Leak Shows NSA Breached Huawei's Internal Servers, Grabbed Executive Emails And Source Code

from the corporate-surveillance dept

Over the weekend, Der Spiegel and the New York Times published another leaked document, this one detailing the NSA's breach of Huawei's servers. The end game, however, seems to be less targeted at monitoring the company for its supposed spying efforts (via its hardware) than to install NSA backdoors in hardware used by countries that would prefer not to "buy American."

The agency pried its way into the servers in Huawei’s sealed headquarters in Shenzhen, China’s industrial heart, according to N.S.A. documents provided by the former contractor Edward J. Snowden. It obtained information about the workings of the giant routers and complex digital switches that Huawei boasts connect a third of the world’s population, and monitored communications of the company’s top executives.

One of the goals of the operation, code-named “Shotgiant,” was to find any links between Huawei and the People’s Liberation Army, one 2010 document made clear. But the plans went further: to exploit Huawei’s technology so that when the company sold equipment to other countries — including both allies and nations that avoid buying American products — the N.S.A. could roam through their computer and telephone networks to conduct surveillance and, if ordered by the president, offensive cyberoperations.
Much of this is unsurprising. The government has long held (even though it has failed to produce any proof) that Huawei is used by the Chinese government to spy on other countries via subverted hardware, so it would make sense for the NSA to have the company under surveillance. But what's happening here seems to exceed the bounds of defensive surveillance and head into corporate espionage territory.

As Karl Bode pointed out in an earlier story about the US government warning Americans away from Huawei network equipment, many of the Huawei spying allegations can be traced back to its main competitor, Cisco. Marcy Wheeler at emptywheel sees the NSA's Huawei spying as little more than a way for it to protect some of its main collection points.
[T]he articles make it clear that 3 years after they started this targeted program, SHOTGIANT, and at least a year after they gained access to the emails of Huawei’s CEO and Chair, NSA still had no evidence that Huawei is just a tool of the People’s Liberation Army, as the US government had been claiming before and since. Perhaps they’ve found evidence in the interim, but they hadn’t as recently as 2010.

Nevertheless the NSA still managed to steal Huawei’s source code. Not just so it could more easily spy on people who exclusively use Huawei’s networks. But also, it seems clear, in an attempt to prevent Huawei from winning even more business away from Cisco.

I suspect we’ll learn far more on Monday. But for now, we know that even the White House got involved in an operation targeting a company that threatens our hegemony on telecom backbones.
If there's been no evidence uncovered that Huawei equipment is being deployed with Chinese government-friendly backdoors, then the NSA is engaged in self-serving corporate espionage, one that keeps Cisco -- and consequently, the NSA -- in wide circulation.

Even if you believe this is exactly the sort of thing our intelligence agencies should be doing, it's hard to ignore the inherent hypocrisy of the government's words and actions. Even Jack Goldsmith, who has previously argued that the US needs an "invasive NSA," had this to say about the latest leak.
The Huawei revelations are devastating rebuttals to hypocritical U.S. complaints about Chinese penetration of U.S. networks, and also make USG protestations about not stealing intellectual property to help U.S. firms’ competitiveness seem like the self-serving hairsplitting that it is.
While the revelations that the NSA is surveilling a foreign company deemed untrustworthy by government officials are hardly surprising, the whole situation is tainted by the US government's hardline against Huawei. Many accusations have surfaced over the last decade but have remained unproven, even as the US government has locked Huawei out of domestic contracts and persuaded other countries to seek different vendors. This isn't passive monitoring being deployed to detect threats. This is an active invasion of a private company's internal network in order to subvert its hardware and software, all of which will likely benefit its largest competitor, either directly or indirectly. The NSA isn't Cisco's personal army, but their mutual goals (widespread Cisco deployment) are so closely aligned, the agency might as well be.

