back to article Hey China, while you're in all our servers, can you fix these support tickets? IBM, HPE, Tata CS, Fujitsu, NTT and their customers pwned

Fresh details have emerged revealing just how deeply Chinese government hackers plundered HPE, IBM, DXC, Fujitsu, Tata, and others, stealing corporate secrets and rifling through their customers' networks. An explosive in-depth report by Reuters today blows the lid off APT10, the infamous Beijing-backed hacking operation that …

  1. sanmigueelbeer Silver badge
    Thumb Down

    The Chinese government has never in any form participated in or supported any person to carry out the theft of commercial secrets.

    And I've got a bridge to sell. Cheap.

    1. mics39
      Holmes

      Who is the source? US government?

      1. sanmigueelbeer Silver badge

        Who is the source? US government?

        Neither. I'm not saying that the US government is not doing the same thing.

        What I am saying is I don't trust what the Chinese government is saying about this.

        1. alain williams Silver badge

          Who is telling the truth ?

          What I am saying is I don't trust what the Chinese government is saying about this.

          I don't trust what any government is saying about this.

          I trust what the media say about it a bit more, but not a lot more: media can be fed information by governments, sometimes they might not be aware that what they are being told is not true or exaggerated.

          All countries have laws that compel its citizens to do what they are told to do and then keep quiet about it. This is both for the 'good' and 'bad' countries. I'll let the reader decide which countries are 'good' or 'bad'.

          1. Alan Brown Silver badge

            Re: Who is telling the truth ?

            > All countries have laws that compel its citizens to do what they are told to do and then keep quiet about it. This is both for the 'good' and 'bad' countries. I'll let the reader decide which countries are 'good' or 'bad'.

            There are no "good people" or "bad people"

            It's all "Bad people" - they just happen to work on different sides.

          2. DropBear Silver badge

            Re: Who is telling the truth ?

            There are no "good" countries left. I could literally not name a single country I would be happy to move to given the chance; there used to be a few not-so-bad ones but in time they all revealed sharp teeth one way or another - mostly against their own citizens. Sanity has left the building - all the buildings - long ago...

            1. RTUSER

              Paranoid Much

              When you finally reach the point where everyone is "insane" or "bad" then maybe it's not everyone that has the problem.

        2. Azerty

          Exactly what the US gov and military corporations are counting on. Make sure you pay well for your cyberarmy.

    2. macjules Silver badge
      Facepalm

      In reality they don't actually need to steal anything.

      HPE: just ask and some junior administration flunky is bound to hand over their most prized and secretive code. After all they don't seem to understand what due diligence means.

      TCS: If they refuse to hand over the code just check any TCS-managed S3 bucket - it is bound to be on there somewhere. Probably open to world+dog and complete with access codes and passwords in a nicely laid out spreadsheet.

      Fujitsu: The world's #1 security specialist at apparently storing your PIN codes in plain text, according to Visa. If Visa is to be believed then there is a network security insider prepared to sell access.

      1. rcw88

        And your evidence for making such derogatory statements? Fake News without irrefutable proof.

    3. Flywheel Silver badge

      A bridge you say? Is that you Boris?

  2. Anonymous Coward
    Anonymous Coward

    Huawei

    And so many people have said how bad Trump is for not trusting Huawei in telecoms networks. This is precisely why. No matter what you think of him he is right on this.

    1. A.P. Veening Silver badge

      Re: Huawei

      Wrong, Huawei isn't involved in this. It is direct action by the government of the PRC.

      1. ST Silver badge

        Re: Huawei

        > Wrong, Huawei isn't involved in this.

        And how do you know that, exactly? Care to explain?

        1. Anonymous Coward
          Anonymous Coward

          Re: Huawei

          Not how it works..

          It's up to you to prove and involvement, not others to prove there wasn't one.

      2. Anonymous Coward
        Anonymous Coward

        Re: Huawei

        No, not wrong. Huawei is a Chinese company and will do as they're told. Absolutely Western countries have spied but their ideology whilst far from perfect is better than a country who cannot give even basic human rights. I know who I'd rather have spying on me.

        1. nice spam database '); drop table users; --

          Re: Huawei

          Lol, as if the US government cared about human rights! It only uses them as excuse to further their business interests!... Readers are as biased as this article

        2. nice spam database '); drop table users; --

          Re: Huawei

          Lol, as if the US government cared about human rights! It only uses them as excuse to further their business interests!

