U.S. defense contractor fined for trouncing software to China
July 4, 2012
A top-level U.S. defense contractor has been fined no less than $75 million for trouncing software to China that was a critical component in the country's first attack helicopter.
United Technologies and its two subsidiaries Pratt & Whitney Canada and Hamilton Sundstrand have both confessed to more than 500 violations of secret technology export restrictions in a federal court.
The violations involve engine control software without which China could not have completed the development of its Z-10 attack helicopter, a battlefield-ready aircraft capable of carrying 30 mm cannons, anti-tank guided missiles, air-to-air missiles and unguided rockets.
According to the U.S. Immigration and Customs Enforcement Division which carried out the investigation, Pratt & Whitney turned a blind eye to the potential military utilization of the software in hope of securing a lucrative contract for civilian helicopters from China, a $2 billion transaction that never appeared on its books.
Pratt & Whitney had previously sold to China ten commercial development engines that didn't require export licenses. But the company then wilfully followed that up with electronic engine control software made by Hamilton Sundstrand and modified it for use in a military helicopter, the Immigration and Customs Enforcement Division said.
The export of defense articles and associated technical data has been banned by the United States since the 1989 Tiananmen Square massacre.
The companies did themselves no favors by failing to disclose the illegal exports for several years and then making numerous false statements to the U.S. State Department.
"Pratt & Whitney Canada exported controlled U.S. technology to China, knowing full well it would be used in the development of a military attack helicopter, and in direct violation of the U.S. arms embargo with China," said U.S. Attorney David Fein.
"Pratt & Whitney Canada took what it described internally as a calculated risk, because it wanted to become the exclusive supplier for a civil helicopter market in China with projected revenues of up to $2 billion. Several years after the violations were discovered, United Technologies, Pratt & Whitney Canada and Hamilton Sundstrand disclosed the violations to the U.S. government and made false statements in doing so.”
United Technologies CEO and chairman Louis Chênevert issued the following statement "Export controls are an integral part of safeguarding U.S. national security and foreign policy interests. As a supplier of controlled products and technologies to the Department of Defense and other domestic and international customers, we are committed to conducting business in full compliance with all export laws and regulations. We accept responsibility for these past violations and we deeply regret they occurred."
The fine, $20 million of which can be used by United Technologies towards a compliance program, is unlikely to financially affect a company with revenues exceeding $50 billion, but the case will be a huge embarrassment to the United States, nevertheless.
Politicians and various military officials had been increasingly vocal in their criticism of China’s state-sponsored cyber espionage activities, much of which is directed at stealing military intelligence from the private sector simply by selling restricted technology.
China’s rapid rise to success in the military segment will soon see it take on America’s crown as preeminent global superpower and in the end it is this new economic reality, and incidents like this which it gives rise to, which could yet prove the biggest threat to U.S. supremacy in the military.
In other internet security news
Six individuals, including three IT executives have been arrested in Tokyo in connection with an Android malware scam which netted the group over US $245,000.
Japan’s first arrests for the crime of distributing a smartphone virus came after 9,200 people downloaded malware disguised as an application designed to play videos, according to the Daily Yomiuri.
The six men, which are also being investigated on suspicion of developing the virus, decided to distribute it on an adult website they created, presumably luring victims into paying with the promise of being able to view video content.
Once downloaded onto a user’s phone, the app displayed a message demanding payment of US $1,100 with the notice continuing to be displayed even when the victim tried to turn the device off.
The group also allegedly nicked personal data from the phone including contact information from the address book, and stored it on a server overseas, the report added.
The news highlights the continued threat to Android-based smartphones, one which becomes more alarming for IT managers given that many such devices are being used to access corporate networks as part of BYOD initiatives.
Tokyo-headquartered security vendor Trend Micro said that Android malware actually grew by a huge 1410 percent in the first half of last year.
Although only a very small percentage of the approximately 410,000 apps on Google Play are likely to be harmful, internet security professionals usually recommend users to avoid third party app stores and other sites where malware is more likely to lurk.
The Chinese government has even been forced to voice some concerns about security issues in mobile app stores owned by state-run operators China Mobile and China Telecom.
In other internet security news
An internet security vulnerability in some F5 equipment first announced in February may be in the wild, with insecure code posted to Github purporting to be a security exploit.
The original advisory stated that vulnerable installations of F5’s BigIP and other systems allowed an attacker to log in as root, because the security vulnerability exposed the device’s SSH private key.
F5 responded to this twelve days ago, but since it’s only seven days since F5 issued its advisory – and the patch – it’s likely that unpatched systems still exist out in the wild.
F5 describes the issue as “A platform-specific remote access vulnerability that has been discovered that could allow a remote attacker to gain privileged access to compromised systems using SSH.
