The Defense Department is opening an investigation to determine if the tech giant’s use of overseas engineers to maintain sensitive U.S. government computer systems compromised national security.
“The program was designed to comply with contracting rules, but it exposed the department to unacceptable risk,” Hegseth said in a video announcement posted on X. “If you’re thinking America first and common sense, this doesn’t pass either of those tests.”
I’m agreeing with Pete Hegseth? WTF is happening right now?
Google, Amazon and several other gov contractors have been loosening their hiring guidelines since the Obama era when it was required for anyone working on gov cloud or gov anything needed to be U.S. Citizen, then it was just on U.S. soil to finally has to be monitored or reviewed by someone in U.S. which very quickly devolved to get the work done even if no one in the U.S. is awake. As you can imagine it would be easy for anyone to slip and take advantage of such wide gaps in security.
The US has long since had a practice of outsourcing labor many times over in pursuit of the lowest labor costs and maximum profit.
Getting your girdle in a twist because you found out the guy on Fiverr debugging your middleware has non-White ancestors maybe misses the root of the problem.
??? This is about giving chinese nationals root access to US military IT systems to save money. It’s actually terrible opsec and should be a way worse scandal.
This is about giving chinese nationals root access
Not how software development works. I don’t have root access to every production system because I can submit pull requests to a Dev instance of the code.
It’s actually terrible opsec
One of the principles of FOSS is that you shouldn’t need security through obscurity. Knowing how a system works won’t compromise its integrity if the security protocols are sound. Having third parties participate in a project shouldn’t compromise the project if the lead developers are doing proper code review and QA. A system that is predicated on being a black box to a hostile government in order to maintain security is rigged for failure.
But, more importantly, the idea that a foreign government can only obtain information on the inner workings of a system when people of that national origin work on the project is severely shortsighted. Do you genuinely believe there aren’t significant numbers of domestic American developers of European ancestry who wouldn’t happily sell access to a foreign government for the right price? Do you genuinely believe there aren’t numbers who could be gulled into exposing the inner workings of their software inadvertently?
Nothing about Hegseth’s complaint improves operational security. He’s hinging his whole worldview on the notion that every other white person at Microsoft is as much of a nationalist as he pretends to be.
U.S. personnel with security clearances supervise foreign engineers, including those in China
Again, working on a codebase doesn’t give you access to the production systems. Neither does being Chinese affect whether you are a reliable third party contractor.
If the workers were supervised and the supervisors were competent, there was no real security risk. Both of those are the big “Ifs” though. And that’s why doing layers of outsourcing creates risks regardless of who you’re outsourcing to.
The supervisors did not have the expertise to know what the foreign workers were doing, otherwise there would not have had to be 2 workers in the first place. And the foreign workers were not just writing code - they were doing sysadmin. On DoD systems.
I don’t know how to make any more clear to you but it’s completely obvious to anyone that actually understands these things that this was terrible opsec, and obviously not how any reasonable person would expect a DoD contract to be managed.
I’m agreeing with Pete Hegseth? WTF is happening right now?
I mean, listen to your gut instincts, which is that you’re being foolish because he is a fool.
If your system demands trust, it’s a bad system. If your system has a written set of rules that don’t actually cover your requirements, it’s a bad system. If the “tests” you imagine post-hoc aren’t part of the system, you’re just opportunistically trying to shift the blame.
You made a deal, set the parameters, and what… Expected the for profit company to ignore their fiduciary duty to shareholders to maximize profit? What is this, your first fucking day of capitalism, Pete?
His response to this is engineered to shift blame, and he’s coming out swinging because ultimately he is to blame. It’s barely more than a political catchphrase. He literally invoked “America First”.
I’m agreeing with Pete Hegseth? WTF is happening right now?
Google, Amazon and several other gov contractors have been loosening their hiring guidelines since the Obama era when it was required for anyone working on gov cloud or gov anything needed to be U.S. Citizen, then it was just on U.S. soil to finally has to be monitored or reviewed by someone in U.S. which very quickly devolved to get the work done even if no one in the U.S. is awake. As you can imagine it would be easy for anyone to slip and take advantage of such wide gaps in security.
The US has long since had a practice of outsourcing labor many times over in pursuit of the lowest labor costs and maximum profit.
Getting your girdle in a twist because you found out the guy on Fiverr debugging your middleware has non-White ancestors maybe misses the root of the problem.
??? This is about giving chinese nationals root access to US military IT systems to save money. It’s actually terrible opsec and should be a way worse scandal.
Yes, but we wouldn’t want to fly in the face of our tradition of letting Microsoft off scott free for severe governmental security breaches, would we?
Not how software development works. I don’t have root access to every production system because I can submit pull requests to a Dev instance of the code.
One of the principles of FOSS is that you shouldn’t need security through obscurity. Knowing how a system works won’t compromise its integrity if the security protocols are sound. Having third parties participate in a project shouldn’t compromise the project if the lead developers are doing proper code review and QA. A system that is predicated on being a black box to a hostile government in order to maintain security is rigged for failure.
But, more importantly, the idea that a foreign government can only obtain information on the inner workings of a system when people of that national origin work on the project is severely shortsighted. Do you genuinely believe there aren’t significant numbers of domestic American developers of European ancestry who wouldn’t happily sell access to a foreign government for the right price? Do you genuinely believe there aren’t numbers who could be gulled into exposing the inner workings of their software inadvertently?
Nothing about Hegseth’s complaint improves operational security. He’s hinging his whole worldview on the notion that every other white person at Microsoft is as much of a nationalist as he pretends to be.
I’m sorry but you just straight up don’t know what incident is being discussed here. Go look it up instead of talking about unrelated bullshit.
Again, working on a codebase doesn’t give you access to the production systems. Neither does being Chinese affect whether you are a reliable third party contractor.
If the workers were supervised and the supervisors were competent, there was no real security risk. Both of those are the big “Ifs” though. And that’s why doing layers of outsourcing creates risks regardless of who you’re outsourcing to.
The supervisors did not have the expertise to know what the foreign workers were doing, otherwise there would not have had to be 2 workers in the first place. And the foreign workers were not just writing code - they were doing sysadmin. On DoD systems.
I don’t know how to make any more clear to you but it’s completely obvious to anyone that actually understands these things that this was terrible opsec, and obviously not how any reasonable person would expect a DoD contract to be managed.
If that’s the case, then the work should be in house
I mean, listen to your gut instincts, which is that you’re being foolish because he is a fool.
If your system demands trust, it’s a bad system. If your system has a written set of rules that don’t actually cover your requirements, it’s a bad system. If the “tests” you imagine post-hoc aren’t part of the system, you’re just opportunistically trying to shift the blame.
You made a deal, set the parameters, and what… Expected the for profit company to ignore their fiduciary duty to shareholders to maximize profit? What is this, your first fucking day of capitalism, Pete?
His response to this is engineered to shift blame, and he’s coming out swinging because ultimately he is to blame. It’s barely more than a political catchphrase. He literally invoked “America First”.