        3. jgarbo

          Re: Huawei

          Oh dear. And you still believe Santa lives at the North Pole? The US is #1 spier, the NSA caught again spying all over. No evidence even of Chinese attacks, since Reuters is a waffle service, no company will explain the attacks. Why the current drama? G20 in Japan next month, when the Clown needs some accusations to chuck at Xi.

          1. Catford scum

            Re: Huawei

            Vladmir, is that you?

        4. Archtech Silver badge

          Re: Huawei

          "Human rights"... hmmmmm. What exactly are those?

          "That which has no existence cannot be destroyed — that which cannot be destroyed cannot require anything to preserve it from destruction. Natural rights is simple nonsense: natural and imprescriptible rights, rhetorical nonsense — nonsense upon stilts. But this rhetorical nonsense ends in the old strain of mischievous nonsense for immediately a list of these pretended natural rights is given, and those are so expressed as to present to view legal rights. And of these rights, whatever they are, there is not, it seems, any one of which any government can, upon any occasion whatever, abrogate the smallest particle".

          - Jeremy Bentham (“Anarchical Fallacies”, 1843)

          Incidentally, since you think the USA gives its people so many more "human rights" than China - did you know that 90% of Chinese people own their homes, compared to 64.5% of Americans? (As of 2014 - https://en.wikipedia.org/wiki/List_of_countries_by_home_ownership_rate)

          Personally I'd rather have a house than a list of theoretical "human rights".

          1. frank 3

            Re: Huawei

            Personally, I'd rather have my kidneys than a house, but you pays your money and takes your choice I guess.

            https://www.independent.co.uk/news/world/asia/china-organ-harvesting-prisoners-falun-gong-deaths-tribunal-a8962661.html

            Except of course in China you don't get a choice.

            And if you believe in a flying spaghetti monster, you get to attend a concentration camp, so your housing is FREE! Yay!

          2. Snorlax Silver badge

            Re: Huawei

            "Jeremy Bentham (“Anarchical Fallacies”, 1843)"

            The concept of human rights is somewhat different today than it was in the mid-19th century.

            Back then it was still cool to own brown people and and commit genocide in your overseas colonies.

            Save the Bentham quotes for Students Union quiz night...

            1. Archtech Silver badge

              Re: Huawei

              "The concept of human rights is somewhat different today than it was in the mid-19th century".

              But not for the better.

              "Back then it was still cool to own brown people..."

              In the USA. Slavery was abolished in Britain in 1833, and the slave trade had been illegal since 1807.

              https://en.wikipedia.org/wiki/Slavery_Abolition_Act_1833

              1. Snorlax Silver badge
                FAIL

                Re: Huawei

                ”But not for the better.”

                Oh please do explain to me how you think human rights haven’t changed for the better since the 19th century.

                ”Slavery was abolished in Britain in 1833...”

                Slavery wasn’t finally abolished in Britain until 1838. Slavery wasn’t abolished in East India Company territory, Ceylon and St Helena until the Indian Slavery Act 1843. That’s close enough to “mid-19th century” for me.

                Tedious pedants who quote Bentham may possibly view “mid-19th century” as everything between 1849 and 1851...

                1. Michael Wojcik Silver badge

                  Re: Huawei

                  Slavery wasn’t finally abolished in Britain until 1838. Slavery wasn’t abolished in East India Company territory, Ceylon and St Helena until the Indian Slavery Act 1843. That’s close enough to “mid-19th century” for me.

                  For that matter, Bentham gave no indication that his theory of natural rights applied only to Britain and the Colonies. He was speaking in generalities, so generalities about the state of the world at the time apply.

                  1. Snorlax Silver badge

                    Re: Huawei

                    This is true.

                    I referenced Britain only because the person I was replying to had specifically mentioned Britain’s slavery record. Human rights don’t stop at borders.

            2. Intractable Potsherd Silver badge

              Re: Huawei

              Regardless of whether and in what form human rights exist, for me the relevant part of that Bentham quote is at the end: "And of these rights, whatever they are, there is not, it seems, any one of which any government can, upon any occasion whatever, abrogate the smallest particle." This is entirely true, and Bentham's critique of government here is devastating. Since the middle of the 20th century, some of us have been lucky enough to have an overarching structure to enforce human rights that is independent of government (the European Court of Human Rights), yet the spiritual descendants of the people Bentham criticised here in the UK really want to get out from underneath that scrutiny so they can "continue to abrogate the smallest particle upon any occasion whatever."

