Tag: microsoft

Chinese Hack of Microsoft Engineer Opened Door to US Government Email Breach

The recently uncovered Chinese hack of hundreds of thousands of emails from top U.S. officials began with the breach of a Microsoft engineer’s account, the company stated on Sept. 6.

The Chinese hacking group, which Microsoft dubbed Storm-0558, penetrated the engineer’s account, giving it access to a cryptographic key that the group later used to break into the U.S. government accounts, Microsoft said in a blog post after a months-long investigation.

The revelation offered details on a Chinese state-sponsored cyberattack that alarmed Washington, which spanned 25 organizations and affected the State and Commerce departments, as well as at least one lawmaker and a Washington think tank.

Among the individuals whose email systems were breached were Commerce Secretary Gina Raimondo, U.S. Ambassador to China Nicholas Burns, and Assistant Secretary of State for East Asia Daniel Kritenbrink. Rep. Don Bacon (R-Neb.) said in August that he was also a victim of the hacking campaign.

Microsoft stated that the Chinese hackers had likely exploited the crash of the company’s internal system in April 2021 that leaked the key, which the engineer’s corporate account had access to. The hacker group subsequently forged credentials to compromise Microsoft’s Outlook on the web and Outlook systems. The tech giant stated that it has corrected the technical vulnerabilities.

The hacking attempt surfaced at a sensitive time. The investigation began the same day that Secretary of State Antony Blinken headed to China to engage with senior Chinese officials, the highest-ranking official under the Biden administration to do so. CNN, citing two unnamed U.S. officials, reported in July that the Biden administration believes that the hacking operation had given Beijing clues about U.S. thinking ahead of the U.S. visit.

Keep reading

Hackers Can Silently Grab Your IP Through Skype — Microsoft Is In No Rush to Fix It

Hackers are able to grab a target’s IP address, potentially revealing their general physical location, by simply sending a link over the Skype mobile app. The target does not need to click the link or otherwise interact with the hacker beyond opening the message, according to a security researcher who demonstrated the issue and successfully discovered my IP address by using it.

Yossi, the independent security researcher who uncovered the vulnerability, reported the issue to Microsoft earlier this month, according to Yossi and a cache of emails and bug reports he shared with 404 Media. In those emails Microsoft said the issue does not require immediate servicing, and gave no indication that it plans to fix the security hole. Only after 404 Media contacted Microsoft for comment did the company say it would patch the issue in an upcoming update.

The attack could pose a serious risk to activists, political dissidents, journalists, those targeted by cybercriminals, and many more people. At minimum, an IP address can show what area of a city someone is in. An IP address can be even more revealing in a less densely populated area, because there are fewer people who could be associated with it.

“I think just about anybody could be harmed by this,” Cooper Quintin, a security researcher and senior public interest technologist at activist organization the Electronic Frontier Foundation (EFF), said when I explained the issue to him. Quintin said the major concern was “finding people’s location for physical escalations, and finding people’s IP address for digital escalations.”

To verify that the vulnerability has the impact that Yossi described, I asked him to test it out on me. To start, Yossi sent me a link via Skype text chat to google.com. The link was to the real Google site, and not an imposter.

I then opened Skype on an iPad and viewed the chat message. I didn’t even click the link. But very soon after, Yossi pasted my IP address into the chat. It was correct.

Keep reading

Microsoft Files For a Face-Tracking Patent

A patent filed in the US shows that Microsoft is working on technology that would allow it to track a person’s face in a way so comprehensive that the device powered by the tech could be referred to as a “face reader.”

And it could be used for gaming, but also for tracking remote employees. And who knows what else in between.

Microsoft says it needs the patent approved to develop mixed reality headsets that would be cheaper yet better at “understanding” expressions on human faces.

The patent filing doesn’t go into many considerations other than those of a purely technical nature, and this in a nutshell is how the under-development technology works.

Currently, converters are used that are not only bulkier to render high resolution tracking but also cost more to manufacture.

Now Microsoft wants to replace this method of tracking with elements directly embedded, circumventing the need for converters, and also what’s referred to as processing circuit area.

Keep reading

MICROSOFT LAID OFF ITS ENTIRE AI “ETHICS AND SOCIETY” DIVISION

Microsoft got rid of its entire company division devoted to AI “ethics and society” during its January layoffs, according to a report from Platformer.

Though the company still has an office of responsible AI, it was the job of the ethics and society staff to address how AI technology is likely to impact human society in context and communicate with product teams accordingly.

“People would look at the principles coming out of the office of responsible AI and say, ‘I don’t know how this applies,'” one former ethicist told Platformer. “Our job was to show them and to create rules in areas where there were none.”

But now, as Microsoft races to jam OpenAI software into seemingly every product that it can, the ethics and society department is gone — a telling sign that Microsoft is more focused on profitability and getting AI-driven products to market than ensuring that those products remain a positive force for society as a whole.

Keep reading

Ad Network Owned by Microsoft Is Using Foreign Disinformation ‘Experts’ to Blacklist Conservative Media Companies

The Global Disinformation Index (GDI), a foreign think tank headquartered in the United Kingdom, released an assessment of American online media designed to blacklist conservative media outlets and choke off their advertising revenue. The information is kept on what GDI calls its “Dynamic Exclusion List.”

