How an off-the-books Microsoft programme gave China a glimpse into Pentagon's digital nerve centre
has been quietly allowing engineers in China to provide support for
US Defence Department
cloud systems, according to a detailed investigation by
ProPublica
. For nearly ten years, this arrangement has involved American employees acting as 'digital escorts' to input instructions from foreign tech workers into military networks.
These escorts, though cleared for access to government systems, often lack the expertise to detect whether the code they're running could be malicious.
Explore courses from Top Institutes in
Select a Course Category
MCA
Finance
Data Science
CXO
Healthcare
Others
Cybersecurity
Operations Management
Data Science
Management
Project Management
Digital Marketing
Degree
Data Analytics
Design Thinking
others
Product Management
Public Policy
Leadership
MBA
PGDM
Artificial Intelligence
Skills you'll gain:
Programming Proficiency
Data Handling & Analysis
Cybersecurity Awareness & Skills
Artificial Intelligence & Machine Learning
Duration:
24 Months
Vellore Institute of Technology
VIT Master of Computer Applications
Starts on
Aug 14, 2024
Get Details
'We're trusting that what they're doing isn't malicious, but we really can't tell,' one current escort told ProPublica, speaking anonymously to avoid professional consequences.
by Taboola
by Taboola
Sponsored Links
Sponsored Links
Promoted Links
Promoted Links
You May Like
Summer Clearance Sale Is Live Now
Luxury Watches
Buy Now
Undo
ET has not been able to independently verify this information.
Sensitive military data in foreign hands
The escorts work with data labelled 'Impact Level 4 and 5' — information considered highly sensitive but not officially classified. It includes content directly supporting military operations, along with other data whose compromise, according to
Pentagon
guidelines, 'could be expected to have a severe or catastrophic adverse effect' on national security.
Live Events
Despite the risk, Microsoft has relied on foreign engineers — including those based in China — to handle support tasks for these systems. Under the digital escort framework, foreign engineers submit instructions, and US citizens input them into the government systems. Many of these escorts are former military personnel hired primarily for their security clearances, not their technical skill.
'If someone ran a script called 'fix_servers.sh' but it actually did something malicious then [escorts] would have no idea,' said Matthew Erickson, a former Microsoft engineer who worked on the programme.
Lawmakers and intelligence veterans demand answers
The programme has now drawn sharp criticism from Capitol Hill. Senator Tom Cotton, who chairs the
Senate Intelligence Committee
, has formally asked Defence Secretary Pete Hegseth for a full list of contractors using foreign personnel, along with information on how digital escorts are trained.
John Sherman, the former Chief Information Officer for the Defence Department, admitted he was unaware of the escort model until reporters contacted him.
'I probably should have known about this,' Sherman told ProPublica, adding that the situation warrants 'a thorough review by [the Defence Information Systems Agency], Cyber Command and other stakeholders.'
According to the ProPublica report, Harry Coker, former senior executive at the CIA and NSA, described the escort setup bluntly: 'If I were an operative, I would look at that as an avenue for extremely valuable access. We need to be very concerned about that.'
A workaround for US restrictions
The escort system exists to satisfy federal rules requiring only US citizens or permanent residents to access sensitive defence data. Microsoft, which has large engineering operations in China, India and Europe, set up the escort model to navigate this restriction while scaling up its government cloud business.
Digital escorts have been used since at least 2016, when Microsoft launched its programme for handling Pentagon cloud contracts. According to those familiar with its development, early concerns were raised. One former Microsoft cybersecurity strategist said they opposed the idea from the beginning, warning that the approach was too risky.
Recruitment was handled in part by Lockheed Martin. At the time, one project manager said they told Microsoft that the escorts being hired 'would not have the right eyes' for the job due to low pay and lack of specialised experience.
Microsoft defends the system
Microsoft insists that the escort model meets government standards. A company spokesperson told Fox News Digital, 'For some technical requests, Microsoft engages our team of global subject matter experts to provide support through authorised U.S. personnel, consistent with U.S. government requirements and processes.'
'All personnel and contractors with privileged access must pass federally approved background checks,' the spokesperson said. 'Global support personnel have no direct access to customer data or customer systems.'
Microsoft also claims to use multiple layers of security, including approval workflows and automated code reviews, to prevent threats. 'This production system support model is approved and regularly audited by the US government,' the company added.
Insight Global, a contractor that provides Microsoft with digital escorts, said it screens candidates to ensure they have the technical capabilities and provides additional training.
Disconnect between Microsoft and the defence department
Despite Microsoft's claims, several officials within the US government said they were unaware of the escort system. When ProPublica contacted the Defence Information Systems Agency (DISA), even its public information office had not heard of the model.
