{"id":111,"date":"2026-07-11T06:48:44","date_gmt":"2026-07-11T06:48:44","guid":{"rendered":"https:\/\/maxinefilmes.com\/odelator\/microsoft-digital-escorts-pentagon-defense-department-china-hackers\/"},"modified":"2026-07-11T09:35:24","modified_gmt":"2026-07-11T09:35:24","slug":"microsoft-digital-escorts-pentagon-defense-department-china-hackers","status":"publish","type":"post","link":"https:\/\/maxinefilmes.com\/odelator\/microsoft-digital-escorts-pentagon-defense-department-china-hackers\/","title":{"rendered":"Microsoft \u201cDigital Escorts\u201d Could Expose Defense Dept. Data to Chinese Hackers"},"content":{"rendered":" <article class=\"wp-block-group p-grid-text-container is-layout-flow wp-block-group-is-layout-flow\"> <header class=\"wp-block-group entry-header is-layout-flow wp-container-core-group-is-layout-3ce78d47 wp-block-group-is-layout-flow\"><div class=\"wp-block-propublica-opener\">   <div class=\"wp-block-group p-opener p-opener--large p-opener--left p-opener--large-hed-below-art is-layout-flow wp-container-core-group-is-layout-a77db08e wp-block-group-is-layout-flow\">   <div class=\"wp-block-group p-opener__art-wrapper is-layout-flow wp-container-core-group-is-layout-a77db08e wp-block-group-is-layout-flow\">  <div class=\"wp-block-group p-opener__art is-layout-flow wp-block-group-is-layout-flow\"> <figure class=\"p-opener__art-figure\"> <img decoding=\"async\" class=\"p-opener__art\" alt=\"\" src=\"https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/07\/tech-project-china-FINAL-v1_preview_maxWidth_3000_maxHeight_3000_ppi_72_embedColorProfile_true_quality_95.jpg?w=1149\">  <figcaption class=\"p-attribution screen-reader-text\">  <span class=\"p-attribution__credit\"> Illustration by Andrea Wise\/ProPublica. Source image: gremlin\/Getty Images <\/span> <\/figcaption> <\/figure>  <\/div>   <\/div>   <figcaption class=\"p-attribution\" aria-hidden=\"true\">  <span class=\"p-attribution__credit\"> Illustration by Andrea Wise\/ProPublica. Source image: gremlin\/Getty Images <\/span> <\/figcaption>   <div class=\"wp-block-group p-opener__topic-title-dek-wrapper is-layout-flow wp-block-group-is-layout-flow\">  <p class=\"p-opener__series  wp-block-propublica-primary-term\"> <a href=\"https:\/\/maxinefilmes.com\/odelator\/\" class=\"wp-block-propublica-primary-term__link p-opener__series-link\"> Zero Trust\t\t<\/a> <\/p>   <h1 class=\"p-opener__hed   wp-block-post-title\">A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers<\/h1>  <\/div>  <\/div>   <div class=\"wp-block-group p-article-meta-1 p-article-meta-1--left is-layout-flow wp-block-group-is-layout-flow\"> <div class=\"p-article-meta-1__byline wp-block-propublica-byline\"> <div class=\"wp-block-propublica-byline__photos\"> <a href=\"https:\/\/maxinefilmes.com\/odelator\/\" aria-hidden=\"true\" tabindex=\"-1\" class=\"wp-block-propublica-byline__photo-link\"> <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.propublica.org\/wp-content\/uploads\/2019\/02\/renee-dudley.jpg?w=50\" srcset=\"https:\/\/www.propublica.org\/wp-content\/uploads\/2019\/02\/renee-dudley.jpg?w=50 1x, https:\/\/www.propublica.org\/wp-content\/uploads\/2019\/02\/renee-dudley.jpg?w=100 2x\" alt=\"\" class=\"wp-block-propublica-byline__photo\" width=\"50\" height=\"50\"> <\/a> <a href=\"https:\/\/maxinefilmes.com\/odelator\/\" aria-hidden=\"true\" tabindex=\"-1\" class=\"wp-block-propublica-byline__photo-link\"> <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.propublica.org\/wp-content\/uploads\/2019\/06\/20190703-doris-burke-sized.jpg?w=50\" srcset=\"https:\/\/www.propublica.org\/wp-content\/uploads\/2019\/06\/20190703-doris-burke-sized.jpg?w=50 1x, https:\/\/www.propublica.org\/wp-content\/uploads\/2019\/06\/20190703-doris-burke-sized.jpg?w=100 2x\" alt=\"\" class=\"wp-block-propublica-byline__photo\" width=\"50\" height=\"50\"> <\/a> <\/div> <div class=\"wp-block-propublica-byline__right\"> <div class=\"wp-block-propublica-byline__content\"> <span class=\"wp-block-propublica-byline-text\">by <\/span><span class=\"wp-block-propublica-byline-profile\"><a href=\"https:\/\/maxinefilmes.com\/odelator\/\">Renee Dudley<\/a><\/span><span class=\"wp-block-propublica-byline-text\">, with research by <\/span><span class=\"wp-block-propublica-byline-profile\"><a href=\"https:\/\/maxinefilmes.com\/odelator\/\">Doris Burke<\/a><\/span>\t\t<\/div> <\/div> <\/div>   <div class=\"p-article-meta-1__pubdate wp-block-post-date\"><time datetime=\"2025-07-15T05:00:00-04:00\">July 15, 2025, 5:00 am<\/time><\/div>   <div class=\"wp-block-group p-article-meta-1__section-actions p-article-meta-1__section-actions--left is-layout-flow wp-block-group-is-layout-flow\">  <div class=\"wp-block-group p-article-meta-1__section-actions-container is-nowrap is-layout-flex wp-container-core-group-is-layout-6c531013 wp-block-group-is-layout-flex\">         <div style=\"display: contents\"> <!--[--><div class=\"share-tools\" data-pp-click=\"\" data-pp-location=\"share tools\"><!--[--><!--[--><!--$s1--><!--[0--><div class=\"svelte-1ear6bd button--circle\" style=\"display: contents; --button-bg-color: var(--p-dyn-color-white); --button-text-color: var(--p-dyn-color-gray-05); --button-border: 1px solid var(--p-dyn-color-gray-01); --button-font-size: var(--p-scale-4);\"><!--[--><!----><button data-button-root=\"true\" type=\"button\" tabindex=\"0\" id=\"bits-s1\" aria-haspopup=\"dialog\" aria-expanded=\"false\" data-state=\"closed\" data-popover-trigger=\"\" aria-label=\"Share\"><span aria-hidden=\"true\" style=\"display: contents\"><svg viewBox=\"0 0 24 24\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><g clip-path=\"url(#clip0_149_321)\"><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M4 11C4.55228 11 5 11.4477 5 12V20C5 20.2652 5.10536 20.5196 5.29289 20.7071C5.48043 20.8946 5.73478 21 6 21H18C18.2652 21 18.5196 20.8946 18.7071 20.7071C18.8946 20.5196 19 20.2652 19 20V12C19 11.4477 19.4477 11 20 11C20.5523 11 21 11.4477 21 12V20C21 20.7957 20.6839 21.5587 20.1213 22.1213C19.5587 22.6839 18.7957 23 18 23H6C5.20435 23 4.44129 22.6839 3.87868 22.1213C3.31607 21.5587 3 20.7956 3 20V12C3 11.4477 3.44772 11 4 11Z\" fill=\"currentColor\"><\/path><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M11.2929 1.29289C11.6834 0.902369 12.3166 0.902369 12.7071 1.29289L16.7071 5.29289C17.0976 5.68342 17.0976 6.31658 16.7071 6.70711C16.3166 7.09763 15.6834 7.09763 15.2929 6.70711L12 3.41421L8.70711 6.70711C8.31658 7.09763 7.68342 7.09763 7.29289 6.70711C6.90237 6.31658 6.90237 5.68342 7.29289 5.29289L11.2929 1.29289Z\" fill=\"currentColor\"><\/path><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M12 1C12.5523 1 13 1.44772 13 2V15C13 15.5523 12.5523 16 12 16C11.4477 16 11 15.5523 11 15V2C11 1.44772 11.4477 1 12 1Z\" fill=\"currentColor\"><\/path><\/g><defs><clipPath id=\"clip0_149_321\"><rect width=\"24\" height=\"24\" fill=\"white\"><\/rect><\/clipPath><\/defs><\/svg><!----><\/span><!----><!----><\/button><!----><!--]--><\/div><!----><!--]--><!----><!--]--> <!--[--><!--[-1--><!--]--><!--]--><!----><!----><!--]--><\/div><!--]--> <\/div>     <div style=\"display: contents\"> <!--[--><div class=\"dark-mode-toggle svelte-1l6vey\"><div class=\"svelte-1ear6bd button--circle\" style=\"display: contents; --button-bg-color: var(--p-color-page-bg); --button-text-color: var(--p-dyn-color-gray-05); --button-border: 1px solid var(--p-dyn-color-gray-01); --button-font-size: var(--p-scale-4);\"><!--[--><!----><button data-button-root=\"true\" tabindex=\"-1\" aria-hidden=\"true\"><span aria-hidden=\"true\"><!--[-1--><svg role=\"img\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><title>Contrast<\/title><circle cx=\"12\" cy=\"12\" r=\"10\"><\/circle><path fill=\"currentColor\" d=\"M12 18a6 6 0 000-12v12z\"><\/path><\/svg><!--]--><\/span><!----><!----><\/button><!----><!--]--><\/div><!----> <label class=\"p-a11y\" for=\"dark-mode-toggle__select\">Change Appearance<\/label> <select class=\"dark-mode-toggle__select svelte-1l6vey\" id=\"dark-mode-toggle__select\" data-pp-change=\"true\" data-pp-category=\"change-mode\"><!--[--><option value=\"auto\" selected=\"\">Auto<\/option><option value=\"light\">Light<\/option><option value=\"dark\">Dark<\/option><!--]--><\/select><\/div><!--]--> <\/div>  <\/div>  <\/div>  <\/div>  <\/div> <\/header>    <div class=\"wp-block-group article-body is-layout-flow wp-block-group-is-layout-flow\">  <aside class=\"wp-block-group is-layout-flow wp-block-group-is-layout-flow\"><div class=\"wp-block-propublica-notes--top wp-block-propublica-notes\"> <div class=\"wp-block-propublica-note\">   <p>ProPublica is a nonprofit newsroom that investigates abuses of power. Sign up to receive <a href=\"https:\/\/maxinefilmes.com\/odelator\/\">our biggest stories<\/a> as soon as they\u2019re published.<\/p>  <\/div> <\/div> <\/aside>   <div class=\"entry-content wp-block-post-content is-layout-flow wp-block-post-content-is-layout-flow\"><div class=\"wp-block-propublica-reporting-highlights\">   <h3 class=\"wp-block-heading\">Reporting Highlights<\/h3>    <ul class=\"wp-block-list\"> <li><strong>Chinese Tech Support:<\/strong> Microsoft is using engineers in China to help maintain the Defense Department\u2019s computer systems \u2014 with minimal supervision by U.S. personnel.<\/li>    <li><strong>Skills Gap:<\/strong> Digital escorts often lack the technical expertise to police foreign engineers with far more advanced skills, leaving highly sensitive data vulnerable to hacking.<\/li>    <li><strong>Ignored Warnings:<\/strong> Various people involved in the work told ProPublica that they warned Microsoft that the arrangement is inherently risky, but the company launched and expanded it anyway.<\/li> <\/ul>    <p class=\"wp-block-propublica-reporting-highlights__disclaimer\">These highlights were written by the reporters and editors who worked on this story.<\/p>  <\/div>    <p>Microsoft is using engineers in China to help maintain the Defense Department\u2019s computer systems \u2014 with minimal supervision by U.S. personnel \u2014 leaving some of the nation\u2019s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found.<\/p>    <p>The arrangement, which was critical to Microsoft winning the federal government\u2019s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage.<\/p>    <p>But these workers, known as \u201cdigital escorts,\u201d often lack the technical expertise to police foreign engineers with far more advanced skills, ProPublica found. Some are former military personnel with little coding experience who are paid barely more than minimum wage for the work.<\/p>    <p>\u201cWe\u2019re trusting that what they\u2019re doing isn\u2019t malicious, but we really can\u2019t tell,\u201d said one current escort who agreed to speak on condition of anonymity, fearing professional repercussions.<\/p>    <p>The system has been in place for nearly a decade, though its existence is being reported publicly here for the first time.<\/p>    <p>Microsoft told ProPublica that it has disclosed details about the escort model to the federal government. But former government officials said in interviews that they had never heard of digital escorts. The program appears to be so low-profile that even the Defense Department\u2019s IT agency had difficulty finding someone familiar with it. \u201cLiterally no one seems to know anything about this, so I don\u2019t know where to go from here,\u201d said Deven King, spokesperson for the Defense Information Systems Agency.<\/p> <div class=\"p-hide-print p-bb--size-full wp-block-propublica-ad-slot\"> <div id=\"bsa-zone_1760102005055-6_123456\" data-google-query-id=\"CKvu4vuDypUDFeCSYQYdvyQT6A\" data-hidden-by=\"google\" style=\"display: none;\"><div id=\"google_ads_iframe_\/22960212090,2219821\/Propublica_S2S_InlineBanner1_ROS_0__container__\" style=\"border: 0pt; margin: auto; text-align: center; width: 728px; height: 0px;\"><\/div><\/div> <\/div>    <p>National security and cybersecurity experts contacted by ProPublica were also surprised to learn that such an arrangement was in place, especially at a time when the U.S. intelligence community and leading members of Congress and the Trump administration view China\u2019s digital prowess as a top threat to the country.<\/p>    <p>The <a href=\"#\" data-broken-external-link=\"true\">Office of the Director of National Intelligence has called China<\/a> the \u201cmost active and persistent cyber threat to U.S. Government, private-sector, and critical infrastructure networks.