Security News > 2021 > August > US officials, experts fear China ransacked Exchange servers for data to train AI systems

The massive attack on Microsoft Exchange servers in March may have been China harvesting information to train AI systems, according to US government officials and computer-security experts who talked to NPR. The plundering of these Exchange systems was attributed to Chinese government cyber-spies known as Hafnium; Beijing denied any involvement.

It's said the crew exploited four zero-days in Redmond's mail software in a chain to hijack the servers and siphon off data.

US government officials, and those in the infosec industry, are apparently concerned that, given the wide range of organizations targeted - from big biz to shops, dentists, and schools - the Chinese government could be trying to train machine-learning systems on mountains of Americans' messages, calendars, and files.

"The Chinese have more data than we have on ourselves," William Evanina, a former director of the National Counterintelligence and Security Center, was quoted as saying.

Speaking of Uncle Sam... The White House on Monday launched the US Digital Corps, a two-year fellowship program that finds junior software engineers, data scientists, and other geeks roles at federal agencies.

"The government understands that this outside access to the search warrant returns was made possible because, when data is loaded onto the platform, the default setting is to permit access to the data to other FBI personnel otherwise authorized to access the platform," wrote [PDF] Audrey Strauss, US Attorney for the Southern District of New York.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/08/31/in_brief_security/