US Senator: It's Time to Investigate Microsoft for 'Negligent Cybersecurity'
Microsoft is facing heat from a US senator for failing to prevent state-sponsored hackers from breaking into US government systems twice: during the 2020 SolarWinds hack, and the more recent Outlook-based email hack that was disclosed this month.
Sen. Ron Wyden (D-Oregon) is demanding an investigation into Microsoft from the Justice Department, the Federal Trade Commission, and country’s cybersecurity agency, CISA.
“I write to request that your agencies take action to hold Microsoft responsible for its negligent cybersecurity practices, which enabled a successful Chinese espionage campaign against the United States government,” he wrote(Opens in a new window) on Thursday.
Wyden says the hackers behind the SolarWinds incident and the Outlook breach gained access partly due to poor security practices from Microsoft. But rather than admit fault, the software giant allegedly shifted blame to others and urged customers to stick with Microsoft products.
For example, Wyden cites how the suspected Chinese hackers who broke into US government email accounts this month did so by using forged authentication tokens for Exchange Online and Outlook.com. In its own blog post(Opens in a new window), Microsoft revealed the hackers somehow acquired a “Microsoft account (MSA) consumer signing key,” which could also be exploited to forge the authentication tokens for enterprise accounts.
“Even with the limited details that have been made public so far, Microsoft bears significant responsibility for this new incident,” Wyden says. “First, Microsoft should not have had a single skeleton key that, when inevitably stolen, could be used to forge access to different customers’ private communications.”
The other problem is that Microsoft
Read more on pcmag.com