\u201d One of the most prominent examples of that threat came in 2023, when Chinese hackers infiltrated the cloud-based mailboxes of senior U.S. government officials, stealing data and emails from the commerce secretary, the U.S. ambassador to China and others working on national security matters. The intruders <a href=\"#\" data-broken-external-link=\"true\">downloaded about 60,000 emails<\/a> from the State Department alone.<\/p>    <p>With President Donald Trump and his allies concerned about spying, the State Department announced plans in May to \u201c<a href=\"#\" data-broken-external-link=\"true\">aggressively revoke visas<\/a> for Chinese students\u201d \u2014 a pledge that <a href=\"#\" data-broken-external-link=\"true\">the president seems to have walked back<\/a>. The administration is also trying to arrange the sale of <a href=\"#\" data-broken-external-link=\"true\">the popular social media platform TikTok<\/a>, which is owned by a Chinese company that some lawmakers believe could hand over sensitive U.S. user data to Beijing and fuel misinformation with its content recommendations. But experts told ProPublica that digital escorting poses a far greater threat to national security than either of those issues and is a natural opportunity for spies.<\/p>    <p>\u201cIf I were an operative, I would look at that as an avenue for extremely valuable access. We need to be very concerned about that,\u201d said <a href=\"#\" data-broken-external-link=\"true\">Harry Coker<\/a>, who was a senior executive at the CIA and the National Security Agency. Coker, who also was national cyber director during the Biden administration, added that he and his former intelligence community colleagues \u201cwould love to have had access like that.\u201d<\/p>    <p>It is difficult to know whether engineers overseen by digital escorts have ever carried out a cyberattack against the U.S. government. But Coker wondered whether it \u201ccould be part of an explanation for a lot of the challenges we have faced over the years.\u201d<\/p>    <p>Microsoft uses the escort system to handle the government\u2019s most sensitive information that falls below \u201cclassified.\u201d According to the government, this <a href=\"#\" data-broken-external-link=\"true\">\u201chigh impact level\u201d category includes \u201cdata that involves<\/a> the protection of life and financial ruin.\u201d The \u201closs of confidentiality, integrity, or availability\u201d of this information \u201ccould be expected to have a severe or catastrophic adverse effect\u201d on operations, assets and individuals, the government has said. In the Defense Department, the data is categorized as \u201cImpact Level\u201d 4 and 5 and includes materials that directly support military operations.<\/p>    <p>John Sherman, who was <a href=\"#\" data-broken-external-link=\"true\">chief information officer<\/a> for the Department of Defense during the Biden administration, said he was surprised and concerned to learn of ProPublica\u2019s findings. \u201cI probably should have known about this,\u201d he said. He told the news organization that the situation warrants a \u201cthorough review by DISA, Cyber Command and other stakeholders that are involved in this.\u201d<\/p>    <p>In an emailed statement, the Defense Information Systems Agency said that cloud service providers \u201care required to establish and maintain controls for vetting and using qualified specialists,\u201d but the agency did not respond to ProPublica\u2019s questions regarding the digital escorts\u2019 qualifications.<\/p>    <p>It\u2019s unclear whether other cloud providers to the federal government use digital escorts as part of their tech support. Amazon Web Services and Google Cloud declined to comment on the record for this article. Oracle did not respond to requests for comment.<\/p>    <p>Microsoft declined to make executives available for interviews for this article. In response to emailed questions, the company provided a statement saying its personnel and contractors operate in a manner \u201cconsistent with US Government requirements and processes.\u201d<\/p>    <p>Global workers \u201chave no direct access to customer data or customer systems,\u201d the statement said. Escorts \u201cwith the appropriate clearances and training provide direct support. These personnel are provided specific training on protecting sensitive data, preventing harm, and use of the specific commands\/controls within the environment.\u201d In addition, Microsoft said it has an internal review process known as \u201cLockbox\u201d to \u201cmake sure the request is deemed safe or has any cause for concern.\u201d A company spokesperson declined to provide specifics about how it works but said it\u2019s built into the system and involves review by a Microsoft employee in the U.S.<\/p>    <p>Over the years, various people involved in the work, including a Microsoft cybersecurity leader, warned the company that the arrangement is inherently risky, those people told ProPublica. Despite the presence of an escort, foreign engineers are privy to granular details about the federal cloud \u2014 the kind of information hackers could exploit. Moreover, the U.S. escorts overseeing these workers are ill equipped to spot suspicious activity, two of the people said.<\/p> <div class=\"p-hide-print p-bb--size-full wp-block-propublica-ad-slot\"> <div id=\"bsa-zone_1760102469343-3_123456\" data-google-query-id=\"CKzu4vuDypUDFeCSYQYdvyQT6A\" style=\"display: none;\" data-hidden-by=\"google\"><div id=\"google_ads_iframe_\/22960212090,2219821\/Propublica_S2S_InlineBanner2_ROS_0__container__\" style=\"border: 0pt; margin: auto; text-align: center; width: 728px; height: 0px;\"><\/div><\/div> <\/div>    <p>Even those who helped develop the escort system acknowledge the people doing the work may not be able to detect problems.<\/p>    <p>\u201cIf someone ran a script called \u2018fix_servers.sh\u2019 but it actually did something malicious then [escorts] would have no idea,\u201d Matthew Erickson, a former Microsoft engineer who worked on the escort system, told ProPublica in an email. That said, he maintained that the \u201cscope of systems they could disrupt\u201d is limited.<\/p>    <figure class=\"bb--size-medium wp-block-propublica-html p-bb--size-medium\"> <style> .explainer-block{ background-color: #303030; color: #e2e2e2; padding:var(--spacing1) 0; line-height:var(--line-height-1); text-align:left; p{padding-bottom:var(--spacing-1); line-height:var(--line-height-1); text-align:left; font-family:var(--fonts-sans); font-size:var(--scale-1)} .credit{font-family:var(--fonts-sans); text-align:right; font-size:var(--scale-3)} img{padding-bottom:var(--spacing2)} .intro-text{padding-bottom:var(--spacing2);padding-top:var(--spacing1)} .explainer-content{margin: 0 auto} }  \/* a style for force dark mode *\/ html.force-dark-mode .explainer-block { background-color:var(--gray-70); color:var(--gray-10); } \/* auto dark mode (if not force-light-mode is set) *\/ @media (prefers-color-scheme: dark) { html:not(.force-light-mode) .explainer-block { background-color:var(--gray-70); color:var(--gray-10); } } \/* and then the default light mode *\/ html.force-light-mode .explainer-block, html:not(.force-dark-mode):not(.force-light-mode) .explainer-block { background-color:var(--gray-10); color:var(--gray-70); } <\/style>  <div class=\"explainer-block\"> <div class=\"size05 explainer-content\"> <div class=\"intro-text\"> <p>The Defense Department requires anyone working with its most sensitive data to be a U.S. citizen, U.S. national or permanent resident. \u201cNo Foreign persons may have such access,\u201d according to the department\u2019s cloud security requirements. Microsoft, however, has a global workforce, so it created the digital escort system as a work-around. Here\u2019s an example of how it works and the risk it poses:<\/p> <\/div>  <div> <p>Tech support is needed on a Microsoft cloud product.<\/p> <img decoding=\"async\" class=\"\" alt=\"An illustration showing an ominous view of a Microsoft cloud hovering over the Pentagon, with logos for different Microsoft products raining down onto the Pentagon.\" width=\"3000\" height=\"3000\" loading=\"lazy\" js-autosizes=\"\" src=\"https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-1-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=800&amp;q=75&amp;w=800&amp;s=ed1691c014d1ab39a8c0b5e06ad0576a\" srcset=\"https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-1-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=400&amp;q=75&amp;w=400&amp;s=657c0806ca25e9d6eff32e2ef8cad5ee 400w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-1-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=800&amp;q=75&amp;w=800&amp;s=ed1691c014d1ab39a8c0b5e06ad0576a 800w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-1-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1200&amp;q=75&amp;w=1200&amp;s=39001b188877683ef0be523f9ad9a689 1200w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-1-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1300&amp;q=75&amp;w=1300&amp;s=8743db950a9e07dc870b6dc9848ee7e9 1300w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-1-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1450&amp;q=75&amp;w=1450&amp;s=1e46bd7935685f1971b86a6502767610 1450w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-1-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1600&amp;q=75&amp;w=1600&amp;s=7971aabf4ee9fc37d3dd1b5d23f042ba 1600w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-1-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=2000&amp;q=75&amp;w=2000&amp;s=8d50b6ca2e64be5c7ce1dbe97c829e04 2000w\" sizes=\"auto, 754px\"> <\/div>  <div> <p>A Microsoft engineer in China files an online \u201cticket\u201d to take on the work.<\/p> <img decoding=\"async\" class=\"\" alt=\"An illustration of workers in glowing red cubicles looking at code on their computers.\" width=\"3000\" height=\"3000\" loading=\"lazy\" js-autosizes=\"\" src=\"https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-2-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=800&amp;q=75&amp;w=800&amp;s=c08c3490339fa226c5dd32fdb2708e70\" srcset=\"https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-2-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=400&amp;q=75&amp;w=400&amp;s=3a3d9900d44dc525830c28498d2b4196 400w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-2-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=800&amp;q=75&amp;w=800&amp;s=c08c3490339fa226c5dd32fdb2708e70 800w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-2-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1200&amp;q=75&amp;w=1200&amp;s=233d6abb045a7cf18cfffc93774f82aa 1200w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-2-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1300&amp;q=75&amp;w=1300&amp;s=7aadbf0bacf7ff8ee2e89df8305f1e9b 1300w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-2-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1450&amp;q=75&amp;w=1450&amp;s=23dfcaf5e62cf6cc18017d19dfea3bfa 1450w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-2-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1600&amp;q=75&amp;w=1600&amp;s=4bbe8a41dc598305216b976594786dbf 1600w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-2-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=2000&amp;q=75&amp;w=2000&amp;s=7f854123292e98b68ebe657d63e8723e 2000w\" sizes=\"auto, 754px\"> <\/div>  <div> <p>A U.S.-based escort picks up the ticket.<\/p> <img decoding=\"async\" class=\"\" alt=\"An illustration of a worker seated in front of a glowing blue computer monitor with code on the screen.