US officials, experts fear China ransacked Exchange servers for data to train AI systems • The Register

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


In brief The massive attack on Microsoft Exchange servers in March may have been China harvesting information to train AI systems, according to US government officials and computer-security experts who talked to NPR.

The plundering of these Exchange systems was attributed to Chinese government cyber-spies known as Hafnium; Beijing denied any involvement.

It’s said the crew exploited four zero-days in Redmond’s mail software in a chain to hijack the servers and siphon off data. And what started small turned into what Chang Kawaguchi, CISO for Microsoft 365, told NPR this month was the fastest scale-up of a cyber-attack he’d ever seen.

US government officials, and those in the infosec industry, are apparently concerned that, given the wide range of organizations targeted – from big biz to shops, dentists, and schools – the Chinese government could be trying to train machine-learning systems on mountains of Americans’ messages, calendars, and files.

And this Exchange harvesting is on top of the huge databases of personal information already swiped from the US government and the private sector.

“The Chinese have more data than we have on ourselves,” William Evanina, a former director of the National Counterintelligence and Security Center, was quoted as saying.

“So you have the OPM data breach,” he continued, “you have an entire security clearance file for someone, you have Anthem records, you have his Marriott point record, credit cards, Equifax, his loans, his mortgages, his credit score. They know everything about you before they even bump you on a cruise or on a vacation.”

Evanina spoke more on the threat from China here [PDF] before the Senate intelligence committee at the start of August, if you’re interested.

We hope you’ve patched ProxyToken, aka CVE-2021-33766, in July’s Patch Tuesday patch from Microsoft for Exchange…

Source…