Bonum Certa Men Certa

Unwarranted Media Hysteria Over (Allegedly) China Almost Sneaking Compromised xz Into Stable, Production Operating Systems (It Failed) While the US Government Blames Microsoft for Allowing China to Break Into Vital Government Systems Via Windows

posted by Roy Schestowitz on Apr 03, 2024

Shifting attention much, Microsoft-funded media? Microsoft: my dog ate my homework. So what if our whole internal infrastructure and all of Azure got compromised? "LOOK OVA' THAR!"

Beautiful white and brown dog lying under the table

THIS morning we wrote about how nearly 2 decades ago rms (Richard Stallman), who had given public talks about GNU since the mid-80s, warned that proprietary operating systems like Windows were a "back door" threat and, to make matters worse, you would not even know, no matter if that got detected or not (this already happened to Microsoft) [1, 2].

The "mainstream" (corporate, advertisers-funded and typically oligarch-owned) media won't mention any of this and instead it has helped distract from severe Microsoft Exchange issues. There is now a follow-up (see [1-4] below), but the media is shifting attention to "Linux" and it blames "Open Source" because some random user on Microsoft's GitHub (proprietary) pulled off a social engineering attack, aided by Microsoft systemd (also GitHub) and made "famous" by a Microsoft employee.

"Not only is there the 17k Microsoft Exchange server problem," an associate notes this morning, "but there is also the recent report excoriating Microsoft over its mishandling of the China-origin breach of its infrastructure."

See the links below.

"Allegedly" in the title of this post is because (while China is confirmed for the Microsoft breach) we don't even know what happened to xz. GitHub (Microsoft) makes it harder by hiding the evidence. The issue here or the culprit remains unattributed, an associate has said. "Red China is as likely as Israel, Russia, Netherlands, or US."

"However, in the other break-in [Microsoft], it is directly attributable to Red China."

Funnily enough, the corruptible media portrays the source of the FUD, Microsoft, as the saviour here. As if a campaign of misinformation or strategically-timed drama is something to be commended/praised for.

We're collectively paying the price for having very bad media/press. Media standards in the West have fallen closer to Red China's levels.

  1. Scathing federal report rips Microsoft for shoddy security, insincerity in response to Chinese hack

    In a scathing indictment of Microsoft corporate security and transparency, a Biden administration-appointed review board issued a report Tuesday saying “a cascade of errors” by the tech giant let state-backed Chinese cyber operators break into email accounts of senior U.S. officials including Commerce Secretary Gina Raimondo.

    The Cyber Safety Review Board, created in 2021 by executive order, describes shoddy cybersecurity practices, a lax corporate culture and a lack of sincerity about the company's knowledge of the targeted breach, which affected multiple U.S. agencies that deal with China.

  2. Cyber review board blames cascading Microsoft failures for Chinese hack

    The CSRB lays the blame for the incident squarely on Microsoft: “The Board concludes that this intrusion should never have happened. Storm-0558 was able to succeed because of a cascade of security failures at Microsoft.”

    The report represents the conclusion of a seven-month review and comes against the backdrop of growing concern in Washington that a series of severe breaches at Microsoft has made the company a national-security liability at a time when the federal government is increasingly relying on that company for a raft of cloud computing services. In January, Microsoft disclosed the latest such incident, in which Russian hackers were able to access emails belonging to senior company officials and company source code.

  3. Microsoft slammed for lax infosec that led to Exchange crack

    A review of the June 2023 attack on Microsoft's Exchange Online hosted email service – which saw accounts used by senior US officials compromised by a China-linked group called "Storm-0558" – has found that the incident would have been preventable save for Microsoft's lax infosec culture and sub-par cloud security precautions.

    The review, conducted by the US government's Cybersecurity and Infrastructure Security Agency's Cyber Safety Review Board (CSRB), calls for "rapid cultural change" at Microsoft. Among the Board's recommendations: [...]

  4. Review of the Summer 2023 Microsoft Exchange Online Intrusion [PDF]

    In May and June 2023, a threat actor compromised the Microsoft Exchange Online mailboxes of 22 organizations and over 500 individuals around the world. The actor—known as Storm-0558 and assessed to be affiliated with the People’s Republic of China in pursuit of espionage objectives—accessed the accounts using authentication tokens that were signed by a key Microsoft had created in 2016. This intrusion compromised senior United States government representatives working on national security matters, including the email accounts of Commerce Secretary Gina Raimondo, United States Ambassador to the People’s Republic of China R. Nicholas Burns, and Congressman Don Bacon.