\" width=\"3000\" height=\"3000\" loading=\"lazy\" js-autosizes=\"\" src=\"https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-3-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=800&amp;q=75&amp;w=800&amp;s=c55961f77c45913ba7a43895c021b3c9\" srcset=\"https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-3-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=400&amp;q=75&amp;w=400&amp;s=8bd8fdfb11d80f532447805c18a0264e 400w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-3-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=800&amp;q=75&amp;w=800&amp;s=c55961f77c45913ba7a43895c021b3c9 800w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-3-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1200&amp;q=75&amp;w=1200&amp;s=c0d548f90f6faf8a8437045892d41f99 1200w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-3-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1300&amp;q=75&amp;w=1300&amp;s=0a890b36ce873e0559716e09091a2e38 1300w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-3-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1450&amp;q=75&amp;w=1450&amp;s=17369575f795b98a4982cf9761869351 1450w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-3-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1600&amp;q=75&amp;w=1600&amp;s=ff242f07fc104aac8ca8078bb3e4c9e3 1600w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-3-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=2000&amp;q=75&amp;w=2000&amp;s=dafad686ba9d00263ebaaec1a9bcf569 2000w\" sizes=\"auto, 754px\"> <\/div>  <div> <p>The engineer and the escort meet on the Microsoft Teams conferencing platform.<\/p> <img decoding=\"async\" class=\"\" alt=\"A split-screen illustration showing, on the left, a red computer monitor illuminating a worker looking at the screen with the Beijing skyline in the background. On the right is a blue computer monitor illuminating a worker looking at the screen with the Washington, D.C., skyline in the background.\" width=\"3000\" height=\"3000\" loading=\"lazy\" js-autosizes=\"\" src=\"https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-4-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=800&amp;q=75&amp;w=800&amp;s=baedc49802cedff03cebff6105b11204\" srcset=\"https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-4-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=400&amp;q=75&amp;w=400&amp;s=33a73e979b661ecaf1686313d83d8b7c 400w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-4-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=800&amp;q=75&amp;w=800&amp;s=baedc49802cedff03cebff6105b11204 800w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-4-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1200&amp;q=75&amp;w=1200&amp;s=8c68d098a44c3f8a8eaf7e86d06275a8 1200w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-4-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1300&amp;q=75&amp;w=1300&amp;s=6a5da970065a7b8abadadc7ed6b274c1 1300w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-4-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1450&amp;q=75&amp;w=1450&amp;s=63ce93b3d01a2647f264812f10d0dc27 1450w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-4-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1600&amp;q=75&amp;w=1600&amp;s=8ef05c59a6bbeec2557043f90ef55539 1600w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-4-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=2000&amp;q=75&amp;w=2000&amp;s=a9836a197b6dd07933c4ce17a656033d 2000w\" sizes=\"auto, 754px\"> <\/div>  <div> <p>The engineer sends computer commands to the U.S. escort, presenting an opportunity to insert malicious code.<\/p> <img decoding=\"async\" class=\"\" alt=\"An illustration showing hands typing on a computer keyboard, bathed in red light, with mysterious code overlaid.\" width=\"3000\" height=\"3000\" loading=\"lazy\" js-autosizes=\"\" src=\"https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-5-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=800&amp;q=75&amp;w=800&amp;s=4e7dbb8f4f968f1883328dc1182e3351\" srcset=\"https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-5-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=400&amp;q=75&amp;w=400&amp;s=9399f83348ee7238a8f5142de4a2387e 400w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-5-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=800&amp;q=75&amp;w=800&amp;s=4e7dbb8f4f968f1883328dc1182e3351 800w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-5-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1200&amp;q=75&amp;w=1200&amp;s=f1fffaa6b2a3099426e5587b6e8c13b3 1200w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-5-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1300&amp;q=75&amp;w=1300&amp;s=ba6a779d654d576fe478b26c706ce8e5 1300w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-5-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1450&amp;q=75&amp;w=1450&amp;s=07f6c831ea3f8feeca3ea98787bae5d6 1450w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-5-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1600&amp;q=75&amp;w=1600&amp;s=f5cec6c72b23f4740d48ce0a99e5003c 1600w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-5-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=2000&amp;q=75&amp;w=2000&amp;s=a9b6cc328b7b63b013417f2ab91bfd05 2000w\" sizes=\"auto, 754px\"> <\/div>  <div> <p>The escort, who may not have advanced technical expertise, inputs the commands into the federal cloud system.<\/p> <img decoding=\"async\" class=\"\" alt=\"An illustration showing the Microsoft cloud illuminated in red with red code raining ominously down onto the Pentagon. The windows in the Pentagon are lit up in red.\" width=\"3000\" height=\"3000\" loading=\"lazy\" js-autosizes=\"\" src=\"https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-6-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=800&amp;q=75&amp;w=800&amp;s=bf697b8d0700653b56da87db3c8414c2\" srcset=\"https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-6-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=400&amp;q=75&amp;w=400&amp;s=1f0e2cc5d470e52336f0b61443d7984a 400w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-6-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=800&amp;q=75&amp;w=800&amp;s=bf697b8d0700653b56da87db3c8414c2 800w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-6-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1200&amp;q=75&amp;w=1200&amp;s=1ceff4eff3573fb84293332149e92835 1200w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-6-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1300&amp;q=75&amp;w=1300&amp;s=b7076fc2f8d12ed65e7d8a03b31de0e5 1300w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-6-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1450&amp;q=75&amp;w=1450&amp;s=7aff6e0525f4f8aa9c0db4c6d1051f3c 1450w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-6-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=1600&amp;q=75&amp;w=1600&amp;s=ab11663eaf016b819ba71a3543759774 1600w, https:\/\/img.assets-d.propublica.org\/v5\/images\/tech-project-china-explainer-step-6-FINAL.jpg?crop=focalpoint&amp;fit=crop&amp;fm=webp&amp;fp-x=0.5&amp;fp-y=0.5&amp;h=2000&amp;q=75&amp;w=2000&amp;s=1edb8735ec25e569baa1c6081b6981ff 2000w\" sizes=\"auto, 754px\">  <\/div> <div class=\"credit\"> Illustrations for ProPublica<\/div>    <\/div> <\/div><\/figure>      <p>A Microsoft contractor called Insight Global <a href=\"#\" data-broken-external-link=\"true\">posted an ad in January<\/a> seeking an escort to bring engineers without security clearances \u201cinto the secured environment\u201d of the federal government and to \u201cprotect confidential and secure information from spillage,\u201d an industry term for a data leak. The pay started at $18 an hour.<\/p>    <p>While the ad said that specific technical skills were \u201chighly preferred\u201d and \u201cnice to have,\u201d the main prerequisite was possessing a valid \u201csecret\u201d level clearance issued by the Defense Department.<\/p>    <p>\u201cPeople are getting these jobs because they are cleared, not because they\u2019re software engineers,\u201d said the escort who agreed to speak anonymously and who works for Insight Global.<\/p>    <p>Each month, the company\u2019s roughly 50-person escort team fields hundreds of interactions with Microsoft\u2019s China-based engineers and developers, inputting those workers\u2019 commands into federal networks, the employee said.<\/p>    <p>In a statement to ProPublica, Insight Global said it \u201cevaluates the technical capabilities of each resource throughout the interview process to ensure they possess the technical skills required\u201d for the job, and provides training. The company noted that escorts also receive additional cyber and \u201cinsider threat awareness\u201d training as part of the government security clearance process.<\/p>    <p>\u201cWhile a security clearance may be required for the role, it is but one piece of the puzzle,\u201d the company said.<\/p>    <p>Microsoft did not respond to questions about Insight Global.<\/p>    <h3 class=\"wp-block-heading\">\u201cThe Path of Least Resistance\u201d<\/h3>    <p>When modern cloud technology emerged in the 2000s, offering on-demand computing power and data storage via the internet, it ushered in fundamental changes to federal government operations.<\/p>    <p>For decades, federal departments used computer servers owned and operated by the government itself to house data and power networks. Shifting to the cloud meant moving that work to massive off-site data centers managed by tech companies.<\/p>    <p>Federal officials believed that the cloud would provide greater power, efficiency and cost savings. But the transition also meant that the government would cede some control over who maintained and accessed its information to companies like Microsoft, whose employees would take over tasks previously handled by federal IT workers.<\/p> <div class=\"p-hide-print p-bb--size-full wp-block-propublica-ad-slot\"> <div id=\"bsa-zone_1760102552591-0_123456\" data-google-query-id=\"CK3u4vuDypUDFeCSYQYdvyQT6A\" style=\"display: none;\" data-hidden-by=\"google\"><div id=\"google_ads_iframe_\/22960212090,2219821\/Propublica_S2S_InlineBanner3_ROS_0__container__\" style=\"border: 0pt; margin: auto; text-align: center; width: 728px; height: 0px;\"><\/div><\/div> <\/div>    <p>To address the risks of this revolution, the government <a href=\"https:\/\/web.archive.org\/web\/20220210115924\/https:\/\/www.whitehouse.gov\/wp-content\/uploads\/legacy_drupal_files\/omb\/assets\/egov_docs\/fedrampmemo.pdf\">started the Federal Risk and Authorization Management Program<\/a>, known as FedRAMP, in 2011. Under the program, companies that wanted to sell their cloud services to the government had to establish how they would ensure that personnel working with sensitive federal data would have the requisite \u201caccess authorizations\u201d and background screenings. On top of that, the Defense Department had its own cloud guidelines, requiring that people handling sensitive data be U.S. citizens or permanent residents.<\/p>    <p>This presented an issue for Microsoft, given its reliance on a vast global workforce, with significant operations in India, China and the European Union. So the company tapped a senior program manager named Indy Crowley to put federal officials at ease. Known for his familiarity with the rules and his ability to converse in the government\u2019s acronym-heavy lingo, colleagues dubbed him the \u201cFedRAMP whisperer.\u201d<\/p>    <p>In an interview, Crowley told ProPublica that he appealed directly to FedRAMP leadership, arguing that the relative risk from Microsoft\u2019s global workforce was minimal. To make his point, he said he once grilled a FedRAMP official on the provenance of code in products supplied by other government vendors such as IBM. The official couldn\u2019t say with certainty that only U.S. citizens had worked on the product in question, he said. The cloud, Crowley argued, should not be treated any differently.<\/p>    <p>Crowley said he also met with prospective customers across the government and told ProPublica that the Defense Department was the \u201cone making the most demands.\u201d Concerned about the company\u2019s global workforce, officials there asked him who from Microsoft would be \u201cbehind the curtain\u201d working on the cloud. Given the department\u2019s citizenship requirements, the officials raised the possibility of Microsoft \u201chiring a bunch of U.S. citizens to maintain the federal cloud\u201d directly, Crowley told ProPublica. For Microsoft, the suggestion was a nonstarter, Crowley said, because the increased labor costs of implementing it broadly would make a cloud transition prohibitively expensive for the government.<\/p>    <p>\u201cIt\u2019s always a balance between cost and level of effort and expertise,\u201d he told ProPublica. \u201cSo you find what\u2019s good enough.\u201d Hiring virtual escorts to supervise Microsoft\u2019s foreign workforce emerged as \u201cthe path of least resistance,\u201d Crowley said.