Steven Adair hunts hackers for a living. Back in January, in a corner-of-his-eye, peripheral kind of way, he thought he saw one in his customer’s networks — a shadowy presence downloading emails.
Adair is the founder of a cybersecurity company called Volexity, and he runs traps to corner intruders all the time. So he took a quick look at a server his client was using to run Microsoft Exchange and was stunned to « see requests that we’re not expecting, » he said. There were requests for access to specific email accounts, requests for confidential files.
He followed all this requested information to a virtual server off-site. « The hair is almost rising on my arms right now when I think about it, » Adair told NPR later. « This feeling of like, oh, crap this is not what should be going on. »
What Adair discovered was a massive hack into Microsoft Exchange — one of the most popular email software programs in the world. For nearly three months, intruders helped themselves to everything from emails to calendars to contacts. Then they went wild and launched a second wave of attacks to sweep Exchange data from tens of thousands of unsuspecting victims. They hit mom-and-pop shops, dentist offices, school districts, local governments — all in a brazen attempt to vacuum up information.
Both the White House and Microsoft have said unequivocally that Chinese government-backed hackers are to blame.
NPR’s months-long examination of the attack — based on interviews with dozens of players from company officials to cyber forensics experts to U.S. intelligence officials — found that stealing emails and intellectual property may only have been the beginning. Officials believe that the breach was in the service of something bigger: China’s artificial intelligence ambitions. The Beijing leadership aims to lead the world in a technology that allows computers to perform tasks that traditionally required human intelligence — such as finding patterns and recognizing speech or faces.
« There is a long-term project underway, » said Kiersten Todt, who was the executive director of the Obama administration’s bipartisan commission on cybersecurity and now runs the Cyber Readiness Institute. « We don’t know what the Chinese are building, but what we do know is that diversity of data, quality of data aggregation, accumulation of data is going to be critical to its success. »