If the NSA has found any evidence that Huawei is operating on behalf of the Chinese government, now would be the time to make that information public. With Michelle Obama's goodwill tour of China underway, it's hardly beneficial for our surveillance hypocrisy to be on display (again).

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: china, economic espionage, espionage, nsa, surveillance
Companies: cisco, huawei


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Rikuo (profile), 24 Mar 2014 @ 3:31am

    "even as the US government has locked Huawei out of domestic contracts and persuaded other countries to seek different vendors."

    Uhh...question. Why would the US government, now being able to tap into Huawei equipment and use them for spying purposes, then go around to other countries and say to them "Don't buy Huawei!"?
    If I was the head of the NSA, and I've tapped into Huawei, I'd say to the White House to promote Huawei products, so as to make my spying job easier.

    link to this | view in chronology ]

    • icon
      That One Guy (profile), 24 Mar 2014 @ 3:37am

      Re:

      Well, if they've compromised both Cisco and Huawei, both are equally useful for spying, but Cisco, being american based, is likely easier to monitor and manipulate, and in fact might be willing to help the NSA do so, in exchange for their 'help' dealing with Huawei and convincing people not to buy from them.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Mar 2014 @ 4:01am

      Re:

      Probably because they compromised everything else...

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Mar 2014 @ 4:28am

      Re:

      Uhh...question. Why would the US government, now being able to tap into Huawei equipment and use them for spying purposes, then go around to other countries and say to them "Don't buy Huawei!"?
      Because they can get code into CISCO kit, but are reliant on bugs in Huawei. Inserting code into Huawei's code base would would almost certainly be spotted by Huawei's programmers.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Mar 2014 @ 6:45am

      Re:

      " Why would the US government, now being able to tap into Huawei equipment and use them for spying purposes, then go around to other countries and say to them "Don't buy Huawei!"? "

      Because they have even better back doors into Cisco equipment, purposely put there by the manufacturer? One hand washes the other.

      link to this | view in chronology ]

  • icon
    That One Guy (profile), 24 Mar 2014 @ 3:33am

    Making friends the NSA way

    So the NSA has not only tarnished the reputation of american electronics/tech companies, as people and other governments no longer trust that they'll be secure, now they're even screwing up the reputation of foreign companies as well, by compromising their products also.

    Not only that, but this involves a company that provides direct competition to an american company, and one the government has accused of illegal spying in the past(projection much?), so no-one is going to believe there wasn't an industrial/governmental interest angle to this.

    link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 24 Mar 2014 @ 3:55am

    Perhaps those who were talking about Huawei were hacked and unreliable saw what the NSA added.

    link to this | view in chronology ]

  • icon
    Ole Juul (profile), 24 Mar 2014 @ 4:00am

    The upside

    Now the US can confirm that Huawei is not working with the Chinese government and will be able to tell the world that they were wrong about that. No?

    Huawei spokesman Bill Plummer said: "If such espionage has been truly conducted, then it is known that the company is independent and has no unusual ties to any government and that knowledge should be relayed publicly to put an end to an era of mis- and disinformation."

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Mar 2014 @ 4:19am

    If it's OK to finance terrorists, overthrow elected governments, and even bomb countries to rubble - all in the name of America's strategic interests - then what's the big deal about a little harmless spying?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Mar 2014 @ 4:23am

    With Michelle Obama's goodwill tour of China underway,

    The truth-telling via Snowden is well timed.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Mar 2014 @ 7:17am

      Re:

      "With Michelle Obama's goodwill tour of China underway, ..."

      I bet the Chinese have teams following after her every step of the way to remove spy bugs her entourage may have planted.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Mar 2014 @ 5:06am

    and the US was accusing Huawei a short while ago of building backdoors into their routers. seems it's the other way round as far as who is doing something underhand to Huawei products!!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Mar 2014 @ 5:46am

    The question now becomes...

    ...why aren't we looking at similar leaks concerning Cisco (and Juniper et.al.)?

