(DCNF)—Microsoft has relied on engineers based in China for years to help maintain some of the U.S. Department of Defense’s (DOD) most sensitive cloud computing systems, potentially leaving them vulnerable to hacking, according to a new investigation from ProPublica released Tuesday.
Because U.S. law prohibits foreign nationals from directly accessing federal systems that handle sensitive data, Microsoft has been funneling work through American “digital escorts” — low-paid workers with security clearances but often possessing limited technical expertise — who input commands from more skilled China-based engineers into federal networks, according to ProPublica. The arrangement, largely unknown even within the federal government, is raising alarms among national security and cybersecurity experts as the engineers could gain access to sensitive government data with little oversight, potentially exposing critical systems to Chinese cyber espionage.
The system has reportedly been in place for over a decade, ProPublica reported. China remains America’s top cyber security adversary, posing both a threat to government and private sector entities, according to a February 2024 report from the Office of the Director of National Intelligence.
This arrangement is used to handle “high impact level” information, which includes “data that involves the protection of life and financial ruin,” where “loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals,” according to U.S. government policy reviewed by ProPublica. The escorts effectively act as middlemen, copying and pasting commands from foreign workers into Pentagon-linked systems, in some cases without fully understanding the functions of those commands.
“We’re trusting that what they’re doing isn’t malicious, but we really can’t tell,” one escort, who works for Microsoft contractor Insight Global and spoke on condition of anonymity, told ProPublica. “They’re telling nontechnical people very technical directions,” the current Insight Global escort said, adding that the foreign engineer could install an update allowing an outsider to access the network.
“If I were an operative, I would look at that as an avenue for extremely valuable access. We need to be very concerned about that,” Harry Coker, former senior executive at the CIA and the National Security Agency, told ProPublica.
Over the years, various individuals involved in the work told ProPublica that they had warned the company about the risks. Despite the presence of an escort with a security clearance, ProPublica found that foreign engineers have access to details about the federal clouds that hackers can exploit.
“If someone ran a script called ‘fix_servers.sh’ but it actually did something malicious then [escorts] would have no idea,” a former Microsoft engineer who worked on the escort system, told ProPublica.
Microsoft told the DCNF that its personnel and contractors are audited by the U.S. government, and that the Chinese engineers in question would have “no direct access to customer data or customer systems.”
“As part of our Secure Future Initiative and in accordance with zero trust principles, Microsoft assumes anyone that has access to production systems, regardless of location or role, can pose a risk to the system, whether intentionally or unintentionally, and we establish layers of mitigation at the platform level with security and monitoring controls to detect and prevent threats,” a Microsoft spokesperson said in a statement to the DCNF. “This includes approval workflows for system changes and automated code reviews to quickly detect and prevent the introduction of vulnerabilities.”
Many of the escorts are former military personnel paid as little as $18 an hour and lack the technical training to identify malicious activity, according to ProPublica.
Microsoft employs approximately 50 escorts, each of whom partake in hundreds of interactions with China-based engineers and plug in the engineers’ commands into federal computers, according to ProPublica.
Notably, in 2023, Chinese hackers compromised the emails of the U.S Commerce and State Departments, including those of the U.S. ambassador to China, a breach that was ultimately blamed on vulnerabilities created by Microsoft’s security lapses.
“I probably should have known about this,” John Sherman, former chief information officer for the DOD, told ProPublica.
Moreover, China hawks point out that Chinese law allows the Communist Party to collect data from companies and individuals at will.
“It would be difficult for any Chinese citizen or company to meaningfully resist a direct request from security forces or law enforcement,” Jeremy Daum, a senior research fellow at the Paul Tsai China Center at Yale Law School, told ProPublica.
The Pentagon did not respond to the Daily Caller News Foundation’s request for comment.
Melissa O’Rourke contributed to this report.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact [email protected].
For Emergency Preparedness, Don’t Forget the Meds
Being prepared is more than just a good idea—it’s essential. We stock up on non-perishable food, bottled water, flashlights, and first-aid supplies, but one critical aspect often gets overlooked: access to vital medications. What happens if pharmacies close, prescriptions can’t be filled, or you’re cut off from medical care during an emergency?
That’s where Jase Medical steps in, offering a reliable solution to ensure you and your family have the medications you need when it matters most.
Jase Medical specializes in emergency preparedness kits designed to provide peace of mind through physician-reviewed, prescription medications delivered right to your door. Their flagship product, the Jase Case, is a comprehensive emergency antibiotic and medication kit priced at $289.95.
This kit includes 10 essential medications—five life-saving antibiotics and five symptom relief meds—that can treat over 50 common infections and illnesses, from urinary tract infections and pneumonia to skin infections and traveler’s diarrhea. With 28 add-on options available, you can customize the kit to fit your specific needs, including a KidCase for children ages 2-11.
The process is straightforward and hassle-free. Simply visit Patriot.tv/meds, complete an online evaluation, and have your order reviewed by a board-certified physician. Once approved, the medications are shipped discreetly from a licensed pharmacy to your U.S. address (with plans for Canada shipping coming soon). Each kit comes with detailed Med Cards outlining symptoms, dosing, and usage, making it easy to administer even in high-stress situations. These medications are shelf-stable and designed for long-term storage, empowering you to handle medical emergencies without relying on external help.
For those on the move, Jase Medical also offers the Jase Go kit for $129.95, a compact travel med kit covering over 30 common conditions encountered during adventures or trips. And for ongoing needs, Jase Daily provides an extended supply of your prescribed chronic medications to safeguard against disruptions in supply chains or extreme weather events.
Don’t just take our word for it—thousands of satisfied customers have given Jase Medical a 4.9-star rating, praising its role in true preparedness. As radio host Glenn Beck warns, “The supply lines for antibiotics already are stressed to the max. Please have some antibiotics on hand… You can do it through Jase.”
Whether you’re prepping for a hurricane, a power outage, or simply the uncertainties of daily life, Jase Medical ensures you’re not caught off guard. Head to patriot.tv/meds today to customize and order your emergency kit—because when it comes to your health and safety, it’s better to be prepared than sorry.