FACEBOOK AND LENOVO
Social media giant Facebook is under fire for sharing data with four Chinese electronics companies that critics say pose security and privacy risks for Americans’ data.
The most worrisome data-sharing took place between Facebook and Huawei Technologies, the telecommunications giant that U.S. officials have linked to both the Chinese military and intelligence services.
Facebook also shared data with Lenovo, a Chinese computer company that was the subject of an intelligence warning from the Pentagon’s Joint Staff two years ago. In October 2016, the Joint Staff issued a classified report that warned against using any equipment made by Lenovo over concerns about cyberspying.
The J-2 intelligence directorate stated that Lenovo computers and handheld devices could be used by Chinese intelligence to introduce compromised hardware into the Defense Department supply chain, according to U.S. officials familiar with the report. The Sept. 28, 2016, report also stated that Lenovo was attempting to purchase entire U.S. information technology companies as a means of gaining indirect access to classified Pentagon and military information networks.
The J-2 said using Lenovo products could assist Chinese intelligence cyberespionage against both classified and unclassified but sensitive military networks. Lenovo equipment in the past has been detected by U.S. intelligence agencies engaged in “beaconing” — covert communication with remote users as part of a cyberspying operation.
The Army’s Cyber Directorate in 2007 detected a Lenovo-brand desktop computer engaged in beaconing activity that a congressional China commission report said was a “self-initiating attempt to establish a connection to a suspicious foreign entity.”
“There is no way that that company or any Chinese company should be doing business in the United States after all the recent hacking incidents,” one defense official said of Lenovo.
The Chinese Academy of Sciences, a government research institute, owns about 27 percent of Lenovo Group Ltd., and U.S. intelligence has reported that one Chinese Academy of Sciences space imagery expert recently assumed a senior post in the People’s Liberation Army Strategic Support Force, a new military service in charge of cyber, space and electronic warfare operations.
Rep. Bob Goodlatte, Virginia Republican, has voiced security concerns about Lenovo computers related to the controversial FBI investigation into former Secretary of State Hillary Clinton’s private email server. Mr. Goodlatte wrote then-FBI Director James Comey in 2016 that Heather Samuelson, former White House liaison to the State Department, used two Lenovo laptops to review thousands of classified emails found on Mrs. Clinton’s server.
“Lenovo computers, and specifically the models used by Heather Samuelson for reviewing classified emails, have been shown by the Department of Homeland Security to contain software, dating back to 2010, that permits remote hacking attacks,” Mr. Goodlatte said.
In April 2016, the Air Force Cyber Command warned in an email notice that it was banning Lenovo products over cybersecurity risks.
The notice said that Lenovo products “are being removed from the Approved Products List and should not be purchased for DoD use,” while “Lenovo products currently in use will be removed from the network.”
Lenovo purchased IBM’s laptop computer business in 2005, prompting security concerns at the time.
In 2014, the Navy was forced to replace IBM servers in all Aegis battle-management-equipped warships after Lenovo purchased IBM’s BladeCenter line of servers. The Navy was concerned that China could hack its most advanced warships through the servers in wartime.
The Department of Homeland Security also warned that Lenovo computers built since 2014 come loaded with adware called Superfish that could allow hackers to thwart encrypted security controls.
Lenovo bought Motorola Mobility, the cellphone division of Motorola, in 2014 and has tried to buy BlackBerry, the Canadian handheld smartphone company. The intelligence alliance known as Five Eyes, made up of spy services from the United States, Britain, Australia, Canada and New Zealand, banned the use of Lenovo products several years ago over cyberespionage fears.