China behind prolonged cyber invasion against IBM, Hewlett Packard and more
Chinese hackers have been targeting eight U.S. computer service giants, infiltrating their systems for years in an organized hacking campaign known as “Cloud Hopper.” The intense campaign, reportedly sponsored by China’s Ministry of State Security, had one goal — to gather corporate and state secrets that could potentially boost Chinese economic interests.
According to a Reuters investigation, among the hacked tech providers are international giants Hewlett Packard Enterprise, IBM, Fujitsu and Tata Consultancy Services.
What do we know about the attack?
- It was an organized and sustained series of attacks, requiring multiple teams of hackers of different skills to perform separate tasks. First reports of the cyber attacks date back to January 2010.
- At first, hackers attacked technology service providers (like IBM or Hewlett Packard) to get to a “bridge” which links providers to their clients. From a provider, they “hopped” to victims’ clouds to collect, encrypt and exfiltrate commercially sensitive data. Attacking from a provider allowed hackers to infiltrate many businesses and companies.
- More than a dozen of these clients were identified, including Swedish telecommunications company Ericsson, travel reservation portal Sabre and U.S. Navy shipbuilder Huntington Ingalls Industries. However, the list might be longer as not all victims are currently aware of the attack.
What remains unknown?
- Exactly what data was stolen. With whole directories of employees stolen from the hacked service provider, the attackers could impersonate employees and do almost anything. Once source told Reuters the thieves behaved like “drunken burglars”, appearing to grab random files of data.
- The number of companies infiltrated. For years, Hewlett Packard didn’t even know it had been hacked.
What has the attack shown?
- Big technology companies have weaknesses in their security systems. Hackers were able to attack despite a counter-offensive by top cyber-security specialists.
- The service providers attacked were withheld information about the hacks from clients who were impacted, due to concerns over bad publicity and legal liability.
- Cloud computing is extremely vulnerable and can serve as a link between computer service companies and their clients.
What is the Chinese position on cyber attacks?
- China has denied all the accusations: “The Chinese government has never in any form participated in or supported any person to carry out the theft of commercial secrets,” said the Chinese Foreign Ministry.
- In 2015, China and the U.S.agreed to refrain from “malicious cyber activities”. Although the number of attacks has dropped since 2015, China has repeatedly violated the deal.
Want to know more about China and technology?
- We recently reported on China’s booming smart cities projects, often built with the help of Western tech companies.
- We have also reported on China’s attempts to build a digital wall around Tibet.
And lastly, Isobel Cockerell wrote a feature about Uyghur women in Turkey waging a digital war against Chinese surveillance.