    To explain: this leak makes it clear that the NSA has a heavy interest in penetrating the corporate operations of manufacturers of routers and similar network gear. Huawei is an obvious target -- but so is Cisco. So (a) has the NSA attacked Cisco and the others in precisely in the same way? or (b) if not, why not? or (c) why haven't we found out about (a) or (b)?

    After all, if I was the kind of unpatriotic Constitution-shredding coward who worked for the NSA and did this to Huawei, why would I stop there?

    Let me raise a very disturbing possibility in answer to my own questions.

    Perhaps the reason the NSA hasn't hacked Cisco et.al. is that they don't need to.

    link to this | view in chronology ]

    • identicon
      anon, 24 Mar 2014 @ 6:36am

      Re: The question now becomes...

      I just hope that China can find backdoors created by the US and announce them to the world and destroy Cisco as a company, although I believe no country wants to use Cisco if they can avoid them.
      Using your power to undermine a business because you doesn't want anyone to do business with them is illegal and could cost the US a lot of money by the end of this.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Mar 2014 @ 5:51am

    "grabbed the source code" - yeah...for the war on terror, I'm sure.

    NSA is only in the spying business for corporate espionage it seems. Hey US gov, stop stealing China's IP! You hypocrites.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Mar 2014 @ 5:56am

    I knew the US government wanted to ban Huawei to help Cisco. It was actually very obvious, especially since they never had any proof along with their accusations.

    link to this | view in chronology ]

  • icon
    John Fenderson (profile), 24 Mar 2014 @ 6:12am

    The pattern

    This is just part of a larger pattern that seems to have become absolute in US politics over the past couple of decades: accusing your opponents of the very things you're doing.

    I think we can take this as strong evidence that Cisco equipment does, in fact, have back doors built into it.

    link to this | view in chronology ]

  • identicon
    Roman, 24 Mar 2014 @ 6:51am

    cisco

    Doesn't Cisco provide tech to the Chinese government to get their Great Firewall to work?

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 24 Mar 2014 @ 7:55am

      Re: cisco

      Indeed yes. In fact, there's a lawsuit against them about that that is (I believe) still working its way through the courts.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Mar 2014 @ 8:14am

      Re: cisco

      "Doesn't Cisco provide tech to the Chinese government to get their Great Firewall to work?"

      Maybe they *used* to. Heh.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Mar 2014 @ 8:09am

    NSA: "HoHum. Been there, done that.. And so, what are you gonna do about it??"

    link to this | view in chronology ]

  • identicon
    edpo, 24 Mar 2014 @ 8:10am

    NSA Threats

    The NSA is a threat to our capitalist economies, preferring instead something more closely aligned with familiar fascist economies. Even the corporatists should be upset.

    link to this | view in chronology ]

  • icon
    Ninja (profile), 24 Mar 2014 @ 9:12am

    If anything this is a clear signal to actually ditch American companies and go for Huawei. Seriously, the US has been shooting themselves in the feet so frequently that it's astonishing they are still standing..

    link to this | view in chronology ]

    • icon
      John Fenderson (profile), 24 Mar 2014 @ 9:17am

      Re:

      Yeah, I've been nudged in this direction myself. My reasoning is that if I have to choose who's spying on me, I'd rather it be China than the US. China is less likely to cause me harm.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 24 Mar 2014 @ 11:18am

        Re: Re:

        Yes, China does not have any incentives to prosecute foreign nationals across the world for copyrights or drug related charges, nor do they have a terrorism card to justify a crazy spend to spy on the rest of the world. Their spying is probably limited to important people in high places and not the mass general surveillance programs which the NSA has the budget to do.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 24 Mar 2014 @ 7:34pm

    US Gov is full of lying, corrupt hypocrites. How do US official expect to negotiate with the rest of the world, now that their words carry little to no credibility?

    I suppose they could try to strong arm countries without nuclear weapons. That's pretty much been America's foreign policy, for the last half century.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.