Saturday, June 29, 2019

massive hightech transfer to China--big effort to keep it secret

  •   Apple is moving Mac Pro assembly out of the U.S. and into China, CNBC confirms Friday.  Apple is assembling its new Mac Pro models in China, shifting production from the U.S. where its older models were assembled, CNBC confirmed Friday following a report in The Wall Street Journal.  Apple introduced the new Mac Pro earlier this month. ... But the assembly shift for the Mac Pro from the U.S. to China will help reduce shipping costs, according to the WS Journal.  The Shanghai factory where it will be assembled is closer to Apple’s other suppliers in Asia, the Journal reported.  Apple is working with contractor Quanta Computer to assemble the new $6,000 desktop, CNBC confirmed.  While the assembly will take place in China, Apple said the device is designed and engineered in the U.S. and includes U.S.-made components.
  • ...............................................................
  • 6-26-2019, London
  •   Teams of Chinese hackers penetrated the cloud computing service of Hewlett Packard Enterprise (HPE) and used it a launchpad to attack customers, plundering reams of corporate and government secrets for years, Reuters has found.... Reuters interviewed 30 people involved in the Cloud Hopper investigations, including Western government officials, current and former company executives and private security researchers. Reporters also reviewed hundreds of pages of internal company documents, court filings and corporate intelligence briefings.  HPE “worked diligently for our customers to mitigate this attack and protect their information,” said spokesman Adam Bauer.  “We remain vigilant in our efforts to protect against the evolving threats of cyber-crimes committed by state actors.”
  •   A spokesman for DXC, the services-arm spun off by HPE in 2017, said the company put “robust security measures in place” to protect itself and customers. “Since the inception of DXC Technology neither the company nor any DXC customer whose environment is under our control have experienced a material impact caused by APT10 or any other threat actor,” the spokesman said.
      NTT Data, Dimension Data, Tata Consultancy Services, Fujitsu and IBM declined to comment. IBM has previously said it has no evidence sensitive corporate data was compromised by the attacks.
      The Chinese government has denied all accusations of involvement in hacking.  The Chinese Foreign Ministry said Beijing opposed cyber-enabled industrial espionage. “The Chinese government has never in any form participated in or supported any person to carry out the theft of commercial secrets,” it said in a statement to Reuters.
      For security staff at Hewlett Packard Enterprise, the Ericsson situation was just one dark cloud in a gathering storm, according to internal documents and 10 people with knowledge of the matter.
      For years the company’s predecessor, technology giant Hewlett Packard, didn’t even know it had been hacked.  It first found malicious code stored on a company server in 2012.  The company called in outside experts who found infections dating to at least January 2010.
    Hewlett Packard security staff fought back, tracking the intruders, shoring up defenses and executing a carefully planned expulsion to simultaneously knock out all of the hackers’ known footholds.  But the attackers returned, beginning a cycle that continued for at least five years.
      The intruders stayed a step ahead.  They would grab reams of data before planned eviction efforts by HP engineers.  Repeatedly they took whole directories of credentials, a brazen act netting them the ability to impersonate hundreds of employees.  The hackers knew exactly where to retrieve the most sensitive data....
      Ericsson said it does not comment on specific cybersecurity incidents. “Our priority is always to ensure that our customers are protected,” a spokesman said.  “While there have been attacks on our enterprise network, we have found no evidence in any of our extensive investigations that Ericsson’s infrastructure has ever been used as part of a successful attack on one of our customers.”
      A spokesman for SKF said: "We are aware of the breach that took place in conjunction with the ‘Cloud Hopper’ attack against HPE … Our investigations into the breach have not found that any commercially sensitive information was accessed."  Syngenta and Valmet declined to comment. A spokesman for Vale declined to comment on specific questions about the attacks but said the company adopts “the best practices in the industry” to improve network security.
      The companies were battling a skilled adversary, said Rob Joyce, a senior adviser to the U.S. National Security Agency.  The hacking was “high leverage and hard to defend against,” he said.
      According to Western officials, the attackers were multiple Chinese government-backed hacking groups.  The most feared was known as APT10 and directed by the Ministry of State Security, U.S. prosecutors say.  National security experts say the Chinese intelligence service is comparable to the U.S. Central Intelligence Agency, capable of pursuing both electronic and human spying operations.
      Two of APT10’s alleged members, Zhu Hua and Zhang Shilong, were indicted in December by the United States on charges of conspiracy to commit computer intrusions, wire fraud and aggravated identity theft.  In the unlikely event they are ever extradited and convicted, the two men would face up to 27 years in an American jail.
      Reuters was unable to reach Zhu, Zhang or lawyers representing the men for comment. China’s Foreign Ministry said the charges were “warrantless accusations” and it urged the United States to “withdraw the so-called lawsuits against Chinese personnel, so as to avoid causing serious harm to bilateral relations.”  
      The U.S. Justice Department called the Chinese denials “ritualistic and bogus.”  “The Chinese Government uses its own intelligence services to conduct this activity and refuses to cooperate with any investigation into thefts of intellectual property emanating from its companies or its citizens,” DOJ Assistant Attorney General John Demers told Reuters....
      HP management only grudgingly allowed its own defenders the investigation access they needed and cautioned against telling Sabre everything, the former employees said.  “Limiting knowledge to the customer was key,” one said.  “It was incredibly frustrating. We had all these skills and capabilities to bring to bear, and we were just not allowed to do that.”...
      In early 2017 HPE analysts saw evidence that Huntington Ingalls Industries, a significant client and the largest U.S. military shipbuilder, had been penetrated by the Chinese hackers, two sources said. Computer systems owned by a subsidiary of Huntington Ingalls were connecting to a foreign server controlled by APT10.

