Issue link: https://maltatoday.uberflip.com/i/1135882
27.06.19 6 FOREIGN NEWS HACKED by suspected Chi- nese cyber spies five times from 2014 to 2017, securi- ty staff at Swedish telecoms equipment giant Ericsson had taken to naming their re- sponse efforts after different types of wine. Pinot Noir began in Septem- ber 2016. After successfully re- pelling a wave of attacks a year earlier, Ericsson discovered the intruders were back. And this time, the company's cybersecu- rity team could see exactly how they got in: through a connec- tion to information-technology services supplier Hewlett Pack- ard Enterprise. Teams of hackers connect- ed to the Chinese Ministry of State Security had penetrated HPE's cloud computing ser- vice and used it as a launch pad to attack customers, plun- dering reams of corporate and government secrets for years in what U.S. prosecutors say was an effort to boost Chinese economic interests. The hacking campaign, known as "Cloud Hopper," was the subject of a U.S. in- dictment in December that accused two Chinese na- tionals of identity theft and fraud. Prosecutors described an elaborate operation that victimized multiple Western companies but stopped short of naming them. A Reuters report at the time identified two: Hewlett Packard Enter- prise and IBM. Yet the campaign ensnared at least six more major tech- nology firms, touching five of the world's 10 biggest tech service providers. Also compromised by Cloud Hopper, Reuters has found: Fujitsu, Tata Consultancy Services, NTT Data, Dimen- sion Data, Computer Scienc- es Corporation and DXC Technology. HPE spun-off its services arm in a merger with Computer Sciences Corpora- tion in 2017 to create DXC. Waves of hacking victims emanate from those six plus HPE and IBM: their clients. Ericsson, which competes with Chinese firms in the strategically critical mobile telecoms business, is one. Others include travel res- ervation system Sabre, the American leader in managing plane bookings, and the larg- est shipbuilder for the U.S. Navy, Huntington Ingalls In- dustries, which builds Amer- ica's nuclear submarines at a Virginia shipyard. "This was the theft of indus- trial or commercial secrets for the purpose of advanc- ing an economy," said former Australian National Cyber Security Adviser Alastair MacGibbon. "The lifeblood of a company." Reuters was unable to de- termine the full extent of the damage done by the cam- paign, and many victims are unsure of exactly what infor- mation was stolen. Yet the Cloud Hopper attacks carry worrying lessons for government officials and tech- nology companies struggling to manage security threats. Chinese hackers, including a group known as APT10, were able to continue the attacks in the face of a counter-offensive by top security specialists and despite a 2015 U.S.-China pact to refrain from economic espi- onage. The corporate and govern- ment response to the attacks was undermined as service providers withheld informa- tion from hacked clients, out of concern over legal liability and bad publicity, records and interviews show. That failure, intelligence officials say, calls into question Western insti- tutions' ability to share in- formation in the way needed to defend against elaborate cyber invasions. Even now, many victims may not be aware they were hit. The campaign also high- lights the security vulnerabili- ties inherent in cloud comput- ing, an increasingly popular practice in which companies contract with outside vendors for remote computer services and data storage. "For those that thought the cloud was a panacea, I would say you haven't been paying attention," said Mike Rogers, former director of the U.S. National Security Agency. Reuters interviewed 30 peo- ple involved in the Cloud Hopper investigations, in- cluding Western government officials, current and former company executives and pri- vate security researchers. Reporters also reviewed hun- dreds of pages of internal company documents, court filings and corporate intelli- gence briefings. HPE "worked diligently for our customers to mitigate this attack and protect their information," said spokesman Adam Bauer. "We remain vig- ilant in our efforts to protect against the evolving threats of cyber-crimes committed by state actors." A spokesman for DXC, the services arm spun off by HPE in 2017, said the company put "robust security meas- ures in place" to protect itself and customers. "Since the in- ception of DXC Technology, neither the company nor any DXC customer whose envi- ronment is under our control have experienced a material impact caused by APT10 or any other threat actor," the spokesman said. NTT Data, Dimension Data, Tata Consultancy Services, Fujitsu and IBM declined to comment. IBM has previously said it has no evidence sensi- tive corporate data was com- promised by the attacks. The Chinese government has denied all accusations of involvement in hacking. The Chinese Foreign Ministry said Beijing opposed cyber-en- abled industrial espionage. "The Chinese government has never in any form par- ticipated in or supported any person to carry out the theft of commercial secrets," it said in a statement to Reuters. Break-ins and evictions For security staff at Hewl- ett Packard Enterprise, the Ericsson situation was just one dark cloud in a gathering storm, according to internal documents and 10 people with knowledge of the matter. For years, the company's predecessor, technology giant Hewlett Packard, didn't even know it had been hacked. It first found malicious code stored on a company server in 2012. The company called in outside experts, who found infections dating to at least January 2010. Hewlett Packard security staff fought back, tracking the intruders, shoring up defens- es and executing a carefully planned expulsion to simul- taneously knock out all of the hackers' known footholds. But the attackers returned, beginning a cycle that contin- ued for at least five years. The intruders stayed a step ahead. They would grab reams of data before planned evic- tion efforts by HP engineers. Repeatedly, they took whole directories of credentials, a brazen act netting them the ability to impersonate hun- dreds of employees. The hackers knew exactly where to retrieve the most sensitive data and littered their code with expletives and taunts. One hacking tool con- tained the message "FUCK ANY AV" – referencing their victims' reliance on anti-vi- rus software. The name of a malicious domain used in the wider campaign appeared to mock U.S. intelligence: "nsa. mefound.com" Then things got worse, doc- uments show. Inside the West's failed China's 'Cloud Hopper'