<\/p>    <p>Microsoft did not respond to ProPublica\u2019s questions about Crowley\u2019s account.<\/p>    <p>When he brought the concept back to Microsoft, colleagues had mixed reactions. Tom Keane, then the corporate vice president for Microsoft\u2019s cloud platform, Azure, embraced the idea, according to a former employee involved in the discussions, as it would allow the company to scale up. But that former employee, who was involved in cybersecurity strategy, told ProPublica they opposed the concept, viewing it as too risky from a security perspective. Both Keane and Crowley dismissed the concerns, said the former employee, who left the company before the escort concept was deployed.<\/p>    <p>\u201cPeople who got in the way of scaling up did not stay,\u201d the former employee told ProPublica.<\/p>    <p>Crowley said he did not recall the discussion. Keane did not respond to requests for comment.<\/p>    <p>On its march to becoming one of the world\u2019s most valuable companies, Microsoft has repeatedly prioritized corporate profit over customer security, ProPublica has found. Last year, <a href=\"https:\/\/maxinefilmes.com\/odelator\/\">the news organization reported<\/a> that the tech giant ignored one of its own engineers when he repeatedly warned that a product flaw left the U.S. government exposed; state-sponsored Russian hackers later exploited that weakness in one of the largest cyberattacks in history. Microsoft has defended its decision not to address the flaw, saying that it received \u201cmultiple reviews\u201d and that the company weighs a variety of factors when making security decisions.<\/p>    <h3 class=\"wp-block-heading\">A Skills Gap From the Start<\/h3>    <p>The idea of an escort wasn\u2019t novel. The <a href=\"#\" data-broken-external-link=\"true\">National Institute of Standards and Technology<\/a>, which serves as the federal government\u2019s standards-setting body, had established recommendations on how IT maintenance should be performed on-site, such as in a restricted government office. \u201cMaintenance personnel that lack appropriate security clearances or are not U.S. citizens\u201d must be escorted and supervised by \u201capproved organizational personnel who are fully cleared, have appropriate access authorizations, and are technically qualified,\u201d the guidelines state.<\/p>    <p>The government <a href=\"#\" data-broken-external-link=\"true\">at the time<\/a> specified the intent of the recommendation: to deny \u201cindividuals who lack appropriate security clearances \u2026 or who are not U.S. citizens, visual and electronic access to\u201d sensitive government information.<\/p> <div class=\"p-hide-print p-bb--size-full wp-block-propublica-ad-slot\"> <div id=\"bsa-zone_1760102636564-5_123456\" data-google-query-id=\"CK7u4vuDypUDFeCSYQYdvyQT6A\" style=\"display: none;\" data-hidden-by=\"google\"><div id=\"google_ads_iframe_\/22960212090,2219821\/Propublica_S2S_InlineBanner4_ROS_0__container__\" style=\"border: 0pt; margin: auto; text-align: center; width: 728px; height: 0px;\"><\/div><\/div> <\/div>    <p>But escorts in the cloud wouldn\u2019t necessarily be able to meet that goal, given the gap in technical expertise between them and the Microsoft counterparts they would be taking direction from.<\/p>    <p>That imbalance, though, was baked into the escorting model.<\/p>    <p>Erickson, the former Microsoft engineer who worked on the model, told ProPublica that escorts are \u201csomewhat technically proficient,\u201d but mainly are \u201cjust there to make sure the employees don\u2019t accidentally or intentionally view\u201d passwords, customer data or personally identifiable information. \u201cIf there are problems with the underlying\u201d cloud services, \u201cthen only the people who work on those services at Microsoft would have the requisite knowledge to fix it,\u201d he said.<\/p>    <p>Advanced threats from foreign adversaries weren\u2019t on the radar for Erickson, who said he didn\u2019t \u201chave any reason to suspect someone more just based on their country of origin.\u201d<\/p>    <p>\u201cI don\u2019t think there is any extra threat from Microsoft employees based in other countries,\u201d he said.<\/p>    <figure class=\"wp-block-image size-propublica-position-large bb--size-large p-bb--size-large\"><img fetchpriority=\"high\" decoding=\"async\" js-autosizes=\"\" height=\"766\" width=\"1149\" src=\"https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/07\/tech-project-china-secondary-FINAL_preview_maxWidth_3000_maxHeight_3000_ppi_72_embedColorProfile_true_quality_95.jpg\" alt=\"An illustration showing a worker in a room full of computer monitors with bright blue warning symbols on the screens. The worker is seated in front of one larger blue monitor displaying a world map with various points on the map highlighted.\" class=\"wp-image-37502\" srcset=\"https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/07\/tech-project-china-secondary-FINAL_preview_maxWidth_3000_maxHeight_3000_ppi_72_embedColorProfile_true_quality_95.jpg 3000w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/07\/tech-project-china-secondary-FINAL_preview_maxWidth_3000_maxHeight_3000_ppi_72_embedColorProfile_true_quality_95.jpg?resize=300,200 300w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/07\/tech-project-china-secondary-FINAL_preview_maxWidth_3000_maxHeight_3000_ppi_72_embedColorProfile_true_quality_95.jpg?resize=768,512 768w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/07\/tech-project-china-secondary-FINAL_preview_maxWidth_3000_maxHeight_3000_ppi_72_embedColorProfile_true_quality_95.jpg?resize=1024,683 1024w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/07\/tech-project-china-secondary-FINAL_preview_maxWidth_3000_maxHeight_3000_ppi_72_embedColorProfile_true_quality_95.jpg?resize=1536,1024 1536w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/07\/tech-project-china-secondary-FINAL_preview_maxWidth_3000_maxHeight_3000_ppi_72_embedColorProfile_true_quality_95.jpg?resize=2048,1365 2048w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/07\/tech-project-china-secondary-FINAL_preview_maxWidth_3000_maxHeight_3000_ppi_72_embedColorProfile_true_quality_95.jpg?resize=863,575 863w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/07\/tech-project-china-secondary-FINAL_preview_maxWidth_3000_maxHeight_3000_ppi_72_embedColorProfile_true_quality_95.jpg?resize=422,281 422w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/07\/tech-project-china-secondary-FINAL_preview_maxWidth_3000_maxHeight_3000_ppi_72_embedColorProfile_true_quality_95.jpg?resize=552,368 552w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/07\/tech-project-china-secondary-FINAL_preview_maxWidth_3000_maxHeight_3000_ppi_72_embedColorProfile_true_quality_95.jpg?resize=558,372 558w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/07\/tech-project-china-secondary-FINAL_preview_maxWidth_3000_maxHeight_3000_ppi_72_embedColorProfile_true_quality_95.jpg?resize=527,351 527w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/07\/tech-project-china-secondary-FINAL_preview_maxWidth_3000_maxHeight_3000_ppi_72_embedColorProfile_true_quality_95.jpg?resize=752,501 752w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/07\/tech-project-china-secondary-FINAL_preview_maxWidth_3000_maxHeight_3000_ppi_72_embedColorProfile_true_quality_95.jpg?resize=1149,766 1149w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/07\/tech-project-china-secondary-FINAL_preview_maxWidth_3000_maxHeight_3000_ppi_72_embedColorProfile_true_quality_95.jpg?resize=459,306 459w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/07\/tech-project-china-secondary-FINAL_preview_maxWidth_3000_maxHeight_3000_ppi_72_embedColorProfile_true_quality_95.jpg?resize=2000,1333 2000w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/07\/tech-project-china-secondary-FINAL_preview_maxWidth_3000_maxHeight_3000_ppi_72_embedColorProfile_true_quality_95.jpg?resize=400,267 400w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/07\/tech-project-china-secondary-FINAL_preview_maxWidth_3000_maxHeight_3000_ppi_72_embedColorProfile_true_quality_95.jpg?resize=800,533 800w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/07\/tech-project-china-secondary-FINAL_preview_maxWidth_3000_maxHeight_3000_ppi_72_embedColorProfile_true_quality_95.jpg?resize=1200,800 1200w, https:\/\/www.propublica.org\/wp-content\/uploads\/2025\/07\/tech-project-china-secondary-FINAL_preview_maxWidth_3000_maxHeight_3000_ppi_72_embedColorProfile_true_quality_95.jpg?resize=1600,1067 1600w\" sizes=\"1151px\"><figcaption class=\"attribution\"><span class=\"attribution__credit\">Illustration by Andrea Wise\/ProPublica. Source images: Bevan Goldswain\/Getty Images, kontekbrothers\/Getty Images, amgun\/Getty Images.<\/span><\/figcaption><\/figure>    <p>Pradeep Nair, a former Microsoft vice president who said he helped develop the concept from the start, said that the digital escort strategy allowed the company to \u201cgo to market faster,\u201d positioning it to win major federal cloud contracts. He said that escorts \u201ccomplete role-specific training before touching any production system\u201d and that a variety of safeguards including audit logs, the digital trail of system activity, could alert Microsoft or the government to potential problems.<\/p>    <p>\u201cBecause these controls are stringent, residual risk is minimal,\u201d Nair said.<\/p>    <p>But legal and cybersecurity experts say such assumptions ignored the massive cyber threat from China in particular. Around the time that Microsoft was developing its escort strategy, an attack attributed to Chinese state-sponsored hackers resulted in the <a href=\"#\" data-broken-external-link=\"true\">largest breach<\/a> of U.S. government data up to that point. The theft initially targeted a government contractor and eventually compromised the personal information of <a href=\"#\" data-broken-external-link=\"true\">more than 22 million people<\/a>, most of them applicants for federal security clearances.<\/p>    <p>Chinese laws allow government officials there to collect data \u201cas long as they\u2019re doing something that they\u2019ve deemed legitimate,\u201d said <a href=\"#\" data-broken-external-link=\"true\">Jeremy Daum, senior research fellow<\/a> at the Paul Tsai China Center at Yale Law School. Microsoft\u2019s China-based tech support for the U.S. government presents an opening for espionage, \u201cwhether it be putting someone who\u2019s already an intelligence professional into one of those jobs, or going to the people who are in the jobs and pumping them for information,\u201d Daum said. \u201cIt would be difficult for any Chinese citizen or company to meaningfully resist a direct request from security forces or law enforcement.\u201d<\/p>    <p>Erickson acknowledged that having an escort doesn\u2019t prevent foreign developers \u201cfrom doing \u2018bad\u2019 things. It just allows for there to be a recording and a witness.\u201d He said if an escort suspects malicious activity, they will end the session and file an incident report to investigate further.<\/p>    <p>How much of this information federal officials understood is unclear.<\/p>    <p>A Microsoft spokesperson said the company described the digital escort model in the documents submitted to the government as part of cloud vendor authorization processes. However, it declined to provide those records or to tell ProPublica the exact language it used in them to describe the escort arrangement, citing the potential security risk of publicly disclosing it.<\/p> <div class=\"p-hide-print p-bb--size-full wp-block-propublica-ad-slot\"> <div id=\"bsa-zone_1760102719203-6_123456\" data-google-query-id=\"CK_u4vuDypUDFeCSYQYdvyQT6A\" style=\"display: none;\" data-hidden-by=\"google\"><div id=\"google_ads_iframe_\/22960212090,2219821\/Propublica_S2S_InlineBanner5_ROS_0__container__\" style=\"border: 0pt; margin: auto; text-align: center; width: 728px; height: 0px;\"><\/div><\/div> <\/div>    <p>In addition to a third-party auditor, Microsoft\u2019s documentation theoretically would have been reviewed by multiple parties in the government, including FedRAMP and DISA. DISA said the materials are \u201cnot releasable to the public.\u201d The General Services Administration, which houses FedRAMP, did not respond to requests for comment.