Ad networks — including most prominently Xandr — which is owned by Microsoft — are now using this list to refuse to allow advertising on conservative media websites.

Microsoft has yet to respond to a request for comment regarding Xandr’s use of the Dynamic Exclusion List, which is censoring conservative outlets. 

GDI in December released its report that detailed the alleged “disinformation risk” for the American online media market in partnership with the Global Disinformation Lab (GDIL), a think tank at the University of Texas at Austin that generates policy recommendations and solutions to combat disinformation.  

The GDI report on the American online media landscape reviewed 69 news outlets, and listed ten outlets it found are the most at risk of spreading disinformation, and ten outlets that are the least likely to spread disinformation. GDI rated conservative sites as having the highest risk for spreading disinformation and liberal websites as the most trusted.

Keep reading

Bing is censoring search results for Alex Berenson’s “Unreported Truths” Substack

Bing, a search engine owned by Microsoft, is censoring search results for journalist and author Alex Berenson’s “Unreported Truths” website and newsletter that he hosts on the free speech publishing platform Substack.

Reclaim The Net tested multiple Bing queries with the search operator “site:alexberenson.substack.com.”

“site:alexberenson.substack.com” is a search operator that is supposed to return search results from Berenson’s Unreported Truths Substack which lives on a subdomain. If a website returns no results when the “site:” operator is used, it means that the domain isn’t indexed at all by Bing’s search engine.

We searched for both general terms related to the name of Berenson’s Substack (such as “Alex Berenson” and “Unreported Truths”) and more specific terms related to the topics that Berenson writes about on his Substack (such as “Twitter” and “vaccine.”)

Keep reading

Microsoft exec: Targeting of Americans’ records ‘routine’

 Federal law enforcement agencies secretly seek the data of Microsoft customers thousands of times a year, according to congressional testimony Wednesday by a senior executive at the technology company.

Tom Burt, Microsoft’s corporate vice president for customer security and trust, told members of the House Judiciary Committee that federal law enforcement in recent years has been presenting the company with between 2,400 to 3,500 secrecy orders a year, or about seven to 10 a day.

“Most shocking is just how routine secrecy orders have become when law enforcement targets an American’s email, text messages or other sensitive data stored in the cloud,” said Burt, describing the widespread clandestine surveillance as a major shift from historical norms.

The relationship between law enforcement and Big Tech has attracted fresh scrutiny in recent weeks with the revelation that Trump-era Justice Department prosecutors obtained as part of leak investigations phone records belonging not only to journalists but also to members of Congress and their staffers. Microsoft, for instance, was among the companies that turned over records under a court order, and because of a gag order, had to then wait more than two years before disclosing it.

Since then, Brad Smith, Microsoft’s president, called for an end to the overuse of secret gag orders, arguing in a Washington Post opinion piece that “prosecutors too often are exploiting technology to abuse our fundamental freedoms.” Attorney General Merrick Garland, meanwhile, has said the Justice Department will abandon its practice of seizing reporter records and will formalize that stance soon.

Keep reading

Bing Censors Image Search for ‘Tank Man’ Even in US

Bing, the search engine owned by Microsoft, is not displaying image results for a search for “Tank man,” even when searching from the United States. The apparent censorship comes on the anniversary of China’s violent crackdown on protests in Tiananmen Square in 1989.

“There are no results for tank man,” the Bing website reads after searching for the term. “Tank man” relates to the infamous image of a single protester standing in front of a line of Chinese tanks during the crackdown.

China censors and blocks distribution of discussion of tank man and Tiananmen Square more generally. This year, anniversary events in Hong Kong have dwindled in size after authorities banned a vigil.

Keep reading

MICROSOFT PATENT SHOWS PLANS TO REVIVE DEAD LOVED ONES AS CHATBOTS

Microsoft has been granted a patent that would allow the company to make a chatbot using the personal information of deceased people.  

The patent describes creating a bot based on the “images, voice data, social media posts, electronic messages”, and more personal information.

“The specific person [who the chat bot represents] may correspond to a past or present entity (or a version thereof), such as a friend, a relative, an acquaintance, a celebrity, a fictional character, a historical figure, a random entity etc”, it goes on to say.

“The specific person may also correspond to oneself (e.g., the user creating/training the chat bot,” Microsoft also describes – implying that living users could train a digital replacement in the event of their death.

Keep reading

THE MICROSOFT POLICE STATE: MASS SURVEILLANCE, FACIAL RECOGNITION, AND THE AZURE CLOUD

NATIONWIDE PROTESTS AGAINST racist policing have brought new scrutiny onto big tech companies like Facebook, which is under boycott by advertisers over hate speech directed at people of color, and Amazon, called out for aiding police surveillance. But Microsoft, which has largely escaped criticism, is knee-deep in services for law enforcement, fostering an ecosystem of companies that provide police with software using Microsoft’s cloud and other platforms. The full story of these ties highlights how the tech sector is increasingly entangled in intimate, ongoing relationships with police departments.

Keep reading