720-891-1663

Return to the list of client alerts

Details on Chinese Compromise of US Tech Providers Released

Homeland Security released an alert a few months ago that said that some US tech providers had been compromised by the Chinese, but did not release any details  Now a few details have emerged.  The attack, code named Cloud Hopper, was the work of the Chinese government.

One of the tech providers compromised was HPE – HP Enterprise.  HPE, now DXC after the sale/merger with Computer Sciences Corp, came out of the acquisition of Ross Perot’s Electronic Data Systems (EDS) years ago.

We now know that some of HPE’s customers were likely compromised.  Companies affected include Sabre Systems, the airline reservation system spun off from American Airlines, nuclear Navy ship builder Huntington Ingalls and Ericsson, likely among a lot of others.

In addition to HPE/DXC, we believe 6 other technology service providers were compromised.

The attacks came from the bottom of the stack – where the technology service provider manages the stack.  This is not an attack at the customer layer.  This means it is harder for the customer to detect.

At least 6 times between 2014 and 2017 HPE beat back the Chinese and these attacks have been happening since 2010, but, ultimately, HPE lost the battle and the war.

Admiral Rogers, former director of NSA and Cyber Command said recently “for those who thought the cloud was a panacea, I would say you haven’t been paying attention”.

Rob Joyce, also of the NSA, said “the companies were battling a skilled adversary.  The hacking was “high leverage” and hard to defend against”.

Other companies who have been named as possible members of the gang of 6 (tech providers who were compromised) include NTT Data, Dimension Data, Tata Consultancy Services, Fujitsu and IBM.  They had no comment for the story.

Also apparently, Homeland Security recommended that these providers tell their customers that they were compromised, but fearing lawsuits and loss of business, some providers did not tell their customers.  If THAT leaks out, those providers will face lawsuits and loss of business, guaranteed.

This means as a cloud service user, you cannot exclusively rely on your provider to protect you and, you need to make sure that your contract language says that the provider must tell you if they have been breached and within a short time frame.  If they balk, you should wonder why.  Likely, it is because they have been breached before and have not told their customers.

Read the Reuters article for much more information.