    2. Danny Boyd
      FAIL

      Re: Huawei

      The article says nothing about the alleged victims having Huawei equipment in their networks. Do you have such info? Please share (if you are not under NDA, of course).

      If this case isn't another bloomberg, it is another reminder to all concerned not to put anything of any value in the cloud.

      1. ST Silver badge
        FAIL

        Re: Huawei

        > [ ... ] it is another reminder to all concerned not to put anything of any value in the cloud.

        Had you actually read the article, you would have realized that this has nothing to do with cloud.

        1. NotBob
          FAIL

          Re: Huawei

          Says the commentard who didn't read the article?

        2. Danny Boyd

          Re: Huawei

          And I quote: "The hackers compromised customer servers that were managed by the IT giants, or slipped in via network links between the tech providers and their big-name clients. Hence the name: Cloud Hopper."

          So, esteemed colleague, who needs to re-read the article?

          1. ST Silver badge
            FAIL

            Re: Huawei

            > Hence the name: Cloud Hopper.

            They also call themselves APT 10. Does that mean they live in Apartment #10, or that they have something to do with apartments?

            The article isn't about cloud. It's about Chinese spying.

            1. jgarbo
              Devil

              Re: Huawei

              You mean "Deadly Dragon Hackers" don't use a real dragon? Damn.

            2. LDS Silver badge

              Re: Huawei

              They don't call themselves APT10 - it's a designation used by those who investigate them - and you should now what APT means.

              Anyway the took advantage of outsourcing to get into customers' networks. "Cloud" is not only AWS or Azure - and I'm just waiting they discover they've been p0wned too.

            3. pig

              Re: Huawei

              They specialise in the cloud though.

              Securing clouds is HARD and there are groups that take advantage of that. Some of those groups are state backed, some are - essentially - private enterprise.

              In the early days of 'the cloud' I remember seeing a great example of lateral thinking for a 'hack'

              The provider was pretty good with the security on the live servers.

              If you hired a box in the same data centre as your target though, and then purchased backup services you could, given the right skills, follow that route to a backup box shared with your target...

              The security on that box was not as good as live.

            4. Mike Moyle Silver badge

              Re: Huawei

              "They also call themselves APT 10. Does that mean they live in Apartment #10, or that they have something to do with apartments?"

              Actually, unless they've taken it up as an ironic badge of honor, THEY probably don't call themselves that. APT 10 is, I believe, U.S. gov-speak for Advanced Persistent Threat (Number) 10.

              So, your snark could be considered misplaced.

              1. ST Silver badge
                FAIL

                Re: Huawei

                > So, your snark could be considered misplaced.

                For your convenience, and for all the other commentards' convenience, who did not bother reading the entire Reuters article, I posted a relevant quote from the Reuters article a few posts below.

                So, no, my snark was not misplaced. Unlike most of you, I actually read - not skimmed through the first two paragraphs - the Reuters article from top to bottom.

                And no, the story in the article has nothing to do with HPE's cloud, or any kind of cloud. According to Reuters, the attack by China's Intelligence Services took place before HPE even existed, and before cloud was even a thing, and it lasted for years.

                1. Gaius

                  Re: Huawei

                  Cloud absolutely was a thing in 2010. AWS launched SQS to the general public in 2004!

                  1. Michael Wojcik Silver badge

                    Re: Huawei

                    Hell, Carr's The Big Switch, a popular treatment of the subject that predicted utility ("cloud") computing would come to dominate the industry, was published in 2009. Anyone who thinks "cloud wasn't a thing in 2010" has a very poor grasp of recent IT history.

          2. SonOfDilbert

            Re: Huawei

            Popcorn?

        3. T. F. M. Reader Silver badge

          Re: Huawei

          @ST: have you actually read the article? I mean, the original Reuters article? Have you even clicked on the link?

          It should be enough to start reading the 3rd paragraph that says:

          Teams of hackers connected to the Chinese Ministry of State Security had penetrated HPE’s cloud computing service and used it as a launchpad to attack customers...

          to realize that it is about cloud.

          Later in the Reuters piece:

          The [Cloud Hopper - TFMR] campaign also highlights the security vulnerabilities inherent in cloud computing, an increasingly popular practice in which companies contract with outside vendors for remote computer services and data storage.

          “For those that thought the cloud was a panacea, I would say you haven’t been paying attention,” said Mike Rogers, former director of the U.S. National Security Agency.

          1. ST Silver badge

            Re: Huawei

            > @ST: have you actually read the article?

            Yes, I read the article.

