Leak Shows NSA Breached Huawei's Internal Servers, Grabbed Executive Emails And Source Code

from the corporate-surveillance dept

Over the weekend, Der Spiegel and the New York Times published another leaked document, this one detailing the NSA’s breach of Huawei’s servers. The end game, however, seems to be less targeted at monitoring the company for its supposed spying efforts (via its hardware) than to install NSA backdoors in hardware used by countries that would prefer not to “buy American.”

The agency pried its way into the servers in Huawei’s sealed headquarters in Shenzhen, China’s industrial heart, according to N.S.A. documents provided by the former contractor Edward J. Snowden. It obtained information about the workings of the giant routers and complex digital switches that Huawei boasts connect a third of the world’s population, and monitored communications of the company’s top executives.

One of the goals of the operation, code-named “Shotgiant,” was to find any links between Huawei and the People’s Liberation Army, one 2010 document made clear. But the plans went further: to exploit Huawei’s technology so that when the company sold equipment to other countries — including both allies and nations that avoid buying American products — the N.S.A. could roam through their computer and telephone networks to conduct surveillance and, if ordered by the president, offensive cyberoperations.

Much of this is unsurprising. The government has long held (even though it has failed to produce any proof) that Huawei is used by the Chinese government to spy on other countries via subverted hardware, so it would make sense for the NSA to have the company under surveillance. But what’s happening here seems to exceed the bounds of defensive surveillance and head into corporate espionage territory.

As Karl Bode pointed out in an earlier story about the US government warning Americans away from Huawei network equipment, many of the Huawei spying allegations can be traced back to its main competitor, Cisco. Marcy Wheeler at emptywheel sees the NSA’s Huawei spying as little more than a way for it to protect some of its main collection points.

[T]he articles make it clear that 3 years after they started this targeted program, SHOTGIANT, and at least a year after they gained access to the emails of Huawei’s CEO and Chair, NSA still had no evidence that Huawei is just a tool of the People’s Liberation Army, as the US government had been claiming before and since. Perhaps they’ve found evidence in the interim, but they hadn’t as recently as 2010.

Nevertheless the NSA still managed to steal Huawei’s source code. Not just so it could more easily spy on people who exclusively use Huawei’s networks. But also, it seems clear, in an attempt to prevent Huawei from winning even more business away from Cisco.

I suspect we’ll learn far more on Monday. But for now, we know that even the White House got involved in an operation targeting a company that threatens our hegemony on telecom backbones.

If there’s been no evidence uncovered that Huawei equipment is being deployed with Chinese government-friendly backdoors, then the NSA is engaged in self-serving corporate espionage, one that keeps Cisco — and consequently, the NSA — in wide circulation.

Even if you believe this is exactly the sort of thing our intelligence agencies should be doing, it’s hard to ignore the inherent hypocrisy of the government’s words and actions. Even Jack Goldsmith, who has previously argued that the US needs an “invasive NSA,” had this to say about the latest leak.

The Huawei revelations are devastating rebuttals to hypocritical U.S. complaints about Chinese penetration of U.S. networks, and also make USG protestations about not stealing intellectual property to help U.S. firms’ competitiveness seem like the self-serving hairsplitting that it is.

While the revelations that the NSA is surveilling a foreign company deemed untrustworthy by government officials are hardly surprising, the whole situation is tainted by the US government’s hardline against Huawei. Many accusations have surfaced over the last decade but have remained unproven, even as the US government has locked Huawei out of domestic contracts and persuaded other countries to seek different vendors. This isn’t passive monitoring being deployed to detect threats. This is an active invasion of a private company’s internal network in order to subvert its hardware and software, all of which will likely benefit its largest competitor, either directly or indirectly. The NSA isn’t Cisco’s personal army, but their mutual goals (widespread Cisco deployment) are so closely aligned, the agency might as well be.

If the NSA has found any evidence that Huawei is operating on behalf of the Chinese government, now would be the time to make that information public. With Michelle Obama’s goodwill tour of China underway, it’s hardly beneficial for our surveillance hypocrisy to be on display (again).

Filed Under: , , , ,
Companies: cisco, huawei

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Leak Shows NSA Breached Huawei's Internal Servers, Grabbed Executive Emails And Source Code”

Subscribe: RSS Leave a comment
Rikuo (profile) says:

“even as the US government has locked Huawei out of domestic contracts and persuaded other countries to seek different vendors.”

Uhh…question. Why would the US government, now being able to tap into Huawei equipment and use them for spying purposes, then go around to other countries and say to them “Don’t buy Huawei!”?
If I was the head of the NSA, and I’ve tapped into Huawei, I’d say to the White House to promote Huawei products, so as to make my spying job easier.

Anonymous Coward says:

Re: Re:

Uhh…question. Why would the US government, now being able to tap into Huawei equipment and use them for spying purposes, then go around to other countries and say to them “Don’t buy Huawei!”?
Because they can get code into CISCO kit, but are reliant on bugs in Huawei. Inserting code into Huawei’s code base would would almost certainly be spotted by Huawei’s programmers.

Anonymous Coward says:

Re: Re:

” Why would the US government, now being able to tap into Huawei equipment and use them for spying purposes, then go around to other countries and say to them “Don’t buy Huawei!”? “

Because they have even better back doors into Cisco equipment, purposely put there by the manufacturer? One hand washes the other.

That One Guy (profile) says:

Making friends the NSA way

So the NSA has not only tarnished the reputation of american electronics/tech companies, as people and other governments no longer trust that they’ll be secure, now they’re even screwing up the reputation of foreign companies as well, by compromising their products also.

Not only that, but this involves a company that provides direct competition to an american company, and one the government has accused of illegal spying in the past(projection much?), so no-one is going to believe there wasn’t an industrial/governmental interest angle to this.

Ole Juul (profile) says:

The upside

Now the US can confirm that Huawei is not working with the Chinese government and will be able to tell the world that they were wrong about that. No?

Huawei spokesman Bill Plummer said: “If such espionage has been truly conducted, then it is known that the company is independent and has no unusual ties to any government and that knowledge should be relayed publicly to put an end to an era of mis- and disinformation.”

Anonymous Coward says:

The question now becomes...

…why aren’t we looking at similar leaks concerning Cisco (and Juniper et.al.)?

To explain: this leak makes it clear that the NSA has a heavy interest in penetrating the corporate operations of manufacturers of routers and similar network gear. Huawei is an obvious target — but so is Cisco. So (a) has the NSA attacked Cisco and the others in precisely in the same way? or (b) if not, why not? or (c) why haven’t we found out about (a) or (b)?

After all, if I was the kind of unpatriotic Constitution-shredding coward who worked for the NSA and did this to Huawei, why would I stop there?

Let me raise a very disturbing possibility in answer to my own questions.

Perhaps the reason the NSA hasn’t hacked Cisco et.al. is that they don’t need to.

anon says:

Re: The question now becomes...

I just hope that China can find backdoors created by the US and announce them to the world and destroy Cisco as a company, although I believe no country wants to use Cisco if they can avoid them.
Using your power to undermine a business because you doesn’t want anyone to do business with them is illegal and could cost the US a lot of money by the end of this.

Anonymous Coward says:

Re: Re: Re:

Yes, China does not have any incentives to prosecute foreign nationals across the world for copyrights or drug related charges, nor do they have a terrorism card to justify a crazy spend to spy on the rest of the world. Their spying is probably limited to important people in high places and not the mass general surveillance programs which the NSA has the budget to do.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...