Doomsday II: The Massive Microsoft Email Data Breach Sequel
By
Duane Thresher, Ph.D. March 8, 2021
Only IT incompetent megacorporation Microsoft could have an
oxymoron like Doomsday II, the sequel to the end of the world,
in this case the sequel to
The
Doomsday Microsoft Government Email Data Breach. But
perhaps it should be seen as taking doomsday on the road. The
first Microsoft email doomsday data breach destroyed
U.S. Government IT and the sequel is being called a global
crisis, having also destroyed the IT of foreign governments
and institutions. At least the
IT
incompetent media realized this time that it was
Microsoft's fault — they call it the Microsoft Exchange
Cyberattack — which they didn't last time. The first
Microsoft email doomsday data breach was due to Microsoft's
Outlook email, in all its various guises, and this sequel
Microsoft email doomsday data breach is due to Microsoft's
Exchange, which is their email server. Here I explain all
this and how they are related.
Of course, all the U.S. government and media can do is play
the blame game because being IT incompetent they can't find
any real proof. During the first Microsoft email doomsday
data breach most, particularly in the federal government, said
it was done by Russia, but with this sequel Microsoft email
doomsday data breach most say China, based solely on what
blame-shifting IT incompetent Microsoft says. The White House
has ordered the same notorious IT incompetent federal agency,
the Department of Homeland Security's (DHS) Cybersecurity and
Infrastructure Security Agency (CISA), that itself was hacked
in the first Microsoft email doomsday data breach to fix this
sequel Microsoft email doomsday data breach. IT incompetent
CISA just says to do whatever Microsoft says to do, the same
IT incompetent Microsoft that allowed both doomsday data
breaches to happen in the first place. That would make this
doomsday sequel a comedy, not a drama.
I explained in
The Doomsday Microsoft Government Email Data Breach
how that hacking was due to IT
incompetent Microsoft's Outlook email, in all its various
guises. This hacking sequel was due to IT incompetent
Microsoft's Exchange, which is an email server Microsoft makes
(a server is just a computer running software that provides a
service, like email). The difference is that while one guise
of Microsoft Outlook is an email service run by Microsoft,
Microsoft Exchange is an email server Microsoft makes that can
be run by an enterprise, such as a department of the
U.S. Government. This was one reason why in
The
Doomsday Microsoft Government Email Data Breach I
explained it was sometimes hard to know if a federal
department was using Microsoft email, in some way or
another.
To make matters more convoluted — and making the two
Microsoft email doomsday data breaches definitely related
— Microsoft originally made accessing an Exchange email
server a proprietary protocol (for monopolistic reasons,
Microsoft loves these), and made Microsoft Outlook one of the
only email clients that could do this. Further, the Outlook
email service run by Microsoft is itself a Microsoft Exchange
email server.
Microsoft's Exchange email server has been integrated with
Microsoft Windows Server, which acts as the operating system
for many enterprise computers. So, once a Microsoft Exchange
email server has been hacked, it is easy to hack the operating
system — particularly since many services use email
login authentication as their login authentication — of
many computers. Once a computer's operating system has been
hacked, the computer is "owned" by the hackers. They install,
as part of the operating system, software such as root kits
(see
Equifax
Dead: Hacked So Credit Reports Worthless) that make it
impossible to detect any evidence of the computer having been
hacked — so absence of evidence is not evidence of
absence, particularly by IT incompetent investigators —
and that provides permanent secret access to the computers by
the hackers. The only fix is to completely erase all hard
drives involved and start over from scratch. Backups cannot
be used because it cannot be known when the hackers hacked the
system and installed their software. Truly a doomsday data
breach.
Even the U.S. Government considers this sequel a doomsday data
breach, starting with the White House, which besides
threatening war on China, issued unprecedented public
statements about how bad the data breach was and ordered the
federal government to do whatever is necessary to fix it. The
agency the White House put in charge of this fix is the
Department of Homeland Security's (DHS) Cybersecurity and
Infrastructure Security Agency (CISA). But as I explained in
The
Doomsday Microsoft Government Email Data Breach, the IT
incompetent DHS, including the CISA, was one of the many
federal departments and agencies that was hacked during the
first Microsoft email doomsday data breach, and probably still
unknowingly is hacked, as explained. If they couldn't even
protect themselves against the same kind of hacking during the
first Microsoft email doomsday data breach, how are they going
to protect the rest of the federal government during this
sequel Microsoft email doomsday data breach? The only thing
IT incompetent CISA has done is to direct the rest of the
federal government to do whatever Microsoft tells it to do,
the same IT incompetent Microsoft that allowed both doomsday
data breaches in the first place.
(I wrote about the Cybersecurity and Infrastructure Security
Agency in
Handing
Over America's Electrical Grid to the Russians and there
have been some important developments with CISA, particularly
its IT incompetent personnel and its responsibility to protect
against hacking of the 2020 presidential elections, which, it
should be noted, came
after the federal government had
already been hacked during the first Microsoft email doomsday
data breach. I will write about these developments in a later
article.)
