoft failures for Chinese hack

    The CSRB lays the blame for the incident squarely on Microsoft: “The Board concludes that this intrusion should never have happened. Storm-0558 was able to succeed because of a cascade of security failures at Microsoft.”

    The report represents the conclusion of a seven-month review and comes against the backdrop of growing concern in Washington that a series of severe breaches at Microsoft has made the company a national-security liability at a time when the federal government is increasingly relying on that company for a raft of cloud computing services. In January, Microsoft disclosed the latest such incident, in which Russian hackers were able to access emails belonging to senior company officials and company source code.

  3. Microsoft slammed for lax infosec that led to Exchange crack

    A review of the June 2023 attack on Microsoft's Exchange Online hosted email service – which saw accounts used by senior US officials compromised by a China-linked group called "Storm-0558" – has found that the incident would have been preventable save for Microsoft's lax infosec culture and sub-par cloud security precautions.

    The review, conducted by the US government's Cybersecurity and Infrastructure Security Agency's Cyber Safety Review Board (CSRB), calls for "rapid cultural change" at Microsoft. Among the Board's recommendations: [...]

  4. Review of the Summer 2023 Microsoft Exchange Online Intrusion [PDF]

    In May and June 2023, a threat actor compromised the Microsoft Exchange Online mailboxes of 22 organizations and over 500 individuals around the world. The actor—known as Storm-0558 and assessed to be affiliated with the People’s Republic of China in pursuit of espionage objectives—accessed the accounts using authentication tokens that were signed by a key Microsoft had created in 2016. This intrusion compromised senior United States government representatives working on national security matters, including the email accounts of Commerce Secretary Gina Raimondo, United States Ambassador to the People’s Republic of China R. Nicholas Burns, and Congressman Don Bacon.

    Signing keys, used for secure authentication into remote systems, are the cryptographic equivalent of crown jewels for any cloud service provider. As occurred in the course of this incident, an adversary in possession of a valid signing key can grant itself permission to access any information or systems within that key’s domain. A single key’s reach can be enormous, and in this case the stolen key had extraordinary power. In fact, when combined with another flaw in Microsoft’s authentication system, the key permitted Storm-0558 to gain full access to essentially any Exchange Online account anywhere in the world. As of the date of this report, Microsoft does not know how or when Storm-0558 obtained the signing key.

    This was not the first intrusion perpetrated by Storm-0558, nor is it the first time Storm-0558 displayed interest in compromising cloud providers or stealing authentication keys. Industry links Storm-0558 to the 2009 Operation Aurora campaign that targeted over two dozen companies, including Google, and the 2011 RSA SecurID incident, in which the actor stole secret keys used to generate authentication codes for SecurID tokens, which were used by tens of millions of users at that time. Indeed, security researchers have tracked Storm-0558’s activities for over 20 years.

Other Recent Techrights' Posts

How the SLAPPs From Microsoft Staff Are Connected to the Corrupt OSI, Whose Majority of Money Comes From Microsoft for Openwashing, LLM Hype, and Whitewashing GPL Violations During Class Action Trial
Let's explain how some of these things are connected
 
Red Hat's Owner is Called "America's Worst Tech Company" (IBM) and Microsoft's Liabilities Grow
Microsoft has about a quarter of a trillion (yes, trillion with a "T") in liabilities
If the Gossip is True, Today Microsoft Has "Large M1 Meetings" to Discuss Almost 30,000 More Microsoft Layoffs in 2025
the claim is that Microsoft is preparing to lay off 10% of its staff
Microsoft Has a Long and Proven History of Funding Meritless Lawsuits Against Rivals and Critics (It Always Backfires)
It also looks like the solicitor used by two Microsofters to SLAPP us is being urgently replaced
Links 12/05/2025: Gardens and Kitchens
Links for the day
Links 12/05/2025: Media Being Attacked (New Forms of Attack on the Press), Many Data Breaches
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, May 11, 2025
IRC logs for Sunday, May 11, 2025
Links 11/05/2025: Pyotr Wrangel and Kubernetes With FreeBSD
Links for the day
What Happened to the Open Source Initiative (OSI) Elections: A Moment of Silence and Revisionism Amid US Government Investigation and Community Uproar
Not a word this month
Microsoft Florian Becomes Patent Troll, Arranges to Sue Companies (Extorting Money Out of Them)
From campaigner against software patents to paid Microsoft shill to "FOSS patents" (actually attacking FOSS) to revisionism as "books" (for Microsoft)... and now this
Links 11/05/2025: China's Fentanylware (TikTok) Tells Kids to Vandalise Schools' Chromebooks and Increased Censorship in India
Links for the day
You Need Not Be a Big Company to Defeat Microsoft If You Can Successfully Challenge Its Core "Ideas"
Maybe that's just a sign that the ideas of RMS have become too effective and thus "dangerous"
Gemini Links 11/05/2025: Yeeting Oligarch Tech, Offline Browsing
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, May 10, 2025
IRC logs for Saturday, May 10, 2025
One is Simply Doomed to Fail When Working for Violent Men From Microsoft and Attacking Women as Well as People Who Merely Expose Crimes or Report Real Crimes
Imagine saying to people that you "practice law" or "exercise law"
The Tariffs Are Accelerating Microsoft's Decline in China
Judging by the way things are going, there will be considerable adoption of GNU/Linux in years to come, China being one major contributing factor.
Control Your Systems, Control All Your Data
what does it take for us to control our own systems and data?
Misplacing Blame for Security Problems, Sometimes With LLM Slop That Blames "Linux" for Microsoft's Failures
Broken telephones and stochastic parrots beget plenty of Fear, Uncertainty, Doubt (FUD)
Links 10/05/2025: WW2 Revisionism, Further Tit-for-tat in India-Pakistan Conflict
Links for the day
Links 10/05/2025: Germany Considers Smartphone Ban in Schools, Right to Repair Bills
Links for the day
Gemini Links 10/05/2025: Git Server and Great LLM DDoS of 2025
Links for the day
Blizzard/Microsoft Unions Grow Ahead of Mass Layoffs at Microsoft, Apparently Starting Next Week (as Many as 30,000 Workers Laid Off by Year's End)
Microsoft already fired about 5,000-6,000 workers this year by our estimates; that's not counting resignations compelled through pressure (i.e. pushed, did not jump) and contractors
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, May 09, 2025
IRC logs for Friday, May 09, 2025