Leak Shows NSA Breached Huawei's Internal Servers, Grabbed Executive Emails And Source Code
from the corporate-surveillance dept
Over the weekend, Der Spiegel and the New York Times published another leaked document, this one detailing the NSA's breach of Huawei's servers. The end game, however, seems to be less targeted at monitoring the company for its supposed spying efforts (via its hardware) than to install NSA backdoors in hardware used by countries that would prefer not to "buy American."
The agency pried its way into the servers in Huawei’s sealed headquarters in Shenzhen, China’s industrial heart, according to N.S.A. documents provided by the former contractor Edward J. Snowden. It obtained information about the workings of the giant routers and complex digital switches that Huawei boasts connect a third of the world’s population, and monitored communications of the company’s top executives.Much of this is unsurprising. The government has long held (even though it has failed to produce any proof) that Huawei is used by the Chinese government to spy on other countries via subverted hardware, so it would make sense for the NSA to have the company under surveillance. But what's happening here seems to exceed the bounds of defensive surveillance and head into corporate espionage territory.
One of the goals of the operation, code-named “Shotgiant,” was to find any links between Huawei and the People’s Liberation Army, one 2010 document made clear. But the plans went further: to exploit Huawei’s technology so that when the company sold equipment to other countries — including both allies and nations that avoid buying American products — the N.S.A. could roam through their computer and telephone networks to conduct surveillance and, if ordered by the president, offensive cyberoperations.
As Karl Bode pointed out in an earlier story about the US government warning Americans away from Huawei network equipment, many of the Huawei spying allegations can be traced back to its main competitor, Cisco. Marcy Wheeler at emptywheel sees the NSA's Huawei spying as little more than a way for it to protect some of its main collection points.
[T]he articles make it clear that 3 years after they started this targeted program, SHOTGIANT, and at least a year after they gained access to the emails of Huawei’s CEO and Chair, NSA still had no evidence that Huawei is just a tool of the People’s Liberation Army, as the US government had been claiming before and since. Perhaps they’ve found evidence in the interim, but they hadn’t as recently as 2010.If there's been no evidence uncovered that Huawei equipment is being deployed with Chinese government-friendly backdoors, then the NSA is engaged in self-serving corporate espionage, one that keeps Cisco -- and consequently, the NSA -- in wide circulation.
Nevertheless the NSA still managed to steal Huawei’s source code. Not just so it could more easily spy on people who exclusively use Huawei’s networks. But also, it seems clear, in an attempt to prevent Huawei from winning even more business away from Cisco.
I suspect we’ll learn far more on Monday. But for now, we know that even the White House got involved in an operation targeting a company that threatens our hegemony on telecom backbones.
Even if you believe this is exactly the sort of thing our intelligence agencies should be doing, it's hard to ignore the inherent hypocrisy of the government's words and actions. Even Jack Goldsmith, who has previously argued that the US needs an "invasive NSA," had this to say about the latest leak.
The Huawei revelations are devastating rebuttals to hypocritical U.S. complaints about Chinese penetration of U.S. networks, and also make USG protestations about not stealing intellectual property to help U.S. firms’ competitiveness seem like the self-serving hairsplitting that it is.While the revelations that the NSA is surveilling a foreign company deemed untrustworthy by government officials are hardly surprising, the whole situation is tainted by the US government's hardline against Huawei. Many accusations have surfaced over the last decade but have remained unproven, even as the US government has locked Huawei out of domestic contracts and persuaded other countries to seek different vendors. This isn't passive monitoring being deployed to detect threats. This is an active invasion of a private company's internal network in order to subvert its hardware and software, all of which will likely benefit its largest competitor, either directly or indirectly. The NSA isn't Cisco's personal army, but their mutual goals (widespread Cisco deployment) are so closely aligned, the agency might as well be.
If the NSA has found any evidence that Huawei is operating on behalf of the Chinese government, now would be the time to make that information public. With Michelle Obama's goodwill tour of China underway, it's hardly beneficial for our surveillance hypocrisy to be on display (again).
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: china, economic espionage, espionage, nsa, surveillance
Companies: cisco, huawei
Reader Comments
Subscribe: RSS
View by: Time | Thread
Uhh...question. Why would the US government, now being able to tap into Huawei equipment and use them for spying purposes, then go around to other countries and say to them "Don't buy Huawei!"?
If I was the head of the NSA, and I've tapped into Huawei, I'd say to the White House to promote Huawei products, so as to make my spying job easier.
[ link to this | view in thread ]
Making friends the NSA way
Not only that, but this involves a company that provides direct competition to an american company, and one the government has accused of illegal spying in the past(projection much?), so no-one is going to believe there wasn't an industrial/governmental interest angle to this.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
The upside
Huawei spokesman Bill Plummer said: "If such espionage has been truly conducted, then it is known that the company is independent and has no unusual ties to any government and that knowledge should be relayed publicly to put an end to an era of mis- and disinformation."
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
The truth-telling via Snowden is well timed.
[ link to this | view in thread ]
Re:
Because they can get code into CISCO kit, but are reliant on bugs in Huawei. Inserting code into Huawei's code base would would almost certainly be spotted by Huawei's programmers.
[ link to this | view in thread ]
[ link to this | view in thread ]
The question now becomes...
To explain: this leak makes it clear that the NSA has a heavy interest in penetrating the corporate operations of manufacturers of routers and similar network gear. Huawei is an obvious target -- but so is Cisco. So (a) has the NSA attacked Cisco and the others in precisely in the same way? or (b) if not, why not? or (c) why haven't we found out about (a) or (b)?
After all, if I was the kind of unpatriotic Constitution-shredding coward who worked for the NSA and did this to Huawei, why would I stop there?
Let me raise a very disturbing possibility in answer to my own questions.
Perhaps the reason the NSA hasn't hacked Cisco et.al. is that they don't need to.
[ link to this | view in thread ]
NSA is only in the spying business for corporate espionage it seems. Hey US gov, stop stealing China's IP! You hypocrites.
[ link to this | view in thread ]
[ link to this | view in thread ]
The pattern
I think we can take this as strong evidence that Cisco equipment does, in fact, have back doors built into it.
[ link to this | view in thread ]
Re: The question now becomes...
Using your power to undermine a business because you doesn't want anyone to do business with them is illegal and could cost the US a lot of money by the end of this.
[ link to this | view in thread ]
Re:
Because they have even better back doors into Cisco equipment, purposely put there by the manufacturer? One hand washes the other.
[ link to this | view in thread ]
cisco
[ link to this | view in thread ]
Re:
I bet the Chinese have teams following after her every step of the way to remove spy bugs her entourage may have planted.
[ link to this | view in thread ]
Re: cisco
[ link to this | view in thread ]
[ link to this | view in thread ]
NSA Threats
[ link to this | view in thread ]
Re: cisco
Maybe they *used* to. Heh.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
I suppose they could try to strong arm countries without nuclear weapons. That's pretty much been America's foreign policy, for the last half century.
[ link to this | view in thread ]