Spy Agencies ‘Ban Lenovo Gear’ On Security Grounds

Intelligence agencies in the UK, Australia, the US, Canada and New Zealand are reportedly banned from using Lenovo computers on classified networks due to back-door concerns

British intelligence agencies, as well as those of Australia, the US, Canada and New Zealand, have a ban in place on Lenovo computers due to the alleged presence of hardware modifications that could facilitate hacking, according to a report by the Australian Financial Review.

The report, which cites unnamed intelligence and defence sources in Britain and Australia, is the latest to highlight official concerns over the security of IT equipment originating in China.

‘Written ban’

The “written ban” on Lenovo computers dates to the mid-2000s, in other words roughly coinciding with Lenovo’s acquisition of IBM’s PC business in 2005, according to the report. The ban allegedly applies to the “secret” and “top secret” networks of the so-called “five eyes” intelligence alliance.

It was introduced after “intensive laboratory testing”, led by British intelligence agencies’ laboratories, discovered “back-door” modifications in Lenovo computers’ hardware and firmware, according to the report. The alleged presence of the back-doors reportedly remains “highly classified”.

Lenovo logoLenovo responded that it was unaware of any ban, and said in a statement provided to the press its “products have been found time and time again to be reliable and secure by our enterprise and public sector customers”. The company added that it is looking into the situation.

The Home Office declined to comment on whether Lenovo computers are accredited for use on classified government networks, while GCHQ said in a statement: “As a matter of policy we don’t routinely discuss the names or nature of suppliers to GCHQ on any aspect of our business.”

The AFR report cited an Australian Department of Defence spokesman as saying that Lenovo products have never been accredited on the classified networks of that country, and that moreover Lenovo has never sought accreditation.

Chinese government links

Lenovo is, however, a “significant” supplier of computers for unclassified government networks in Australia and New Zealand, as well as in other Western countries, according to the AFR. IBM continues to supply servers and mainframes accredited for classified networks.

Lenovo was founded in Beijing in 1984 and continues to be based there, while operating in more than 60 countries. It is currently the world’s largest PC manufacturer, with a global market share of 16.7 percent in the second quarter of 2013, according to Gartner.

While Lenovo is a public company, the state-run Chinese Academy of Sciences owns a 36 percent stake in Legend Holdings, which holds a 34 percent stake in Lenovo.

Chinese ICT suppliers including Huawei and ZTE have previously been singled out for criticism on security grounds, with Michael Hayden, the former head of the US National Security Agency (NSA), telling the AFR earlier this month that he knew of evidence Huawei had spied for China, a claim denied by the firm.

Last year the Intelligence Committee of the US House of Representatives concluded an investigation of Huawei and ZTE with the warning that the firms should not be allowed to sell their wares in the US, as they pose a security threat, a claim again denied by the companies.

Huawei scrutiny

In the UK, the Prime Minister’s National Security Adviser said recently it is to carry out a review of a Huawei-operated Cyber Security Evaluation Centre designed to assuage concerns the firm’s networking products contain Chinese government back-doors.

The move was in response to a report by the Intelligence and Security Committee earlier this month concluding that the UK has not done enough to ensure IT equipment made by foreign firms, in particular Huawei, does not pose a threat to critical national infrastructure.

Huawei is a major supplier of networking equipment for BT’s national infrastructure, having signed a major deal with BT in 2005. The company has, by contrast, been banned from competing for a £24bn broadband infrastructure programme in Australia.

Do you know all about public sector IT – the triumph and the tragedy? Take our quiz!