The story of the attacks on Microsoft Exchange servers may have just gained another chapter. While it was already known that the attacks targeted a massive number of people and PCs, the motives behind those attacks are still being discovered. A piece by NPR’s Dina Temple-Raston explains that the attacks were likely performed to gather data to develop artificial intelligence.
NPR’s piece offers an extensive breakdown of the history of the Exchange server attacks, their implications across several industries, and how Microsoft and other organizations responded to the attack. It also adds a new angle to the saga, alleging China used the attacks to gather data to develop AI.
NPR spent months analyzing the attacks and interviewing people ranging from Microsoft employees to U.S. intelligence officials in order to put together a report that paints the picture that Beijing leadership’s endgame for the breach’s data is artificial intelligence, which would be used for tasks traditionally reserved for humans.
According to William Evanina, former director of the National Counterintelligence and Security Center, “the Chinese have more data than we have on ourselves.” Evanina founded the Evanina Group, which is a risk consultancy company. A report from the group states that the Chinese government has stolen personal information from an estimated 80% of Americans. This data could be used for intelligence purposes.
Data gathered from these types of attacks could be used to develop AI that affects major aspects of people’s everyday lives. NPR notes that AI is used to calculate insurance rates and people’s credit scores, as well as to determine if people can get a mortgage.
Kiersten Todt, former executive director of the Obama administration’s bipartisan commission on cybersecurity and current head of the Cyber Readiness Institute, warned of the dangers of China collecting data. “We don’t know what the Chinese are building, but what we do know is that diversity of data, quality of data aggregation, accumulation of data is going to be critical to its success.”
The full NPR read features talks with individuals such as Microsoft VP Tom Burt, who handles the company’s digital crimes unit. In the report, he outlined what Microsoft’s thought process was as the attacks progressed, as well as detailed Hafnium‘s involvement in the ensuing chaos. Other interesting inside looks at Microsoft’s operations, such as its philosophy behind Patch Tuesdays, are also in the report.