When it comes to computers, it’s impossible to not talk about Microsoft. When it comes to the internet, it’s impossible not to talk about Microsoft. And when it comes to internet security, to protecting your personal information from identity thieves and hackers, it’s likewise impossible not to talk about Microsoft. In all things computer/internet, Microsoft is the 800-pound gorilla in the room, and that’s for sure and for certain.
The vast majority of computers, from government to business to personal, use a Microsoft operating system and probably plenty of Microsoft software. As of February 2024, Windows was far and away the world’s most common operating system, with at least 72 percent of the world’s computers using it, some estimates going as high as 90 percent; that makes for a billion and a half Windows-based machines out there. That makes for a deep pool of machines for hackers to learn their trade on.
So when some high-profile hacks come to light, it’s appropriate to look at Microsoft to see if it was a weakness in that near-ubiquitous operating system that made the hack possible.
Previously on RedState: Iranian Hackers Caught Sharing Trump Campaign Information With Team Biden
TREACHERY: Far-Left Blogger Reveals JD Vance’s Personal Information, Hacked by Iran
One such hack is the well-publicized hack of the Trump campaign, which as of last week, was still ongoing. One tech-industry scribe, “Popular Information” founder Judd Legum, has some information:
Email communications from individuals associated with the Trump campaign have been hacked by malign actors within the last ten days, Popular Information has confirmed.
On September 18, I was sent a message from “Robert,” which contained the cover page of a dossier on Senator JD Vance (R-OH), the Republican vice presidential nominee, dated February 23, 2024. Robert refused to identify himself except to suggest it was the same “Robert” who provided stolen internal Trump campaign materials to Politico, the New York Times, and the Washington Post in July and August. “I thought you must have heard Robert’s story,” he said.
It’s unclear whether any shortfalls in anything Microsoft made this hack possible, but Microsoft is promoting security enhancements made after some of these well-publicized incidents. This has raised some well-deserved questions among high-tech commentators, including “Cloudwars” founder Bob Evans:
I guess the burr under my saddle is that Microsoft appears to want to be applauded, appreciated, and admired for recognizing — here in the year 2024 — that security can’t be a second thought and certainly should never be an after-thought. That’s why I’m puzzled about what Microsoft’s top priority was before CEO Satya Nadella finally got fed up with his company’s multititude of security shortcomings and public embarrassments and decreed that from here on out, security is now The Big Thing.
The bare fact that Microsoft is finally acknowledging the primacy of security in today’s digital world is, I guess, a good thing. But to frame it bluntly, what the hell took them so long to realize this??
Microsoft’s improvements seem to have mostly encompassed government accounts, including user security intended to keep out Chinese hackers. Presumably, these measures would also work against Iranian – or domestic – hackers.
U.S. government and public sector cloud accounts will now automatically generate, store and rotate token signing keys, Charlie Bell, Microsoft’s executive vice president of security, wrote in a blog post.
- Signing keys are also now stored in a customer’s so-called “hardware secure module,” making it virtually impossible for user accounts to access.
- The company also changed the lifespan of the access tokens given to internal employees to seven days — so even if a hacker somehow broke into an employees’ account, they still wouldn’t be able to break into the corresponding customers’ account.
Computer/internet security seems like a never-ending arms race and in something as complex as an operating system and associated software, like Microsoft’s Office packages, it would seem difficult if not impossible to anticipate and pre-empt every possible avenue for hackers. If the history of the internet has taught us anything, it has taught us that hackers can be very clever indeed. And with the resources of a nation-state behind them, even second-raters like North Korea and Iran, these hackers can be formidable.
But questions for Microsoft remain. We have now seen several significant releases of information about American political figures. Some of these were personal breaches and releases of two-part communications to which the leaker was a party. But others were outright hacks – and it appears that Microsoft’s priorities were elsewhere while these events were developing.
Microsoft has some explaining to do. And maybe the U.S. government and political campaigns may want to start employing their own data security personnel.