      It’s not clear if data was stolen....During a private briefing with HPE staff, Huntington Ingalls executives voiced concern the hackers could have accessed data from its biggest operation, the Newport News, Va. shipyard where it builds nuclear-powered submarines, said a person familiar with the discussions. ...
      “The reality is that most organizations are facing cybersecurity challenges on a daily basis, including Ericsson,” Ericsson Chief Security Officer Pär Gunnarsson said in a statement to Reuters, declining to discuss specific incidents.  “In our industry, and across industries, we would all benefit from a higher degree of transparency on these issues.”
      In December 2018, after struggling to contain the threat for years, the U.S. government named the hackers from APT10 – Advanced Persistent Threat 10 – as agents of China’s Ministry of State Security.  The public attribution garnered widespread international support: Germany, New Zealand, Canada, Britain, Australia and other allies all issued statements backing the U.S. allegations against China.
      Even so, much of Cloud Hopper’s activity has been deliberately kept from public view, often at the urging of corporate victims.
      In an effort to keep information under wraps, security staff at the affected managed service providers were often barred from speaking even to other employees not specifically added to the inquiries.
      In 2016, HPE’s office of general counsel for global functions issued a memo about an investigation codenamed White Wolf.  “Preserving confidentiality of this project and associated activity is critical,” the memo warned, stating without elaboration that the effort “is a sensitive matter.”  Outside the project, it said, “do not share any information about White Wolf, its effect on HPE, or the activities HPE is taking.”
      The secrecy was not unique to HPE.  Even when the government alerted technology service providers, the companies would not always pass on warnings to clients, Jeanette Manfra, a senior cybersecurity official with the U.S. Department of Homeland Security, told Reuters....
      One nightmare situation involved client Sabre Corp, which provides reservation systems for tens of thousands of hotels around the world.  It also has a comprehensive system for booking air travel, working with hundreds of airlines and 1,500 airports. 
      A thorough penetration at Sabre could have exposed a goldmine of information, investigators said, if China was able to track where corporate executives or U.S. government officials were traveling.  That would open the door to in-person approaches, physical surveillance or attempts at installing digital tracking tools on their devices. 
      In 2015, investigators found that at least four HP machines dedicated to Sabre were tunneling large amounts of data to an external server.  The Sabre breach was long-running and intractable, said two former HPE employees.

No comments:

Post a Comment