What Microsoft says to do about this sequel Microsoft email
doomsday data breach is on a single webpage of its security
blog, which is mostly about damage control to Microsoft's
reputation, as will be explained. The only fix Microsoft
offers is some patches to apply to its Exchange software to
prevent being hacked in the first place. But as explained, it
is already too late for that, the hacking has been done and
thousands of computers worldwide are owned, undetectably so,
by the hackers. It's shutting the barn door after the horses
have run out, or perhaps more appropriate in this case, after
the Trojan Horses have run in. It's a doomsday data breach,
the only fix is to completely erase all the hard drives and
start over from scratch.
As I explained in
The
Doomsday Microsoft Government Email Data Breach, as part
of their effort to hide their IT incompetence, the IT
incompetents — in this case the U.S. Government and
Microsoft — always claim that their data breaches were
"sophisticated" hackings (see
Data
Breaches on
Stop IT Incompetence)
done, as supposedly only such a "sophisticated" hacking could
be, by a foreign government. Right from the title of
Microsoft's security blog webpage,
HAFNIUM targeting
Exchange Servers with 0-day exploits, Microsoft is trying
to repair its reputation this way.
A "0-day exploit" is a software security vulnerability that is
unknown to anyone but a single hacker and has never been used
before. There is thus no patch for it and when it is first
used it is highly effective. They are thus very valuable and
closely-held secrets until used the first time as widely
(massively) as possible. In competently coded software, they
should be rare and very hard to find, only by teams of expert
government hackers.
HAFNIUM is the name given by Microsoft to the hackers, who
they claim — a claim that could start a war — are
associated with the Chinese government. By giving the hackers
a name (a government research sounding one; hafnium is an
element used in nuclear reactors), Microsoft makes it sound
like they have dealt with them successfully before, so
everything will be fine this time too.
The Microsoft Exchange software had 4 (!) of these
supposedly-rare so-called 0-day exploits — labeled
starting with CVE, for Common Vulnerabilities and Exposures
— and there is evidence that other non-HAFNIUM hackers
had already used them. No, this wasn't a sophisticated
hacking, just incompetently-coded insecure software, done by
Microsoft's cheap IT incompetent programmers from India; see
The
Doomsday Microsoft Government Email Data
Breach.
Also on Microsoft's security blog webpage, and as I explained
in
The
Doomsday Microsoft Government Email Data Breach, Microsoft
discreetly admits to also providing the hackers with their
domestic (to avoid suspicion) hacking command-and-control
servers via leasing them some Microsoft cloud computers.
Microsoft is one-stop shopping for hackers: both IT
incompetent insecure software and the hardware to exploit
it.
Most of what Microsoft has said about the Microsoft email
doomsday data breaches has been to the media and been just
reputation damage control, which for such massive data
breaches must be done by the top people. With Microsoft
founder and former CEO, Chairman, and President
Bill Gates
essentially retired, the top people
at Microsoft are CEO Satya Nadella, Chairman John Thompson,
and President and Chief Legal Officer Brad Smith. As CEO and
the top guy with the most IT education, such as it is,
Satya Nadella
should be the frontman, but he
himself is a foreigner, from India, and suspect in these
doomsday data breaches; see
The
Doomsday Microsoft Government Email Data Breach. Chairman
John Thompson
only has business degrees and is an
African-American with very close ties to the Democratic Party
and government officials so can't be put up to ridicule. That
leaves President
Brad Smith
to do all the talking. Smith is a
white guy born in Milwaukee, Wisconsin, where Satya Nadella
got a degree from bottom-ranked University of Wisconsin
– Milwaukee. Smith only has degrees in public affairs
and law, but this at least qualifies him for speaking
deceitfully to the public via the media in order to do
reputation damage control.
The IT incompetent media just repeats what Microsoft tells
them, sometimes just mentioning the Microsoft security blog
webpage to make it seem like they have some IT expertise and
have done some research.
Much of the American reporting on this sequel Microsoft email
doomsday data breach — the media missed the first one
— was based on a Bloomberg News article by William
Turton and Jordan Robertson. Foolishly, the article quotes
Alex Stamos as their cybersecurity expert.
Alex
Stamos was (Mar 2014 – Jun 2015) CISO of Yahoo
during their two massive data breaches (late 2014) that
compromised 500 million and 1 billion user accounts. Then
Stamos was (Jun 2015 – Aug 2018) CISO of Facebook during
its massive data breach (Jul 2017 – Aug 2018) that
compromised 50 million user accounts. See
Yahoo-Then-Facebook
CISO Alex Stamos Allows Yet Another Massive Data
Breach.
Jordan
Robertson is the cybersecurity reporter for Bloomberg but
only has a bachelor's in journalism from a low-ranked
California college and a master's in filmmaking from "No Free
Speech" University of California, Berkeley. He plays second
fiddle to article first author William Turton, who may not
even be old enough to have gone to college.
William
Turton was hailed as a
tech
reporter wunderkind, particularly about cybersecurity,
when just a few years ago as a teenager he was writing about
video game playing and "broke" a story about "hackers" briefly
taking down the
Sony
PlayStation and Microsoft Xbox Live networks, as part of a
marketing scheme. The
IT
incompetent media is full of IT incompetent older people
who think young people must inherently be IT experts, which is
exactly wrong since becoming an IT expert takes
years of study at good
universities and then years of IT experience. So now a
leading national news source, Bloomberg, is letting a foolish
kid write influential stories about national security that
could lead to war.
If this sequel wasn't such a real tragedy, it would indeed be
a comedy.