<\/p>    <h3 class=\"wp-block-heading\">The \u201cRight Eyes\u201d for the Job?<\/h3>    <p>In June 2016, <a href=\"#\" data-broken-external-link=\"true\">Microsoft announced that it had received FedRAMP authorization<\/a> to work with some of the government\u2019s most sensitive data. Matt Goodrich, then FedRAMP director, said at the time that the accreditation was \u201ca testament to Microsoft\u2019s ability to meet the government\u2019s rigorous security requirements.\u201d<\/p>    <p>Around the same time, Microsoft put the escort concept into practice, engaging contacts from defense giant Lockheed Martin to hire cloud escorts, two people involved in the contract told ProPublica.<\/p>    <p>A project manager, who asked for anonymity to describe confidential discussions, told ProPublica that they were skeptical of the escort arrangement from the start and voiced those feelings to their Microsoft counterpart. The manager was especially concerned that the new hires would not have the \u201cright eyes\u201d for the job given the relatively low pay set by Microsoft, but the system went ahead anyway.<\/p>    <p>Lockheed Martin referred questions to Leidos, a company that took over Lockheed\u2019s IT business following a merger in 2016. Leidos declined to comment.<\/p>    <p>As Microsoft captured more of the government\u2019s business, the company turned to additional subcontractors, typically staffing companies, to hire more digital escorts.<\/p>    <p>Analyzing profiles on LinkedIn, ProPublica identified at least two such firms: Insight Global and ASM Research, whose parent company is consulting giant Accenture. While the scope of each firm\u2019s business with Microsoft is unclear, ProPublica found more workers identifying themselves as digital escorts at Insight Global, many of them former military personnel, than at ASM. ASM and Accenture did not respond to requests for comment.<\/p>    <h3 class=\"wp-block-heading\">Concerns About China<\/h3>    <p>Some Insight Global workers recognized the same problem as the former Lockheed manager: a mismatch in skills between the U.S.-based escorts and the Microsoft engineers they are supervising. The engineers might briefly describe the job to be completed \u2014 for instance, updating a firewall, installing an update to fix a bug or reviewing logs to troubleshoot a problem. Then, with limited inspection, the escort copies and pastes the engineer\u2019s commands into the federal cloud.<\/p>    <p>\u201cThey\u2019re telling nontechnical people very technical directions,\u201d the current Insight Global escort said, adding that the arrangement presents untold opportunities for hacking. As an example, they said the engineer could install an update allowing an outsider to access the network.<\/p>    <p>\u201cWill that get caught? Absolutely,\u201d the escort told ProPublica. \u201cWill that get caught before damage is done? No idea.\u201d<\/p>    <p>The escort was particularly concerned about the dozens of tickets a week filed by workers based in China. The attack targeting federal officials in 2023 \u2014 in which Chinese hackers stole 60,000 emails \u2014 underscored that fear.<\/p>    <p>The federal Cyber Safety Review Board, which investigated the attack, blamed Microsoft for security lapses that gave hackers their opening. Its <a href=\"#\" data-broken-external-link=\"true\">published report<\/a> did not mention digital escorts, either as playing a role in the attack or as a risk to be mitigated. Sherman, the former chief information officer for the Defense Department, and Coker, the former intelligence official, who both also served as members of the CSRB, told ProPublica that they did not recall the board ever discussing digital escorting, which they said they now consider a major threat. The Trump administration has since disbanded the CSRB.<\/p> <div class=\"p-hide-print p-bb--size-full wp-block-propublica-ad-slot\"> <div id=\"bsa-zone_1760102804706-4_123456\" data-google-query-id=\"CLDu4vuDypUDFeCSYQYdvyQT6A\" style=\"display: none;\" data-hidden-by=\"google\"><div id=\"google_ads_iframe_\/22960212090,2219821\/Propublica_S2S_InlineBanner6_ROS_0__container__\" style=\"border: 0pt; margin: auto; text-align: center; width: 728px; height: 0px;\"><\/div><\/div> <\/div>    <p>In its statement, Microsoft said it expects escorts \u201cto perform a variety of technical tasks,\u201d which are outlined in its contracts with vendors. Insight Global said it evaluates prospective hires to ensure they have those skills and trains new employees on \u201call applicable security and compliance policies provided by Microsoft.\u201d<\/p>    <p>But the Insight Global employee told ProPublica the training regimen doesn\u2019t come close to bridging the knowledge gap. In addition, it is challenging for escorts to gain expertise on the job because the type of work they oversee varies widely. \u201cIt\u2019s not possible to get as trained up as you need to be on the wide array of things you need to look at,\u201d they said.<\/p>    <p>The escort said they repeatedly raised concerns about the knowledge gap to Microsoft, over several years and as recently as April, and to Insight Global\u2019s own attorneys. They said the digital escorts\u2019 relative inexperience \u2014 combined with Chinese laws that grant the country\u2019s officials broad authority to collect data \u2014 left U.S. government networks overly exposed. Microsoft repeatedly thanked the escort for raising the issues while Insight Global said it would take them under advisement, the escort said. It is unclear whether Microsoft or Insight Global took any steps to address them; neither company answered questions about the escort\u2019s account.<\/p>    <p>In its statement, Microsoft said it meets regularly with its contractors \u201cto discuss operations and surface questions or concerns.\u201d The company also noted that it has additional layers of \u201csecurity and monitoring controls\u201d including \u201cautomated code reviews to quickly detect and prevent the introduction of vulnerabilities.\u201d<\/p>    <p>\u201cMicrosoft assumes anyone that has access to production systems, regardless of location or role, can pose a risk to the system, whether intentionally or unintentionally,\u201d the company said in its statement.<\/p>    <h3 class=\"wp-block-heading\">Another Warning, a Growing Risk<\/h3>    <p>Last year, about three months after government investigators released <a href=\"#\" data-broken-external-link=\"true\">their report<\/a> on the 2023 hack into U.S. officials\u2019 emails, a former Insight Global contractor named Tom Schiller contacted a Defense Department hotline and wrote to several federal lawmakers to warn them about digital escorting. He had become familiar with the system while briefly working for the company as a software developer. By last July, Schiller\u2019s complaints wound their way to the Defense Information Systems Agency Office of the Inspector General. Schiller told ProPublica that the office conducted a sworn interview with him, and separately with three others connected to Insight Global. In August, the inspector general wrote to Schiller to say it had closed the case.<\/p>    <p>\u201cWe conducted a preliminary analysis into the complaint and determined this matter is not within the avenue of redress by DISA IG and is best addressed by the appropriate DISA management,\u201d the assistant inspector general for investigations said in the letter. \u201cWe have referred the information you provided to management.\u201d<\/p>    <p>A spokesperson for the inspector general \u2014 whose office is supposed to operate independently in order to investigate potential waste, fraud and abuse \u2014 told ProPublica they were not authorized to speak about the issue and directed questions to DISA public affairs.<\/p>    <p>\u201cIf the public information office contacts me and wants to collaborate to formulate a response through their office, I\u2019ll be more than happy to do that,\u201d the spokesperson said. \u201cBut I will not be responding to any kind of media request concerning OIG business without speaking with the public information office.\u201d<\/p>    <p>DISA public affairs did not answer questions about the matter. After a spokesperson initially said that he couldn\u2019t find anyone who had heard of the escort concept, the agency later acknowledged in a statement to ProPublica that escorts are used \u201cin select unclassified environments\u201d at the Defense Department for \u201cadvanced problem diagnosis and resolution from industry subject matter experts.\u201d Echoing Microsoft\u2019s statement, it continued, \u201cExperts under escort supervision have no direct, hands-on access to government systems; but rather offer guidance and recommendations to authorized administrators who perform tasks.\u201d<\/p>    <p>It is unclear what, if any, discussions have taken place among Microsoft, Insight Global and DISA, or any other government agency, regarding digital escorts.<\/p>    <p>But David Mihelcic, DISA\u2019s former chief technology officer, said any visibility into the Defense Department\u2019s network poses a \u201chuge risk.\u201d<\/p> <div class=\"p-hide-print p-bb--size-full wp-block-propublica-ad-slot\"> <div id=\"bsa-zone_1760102877593-3_123456\" data-google-query-id=\"CLHu4vuDypUDFeCSYQYdvyQT6A\" style=\"display: none;\" data-hidden-by=\"google\"><div id=\"google_ads_iframe_\/22960212090,2219821\/Propublica_S2S_InlineBanner7_ROS_0__container__\" style=\"border: 0pt; margin: auto; text-align: center; width: 728px; height: 0px;\"><\/div><\/div> <\/div>    <p>\u201cHere you have one person you really don\u2019t trust because they\u2019re probably in the Chinese intelligence service, and the other person is not really capable,\u201d he said.<\/p>    <p>The risk may be getting more serious by the day, as U.S.-China relations worsen amid a simmering trade war \u2014 the type of conflict that <a href=\"#\" data-broken-external-link=\"true\">experts say<\/a> could result in Chinese cyber retaliation.<\/p>    <p>In testimony to a Senate committee in May, Microsoft President Brad Smith said the company is continually \u201cpushing Chinese out of agencies.\u201d He did not elaborate on how they got in, and Microsoft did not respond to follow-up questions on the remark.<\/p> <\/div>   <aside class=\"wp-block-query is-layout-flow wp-block-query-is-layout-flow\"> <h2 class=\"wp-block-heading screen-reader-text\">Corrections<\/h2>  <\/aside>    <aside class=\"wp-block-group is-layout-flow wp-block-group-is-layout-flow\"> <\/aside> <\/div>    <footer class=\"wp-block-group entry-footer is-layout-flow wp-block-group-is-layout-flow\">   <div class=\"wp-block-group is-layout-flow wp-block-group-is-layout-flow\">  <\/div>    <div class=\"wp-block-group is-content-justification-right is-nowrap is-layout-flex wp-container-core-group-is-layout-95163ec0 wp-block-group-is-layout-flex\" style=\"border-top-color:var(--p-dyn-color-gray-01);border-top-width:1px;padding-top:var(--wp--preset--spacing--p-spacing-3)\"><div class=\"taxonomy-pp_topic hide-print wp-block-post-terms wp-container-content-9cfa9a5a\"><span class=\"wp-block-post-terms__prefix\">Filed under \u2014 <\/span><a href=\"https:\/\/maxinefilmes.com\/odelator\/\" rel=\"tag\">Technology<\/a><\/div>  <div class=\"wp-block-propublica-republish-link\" data-component=\"republish-link\">  <div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\"> <div class=\"wp-block-button is-style-outline is-style-outline--5\"><button type=\"button\" class=\"wp-block-button__link wp-element-button wp-block-propublica-republish-link__open-button\">Republish This Story<\/button><\/div> <\/div>  <div class=\"wp-block-propublica-republish-link__modal wp-block-propublica-republish-link__modal--hidden\" role=\"dialog\" aria-modal=\"true\" aria-hidden=\"true\" aria-labelledby=\"propublica-republish-link-label3\" aria-description=\"propublica-republish-link-description4\">  <div class=\"wp-block-propublica-republish-link__modal__header\"> <button type=\"button\" class=\"wp-block-propublica-republish-link__close-button\" aria-label=\"Close\"> <svg aria-hidden=\"true\" focusable=\"false\" width=\"24\" height=\"24\"><use href=\"#am-symbol-close\"><\/use><\/svg>\t<\/button> <\/div> <div class=\"wp-block-propublica-republish-link__modal__content\">  <div class=\"wp-block-propublica-republish-link__modal__instructions\"> <h2 class=\"wp-block-propublica-republish-link__modal-hed\" id=\"propublica-republish-link-label3\">Republish This Story for Free<\/h2>  <p class=\"wp-block-propublica-republish-link__modal-license\" id=\"propublica-republish-link-description4\"><a rel=\"license\" href=\"#\" data-broken-external-link=\"true\">Creative Commons License (CC BY-NC-ND 3.0)<\/a><\/p>  <hr>  <p> Thank you for your interest in republishing this story. You are free to republish it so long as you do the following:\t<\/p>  <ul> <li> You have to credit <em>ProPublica and any co-reporting partners<\/em>. In the byline, we prefer &#8220;Author Name, Publication(s).