Microsoft is a name that everyone knows when it comes to computers. Microsoft is also a must-have when it comes to internet security and protecting personal information against identity thieves. Microsoft is undoubtedly the 800-pound-gorilla of the computer/internet world.
Microsoft is the operating system of choice for most computers. This includes government, business, and personal ones. Windows was the most popular operating system in the world as of February 2024. At least 72 percent and some estimates go as high as 90%, of all computers used it. That’s a billion-and-a-half Windows machine. This is a large pool of computers for hackers to practice their craft.
When high-profile hacks are revealed, it is appropriate to examine Microsoft to determine if a vulnerability in the operating system was responsible for the hack.
The hacking of the Trump campaign is one of these hacks. It was well publicized and, as of last weekend, it was still in progress. Judd Legum of “Popular Information”, a tech-industry writer, may have some information.
Popular Information confirmed that malicious actors have hacked the email communications of individuals affiliated with the Trump campaign in the past ten days.
On September 18 I received a message from a “Robert” which contained a cover page for a dossier about Senator JDVance (R-OH), Republican Vice Presidential nominee, dated Feb 23, 2024. Robert refused to identify him, except to say that it was the “Robert”, who in July and August gave stolen Trump campaign material to Politico, The New York Times, and the Washington Post. He said, “I thought that you would have heard Robert’s story.”
Microsoft has been promoting the security improvements made following some of these highly publicized incidents. Bob Evans, the founder of “Cloudwars”, has been questioned by high-tech commentators.
The thing that makes me a little uncomfortable is the fact that Microsoft wants to be applauded and appreciated for realizing — in 2024 — that safety cannot be an afterthought and should never be. It’s for this reason that I am puzzled as to what Microsoft’s priority was before Satya Nadella’s decision. Satya Nadella, after being fed up with his company’s multiple security flaws and public embarrassments, declared security would be the new “Big Thing”.
It’s a good sign that Microsoft has finally acknowledged the importance of security in our digital world. To put it plainly, why did Microsoft take so long to realize this?
Microsoft’s improvements appear to have mainly been focused on government accounts. This includes user security designed to keep Chinese hackers out. These measures are likely to work against Iranian hackers or even domestic ones.
Microsoft’s Executive Vice President of Security, Charlie Bell, announced in a blog that the cloud accounts for the U.S. Government and Public Sector will automatically generate, store, and rotate token-signing keys.
The signing keys are now also stored in the “hardware secure modules” of customers, making it almost impossible to access user accounts.
The company changed the lifetime of access tokens for internal employees from seven days to one week. This means that even if hackers somehow managed to hack into an employee’s account, they would not be able to break into a customer’s account.
It seems that computer/internet security is a never-ending race. In something as complex and complicated as an operating system, and its associated software packages like Microsoft Office, it’s difficult, if not even impossible, to anticipate and prevent every possible attack by hackers. The history of the Internet has shown us that hackers are very intelligent. Even second-rate nations like North Korea or Iran can become formidable hackers with the resources and support of a nation-state.
But questions for Microsoft remain. Now, we have seen several releases of significant information about American politicians. Some of the releases were leaks of personal information and two-part communication to which they were a part. Some of these were hacks, but others were not. Microsoft was distracted by other matters as the events unfolded.
Microsoft needs to explain itself. Maybe the U.S. Government and political campaigns should start hiring their own data security personnel.