Later, DISA confirmed the escorts are used 'in select unclassified environments' and emphasised that experts under escort 'have no direct, hands-on access to government systems,' but instead 'offer guidance and recommendations.'
Former Microsoft executive
Pradeep Nair
, who said he helped design the escort framework, argued that audit trails and other controls keep the system secure. 'Because these controls are stringent, residual risk is minimal,' he said.
Broader concerns about Chinese cyber access
Critics point to broader issues beyond Microsoft's processes. Chinese law gives authorities sweeping powers to compel companies and individuals to cooperate with state data collection.
'It would be difficult for any Chinese citizen or company to meaningfully resist a direct request from security forces or law enforcement,' said Jeremy Daum, a senior research fellow at
Yale Law School
.
Michael Sobolik, a senior fellow at the
Hudson Institute
, was blunt: 'This is like asking the fox to guard the henhouse and arming the chickens with sticks in case the fox gets mad. It beggars belief.'
And Michael Lucci, CEO of
State Armor Action
, said, 'If ProPublica's report turns out to be true, Microsoft has created a national embarrassment that endangers our soldiers, sailors, airmen and marines. Heads should roll, those responsible should go to prison and Congress should hold extensive investigations to uncover the full extent of potential compromise.'
He added, 'Microsoft or any vendor providing China with access to Pentagon secrets verges on treasonous behaviour and should be treated as such.'
Past breaches and unanswered questions
The digital escort model has not been directly linked to any breaches. But in 2023, Chinese hackers broke into Microsoft's cloud servers and stole thousands of emails from senior US officials, including the commerce secretary and the US ambassador to China.
A government review by the now-disbanded Cyber Safety Review Board blamed Microsoft's security failures, but made no mention of the escort system.
Still, critics say the bigger issue is trust. 'If these [ProPublica] allegations are credible, the federal government should never again rely on Microsoft to protect the data that keeps our men and women in uniform safe,' said Lucci. 'Our military cannot operate in security and secrecy if a vendor repeatedly and intentionally invites the enemy into the camp.'
ProPublica reached out to other major cloud providers to ask whether they use similar escort models. Amazon Web Services and Google Cloud declined to comment. Oracle did not respond.
That silence has raised further questions about industry-wide practices and transparency in how foreign tech expertise is used in sensitive government work.
As scrutiny intensifies, one thing is clear: what began as a workaround is now at the centre of a growing national security debate.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time of India
28 minutes ago
- Time of India
'Who architected this strategy?': Coldplay singer Chris Martin's ex Gwyneth Paltrow is Astronomer's spokesperson, Internet explodes
In an unexpected twist to the Coldplay kiss cam controversy , American actress Gwyneth Paltrow has appeared as a temporary 'spokesperson' for tech company Astronomer . This came as a surprise to as Paltrow is Coldplay frontman Chris Martin 's ex-wife. The move comes merely days after ex-Astronomer CEO Andy Byron and HR chief Kristin Cabot were seen canoodling at a Coldplay concert, sparking allegations of cheating. The viral kiss cam moment broke the internet in no time and created a huge buzz- so much so that the AI-tech firm Astronomer had to launch an investigation, put Andy Byron on leave only for him to quit in a few days. Even his personal life saw ups and downs as his wife Megan Kerrigan reportedly moved out of their family home and is now living elsewhere. Kristin Cabot also resigned after Andy Byron stepped down as CEO on July 19. Explore courses from Top Institutes in Please select course: Select a Course Category Cybersecurity Data Analytics Finance Management healthcare Degree PGDM Design Thinking Operations Management MBA Others Healthcare Data Science Digital Marketing Data Science Technology others Product Management Artificial Intelligence Leadership MCA CXO Public Policy Project Management Skills you'll gain: Duration: 10 Months MIT xPRO CERT-MIT xPRO PGC in Cybersecurity Starts on undefined Get Details ALSO READ: 'Made me a meme': Ex-Astronomer CEO Andy Byron to sue Coldplay over viral kiss cam controversy. Chris Martin reacts