bacon He said that he would “work overtime” to make sure that Taiwan received all the billions of dollars in US weapons it had requested.
“I am a big supporter of Taiwan,” Bacon told The Washington Post in a text message. “I suspect they would like information to embarrass or undermine me politically. As I have told the FBI, I have nothing to be embarrassed about.”
Government and private sources told The Post a month ago that victims of the hacking campaign included Commerce Secretary Gina Raimondo, unnamed State Department employees, a female human rights advocate and think tank.
They also said that a congressional staffer had been targeted.
Bacon told The Post that he was only notified of the hack on Monday, which indicates that new victims are still being discovered. The FBI did not respond to requests for comment. Nor Microsoft.
The officials described the espionage as classic espionage, the kind that all sides would expect. It was about keeping an eye on issues of special interest, such as the US response to escalating tensions between the self-ruled island of Taiwan and China, which it claims.
But the breach worried experts for another reason: It wasn’t clear how the government could have prevented it while relying exclusively on Microsoft for cloud services, email, and authentication.
Microsoft said the hackers obtained strong signing keys that they needed to create verified identities for customers that could bypass multifactor authentication. Combined with Microsoft’s other failures, millions of people could have been attacked.
Officials said only a few dozen entities were impersonated before the State Department found suspicious behavior in their activity logs. Microsoft was then able to search its private logs for the master key the hackers had obtained and prevent future access.
Several members of Congress demanded that federal agencies explain how they plan to combat similar attacks in the future and that Microsoft make the logs more widely available, which it agreed to do.
Senator Ron Wyden (raw Democrat) went further, Asks The Justice Department and the Federal Trade Commission to investigate whether Microsoft’s security practices were so bad as to violate laws or a 20-year-old FTC consent decree that required better security after breaching what was then its single sign-on authentication tool, Passport.
Wyden also urged the Department of Homeland Security to have the two-year-old Cybersecurity Review Board examine Microsoft’s cloud breach. Last week, the board said it would take over.
The Department of Homeland Security referred questions to the FBI.
Lee Ann Caldwell and David DeMolfetta contributed to this report.
“Extreme travel lover. Bacon fanatic. Troublemaker. Introvert. Passionate music fanatic.”
More Stories
Chinese company BYD surpasses Tesla's revenues for the first time
Dow Jones Futures: Microsoft, MetaEngs Outperform; Robinhood Dives, Cryptocurrency Plays Slip
The US economy grew at a strong pace of 2.8% in the last quarter thanks to strong consumer spending