Security News Military Warns Chinese Computer Gear Poses Cyber Spy Threat

omidomi

Level 71
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,008
The Pentagon’s Joint Staff recently warned against using equipment made by China’s Lenovo computer manufacturer amid concerns about cyber spying against Pentagon networks, according to defense officials.

A recent internal report produced by the J-2 intelligence directorate stated that cyber security officials are concerned that Lenovo computers and handheld devices could introduce compromised hardware into the Defense Department supply chain, posing cyber espionage risks, said officials familiar with the report. The “supply chain” is how the Pentagon refers to its global network of suppliers that provide key components for weapons and other military systems.

The J-2 report was sent Sept. 28, and also contained a warning that Lenovo was seeking to purchase American information technology companies in a bid to gain access to classified Pentagon and military information networks.

The report warned that use of Lenovo products could facilitate cyber intelligence-gathering against both classified and unclassified—but still sensitive—U.S. military networks.

One official said Lenovo equipment in the past was detected “beaconing”—covertly communicating with remote users in the course of cyber intelligence-gathering.

“There is no way that that company or any Chinese company should be doing business in the United States after all the recent hacking incidents,” the official said.

About 27 percent of Lenovo Group Ltd. is owned by the Chinese Academy of Science, a government research institute. In April, a Chinese Academy of Sciences space imagery expert, Zhou Zhixin, was named to a senior post in the Chinese military’s new Strategic Support Force, a unit in charge of space, cyber, and electronic warfare.

China has been linked by the National Security Agency to large-scale cyber spying against both the Pentagon and American and foreign defense contractors.

Joint Staff spokesman Capt. Greg Hicks declined to comment on the J-2 report but said the military is wary of foreign nations’ cyber spying.

“Although we are concerned any time another nation or individual attempts to initiate intelligence collection against the Department of Defense, we do not discuss internal assessments,” Hicks said.

Lenovo spokesman Ray Gorman said he was unaware of the Joint Staff concerns.

On company efforts to acquire American information technology firms, Gorman said “we have stated many times that we continue to look worldwide for opportunities that make sense for our customers and shareholders, add value to our product portfolio, and help keep us on track for continued profitable growth.” He declined to comment on specific acquisition talks.

A Pentagon spokesman said the Defense Department has not imposed a “blanket ban” on all Lenovo products and does not blacklist suppliers or individual products.

Pentagon policy for protecting mission critical functions in securing computer systems and networks “requires the department to perform supply chain risk management functions when acquiring products for use in its national security systems,” the spokesman said, adding that the analysis is done on a case-by-case basis.

Rep. Robert Pittenger who has investigated Chinese cyber risks in the past, said he is concerned by the Joint Staff report.

“Chinese cyber security and supply chain concerns remain a significant problem for both the Defense Department and the remainder of the federal government,” Pittenger (R., N.C.) told the Washington Free Beacon.

Pittenger said it is important for Congress to press Pentagon acquisition officials “to act swiftly on perceived cyber-threats and remove IT vendors from our supply chain if evidence exists suggesting a security vulnerability.”

“I would be very disappointed to learn, however, if the Defense Department or the Air Force sought to obfuscate the facts regarding contracts with Lenovo when this issue was brought to my attention back in April,” he added...
 

Entreri

Level 7
Verified
May 25, 2015
342
Obviously.

If "democratic" countries like the US can force corporations like Apple, Microsoft etc to have backdoors, any access...forget about it. In China they can make you "disappear" and your family too.

I know several former Chinese nationals who have Chinese smartphones, LOL. Poor fools.
 
H

hjlbx

Understand what is being said.

The OS can always be clean-installed on a Lenovo computer to eliminate any concern about OEM-added software, but what Lenovo places inside drivers, hardware firmware and other hidden or less obvious parts of a unit is an entirely different matter. Not to mention how Lenovo could configure the networking.

A malicious unit - straight from the OEM - is the ultimate nightmare scenario. It blows everything else out of the water.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top