Cloud systems operated by IBM and AT&T for the US federal government were breached numerous times by foreign hackers, and the companies concealed the breaches from the government, according to a whistleblower’s lawsuit, Bloomberg reported.
William Barlow, IBM’s former vice president of threat intelligence, alleged in the complaint that the cloud systems in question were hit by breaches over the years by hackers linked to China and other foreign governments, and made false assurances about the safety of their systems in order to keep federal contracts, the report said.
The allegations involve a cloud system called Core Network used by the US military and other parts of the government, which is operated by AT&T on behalf of IBM.
Undisclosed hacks
Barlow said he personally witnessed numerous breaches of the network and was pressured by executives to downplay the incidents in internal reports and omit details.
In some instances, IBM senior management “actively took steps to cover up and conceal” hacks from US regulators and government clients, the suit says.
“The data breaches are so large and the core networks so poorly designed that neither IBM nor AT&T knows exactly what data was breached, who breached the data, where the data was breached or whether any data was exfiltrated, altered and/or modified in any respect,” alleges the lawsuit.
A decade-long campaign by China-linked group APT 10 to steal the data of US Navy personnel, detailed in 2018 by the US Department of Justice, was carried out by infiltrating IBM’s network, Barlow alleged.
He said an internal company investigation found more than 50,000 “potential APT 10 hits” between 2013 and 2016 in which the IBM systems could have connected to APT infrastructure.
Compromised accounts
Another probe a year later found hackers had accessed nearly 400 compromised accounts and almost 200 total systems and servers in 18 countries, across every business unit, the lawsuit alleges.
The lawsuit was filed under seal in 2020 and remained confidential until it was unsealed this week, after the federal government declined to intervene and take over the case, Bloomberg reported.
The False Claims Act, under which the suit was filed, allows private individuals to sue on behalf of the government for alleged fraud. The government may take over such cases and seek damages, of which the whistleblower can be awarded a portion.
IBM said in a statement that it is “confident that our actions followed the letter of the law”.
Click Here For The Original Source.