    Signing keys, used for secure authentication into remote systems, are the cryptographic equivalent of crown jewels for any cloud service provider. As occurred in the course of this incident, an adversary in possession of a valid signing key can grant itself permission to access any information or systems within that key’s domain. A single key’s reach can be enormous, and in this case the stolen key had extraordinary power. In fact, when combined with another flaw in Microsoft’s authentication system, the key permitted Storm-0558 to gain full access to essentially any Exchange Online account anywhere in the world. As of the date of this report, Microsoft does not know how or when Storm-0558 obtained the signing key.

    This was not the first intrusion perpetrated by Storm-0558, nor is it the first time Storm-0558 displayed interest in compromising cloud providers or stealing authentication keys. Industry links Storm-0558 to the 2009 Operation Aurora campaign that targeted over two dozen companies, including Google, and the 2011 RSA SecurID incident, in which the actor stole secret keys used to generate authentication codes for SecurID tokens, which were used by tens of millions of users at that time. Indeed, security researchers have tracked Storm-0558’s activities for over 20 years.

Other Recent Techrights' Posts

[Teaser] Freenode LTD: What Happened
Upcoming series based on insiders' account with evidence
Links 15/04/2024: Signs of Desperation at Microsoft and Tesla Employees Brace for Mass Layoffs (Update: Yes, Over 10% at Tesla Laid Off)
Links for the day
Human Rights Tribunal of Ontario (HRTO) Does Not Wish to Become an Instrument of Cost-Free Harassment or 'Cheap Revenge', It Says "Justice is Not Free. Quite the Contrary. Justice is Expensive."
Long story short, there is no lawsuit, there is a just a hateful, lying idiot abusing "the system" (which this idiot rejects entirely)
Richard Stallman to Give Public Talk in Portugal on Wednesday
new addition to his page
Richard Stallman's Hair Has Grown Back and He Does Not Talk About Cancer
May he live a long and happy life
New Video of Richard Stallman's Talk in Italy (Delivered a Week Ago)
a working copy of the video
Microsoft Windows Falling to New Lows in the United Kingdom and Worldwide
What's noteworthy here is that there's no sign at all of a Windows rebound
[Meme] Quantity of European Patents
they've rigged the system to make more money
Why do free software organizations eliminate community representatives?
Reprinted with permission from the Free Software Fellowship
Upcoming Themes and Articles in Techrights
we expect to have already caught up with most of the administrivia and hopefully we'll be back to the prior pace some time later this week
Matthias Kirschner & FSFE People Trafficking, coercion of volunteers
Reprinted with permission from the Free Software Fellowship
Gemini Links 15/04/2024: Profectus Alpha 0.4 and RPG of One Capsule Progress
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, April 14, 2024
IRC logs for Sunday, April 14, 2024
Oceania: GNU/Linux Measured at Lower Than the International Average (4% or 7% Including ChromeOS)
statCounter's data
Achieving Objectives
The 'suits' and their vocabulary can be overcome when their deceit is widely deciphered:
Mozilla Has Turned Firefox Into OSPS Consistent With "Attestation" Objectives
Open Source Proprietary Software
100 years of Hitler & psychological experiments on volunteers
Reprinted with permission from the Free Software Fellowship
Taliban, the Free and Open Source Software Community Team of Afghanistan
Reprinted with permission from the Free Software Fellowship
Links 14/04/2024: Software Needed for Work and Issues in Brazil
Links for the day
Gemini Links 14/04/2024: OFFLFIRSOCH and Gemtext Specification 0.24.0
Links for the day
Links 14/04/2024: Tesla and OpenAI (Microsoft) Layoffs Floated in the Media
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, April 13, 2024
IRC logs for Saturday, April 13, 2024
Gemini Links 13/04/2024: SEO Spam and ‘Broadband Nutrition Label’
Links for the day
Gemini Links 13/04/2024: GmCapsule 0.7 Released
Links for the day
Links 13/04/2024: Whistleblowers, OpenAI and Microsoft Leakers
Links for the day
'Our' Technology Inside the Home is Becoming Less Reliable and It Implements the Vision of Orwell's '1984' (Microphones and Cameras Inside Almost Every Room)
Technology controlled by who exactly?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, April 12, 2024
IRC logs for Friday, April 12, 2024
Google, FSFE & Child labor
Reprinted with permission from the Free Software Fellowship
Links 13/04/2024: Huawei and Loongson PCs, IBM Layoffs
Links for the day
Gemini Links 13/04/2024: Specification Changes and Metaverse Newbie
Links for the day