AT&T · New York · Fortune Technology
IBM, AT&T accused by whistleblower of covering up foreign hacks
Compiled by KHAO Editorial — aggregated from 1 source. See llms.txt for citation guidance.
◌ Single Source
International Business Machines Corp. and AT&T Inc.’s computer systems were repeatedly breached by foreign hackers, and the companies concealed those intrusions from the US government in violation of the law, according to a lawsuit from a former IBM cybersecurity official.
Key facts
- An internal company investigation found more than 50,000 “potential APT 10 hits” between 2013 and 2016, the suit alleges
- Barlow worked at IBM in two stints beginning in 2002, including serving as vice president of threat intelligence from 2017 until his resignation in 2019, according to the lawsuit
- In 2018, the US Department of Justice charged two alleged members of a Chinese hacking group that it said had waged a decade-long campaign to steal the data of 100,000 US Navy personnel
- Intelligence agencies told IBM that internet addresses associated with its network were connecting to infrastructure used by APT 10, according to the suit
Summary
William Barlow, IBM’s former vice president of threat intelligence, alleged in the complaint that the companies failed to disclose multiple breaches over years by attackers linked to foreign governments and made false assurances about the security of their systems to win and keep federal contracts. The suit offers a rare account of alleged security failures at two major government contractors. The hackers allegedly breached massive IBM cloud computing infrastructure that’s widely used by many parts of the US government, including the military. The complaint alleges that foreign and unidentified hackers repeatedly infiltrated the network and that the companies sometimes couldn’t determine who got in, or what was taken.