A recent report from the Pentagon’s “intelligence directorate” warns against Defense Department use of Lenovo gear, citing cybersecurity concerns. That’s according to a story today in the Washington Free Beacon by author and intelligence expert Bill Gertz.
The Pentagon is worried that Lenovo gear can be compromised by China – Lenovo’s home country. However, the Pentagon has not imposed a “blanket ban” on all Lenovo products, Gertz reported.
A North Carolina Congressman expressed concern about the report.
Rep. Robert Pittenger, whom Gertz noted has been involved in probes of Chinese cybersecurity risks, told Gertz:
“Chinese cyber security and supply chain concerns remain a significant problem for both the Defense Department and the remainder of the federal government.” Pittenger represents North Carolina’s 9th District.
The latest story comes just days after the chair of the House Judiciary Committee warned the head of the FBI that two Lenovo laptops were linked to Hillary Clinton’s private email server and that data could have been compromised.
“Lenovo computers, and specifically the models used by Heather Samuelson [former White House liaison to the State Department] for reviewing classified emails, have been shown by the Department of Homeland Security (DHS) to contain software, dating back to 2010, that permits remote hacking attacks,” Rep. Bob Goodlatte said.
He noted that using the Lenovo machines upped the odds that “Secretary Clinton’s emails were obtained by the Chinese government — the State Department, FBI or any other agency had redacted Top Secret and Special Access Program (SAP) information.”
The Pentagon report is the latest in a series of stories dating back to Lenovo’s acquisition of IBM’s PC business in 2005. Concerns have grown since Lenovo acquired IBM’s x86 server business for more than $2 billion in 2014.
WRAL TechWire has reached out to Lenovo for comment.
Lenovo faces Navy ban
Last year, for example, the U.S. Navy moved to remove Lenovo servers from ships armed with the AEGIS defense system, citing concerns that the servers could be hacked. The U.S. Naval Institute’s news service first reported the story, and an editor told WRAL TechWire that he believed Lenovo servers would not be deployed on U.S. combat ships going forward.
“Lenovo servers on US warships are absolutely not going to happen,” he said in an interview.
The server business, which was merged with other Lenovo operations, is based in Morrisville.
Much of Lenovo is still owned by the Chinese Academy of Science, which is part of the Chinese government. Lenovo was founded in China and most of its operations are still located there along with one of two corporate headquarters. The other HQ campus is in Morrisville.
“Military Warns Chinese Computer Gear Poses Cyber Spy Threat,” the headline reads on the Gertz story.
“Lenovo seeking access to classified Pentagon networks, J-2 report says”
J-2 refers to the so-called intelligence directorate,or Joint Staff Intelligence, which is part of the organization supporting the Chairman of the Joint Chiefs of Staff.
The report also said that “Lenovo was seeking to purchase American information technology companies in a bid to gain access to classified Pentagon and military information networks,” Gertz added.
Threats from beacons
According to Gertz, one concern is “beaconing” from devices, using covert wireless links for intelligence gathering.
“There is no way that that company or any Chinese company should be doing business in the United States after all the recent hacking incidents,” Gertz quoted one unnamed official as saying.
Lenovo spokesman Ray Gorman told Gertz that he was unaware of the latest concerns.
He also told Gertz that in terms of acquisitions “we have stated many times that we continue to look worldwide for opportunities that make sense for our customers and shareholders, add value to our product portfolio, and help keep us on track for continued profitable growth.”
Read the full Gertz story at:
http://freebeacon.com/national-security/military-warns-chinese-computer-gear-poses-cyber-spy-threat/