Microsoft Exchange server attacks may have been fuel for China's AI endeavors

Best Keyboards for Microsoft Surface in 2018
Best Keyboards for Microsoft Surface in 2018 (Image credit: Surface Book 2)

What you need to know

  • The attacks on the Microsoft Exchange servers in early 2021 may have been part of an effort from the Chinese government to develop artificial intelligence.
  • A new report claims that the attacks were about gathering data, not just spying on people.
  • The Exchange server attacks utilized personal information that was likely gathered in a previous attack.

The story of the attacks on Microsoft Exchange servers may have just gained another chapter. While it was already known that the attacks targeted a massive number of people and PCs, the motives behind those attacks are still being discovered. A piece by NPR's Dina Temple-Raston explains that the attacks were likely performed to gather data to develop artificial intelligence.

NPR's piece offers an extensive breakdown of the history of the Exchange server attacks, their implications across several industries, and how Microsoft and other organizations responded to the attack. It also adds a new angle to the saga, alleging China used the attacks to gather data to develop AI.

NPR spent months analyzing the attacks and interviewing people ranging from Microsoft employees to U.S. intelligence officials in order to put together a report that paints the picture that Beijing leadership's endgame for the breach's data is artificial intelligence, which would be used for tasks traditionally reserved for humans.

According to William Evanina, former director of the National Counterintelligence and Security Center, "the Chinese have more data than we have on ourselves." Evanina founded the Evanina Group, which is a risk consultancy company. A report from the group states that the Chinese government has stolen personal information from an estimated 80% of Americans. This data could be used for intelligence purposes.

Data gathered from these types of attacks could be used to develop AI that affects major aspects of people's everyday lives. NPR notes that AI is used to calculate insurance rates and people's credit scores, as well as to determine if people can get a mortgage.

Kiersten Todt, former executive director of the Obama administration's bipartisan commission on cybersecurity and current head of the Cyber Readiness Institute, warned of the dangers of China collecting data. "We don't know what the Chinese are building, but what we do know is that diversity of data, quality of data aggregation, accumulation of data is going to be critical to its success."

The full NPR read features talks with individuals such as Microsoft VP Tom Burt, who handles the company's digital crimes unit. In the report, he outlined what Microsoft's thought process was as the attacks progressed, as well as detailed Hafnium's involvement in the ensuing chaos. Other interesting inside looks at Microsoft's operations, such as its philosophy behind Patch Tuesdays, are also in the report.

Sean Endicott
News Writer and apps editor

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.