Microsoft Is "a National-Security Threat" and Cisco Firewalls Hacked

A Bad Cybersecurity Week In Review For the U.S.

(Christiaan Colen, Flickr, CC BY-SA 2.0 DEED)

A former White House senior cybersecurity official finally said what nearly everyone who has ever had a computer virus already knew: Microsoft is a national-security threat.

The software company, apparently named by Bill Gates for a particular part of his anatomy, has a worse security record than the Ford Theatre, the Isabella Stewart Gardener Museum and the city of Troy, combined.

In just two examples from the decades-long dumpster fire that is Microsoft’s cybersecurity history, Beijing compromised Microsoft’s email software in 2021 and pilfered untold volumes of sensitive government emails, then, this year, Moscow also jacked emails from Microsoft containing government secrets.

The root problem for the government and security-conscious organizations is a lack of competition in the enterprise software market, argued A.J. Grotto, the former White House senior director for cybersecurity policy. Thanks to its dominance in that sector, Grotto said, “Microsoft, in many ways, has the government locked in, and so it’s able to transfer a lot” of the costs of “security breaches over to its customers, including the federal government.”

Microsoft simply has “a ton of leverage,” Grotto told The Register, and is “not afraid to use it.”

Within a week of Grotto’s public catharsis about Microsoft, another American tech giant had cybersecurity egg on its face. The federal government was again compromised by state-sponsored hackers who coordinated worldwide takeovers of Cisco’s flagship firewalls.

The irony is that firewalls are meant to keep networks secure, and Cisco is both the world’s largest manufacturer of networking equipment and a major supplier to the U.S. government. In this case, however, Cisco’s mega-popular firewalls served as beachheads.

Next for the tech giants in this week’s review, the recent antitrust suit against Google has surfaced a possible explanation for a widely noted mystery since 2020: the marked decline in Google’s search quality. Edward Zitron mined internal Google emails that are now public court records and addressed the elephant in the room. He asserts that Google’s search is dead, and that “a management consultant wearing an engineer[’s] costume” killed it.

Technical folks will almost surely nod as they read Zitron’s blistering critique of Prabhakar Raghavan, the current head of Google search, and of how today’s culture in American tech companies is killing quality:

It’s because the people running the tech industry are no longer those [who] built it. Larry Page and Sergey Brin left Google in December 2019 (the same year as the Code Yellow fiasco), and while they remain as controlling shareholders, they clearly don’t give a shit about what “Google” means anymore. Prabhakar Raghavan is a manager, and his career, from what I can tell, is mostly made up of “did some stuff at IBM, failed to make Yahoo anything of note, and fucked up Google so badly that every news outlet has run a story about how bad it is.”

This is the result of taking technology out of the hands of real builders and handing it to managers at a time when “management” is synonymous with “staying as far away from actual work as possible.” And when you’re a do-nothing looking to profit as much as possible, you only care about growth. You’re not a user, you’re a parasite, and it’s these parasites that have dominated and are draining the tech industry of its value.

Finally, last but not least… Though Americans should never trust their data to Beijing or anyone under Beijing’s influence—we learned this week that the Great Firewall of China has likely been spying on every Chinese speaker’s keystrokes for years—no one, it seems, dares to note that Washington has publicly given up hope that the domestic tech sector would ever beat TikTok on the merits.

Rolling Stone named Martin MartyG Gottesfeld “The Hacker Who Cared Too Much,” due to his “Crusade To Save Children.” He was Cisco certified in 2003 at the age of 19. In 2014, according to the Justice Department, he compromised 40,000 edge devices and used DNS amplification to orchestrate “one of the largest DDOS attacks ever conducted, in terms of traffic volume.”