&#8221; At the top of the text of your story, include a line that reads: &#8220;This story was originally published by ProPublica.&#8221; You must link the word &#8220;ProPublica&#8221; to the original URL of the story.\t\t<\/li>  <li> If you&#8217;re republishing online, you must link to the URL of this story on propublica.org, include all of the links from our story, including our newsletter sign up language and link, and use our <a href=\"\/pixelping\">PixelPing tag<\/a>.\t\t<\/li>  <li> If you use canonical metadata, please use the ProPublica URL. For more information about canonical metadata, <a href=\"#\" data-broken-external-link=\"true\">refer to this Google SEO link<\/a>.\t\t<\/li>  <li> You can&#8217;t edit our material, except to reflect relative changes in time, location and editorial style. (For example, &#8220;yesterday&#8221; can be changed to &#8220;last week,&#8221; and &#8220;Portland, Ore.&#8221; to &#8220;Portland&#8221; or &#8220;here.&#8221;)\t\t<\/li>  <li> You cannot republish our photographs or illustrations without specific permission. Please contact <a href=\"mailto:mediarights@propublica.org\">mediarights@propublica.org<\/a>.\t\t<\/li>  <li> It&#8217;s okay to put our stories on pages with ads, but not ads specifically sold against our stories. You can&#8217;t state or imply that donations to your organization support ProPublica&#8217;s work.\t\t<\/li>  <li> You can&#8217;t sell our material separately or syndicate it. This includes publishing or syndicating our work on platforms or apps such as Apple News, Google News, etc.\t\t<\/li>  <li> You can&#8217;t republish our material wholesale, or automatically; you need to select stories to be republished individually. (To inquire about syndication or licensing opportunities, contact <a href=\"mailto:licensing@propublica.org\">licensing@propublica.org<\/a>.)\t\t<\/li>  <li> You can&#8217;t use our work to populate a website designed to improve rankings on search engines or solely to gain revenue from network-based advertisements.\t\t<\/li>  <li> We do not generally permit translation of our stories into another language. <\/li>  <li> Any website our stories appear on must include a prominent and effective way to contact you.\t\t<\/li> <\/ul> <\/div>  <div class=\"wp-block-propublica-republish-link__modal__copy\"> <label> <span class=\"screen-reader-text\">HTML<\/span>  <textarea readonly=\"\" tabindex=\"-1\">&lt;h1&gt;A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers&lt;\/h1&gt; &lt;p&gt;Microsoft is using engineers in China to help maintain the Defense Department\u2019s computer systems \u2014 with minimal supervision by U.S. personnel \u2014 leaving some of the nation\u2019s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found.&lt;\/p&gt; &lt;p&gt;The arrangement, which was critical to Microsoft winning the federal government\u2019s cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage.&lt;\/p&gt; &lt;p&gt;But these workers, known as \u201cdigital escorts,\u201d often lack the technical expertise to police foreign engineers with far more advanced skills, ProPublica found. Some are former military personnel with little coding experience who are paid barely more than minimum wage for the work.&lt;\/p&gt; &lt;p&gt;\u201cWe\u2019re trusting that what they\u2019re doing isn\u2019t malicious, but we really can\u2019t tell,\u201d said one current escort who agreed to speak on condition of anonymity, fearing professional repercussions.&lt;\/p&gt; &lt;p&gt;The system has been in place for nearly a decade, though its existence is being reported publicly here for the first time.&lt;\/p&gt; &lt;p&gt;Microsoft told ProPublica that it has disclosed details about the escort model to the federal government. But former government officials said in interviews that they had never heard of digital escorts. The program appears to be so low-profile that even the Defense Department\u2019s IT agency had difficulty finding someone familiar with it. \u201cLiterally no one seems to know anything about this, so I don\u2019t know where to go from here,\u201d said Deven King, spokesperson for the Defense Information Systems Agency.&lt;\/p&gt; &lt;p&gt;National security and cybersecurity experts contacted by ProPublica were also surprised to learn that such an arrangement was in place, especially at a time when the U.S. intelligence community and leading members of Congress and the Trump administration view China\u2019s digital prowess as a top threat to the country.&lt;\/p&gt; &lt;p&gt;The &lt;a href=&#8221;https:\/\/www.dni.gov\/files\/ODNI\/documents\/assessments\/ATA-2024-Unclassified-Report.pdf&#8221;&gt;Office of the Director of National Intelligence has called China&lt;\/a&gt; the \u201cmost active and persistent cyber threat to U.S. Government, private-sector, and critical infrastructure networks.\u201d One of the most prominent examples of that threat came in 2023, when Chinese hackers infiltrated the cloud-based mailboxes of senior U.S. government officials, stealing data and emails from the commerce secretary, the U.S. ambassador to China and others working on national security matters. The intruders &lt;a href=&#8221;https:\/\/www.cisa.gov\/sites\/default\/files\/2025-03\/CSRBReviewOfTheSummer2023MEOIntrusion508.pdf&#8221;&gt;downloaded about 60,000 emails&lt;\/a&gt; from the State Department alone.&lt;\/p&gt; &lt;p&gt;With President Donald Trump and his allies concerned about spying, the State Department announced plans in May to \u201c&lt;a href=&#8221;https:\/\/www.state.gov\/releases\/office-of-the-spokesperson\/2025\/05\/new-visa-policies-put-america-first-not-china\/&#8221;&gt;aggressively revoke visas&lt;\/a&gt; for Chinese students\u201d \u2014 a pledge that &lt;a href=&#8221;https:\/\/truthsocial.com\/@realDonaldTrump\/posts\/114664632971715644&#8243;&gt;the president seems to have walked back&lt;\/a&gt;. The administration is also trying to arrange the sale of &lt;a href=&#8221;https:\/\/www.cnn.com\/2025\/06\/30\/tech\/trump-tiktok-who-could-buy&#8221;&gt;the popular social media platform TikTok&lt;\/a&gt;, which is owned by a Chinese company that some lawmakers believe could hand over sensitive U.S. user data to Beijing and fuel misinformation with its content recommendations. But experts told ProPublica that digital escorting poses a far greater threat to national security than either of those issues and is a natural opportunity for spies.&lt;\/p&gt; &lt;p&gt;\u201cIf I were an operative, I would look at that as an avenue for extremely valuable access. We need to be very concerned about that,\u201d said &lt;a href=&#8221;https:\/\/commerce.maryland.gov\/commerce\/harry-coker-jr&#8221;&gt;Harry Coker&lt;\/a&gt;, who was a senior executive at the CIA and the National Security Agency. Coker, who also was national cyber director during the Biden administration, added that he and his former intelligence community colleagues \u201cwould love to have had access like that.\u201d&lt;\/p&gt; &lt;p&gt;It is difficult to know whether engineers overseen by digital escorts have ever carried out a cyberattack against the U.S. government. But Coker wondered whether it \u201ccould be part of an explanation for a lot of the challenges we have faced over the years.\u201d&lt;\/p&gt; &lt;p&gt;Microsoft uses the escort system to handle the government\u2019s most sensitive information that falls below \u201cclassified.\u201d According to the government, this &lt;a href=&#8221;https:\/\/www.fedramp.gov\/understanding-baselines-and-impact-levels\/#:~:text=High%20Impact%20data%20is%20usually,services%20across%20the%20federal%20government.&#8221;&gt;\u201chigh impact level\u201d category includes \u201cdata that involves&lt;\/a&gt; the protection of life and financial ruin.\u201d The \u201closs of confidentiality, integrity, or availability\u201d of this information \u201ccould be expected to have a severe or catastrophic adverse effect\u201d on operations, assets and individuals, the government has said. In the Defense Department, the data is categorized as \u201cImpact Level\u201d 4 and 5 and includes materials that directly support military operations.&lt;\/p&gt; &lt;p&gt;John Sherman, who was &lt;a href=&#8221;https:\/\/www.defense.gov\/About\/Biographies\/Biography\/Article\/2881098\/john-sherman\/&#8221;&gt;chief information officer&lt;\/a&gt; for the Department of Defense during the Biden administration, said he was surprised and concerned to learn of ProPublica\u2019s findings. \u201cI probably should have known about this,\u201d he said. He told the news organization that the situation warrants a \u201cthorough review by DISA, Cyber Command and other stakeholders that are involved in this.\u201d&lt;\/p&gt; &lt;p&gt;In an emailed statement, the Defense Information Systems Agency said that cloud service providers \u201care required to establish and maintain controls for vetting and using qualified specialists,\u201d but the agency did not respond to ProPublica\u2019s questions regarding the digital escorts\u2019 qualifications.&lt;\/p&gt; &lt;p&gt;It\u2019s unclear whether other cloud providers to the federal government use digital escorts as part of their tech support. Amazon Web Services and Google Cloud declined to comment on the record for this article. Oracle did not respond to requests for comment.&lt;\/p&gt; &lt;p&gt;Microsoft declined to make executives available for interviews for this article. In response to emailed questions, the company provided a statement saying its personnel and contractors operate in a manner \u201cconsistent with US Government requirements and processes.\u201d&lt;\/p&gt; &lt;p&gt;Global workers \u201chave no direct access to customer data or customer systems,\u201d the statement said. Escorts \u201cwith the appropriate clearances and training provide direct support. These personnel are provided specific training on protecting sensitive data, preventing harm, and use of the specific commands\/controls within the environment.\u201d In addition, Microsoft said it has an internal review process known as \u201cLockbox\u201d to \u201cmake sure the request is deemed safe or has any cause for concern.\u201d A company spokesperson declined to provide specifics about how it works but said it\u2019s built into the system and involves review by a Microsoft employee in the U.S.&lt;\/p&gt; &lt;p&gt;Over the years, various people involved in the work, including a Microsoft cybersecurity leader, warned the company that the arrangement is inherently risky, those people told ProPublica. Despite the presence of an escort, foreign engineers are privy to granular details about the federal cloud \u2014 the kind of information hackers could exploit. Moreover, the U.S. escorts overseeing these workers are ill equipped to spot suspicious activity, two of the people said.&lt;\/p&gt; &lt;p&gt;Even those who helped develop the escort system acknowledge the people doing the work may not be able to detect problems.&lt;\/p&gt; &lt;p&gt;\u201cIf someone ran a script called \u2018fix_servers.sh\u2019 but it actually did something malicious then [escorts] would have no idea,\u201d Matthew Erickson, a former Microsoft engineer who worked on the escort system, told ProPublica in an email. That said, he maintained that the \u201cscope of systems they could disrupt\u201d is limited.&lt;\/p&gt; &lt;p&gt;A Microsoft contractor called Insight Global &lt;a href=&#8221;https:\/\/jobs.insightglobal.com\/find_a_job\/washington\/job-331977\/&#8221;&gt;posted an ad in January&lt;\/a&gt; seeking an escort to bring engineers without security clearances \u201cinto the secured environment\u201d of the federal government and to \u201cprotect confidential and secure information from spillage,\u201d an industry term for a data leak. The pay started at $18 an hour.