Temps de lecture : 3 min
Table of Contents
Key Takeaways
- Infrastructure Archaïque : IBM’s own internal report admits attackers compromised nearly 400 accounts and 200 systems across 18 countries due to outdated core network.
- Cover-Up Allegations : Former VP claims IBM failed to notify U.S. government or agencies after APT 10 breach, despite selling cybersecurity to the feds.
- Logging Failure : Basic security practice—keeping access logs—was absent. Without logs, post-breach investigation was impossible. This is not theory.
The Allegations That Won’t Go Away
Let me be specific. A former IBM cybersecurity VP, William Barlow, filed a lawsuit in 2020 that was unsealed this week. The core claim: IBM’s core network was « routinely hacked by foreign state actors » between 2013 and 2016, and the company covered it up. The U.S. Department of Justice declined to intervene, but the complaint is still in play. Here’s what actually happens in production when the people selling security can’t secure themselves.
The Breach Nobody Wanted to Talk About
According to Barlow, the Chinese government-backed group APT 10 hit IBM’s network. The Five Eyes intelligence alliance warned IBM in March 2017. The internal investigation found that APT 10 potentially breached IBM’s network more than 56,000 times between 2013 and 2016. Most people get this wrong: they think internal investigations fix things. Here they discovered they couldn’t investigate because they hadn’t kept access logs. The demo worked. Production didn’t.
The Real Cost: Trust, Not Just Data
IBM sells cybersecurity to the U.S. federal government. The real cost is not the breach itself—it’s the cover-up. Barlow alleges that IBM never notified the government agencies, nor did it notify AT&T, its partner in the core network. This isn’t theory. We’ve built systems that rely on auditable trails for years at Rebirth Distribution. Without logging, any automation stack is a liability. And here, the state actors were inside the network for years undetected.
Architecture First: Why This Happens
The complaint describes IBM’s core network infrastructure as « archaic. » That’s ops-speak for brittle. In production, archaic infrastructure means no real monitoring, outdated Docker images, legacy n8n workflows if any. Attackers accessed nearly 400 compromised accounts and almost 200 systems across 18 countries. Every business unit was hit. When you design automation, you have to assume the network is already compromised. That’s why our Hermes agent orchestration builds in layered telemetry from day one.
The Sub-Breaches Nobody Talked About
Barlow also alleges that IBM’s acquisitions—Trusteer (2013) and Truven (2016)—were breached after acquisition. Trusteer in 2018, Truven multiple times. The complaint says IBM failed to investigate or disclose these. This is a classic failure mode: acquiring startups with legacy stacks and never hardening them. We’ve seen this pattern dozens of times. Incremental path? Start with logging, monitoring, and agent-based orchestration. But IBM didn’t.
What This Means for Real-World Automation
If you’re running automation on a stack that can’t log access, you’re not running automation—you’re running a liability. The APT 10 breach shows that even the vendors selling security tools can fail at the basics. We built OpenClaw to enforce audit trails as code, not as afterthoughts. This isn’t theory. The lawsuit is still active, and the underlying security gaps are still relevant. Most people get this wrong: they think compliance is security. In production, it’s logging, monitoring, and response that matter.
IBM spokesperson Miki Carver declined to answer specific questions, stating, « This complaint was filed six years ago, and the U.S. Department of Justice declined to intervene. IBM is confident that our actions followed the letter of the law. » Jason Brown, lawyer for Barlow, told TechCrunch, « You can’t sell cybersecurity to the federal government while allegedly having these security problems within your own company. »