by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like War Thunder - Register now for free and play against over 75 Million real Players War Thunder Play Now Undo Astronomer's iconic move stuns internet Astronomer that went viral for all the wrong reasons dropped a bold PR move just days after the Coldplay kiss cam scandal. It tried to turn the tables in its new promo video. The company has rolled out a humorous video featuring Gwyneth Paltrow, Coldplay frontman Chris Martin's ex-wife, in an advertisement that trolled the latest scandal in the company. The promo video went viral in a flash. It's thought provoking, and yes it is totally capitalizing on the buzz. In a lighthearted video posted on Astronomer's social media handles, she introduced herself as a 'very temporary spokesperson" for the 300+ employees of the company and began by saying, 'Thank you for your interest in Astronomer", in an apparent acknowledgement of sudden rise in the coverage of the company as the scandal hit the headlines over the last week. Live Events The Coldplay kiss cam scandal started when ex-Astronomer CEO Andy Byron and Head of HR Kristin Cabot were caught on the kiss cam during a Coldplay show at Gillette Stadium on July 15. Their awkward, panicked reaction quickly went viral on social media. Coldplay frontman Chris Martin even called them out mid-show, joking they were 'having an affair.' ALSO READ: Trump's Scotland tour to promote golf resorts has a shocking price tag for Americans, sparks backlash After the couple was caught canoodling at the Coldplay concert, it led to resignations and a full-on PR crisis. Internet is labelling Astronomer's move a PR masterstroke—'marketing jiu‑jitsu' that turned a viral scandal into brand awareness. One user said this was '10/10 PR recovery.' 'You got Chris Martin's ex wife???!!! Savage," a user wrote. "Who architected this strategy? I want a behind the scenes video of how this whole thing was conceived, from last week until now. Genius," wrote Erik Torenberg, a seed investor with Scale AI. — eriktorenberg (@eriktorenberg) 'Astronomer picking Chris Martin's ex-wife as their spokesperson is diabolical marketing and a pretty entertaining crisis recovery move,' tweeted @mickeynegus, summing up the internet's collective jaw-drop. — mickeynegus (@mickeynegus) ALSO READ: Astronomer's stunning move: Tech firm hires Chris Martin's ex-wife Gwyneth Paltrow days after kiss cam scandal 'Astronomer, who's CEO was caught cheating on his wife with the head of HR at a Coldplay concert, just came out with an ad, featuring Coldplay's lead singer's ex-wife, Gwyneth Paltrow. Yes, they think adultery and marriage is a joke… Other than that, clever marketing," another said. — samsolid57 (@samsolid57) Meanwhile, @LloydMathias chimed in with a perfectly Goop-flavored take: 'Brilliant come back from @astronomerio using Gwyneth Paltrow as temp spokie. She cleverly cuts off Q&As: 'OMG what the actual f—' & 'How is your social media team holding—" to expertly shift focus back to brand. Masterful crisis recovery! Well played.' — LloydMathias (@LloydMathias) What does Astronomer do? After the video of Andy Byron and Kristin Cabot sparked social media frenzy, the focus also turned to Astronomer, prompting a rise in curiosity about the company and its operations. Astronomer is a data infrastructure company that provides tools to help organisations manage and streamline complex data workflows. ALSO READ: Happy Gilmore 2 declared a must watch by Taylor Swift with 13/10 review. The reason is totally expected Astronomer is a mid-sized firm with 369 employees, according to its profile on Pitchbook. It is a privately held software firm that helps clients streamline and organize their data and in May, the New York-based software firm raised nearly $100 million from major investors. In a statement accompanying the funding news, the company said the capital would be used to accelerate its research and development efforts and expand its global footprint. 'Astronomer empowers data teams to bring mission-critical software, analytics and artificial intelligence (AI) to life,' it says on its website. The Astro platform, it adds, 'accelerates building reliable data products that unlock insights, unleash AI value, and power data-driven applications.' Astronomer has rapidly grown in influence. Its LinkedIn profile claims the platform is trusted by over 700 enterprises globally. According to various reports, Apache Airflow, on which Astro is built, is currently used by more than 80,000 organisations and was downloaded over 324 million times in 2024 alone.