The security vulnerability is caused by a configuration error, and isn't the result of an underlying SSH defect.”
Exploit code has been posted to Github. That code purports to gain remote access to some of the affected F5 systems-– its BigIP devices.
The security vulnerability can be addressed either by users upgrading to a non-vulnerable version, or reconfiguring SSH access. We are still awaiting an update from F5. We will keep you posted.
In other internet security news
Internet security experts are warning multinational firms with offices in Hong Kong that they are not immune at all to cyber attacks originating from China, despite the apparent shared sovereignty between the Special Administrative Region (SAR) and its mainland parent. This isn't the first time that Hong Kong has been advised to take precautions when it comes to its cyber security.
In the past, the Chinese government has often been blamed for either officially sanctioning cyber espionage attacks on foreign countries, as well as private and public organizations, or just simply turning a blind eye to financially motivated or patriotic attacks on western companies and states launched from within China.
Some internet security experts strongly believe that there is an unwritten agreement between the chinese hacking community and the authorities that these activities can continue as long as no government organizations or firms operating in China are directly affected.
But experts in the SAR have said multinationals appear to be fair game for Chinese hackers. Roy Ko, center manager of the Hong Kong Computer Emergency Response Team (HKCERT) says that his team works closely with its Chinese counterpart to pinpoint the exact location of attacks on local companies.
“Hong Kong’s overall immunity depends on our capabilities to defend ourselves, not because we’re part of China,” he argued. “We have a good communications channel in place with China's CERT organization, so when the internet attacks come from China, we can seek their help and advice fairly quickly.”
To be sure, Ian Christofis, an acting manager for Verizon Wireless in North Asia, recently said that multinationals on the mainland were worried about intellectual property theft from malicious insiders and said that Hong Kong companies were equally in the crosshairs as well.
“On any given day, Hong Kong is just as much a target as anywhere else. Hong Kong companies should not be complacent,” he added.
And for his part, Guido Crucq, general manager of internet security solutions at Asia Pacific for data systems integrator Dimension Data, agreed strongly with that notion.
"Today, cybercriminals are into hacking for the big money, so we advised our clients that we can't let our guard down simply because we are doing business in a location which we consider as friendly territory," he said.
But lawmaker Samson Tam, who is a legislative councillor for IT in the SAR, preferred to play up the threat to locally-based firms from outside of China.
“Most attacks come from smaller countries or areas with much looser controls and more liberal standards, so international police force co-operation is very important,” Tam added.
“Mainly, they are financially-motivated internet attacks because we don’t have many political, cultural or religious tensions here,” he said.
At any rate, and as it's been proven many times in the recent past, it can be frustratingly difficult for experts to accurately trace back a cyber attack to its very source.
Given its large online population, China will naturally have a sizeable number of compromised machines which either home-grown or foreign hackers can use to launch more and more internet attacks, said HK CERT's Ko, and that's really the very worrisome part.
In other internet security news
A complex and very targeted bot virus has been discovered over the weekend that steals data from computers located in the Middle East, internet security researchers announced today.
Called 'Flame' the malware has actually been in operation since sometime in 2010, and appears to be state sponsored, Kaspersky Research Labs said today, although it wasn't sure of its exact origins.
Flame is designed to rob information on specific targeted systems as well as stored files on computers, as well as computer display contents and even audio conversations that took place in the recent past.
"The overall complexity and functionality of the newly discovered malicious software exceed those of all other cyber threats known to date," Kaspersky Labs said in a statement announcing the malware's discovery this morning.
The virus is about twenty times the size of Stuxnet, a virus that targeted the controls of an Iranian nuclear facility. The largest concentration of infected computers is in Iran, followed by the Israel/Palestine region, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
"Conducted upon an urgent request from the ITU, the preliminary findings of the research confirm the highly targeted nature of this malicious program," said Kasperky Labs' chief expert Alexander Gostev.
"And one of the most alarming facts to date is that the Flame cyber-attack campaign is currently in its active phase, and its controlling operator is consistently surveilling all infected systems, collecting information and targeting new systems to accomplish its unknown goals."
Eugene Kaspersky, the founder and CEO of Kaspersky Labs compared the new virus with Stuxnet and said it appeared to open a new front in state-sponsored cyber warfare.
But, he also said that its full significance won't be quite understood until more security researchers examine the whole contents of the malware and in very intricate details.
"The Flame virus looks to be into another phase of this never-ending war, and it's important to understand that such cyber weapons can easily be used against any country," Kaspersky said in a statement. "Unlike with conventional warfare, the more developed countries are actually the most vulnerable in this case, and that's exactly what we have to watch out for."
Source: The U.S. Immigration and Customs Enforcement Division.
You can link to the Internet Security web site as much as you like.