The US has always been wary of China and its ability to access private data on social networks. It's what's gotten TikTok in trouble in the first place. The tension may not be completely unfounded as a US politician claims that his emails were hacked by China.
Nebraska Representative's Email Hacked
Republican Congressman Don Bacon claims that his emails were accessed without permission on behalf of the Chinese Communist Party (CCP) in their espionage campaign. He believes that they did so by exploiting a vulnerability in Microsoft's software.
The politician was notified by the FBI that the hackers obtained personal and campaign emails between May 15th to June 16th, 2023, further suspecting that it was due to his skepticism towards China and his support for Taiwan, as mentioned in Gizmodo.
He also addressed this in a post on X, saying that he was hacked because he stands against "the Uighur genocide and abuses conducted in Tibet and Hong Kong" as well as his public support for an "independent Taiwan."
His press secretary says that he received the alert from Microsoft as well, warning him that he may have been targeted in the hack and advised that he changed his password. This was a different alert from the one Bacon received from the agency.
According to Bacon's secretary, his emails did not hold information about matters relating to China and Taiwan. However, there are other sensitive data such as political strategies, personal banking information, and fundraising.
The Federal Bureau of Investigation believes that the illegal access to Bacon's emails has no connection with the previous hacks that affected several emails of State Department officials. Microsoft confirmed that the latter impacted around 25 organizations in the public cloud.
Read Also: Estee Lauder Reports Data Breach - Are Customers' Information Safe?
Microsoft Has Already Been Called Out
This was not the first time Microsoft was linked to cybersecurity issues wherein government officials had their emails accessed. US Senator Ron Wyden wanted the Justice Department to hold Microsoft responsible for its "negligent cybersecurity practices."
Microsoft says that the flaw was exploited by triggering the weaknesses in either Azure AD or its Exchange Online email service. Still, the weakness allowed hackers to use even an expired Microsoft Account encryption key to log into Exchange accounts.
The company still has no idea how the hackers behind the incidents managed to acquire the key. It was possible that it was a forgery, which managed to work because of a "validation error in the Microsoft code, as mentioned in Ars Technica.
The China-based hackers, also called Storm-0558, are said to be conducting the cybercrimes on behalf of the CCP. Coincidentally, the exploit started on May 15th and was driven out by June 16th, which questions how the FBI came to the conclusion that Bacon's email incident was not related.
According to reports, Wyden called on US Attorney General Merrick B. Garland, Cybersecurity and Infrastructure Security Agency Director Jen Easterly, and Federal Trade Commission Chair Lina Khan, for holding Microsoft accountable for its shortcomings, leading to the emails being accessed by bad actors.
Related: Chinese Hackers Accessed US Government Email Accounts, Microsoft Confirmed