Time of India
36 minutes ago
- Time of India
‘Balancing strengths-sensitivities': India secures safeguards for key sectors in UK FTA; import access to be phased
Representative image (TOI) Only around one fourth of the UK's exports by value will receive immediate duty-free access to the Indian market, with most sensitive sectors remaining safeguarded, the government said on Friday, according to ET. Commerce secretary Sunil Barthwal, addressing the media, explained that product-specific rules of origin have been established. These include value-addition requirements designed to prevent transshipment and block third-country goods from benefiting under the deal. India has protected several sensitive sectors under the trade deal, including dairy, cereals, millets, pulses, vegetables, and high-value products such as gold, jewellery, lab-grown diamonds, and certain essential oils. Key exclusions also cover critical energy fuels, marine vessels, used clothing, important polymers and their monofilaments, smartphones, and optical fibres, reported ET. For strategically important goods, especially those where domestic manufacturing is being strengthened under the 'Make in India' and production-linked incentive (PLI) schemes, tariff concessions will be phased in gradually over five, seven, or ten years. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Historic Figures Who Were Actually Photographed Gloriousa Undo India and the UK signed the comprehensive economic and trade agreement (CETA) on July 24, following years of discussions and negotiations. Barthwal noted that this agreement stands apart from India's previous free trade deals, as it reflects the country's evolution into a more mature economy. He added that India is now engaging in areas previously untouched in past trade agreements, marking its shift toward developed nation status. Working between strengths and sensitivities The agreement strikes a balance between "sensitivities and strengths," the official said, reported ET. 'We wanted to shed the label of 'tariff king,' and FTAs are a way to achieve that,' said commerce secretary Barthwal. 'FTAs bring a lot of certainty and predictability to businesses which this UK FTA will ensure. FTAs are give and take and when we build a narrative, we are sensitive that it's not one-sided.' Barthwal also mentioned past comments by US President Donald Trump, who had called India a "tariff king," and referenced ongoing negotiations with both the US and the European Union, as quoted by ET. 'Detailed talks are happening in the EU FTA. Talks with the US are going on, it will fructify,' he said. Barthwal said the India-UK partnership is rooted in fair play, equity, and mutual benefit. 'We protected our sensitivities and they protected theirs. This FTA has been a balance of sensitivities and strengths,' he stated. Calling it a complex and comprehensive agreement, Barthwal added, 'our defensive interests have been taken care of.' He noted that while the UK may take under a year to ratify the CETA, India will use that time to build the capacity of its exporters and educate them on how to leverage the deal. The government is also working with state governments and export promotion councils to assess how they will be affected. 'We are doing granular studies,' he said. India and the UK have agreed to negotiate mutual recognition agreements (MRAs) to facilitate the movement of professionals such as nurses, accountants and architects to Britain. 'Non-tariff barriers will be eased, and regulatory systems and MRAs would be improved,' Barthwal said, reported ET. Stay informed with the latest business news, updates on bank holidays and public holidays . AI Masterclass for Students. Upskill Young Ones Today!– Join Now
Time of India
41 minutes ago
- Time of India
Sri Lanka to extend its visa-free travel policy for 40 countries; India also on the list
In a bid to boost tourism and recover from an economic crisis, Sri Lanka has announced plans to extend its free tourist visa policy to 40 additional countries, according to a news shared by PTI. The news was confirmed by Sri Lanka's Foreign Affairs and Tourism Minister Vijitha Herath during the inauguration of the 'Hotel Show Colombo 2025'. As of now, there were only seven countries, including India which were allowed visa-free entry in Sri Lanka. The decision comes after the cabinet approved to expand the list to 40 countries. However, the Government of Sri Lanka will have to suffer an annual revenue loss of USD 66 million because of visa fee waiver, mentioned the minister. But he also said that indirect economic benefits from increased tourist footfall would be more than the loss. The initiative aims to boost tourism as part of Sri Lanka's economic recovery following the COVID-19 pandemic and the 2022 financial crisis. 'We have stabilised the economy, and through policy changes in tourism, we aim to ensure steady growth in arrivals,' the minister said. The visa waiver is one of the well-planned strategic moves to boost the economy of the country. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Salma Hayek, 58,Shows Her Huge Size In New Photos Boite A Scoop Undo Earlier, visa fee waivers were limited to seven countries, including China, India, and Japan. The trial phase began in March 2023 and it was deemed successful. Following the success, the Cabinet has decided to extend the policy to 40 more countries, to attract worldwide travellers. New List of countries: United Kingdom of Great Britain and Northern Ireland Federal Republic of Germany Kingdom of the Netherlands Kingdom of Belgium Kingdom of Spain Commonwealth of Australia Republic of Poland Republic of Kazakhstan Kingdom of Saudi Arabia United Arab Emirates Federal Democratic Republic of Nepal People's Republic of China Republic of India Republic of Indonesia Russian Federation Kingdom of Thailand Federation of Malaya Japan Republic of France United States of America Canada Czech Republic (Czechia) Republic of Italy Swiss Confederation (Switzerland) Republic of Austria State of Israel Republic of Belarus Islamic Republic of Iran Kingdom of Sweden Republic of Finland Kingdom of Denmark Republic of Korea State of Qatar Sultanate of Oman Kingdom of Bahrain New Zealand State of Kuwait Kingdom of Norway Republic of Türkiye The Free Visa policy is already for 7 nations, including India, China, Indonesia, Russia, Thailand, Malaysia, and Japan. Now, these countries are also now part of the list.