&lt;\/p&gt; &lt;p&gt;While the ad said that specific technical skills were \u201chighly preferred\u201d and \u201cnice to have,\u201d the main prerequisite was possessing a valid \u201csecret\u201d level clearance issued by the Defense Department.&lt;\/p&gt; &lt;p&gt;\u201cPeople are getting these jobs because they are cleared, not because they\u2019re software engineers,\u201d said the escort who agreed to speak anonymously and who works for Insight Global.&lt;\/p&gt; &lt;p&gt;Each month, the company\u2019s roughly 50-person escort team fields hundreds of interactions with Microsoft\u2019s China-based engineers and developers, inputting those workers\u2019 commands into federal networks, the employee said.&lt;\/p&gt; &lt;p&gt;In a statement to ProPublica, Insight Global said it \u201cevaluates the technical capabilities of each resource throughout the interview process to ensure they possess the technical skills required\u201d for the job, and provides training. The company noted that escorts also receive additional cyber and \u201cinsider threat awareness\u201d training as part of the government security clearance process.&lt;\/p&gt; &lt;p&gt;\u201cWhile a security clearance may be required for the role, it is but one piece of the puzzle,\u201d the company said.&lt;\/p&gt; &lt;p&gt;Microsoft did not respond to questions about Insight Global.&lt;\/p&gt; &lt;h3&gt;\u201cThe Path of Least Resistance\u201d&lt;\/h3&gt; &lt;p&gt;When modern cloud technology emerged in the 2000s, offering on-demand computing power and data storage via the internet, it ushered in fundamental changes to federal government operations.&lt;\/p&gt; &lt;p&gt;For decades, federal departments used computer servers owned and operated by the government itself to house data and power networks. Shifting to the cloud meant moving that work to massive off-site data centers managed by tech companies.&lt;\/p&gt; &lt;p&gt;Federal officials believed that the cloud would provide greater power, efficiency and cost savings. But the transition also meant that the government would cede some control over who maintained and accessed its information to companies like Microsoft, whose employees would take over tasks previously handled by federal IT workers.&lt;\/p&gt; &lt;p&gt;To address the risks of this revolution, the government &lt;a href=&#8221;https:\/\/web.archive.org\/web\/20220210115924\/https:\/\/www.whitehouse.gov\/wp-content\/uploads\/legacy_drupal_files\/omb\/assets\/egov_docs\/fedrampmemo.pdf&#8221;&gt;started the Federal Risk and Authorization Management Program&lt;\/a&gt;, known as FedRAMP, in 2011. Under the program, companies that wanted to sell their cloud services to the government had to establish how they would ensure that personnel working with sensitive federal data would have the requisite \u201caccess authorizations\u201d and background screenings. On top of that, the Defense Department had its own cloud guidelines, requiring that people handling sensitive data be U.S. citizens or permanent residents.&lt;\/p&gt; &lt;p&gt;This presented an issue for Microsoft, given its reliance on a vast global workforce, with significant operations in India, China and the European Union. So the company tapped a senior program manager named Indy Crowley to put federal officials at ease. Known for his familiarity with the rules and his ability to converse in the government\u2019s acronym-heavy lingo, colleagues dubbed him the \u201cFedRAMP whisperer.\u201d&lt;\/p&gt; &lt;p&gt;In an interview, Crowley told ProPublica that he appealed directly to FedRAMP leadership, arguing that the relative risk from Microsoft\u2019s global workforce was minimal. To make his point, he said he once grilled a FedRAMP official on the provenance of code in products supplied by other government vendors such as IBM. The official couldn\u2019t say with certainty that only U.S. citizens had worked on the product in question, he said. The cloud, Crowley argued, should not be treated any differently.&lt;\/p&gt; &lt;p&gt;Crowley said he also met with prospective customers across the government and told ProPublica that the Defense Department was the \u201cone making the most demands.\u201d Concerned about the company\u2019s global workforce, officials there asked him who from Microsoft would be \u201cbehind the curtain\u201d working on the cloud. Given the department\u2019s citizenship requirements, the officials raised the possibility of Microsoft \u201chiring a bunch of U.S. citizens to maintain the federal cloud\u201d directly, Crowley told ProPublica. For Microsoft, the suggestion was a nonstarter, Crowley said, because the increased labor costs of implementing it broadly would make a cloud transition prohibitively expensive for the government.&lt;\/p&gt; &lt;p&gt;\u201cIt\u2019s always a balance between cost and level of effort and expertise,\u201d he told ProPublica. \u201cSo you find what\u2019s good enough.\u201d Hiring virtual escorts to supervise Microsoft\u2019s foreign workforce emerged as \u201cthe path of least resistance,\u201d Crowley said.&lt;\/p&gt; &lt;p&gt;Microsoft did not respond to ProPublica\u2019s questions about Crowley\u2019s account.&lt;\/p&gt; &lt;p&gt;When he brought the concept back to Microsoft, colleagues had mixed reactions. Tom Keane, then the corporate vice president for Microsoft\u2019s cloud platform, Azure, embraced the idea, according to a former employee involved in the discussions, as it would allow the company to scale up. But that former employee, who was involved in cybersecurity strategy, told ProPublica they opposed the concept, viewing it as too risky from a security perspective. Both Keane and Crowley dismissed the concerns, said the former employee, who left the company before the escort concept was deployed.&lt;\/p&gt; &lt;p&gt;\u201cPeople who got in the way of scaling up did not stay,\u201d the former employee told ProPublica.&lt;\/p&gt; &lt;p&gt;Crowley said he did not recall the discussion. Keane did not respond to requests for comment.&lt;\/p&gt; &lt;p&gt;On its march to becoming one of the world\u2019s most valuable companies, Microsoft has repeatedly prioritized corporate profit over customer security, ProPublica has found. Last year, &lt;a href=&#8221;https:\/\/www.propublica.org\/article\/microsoft-solarwinds-golden-saml-data-breach-russian-hackers&#8221;&gt;the news organization reported&lt;\/a&gt; that the tech giant ignored one of its own engineers when he repeatedly warned that a product flaw left the U.S. government exposed; state-sponsored Russian hackers later exploited that weakness in one of the largest cyberattacks in history. Microsoft has defended its decision not to address the flaw, saying that it received \u201cmultiple reviews\u201d and that the company weighs a variety of factors when making security decisions.&lt;\/p&gt; &lt;h3&gt;A Skills Gap From the Start&lt;\/h3&gt; &lt;p&gt;The idea of an escort wasn\u2019t novel. The &lt;a href=&#8221;https:\/\/csrc.nist.gov\/pubs\/sp\/800\/53\/r5\/upd1\/final&#8221;&gt;National Institute of Standards and Technology&lt;\/a&gt;, which serves as the federal government\u2019s standards-setting body, had established recommendations on how IT maintenance should be performed on-site, such as in a restricted government office. \u201cMaintenance personnel that lack appropriate security clearances or are not U.S. citizens\u201d must be escorted and supervised by \u201capproved organizational personnel who are fully cleared, have appropriate access authorizations, and are technically qualified,\u201d the guidelines state.&lt;\/p&gt; &lt;p&gt;The government &lt;a href=&#8221;https:\/\/csrc.nist.gov\/pubs\/sp\/800\/53\/r4\/upd3\/final&#8221;&gt;at the time&lt;\/a&gt; specified the intent of the recommendation: to deny \u201cindividuals who lack appropriate security clearances \u2026 or who are not U.S. citizens, visual and electronic access to\u201d sensitive government information.&lt;\/p&gt; &lt;p&gt;But escorts in the cloud wouldn\u2019t necessarily be able to meet that goal, given the gap in technical expertise between them and the Microsoft counterparts they would be taking direction from.&lt;\/p&gt; &lt;p&gt;That imbalance, though, was baked into the escorting model.&lt;\/p&gt; &lt;p&gt;Erickson, the former Microsoft engineer who worked on the model, told ProPublica that escorts are \u201csomewhat technically proficient,\u201d but mainly are \u201cjust there to make sure the employees don\u2019t accidentally or intentionally view\u201d passwords, customer data or personally identifiable information. \u201cIf there are problems with the underlying\u201d cloud services, \u201cthen only the people who work on those services at Microsoft would have the requisite knowledge to fix it,\u201d he said.&lt;\/p&gt; &lt;p&gt;Advanced threats from foreign adversaries weren\u2019t on the radar for Erickson, who said he didn\u2019t \u201chave any reason to suspect someone more just based on their country of origin.\u201d&lt;\/p&gt; &lt;p&gt;\u201cI don\u2019t think there is any extra threat from Microsoft employees based in other countries,\u201d he said.&lt;\/p&gt; &lt;p&gt;Pradeep Nair, a former Microsoft vice president who said he helped develop the concept from the start, said that the digital escort strategy allowed the company to \u201cgo to market faster,\u201d positioning it to win major federal cloud contracts. He said that escorts \u201ccomplete role-specific training before touching any production system\u201d and that a variety of safeguards including audit logs, the digital trail of system activity, could alert Microsoft or the government to potential problems.&lt;\/p&gt; &lt;p&gt;\u201cBecause these controls are stringent, residual risk is minimal,\u201d Nair said.&lt;\/p&gt; &lt;p&gt;But legal and cybersecurity experts say such assumptions ignored the massive cyber threat from China in particular. Around the time that Microsoft was developing its escort strategy, an attack attributed to Chinese state-sponsored hackers resulted in the &lt;a href=&#8221;https:\/\/www.nytimes.com\/2015\/07\/10\/us\/office-of-personnel-management-hackers-got-data-of-millions.html&#8221;&gt;largest breach&lt;\/a&gt; of U.S. government data up to that point. The theft initially targeted a government contractor and eventually compromised the personal information of &lt;a href=&#8221;https:\/\/abcnews.go.com\/US\/exclusive-25-million-affected-opm-hack-sources\/story?id=32332731&#8243;&gt;more than 22 million people&lt;\/a&gt;, most of them applicants for federal security clearances.&lt;\/p&gt; &lt;p&gt;Chinese laws allow government officials there to collect data \u201cas long as they\u2019re doing something that they\u2019ve deemed legitimate,\u201d said &lt;a href=&#8221;https:\/\/law.yale.edu\/jeremy-l-daum&#8221;&gt;Jeremy Daum, senior research fellow&lt;\/a&gt; at the Paul Tsai China Center at Yale Law School. Microsoft\u2019s China-based tech support for the U.S. government presents an opening for espionage, \u201cwhether it be putting someone who\u2019s already an intelligence professional into one of those jobs, or going to the people who are in the jobs and pumping them for information,\u201d Daum said. \u201cIt would be difficult for any Chinese citizen or company to meaningfully resist a direct request from security forces or law enforcement.\u201d&lt;\/p&gt; &lt;p&gt;Erickson acknowledged that having an escort doesn\u2019t prevent foreign developers \u201cfrom doing \u2018bad\u2019 things. It just allows for there to be a recording and a witness.\u201d He said if an escort suspects malicious activity, they will end the session and file an incident report to investigate further.&lt;\/p&gt; &lt;p&gt;How much of this information federal officials understood is unclear.&lt;\/p&gt; &lt;p&gt;A Microsoft spokesperson said the company described the digital escort model in the documents submitted to the government as part of cloud vendor authorization processes. However, it declined to provide those records or to tell ProPublica the exact language it used in them to describe the escort arrangement, citing the potential security risk of publicly disclosing it.