            I am not sure where the lack of understanding lies here. Maybe it's because discussing Chinese spying activities against Western targets is a really uncomfortable topic for some people here, and deflecting the entire conversation onto ancillary topics removes some of that discomfort.

            What is relevant in this story is that the Chinese were able to penetrate networks, stay in there undetected for months, and pilfer data. That's the relevant part.

            Also compromised by Cloud Hopper, Reuters has found: Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation and DXC Technology. [ ... ] For years, the company’s predecessor, technology giant Hewlett Packard, didn’t even know it had been hacked. It first found malicious code stored on a company server in 2012. The company called in outside experts, who found infections dating to at least January 2010.

            Hacking the cloud might sound like a catchy phrase, and it might be marginally effective at deflecting away from the core of the story, but it's not an accurate - or relevant - representation of what happened. HPE didn't even exist in 2010, and HP didn't even offer cloud services back in 2010.

            It is therefore inaccurate to claim that the attack vector was HPE's cloud. What is clear from the article is that HP did not even know its networks had been penetrated by the Chinese, and that they stayed ignorant of this attack for many years after it started.

            1. Michael Wojcik Silver badge

              Re: Huawei

              I have to agree with ST here, at least to the extent that focusing on cloud is short-sighted. There were multiple attack vectors over a large attack surface. Various types of "cloud" systems (a poorly defined concept in the first place) were part of that surface, but by no means all of it.

              The story is about a large and successful penetration + exfiltration campaign by APT10. Using it as an occasion to gripe about "cloud" is like saying "well, the thieves broke into some of the houses through the living-room windows, so we should ban living-room windows".

    3. Jamie Jones Silver badge

      Re: Huawei

      And so many people have said how bad Trump is for not trusting Huawei in telecoms networks. This is precisely why. No matter what you think of him he is right on this.

      Absolute bollocks. Trump said he'd lift sanctions on Huawei if he could get a more favourable tariff deal:

      TRUMP: Huawei is something that’s very dangerous. You look at what they’ve done from a security standpoint, from a military standpoint, it’s very dangerous. So it’s possible that Huawei even would be included in some kind of a trade deal. If we made a deal, I could imagine Huawei being possibly included in some form, some part of a trade deal.

      https://www.theverge.com/2019/5/23/18637836/trump-huawei-ban-explanation-trade-deal-national-security-risk

      He's also presurring other countries to boycott them.

      It's nothing to do with security, He's using them as a bargaining chip. Nothing else.

      1. Jamie Jones Silver badge

        Re: Huawei

        I'd love to know why you thumbed me down when I bloody quoted Trump himself.

        "Trump derangement syndrome" is actually very real - it just refers to the opposite group of people than you think it does.

        1. ST Silver badge
          FAIL

          Re: Huawei

          > I'd love to know why you thumbed me down [ ... ]

          I thumbed you down, for the following reasons:

          1. You quoted Trump. That's a loser.

          2. You actually paid attention to what Trump said. That's an even bigger loser. The guy's a moron.

          3. You declare by fiat the Reuters article to be "absolute bollocks" while you have exactly zero knowledge of the article's sourcing and fact-checking. Reuters isn't known for being a Trumpist outfit.

          4. Just because the article contradicts your own biases, it does not necessarily follow that the article is wrong. Believing that everything that contradicts your biases is inherently wrong is a common sense fallacy.

          5. Not everyone who is suspicious of Huawei and their activities on behalf of the Chinese Intelligence Services is a Trump supporter.

          6. Trump derangement syndrome is a term used exclusively by Trumpkins when they play their victim card. No-one else uses it.

          Sorry you shot yourself in the foot. Try harder next time.

        2. jgarbo
          Facepalm

          Re: Huawei

          Quoting a semi-literate moron immediately invalidates your comments. Next you'll be quoting Darth Vader on the new Space Force Trump wants him to build.

          1. bpfh Silver badge
            Black Helicopters

            Re: Huawei

            Your lack of faith is disturbing...

  3. bbennington

    They were Pwned long ago.....

    "stealing corporate secrets and rifling through their customers' networks". How is this different than using armies of nearly competent 3rd party resources for key support/stewardship of your IT?

    You gave your data away when you made those economical decisions. Hope your "solution partner" SLA covers all your damage...

    Is it really vastly skilled hax0rs targeting things, or do the service providers _need_ it to be a very advanced attack to avoid liability.

    1. Mike007
      Joke

      Re: They were Pwned long ago.....

      Liability??? Hahahahaha!

