China Balvenie Global was raided by the FBI’s Florida office suspected of being involved in a cyber attack

Shenzhen-based PAX Technology Co., Ltd. issued a statement on Friday (October 29) confirming that US federal investigators raided the company’s office in Florida, the United States, but did not explain why. According to media reports, the search may be suspected of the company being involved in cyberattacks in the United States and Europe. Experts believe that the Chinese government may use the company’s payment terminals for information theft.

PAX Global Technology Co., Ltd. is an electronic payment point-of-sale terminal supplier in China. Its products are used by millions of companies and retailers around the world. It has tens of millions of point-of-sale terminals in 120 countries and regions around the world.

Officials from the US Federal Bureau of Investigation (FBI) and Customs and Border Protection executed a court order on Tuesday (October 26) to search the offices and warehouses of PAX Global subsidiaries in Florida. A statement submitted by the company to the Hong Kong Stock Exchange on Friday confirmed that some items were confiscated.

The FBI said in a statement to local media: “The Jacksonville branch of the Federal Bureau of Investigation is cooperating with the Department of Homeland Security, Customs and Border Protection, Department of Commerce, and Naval Crime Investigation Bureau, with the support of the Jacksonville Sheriff’s Office. , To perform a court-authorized search at this location to facilitate the federal investigation. We did not find any actual threats to the surrounding communities during this search. The investigation is still ongoing and no more information can be confirmed at this time.”

According to local media reports, the FBI did not have a precise timetable on how long it would take to find evidence, and said that the British MI5 also launched an investigation into the company.

Independent cybersecurity journalist Brian Krebs (Brian Krebs) first reported on the raid. He quoted an anonymous source on his blog KrebsOnSecurity as saying that in the United States, a major payment processor from PAX Global Payment After the abnormal network data packet of the terminal raised doubts, the FBI began to investigate PAX Global.

Krebs quoted a source as saying: “There is technical evidence that (PAX Global) terminals are used for attack operations. The packet size does not match the payment data they should send, and it may also be possible for these devices to update their software. The telemetry data displayed is not relevant.”

According to the source, the payment processor discovered that the PAX Global Terminal was used as a malware “dropper” and as a “command and control” location for launching attacks and collecting information.

Nicholas Effidiades, a retired senior US intelligence official and an expert on Chinese intelligence affairs, told VOA, “If the PAX Global Terminal is really used as a malware dispenser, then they can use their Internet access rights to change Malware spreads to servers that manage credit card transactions around the world. If they are used to command and control malware, they may collect, manipulate, or even destroy financial data. Because there are 57 million PAX terminals in 120 countries and regions, These actions can be done as a coordinated effort on a global scale.”

U.S. and British financial providers remove PAX Global equipment

According to sources, the two major financial providers in the United States and the United Kingdom have begun to withdraw from the PAX Global Terminal from their payment infrastructure.

According to Bloomberg News, Worldpay, a subsidiary of FIS in the United States, told its partner companies on October 8 that it had decided to remove PAX’s equipment and replaced it with two competitors, Verifone and Ingenico. Point of sale equipment.

A spokesperson for Worldpay said in a statement that it no longer installs PAX point-of-sale devices, “because PAX Global has not received a satisfactory response regarding this matter… Although we have no evidence that PAX is operating through PAX Global’s POS equipment The data has been leaked, but we have been working directly with customers to replace these devices with other devices without adding any cost to them, and to minimize interference with their business.”

According to Bloomberg News, PAX Global President and CEO Andy Chau fought back on October 19. He responded to Worldpay customers, condemning “confusing and incorrect information about the reason for the suspension.”

In response, Chau said: “PAX Global wants to assure all customers that we support the safety of our products and services. Every PAX Global equipment undergoes rigorous internal testing and external certification to ensure that it is protected in accordance with industry safety standards. Payment data. Our policy is to ensure that information sent through PAX’s equipment is only safely transmitted to the intended recipient.”

PAX Global stated in a statement to the Hong Kong Stock Exchange: “As far as the board of directors knows…Nowhere in the world, PAX Global’s products and services have received any reports of cyber attacks, and there have been no complaints about cyber attacks, including Any violation of the security agreement.”

Krebs quoted a source as saying: “Baifu Global now claims that the investigation was motivated by ethnic and political motives.”

Since Wednesday, PAX Global’s shares on the Hong Kong Stock Exchange have suspended trading after plummeting more than 40%. The company said on Friday that trading will resume on November 1.

VOA tried to contact the FBI branch in Jacksonville, Florida, but did not get a reply before the deadline.

Efedi Miades: The United States needs to develop a unified strategy with its allies

Dakota Cary, a research analyst at the Center for Security and Emerging Technologies at Georgetown University, believes that the current investigation is to determine whether PAX Global participated in the attack deliberately or unknowingly.

Lei Kerry told VOA: “If PAX Global intends to support these actions, it will be the most shameless use of China’s military-civilian integration so far. If PAX Global does not know it, then they have proved an unfortunate reality. That is, the Chinese government will sacrifice Chinese companies to complete cyber attacks.”

It is not uncommon for payment terminals to be remotely hacked by malicious software to collect and transmit stolen information. In fact, some of the largest online thefts in history have involved point-of-sale malware. For example, a vulnerability in Hartland Payment Systems in 2008 leaked 100 million payment card information, and Target, Home Depot, etc. from 2013 to 2014 The theft of data and information suffered by merchants resulted in the disclosure of information on approximately 100 million cards.

The Federal Communications Commission announced on the 26th and 26th that the Order on Revocation and Termination (Order on Revocation and Termination) was revoked by China Telecom Americas to provide domestic interstate and international communication services in the United States. Stop any domestic and international communication services within 60 days.

The committee pointed out that China Telecom Americas is a US branch of a Chinese state-owned enterprise and is the subject of use, influence, and control by the Chinese government, and it is very likely to be forced to implement the requirements of the Chinese government.

Last year, the committee listed Huawei and ZTE as national security threats to communications networks, and prohibited US companies from using US$8.3 billion in government funds to purchase equipment from these companies.

Effi Di Miades, a Chinese intelligence affairs expert, believes that the United States should cooperate with allies to develop strategies to prevent the recurrence of hacking activities.

He told VOA: “The United States and its allies have not formulated a unified strategy and deterrence posture to deal with state-sponsored hacking activities. So far, their collective response has been mainly defensive in nature, fearing an escalation. These actions have not prompted Violating countries such as China and Russia have stopped active cyber attacks.”

“The United States must cooperate with allies to use all the elements of political, information and economic power to provide comprehensive countermeasures to curb criminal hacking activities in China and Russia.” Efedi Miades said.

At a regular press conference on the 28th, Chinese Foreign Ministry spokesperson Wang Wenbin asked reporters about PAX Global’s raid and China Telecom’s license being revoked by the United States. Enterprises carry out mutually beneficial and win-win cooperation in accordance with commercial principles and international rules, and on the basis of abiding by local laws.” Wang Wenbin called on the United States to “provide a fair, just and non-discriminatory business environment” for Chinese companies operating in the United States.