&lt;\/p&gt; &lt;p&gt;In addition to a third-party auditor, Microsoft\u2019s documentation theoretically would have been reviewed by multiple parties in the government, including FedRAMP and DISA. DISA said the materials are \u201cnot releasable to the public.\u201d The General Services Administration, which houses FedRAMP, did not respond to requests for comment.&lt;\/p&gt; &lt;h3&gt;The \u201cRight Eyes\u201d for the Job?&lt;\/h3&gt; &lt;p&gt;In June 2016, &lt;a href=&#8221;https:\/\/www.microsoft.com\/en-us\/industry\/blog\/government\/2016\/06\/23\/fedramp-confirms-high-compliance-status-microsoft-cloud-government\/&#8221;&gt;Microsoft announced that it had received FedRAMP authorization&lt;\/a&gt; to work with some of the government\u2019s most sensitive data. Matt Goodrich, then FedRAMP director, said at the time that the accreditation was \u201ca testament to Microsoft\u2019s ability to meet the government\u2019s rigorous security requirements.\u201d&lt;\/p&gt; &lt;p&gt;Around the same time, Microsoft put the escort concept into practice, engaging contacts from defense giant Lockheed Martin to hire cloud escorts, two people involved in the contract told ProPublica.&lt;\/p&gt; &lt;p&gt;A project manager, who asked for anonymity to describe confidential discussions, told ProPublica that they were skeptical of the escort arrangement from the start and voiced those feelings to their Microsoft counterpart. The manager was especially concerned that the new hires would not have the \u201cright eyes\u201d for the job given the relatively low pay set by Microsoft, but the system went ahead anyway.&lt;\/p&gt; &lt;p&gt;Lockheed Martin referred questions to Leidos, a company that took over Lockheed\u2019s IT business following a merger in 2016. Leidos declined to comment.&lt;\/p&gt; &lt;p&gt;As Microsoft captured more of the government\u2019s business, the company turned to additional subcontractors, typically staffing companies, to hire more digital escorts.&lt;\/p&gt; &lt;p&gt;Analyzing profiles on LinkedIn, ProPublica identified at least two such firms: Insight Global and ASM Research, whose parent company is consulting giant Accenture. While the scope of each firm\u2019s business with Microsoft is unclear, ProPublica found more workers identifying themselves as digital escorts at Insight Global, many of them former military personnel, than at ASM. ASM and Accenture did not respond to requests for comment.&lt;\/p&gt; &lt;h3&gt;Concerns About China&lt;\/h3&gt; &lt;p&gt;Some Insight Global workers recognized the same problem as the former Lockheed manager: a mismatch in skills between the U.S.-based escorts and the Microsoft engineers they are supervising. The engineers might briefly describe the job to be completed \u2014 for instance, updating a firewall, installing an update to fix a bug or reviewing logs to troubleshoot a problem. Then, with limited inspection, the escort copies and pastes the engineer\u2019s commands into the federal cloud.&lt;\/p&gt; &lt;p&gt;\u201cThey\u2019re telling nontechnical people very technical directions,\u201d the current Insight Global escort said, adding that the arrangement presents untold opportunities for hacking. As an example, they said the engineer could install an update allowing an outsider to access the network.&lt;\/p&gt; &lt;p&gt;\u201cWill that get caught? Absolutely,\u201d the escort told ProPublica. \u201cWill that get caught before damage is done? No idea.\u201d&lt;\/p&gt; &lt;p&gt;The escort was particularly concerned about the dozens of tickets a week filed by workers based in China. The attack targeting federal officials in 2023 \u2014 in which Chinese hackers stole 60,000 emails \u2014 underscored that fear.&lt;\/p&gt; &lt;p&gt;The federal Cyber Safety Review Board, which investigated the attack, blamed Microsoft for security lapses that gave hackers their opening. Its &lt;a href=&#8221;https:\/\/www.cisa.gov\/resources-tools\/resources\/CSRB-Review-Summer-2023-MEO-Intrusion&#8221;&gt;published report&lt;\/a&gt; did not mention digital escorts, either as playing a role in the attack or as a risk to be mitigated. Sherman, the former chief information officer for the Defense Department, and Coker, the former intelligence official, who both also served as members of the CSRB, told ProPublica that they did not recall the board ever discussing digital escorting, which they said they now consider a major threat. The Trump administration has since disbanded the CSRB.&lt;\/p&gt; &lt;p&gt;In its statement, Microsoft said it expects escorts \u201cto perform a variety of technical tasks,\u201d which are outlined in its contracts with vendors. Insight Global said it evaluates prospective hires to ensure they have those skills and trains new employees on \u201call applicable security and compliance policies provided by Microsoft.\u201d&lt;\/p&gt; &lt;p&gt;But the Insight Global employee told ProPublica the training regimen doesn\u2019t come close to bridging the knowledge gap. In addition, it is challenging for escorts to gain expertise on the job because the type of work they oversee varies widely. \u201cIt\u2019s not possible to get as trained up as you need to be on the wide array of things you need to look at,\u201d they said.&lt;\/p&gt; &lt;p&gt;The escort said they repeatedly raised concerns about the knowledge gap to Microsoft, over several years and as recently as April, and to Insight Global\u2019s own attorneys. They said the digital escorts\u2019 relative inexperience \u2014 combined with Chinese laws that grant the country\u2019s officials broad authority to collect data \u2014 left U.S. government networks overly exposed. Microsoft repeatedly thanked the escort for raising the issues while Insight Global said it would take them under advisement, the escort said. It is unclear whether Microsoft or Insight Global took any steps to address them; neither company answered questions about the escort\u2019s account.&lt;\/p&gt; &lt;p&gt;In its statement, Microsoft said it meets regularly with its contractors \u201cto discuss operations and surface questions or concerns.\u201d The company also noted that it has additional layers of \u201csecurity and monitoring controls\u201d including \u201cautomated code reviews to quickly detect and prevent the introduction of vulnerabilities.\u201d&lt;\/p&gt; &lt;p&gt;\u201cMicrosoft assumes anyone that has access to production systems, regardless of location or role, can pose a risk to the system, whether intentionally or unintentionally,\u201d the company said in its statement.&lt;\/p&gt; &lt;h3&gt;Another Warning, a Growing Risk&lt;\/h3&gt; &lt;p&gt;Last year, about three months after government investigators released &lt;a href=&#8221;https:\/\/www.cisa.gov\/resources-tools\/resources\/CSRB-Review-Summer-2023-MEO-Intrusion&#8221;&gt;their report&lt;\/a&gt; on the 2023 hack into U.S. officials\u2019 emails, a former Insight Global contractor named Tom Schiller contacted a Defense Department hotline and wrote to several federal lawmakers to warn them about digital escorting. He had become familiar with the system while briefly working for the company as a software developer. By last July, Schiller\u2019s complaints wound their way to the Defense Information Systems Agency Office of the Inspector General. Schiller told ProPublica that the office conducted a sworn interview with him, and separately with three others connected to Insight Global. In August, the inspector general wrote to Schiller to say it had closed the case.&lt;\/p&gt; &lt;p&gt;\u201cWe conducted a preliminary analysis into the complaint and determined this matter is not within the avenue of redress by DISA IG and is best addressed by the appropriate DISA management,\u201d the assistant inspector general for investigations said in the letter. \u201cWe have referred the information you provided to management.\u201d&lt;\/p&gt; &lt;p&gt;A spokesperson for the inspector general \u2014 whose office is supposed to operate independently in order to investigate potential waste, fraud and abuse \u2014 told ProPublica they were not authorized to speak about the issue and directed questions to DISA public affairs.&lt;\/p&gt; &lt;p&gt;\u201cIf the public information office contacts me and wants to collaborate to formulate a response through their office, I\u2019ll be more than happy to do that,\u201d the spokesperson said. \u201cBut I will not be responding to any kind of media request concerning OIG business without speaking with the public information office.\u201d&lt;\/p&gt; &lt;p&gt;DISA public affairs did not answer questions about the matter. After a spokesperson initially said that he couldn\u2019t find anyone who had heard of the escort concept, the agency later acknowledged in a statement to ProPublica that escorts are used \u201cin select unclassified environments\u201d at the Defense Department for \u201cadvanced problem diagnosis and resolution from industry subject matter experts.\u201d Echoing Microsoft\u2019s statement, it continued, \u201cExperts under escort supervision have no direct, hands-on access to government systems; but rather offer guidance and recommendations to authorized administrators who perform tasks.\u201d&lt;\/p&gt; &lt;p&gt;It is unclear what, if any, discussions have taken place among Microsoft, Insight Global and DISA, or any other government agency, regarding digital escorts.&lt;\/p&gt; &lt;p&gt;But David Mihelcic, DISA\u2019s former chief technology officer, said any visibility into the Defense Department\u2019s network poses a \u201chuge risk.\u201d&lt;\/p&gt; &lt;p&gt;\u201cHere you have one person you really don\u2019t trust because they\u2019re probably in the Chinese intelligence service, and the other person is not really capable,\u201d he said.&lt;\/p&gt; &lt;p&gt;The risk may be getting more serious by the day, as U.S.-China relations worsen amid a simmering trade war \u2014 the type of conflict that &lt;a href=&#8221;https:\/\/www.theregister.com\/2025\/04\/10\/trade_war_reaches_cyberspace\/&#8221;&gt;experts say&lt;\/a&gt; could result in Chinese cyber retaliation.&lt;\/p&gt; &lt;p&gt;In testimony to a Senate committee in May, Microsoft President Brad Smith said the company is continually \u201cpushing Chinese out of agencies.\u201d He did not elaborate on how they got in, and Microsoft did not respond to follow-up questions on the remark.&lt;\/p&gt; &lt;link rel=&#8221;canonical&#8221; href=&#8221;https:\/\/www.propublica.org\/article\/microsoft-digital-escorts-pentagon-defense-department-china-hackers&#8221; \/&gt; &lt;meta name=&#8221;syndication-source&#8221; content=&#8221;https:\/\/www.propublica.org\/article\/microsoft-digital-escorts-pentagon-defense-department-china-hackers&#8221; \/&gt; &lt;script type=&#8221;text\/javascript&#8221; src=&#8221;https:\/\/pixel.propublica.org\/pixel.js&#8221; async&gt;&lt;\/script&gt; <\/textarea>\t<\/label>  <button type=\"button\" class=\"wp-block-propublica-republish-link__copy-button\">Copy HTML<\/button> <\/div> <\/div> <\/div> <\/div> <\/div>   <\/footer> <\/article> ","protected":false},"excerpt":{"rendered":"Illustration by Andrea Wise\/ProPublica. Source image: gremlin\/Getty Images Illustration by Andrea Wise\/ProPublica. Source image: gremlin\/Getty Images Zero Trust A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers by Renee Dudley, with research by Doris Burke July 15, 2025, 5:00 am Contrast Change Appearance AutoLightDark ProPublica is a nonprofit newsroom that investigates abuses [&hellip;]","protected":false},"author":1,"featured_media":112,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15],"tags":[],"class_list":["post-111","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ciencia-tecnologia-e-inovacao"],"_links":{"self":[{"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/posts\/111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/comments?post=111"}],"version-history":[{"count":4,"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/posts\/111\/revisions"}],"predecessor-version":[{"id":295,"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/posts\/111\/revisions\/295"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/media\/112"}],"wp:attachment":[{"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/media?parent=111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/categories?post=111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/maxinefilmes.com\/odelator\/wp-json\/wp\/v2\/tags?post=111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}