      That was a good one.

  4. IGotOut

    correct me if I'm wrong ..

    But don't many of those companies sell their own cyber (euughh) defence services?

    1. DavCrav Silver badge

      Re: correct me if I'm wrong ..

      "But don't many of those companies sell their own cyber (euughh) defence services?"

      Sure, but they are selling you defences against a guy in his bedroom. Protecting yourself against the Chinese state is a whole different matter, and eventually hopeless. A guns and ammo shop in the States can get you tooled up to prevent a house invasion (not really) but if the assailants are a foreign army you are still in trouble.

      You keep your crown jewels off the network, and check everyone going in and coming out of the room. Only way to be sure.

    2. Anonymous Coward
      Anonymous Coward

      We do.

      Never been hacked.

      PS I believe in fairies, in the cloud and at the bottom of the garden.

  5. Guus Leeuw

    Maybe....

    Dear Sir,

    now that this is revealed, can President Trump please drop his war on the US or Iran, and instead call for a war on China?

    Best regards,

    Guus

  6. Archtech Silver badge

    No reliable evidence

    As far as I can see, the evidence for these exploits having anything to do with China is paper-thin. About as trustworthy, in fact, as the UK government's assigning blame for the Skripal affair to Russia.

    In his previous 2017 article, the usually reliable John Leyden wrote:

    'PwC UK and BAE Systems rate it "highly likely" that APT10 is a China-based threat actor. The group has been active since 2009, and has already been profiled by other security researchers at FireEye and CrowdStrike among others'.

    "Highly likely", eh? In Mr Leyden's defence, he wrote those words before the Skripal affair brought the expression into extreme disrepute. Since March 2018 we all understand that "highly likely", when used by government authorities, means "untrue".

    And just look at the highly-qualified IT forensics experts cited. PwC (a bunch of crooked beancounters), BAE Systems (a crooked armaments manufacturer), FireEye (a US "security" firm that frequently blames any and all exploits on Russia or China), and... wait for it... CrowdStrike! Now why is that name familiar??

    "The Democratic National Committee cyber attacks took place in 2015 and 2016, in which computer hackers infiltrated the Democratic National Committee (DNC) computer network, leading to a data breach. Some cybersecurity experts, as well as the U.S. government, stated that the cyberespionage was the work of Russian intelligence agencies.

    "Forensic evidence analyzed by several cybersecurity firms, CrowdStrike, Fidelis, and Mandiant (or FireEye), strongly indicates that two Russian intelligence agencies infiltrated the DNC computer systems. The American cybersecurity firm CrowdStrike, which removed the hacking programs, revealed a history of encounters with both groups and had already named them, calling one of them Cozy Bear and the other Fancy Bear, names which are used in the media".

    https://en.wikipedia.org/wiki/Democratic_National_Committee_cyber_attacks

    1. Archtech Silver badge

      Re: No reliable evidence

      Would any of the four people who voted the parent comment down care to reveal what they disagree with in it?

      I thought not.

      1. Archtech Silver badge

        Re: No reliable evidence

        So just discomfort stemming from extreme cognitive dissonance?

      2. Snorlax Silver badge

        Re: No reliable evidence

        Some advice: Take your downvotes and move on with your life. Otherwise you just sound like a whiny pain in the arse..

        APT10 is just the name used by FireEye/Mandiant to distinguish them from other hacking teams. Don’t get hung up on it. Other names are used also - MSS, Potassium, Stone Panda, etc. Your opinion as to the crookedness of security companies is neither here nor there.

  7. This post has been deleted by its author

  8. Gaius

    Didn’t DXC just lay off all their security guys? https://www.theregister.co.uk/2019/06/24/dxc_technology_axe_security_division/

    1. Michael Wojcik Silver badge

      They weren't using them anyway.

  9. vincent himpe

    Ah... The Cloud ...

    Wasn't that defined as other peoples hardware ?

    Now includes free other peoples data too it seems.

  10. Eduard Coli

    Rich mans game

    It has been going on for years and was common knowledge.

    Execs pretended it never happened because it might affect their bonuses.

    It probably practice for the PLA crackers since the information could just be asked for with a reasonable chance the victims would cough up because if denied your factory workers would go on strike or the factory would burn down or you would be banned from selling on mainland China.

  11. Forex

    "The Chinese government has never in any form participated in or supported any person to carry out the theft of commercial secrets."

    Not a false statement: APT 10 is part of the Army, not the Government. Classic civil servant speak.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019