Leak Shows NSA Breached Huawei's Internal Servers, Grabbed Executive Emails And Source Code

from the corporate-surveillance dept

Over the weekend, Der Spiegel and the New York Times published another leaked document, this one detailing the NSA's breach of Huawei's servers. The end game, however, seems to be less targeted at monitoring the company for its supposed spying efforts (via its hardware) than to install NSA backdoors in hardware used by countries that would prefer not to "buy American."

The agency pried its way into the servers in Huawei’s sealed headquarters in Shenzhen, China’s industrial heart, according to N.S.A. documents provided by the former contractor Edward J. Snowden. It obtained information about the workings of the giant routers and complex digital switches that Huawei boasts connect a third of the world’s population, and monitored communications of the company’s top executives.

One of the goals of the operation, code-named “Shotgiant,” was to find any links between Huawei and the People’s Liberation Army, one 2010 document made clear. But the plans went further: to exploit Huawei’s technology so that when the company sold equipment to other countries — including both allies and nations that avoid buying American products — the N.S.A. could roam through their computer and telephone networks to conduct surveillance and, if ordered by the president, offensive cyberoperations.
Much of this is unsurprising. The government has long held (even though it has failed to produce any proof) that Huawei is used by the Chinese government to spy on other countries via subverted hardware, so it would make sense for the NSA to have the company under surveillance. But what's happening here seems to exceed the bounds of defensive surveillance and head into corporate espionage territory.

As Karl Bode pointed out in an earlier story about the US government warning Americans away from Huawei network equipment, many of the Huawei spying allegations can be traced back to its main competitor, Cisco. Marcy Wheeler at emptywheel sees the NSA's Huawei spying as little more than a way for it to protect some of its main collection points.
[T]he articles make it clear that 3 years after they started this targeted program, SHOTGIANT, and at least a year after they gained access to the emails of Huawei’s CEO and Chair, NSA still had no evidence that Huawei is just a tool of the People’s Liberation Army, as the US government had been claiming before and since. Perhaps they’ve found evidence in the interim, but they hadn’t as recently as 2010.

Nevertheless the NSA still managed to steal Huawei’s source code. Not just so it could more easily spy on people who exclusively use Huawei’s networks. But also, it seems clear, in an attempt to prevent Huawei from winning even more business away from Cisco.

I suspect we’ll learn far more on Monday. But for now, we know that even the White House got involved in an operation targeting a company that threatens our hegemony on telecom backbones.
If there's been no evidence uncovered that Huawei equipment is being deployed with Chinese government-friendly backdoors, then the NSA is engaged in self-serving corporate espionage, one that keeps Cisco -- and consequently, the NSA -- in wide circulation.

Even if you believe this is exactly the sort of thing our intelligence agencies should be doing, it's hard to ignore the inherent hypocrisy of the government's words and actions. Even Jack Goldsmith, who has previously argued that the US needs an "invasive NSA," had this to say about the latest leak.
The Huawei revelations are devastating rebuttals to hypocritical U.S. complaints about Chinese penetration of U.S. networks, and also make USG protestations about not stealing intellectual property to help U.S. firms’ competitiveness seem like the self-serving hairsplitting that it is.
While the revelations that the NSA is surveilling a foreign company deemed untrustworthy by government officials are hardly surprising, the whole situation is tainted by the US government's hardline against Huawei. Many accusations have surfaced over the last decade but have remained unproven, even as the US government has locked Huawei out of domestic contracts and persuaded other countries to seek different vendors. This isn't passive monitoring being deployed to detect threats. This is an active invasion of a private company's internal network in order to subvert its hardware and software, all of which will likely benefit its largest competitor, either directly or indirectly. The NSA isn't Cisco's personal army, but their mutual goals (widespread Cisco deployment) are so closely aligned, the agency might as well be.

If the NSA has found any evidence that Huawei is operating on behalf of the Chinese government, now would be the time to make that information public. With Michelle Obama's goodwill tour of China underway, it's hardly beneficial for our surveillance hypocrisy to be on display (again).


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Rikuo (profile), Mar 24th, 2014 @ 3:31am

    "even as the US government has locked Huawei out of domestic contracts and persuaded other countries to seek different vendors."

    Uhh...question. Why would the US government, now being able to tap into Huawei equipment and use them for spying purposes, then go around to other countries and say to them "Don't buy Huawei!"?
    If I was the head of the NSA, and I've tapped into Huawei, I'd say to the White House to promote Huawei products, so as to make my spying job easier.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    That One Guy (profile), Mar 24th, 2014 @ 3:33am

    Making friends the NSA way

    So the NSA has not only tarnished the reputation of american electronics/tech companies, as people and other governments no longer trust that they'll be secure, now they're even screwing up the reputation of foreign companies as well, by compromising their products also.

    Not only that, but this involves a company that provides direct competition to an american company, and one the government has accused of illegal spying in the past(projection much?), so no-one is going to believe there wasn't an industrial/governmental interest angle to this.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    That One Guy (profile), Mar 24th, 2014 @ 3:37am

    Re:

    Well, if they've compromised both Cisco and Huawei, both are equally useful for spying, but Cisco, being american based, is likely easier to monitor and manipulate, and in fact might be willing to help the NSA do so, in exchange for their 'help' dealing with Huawei and convincing people not to buy from them.

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    That Anonymous Coward (profile), Mar 24th, 2014 @ 3:55am

    Perhaps those who were talking about Huawei were hacked and unreliable saw what the NSA added.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Ole Juul (profile), Mar 24th, 2014 @ 4:00am

    The upside

    Now the US can confirm that Huawei is not working with the Chinese government and will be able to tell the world that they were wrong about that. No?

    Huawei spokesman Bill Plummer said: "If such espionage has been truly conducted, then it is known that the company is independent and has no unusual ties to any government and that knowledge should be relayed publicly to put an end to an era of mis- and disinformation."

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Mar 24th, 2014 @ 4:01am

    Re:

    Probably because they compromised everything else...

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Mar 24th, 2014 @ 4:19am

    If it's OK to finance terrorists, overthrow elected governments, and even bomb countries to rubble - all in the name of America's strategic interests - then what's the big deal about a little harmless spying?

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Mar 24th, 2014 @ 4:23am

    With Michelle Obama's goodwill tour of China underway,

    The truth-telling via Snowden is well timed.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Mar 24th, 2014 @ 4:28am

    Re:

    Uhh...question. Why would the US government, now being able to tap into Huawei equipment and use them for spying purposes, then go around to other countries and say to them "Don't buy Huawei!"?
    Because they can get code into CISCO kit, but are reliant on bugs in Huawei. Inserting code into Huawei's code base would would almost certainly be spotted by Huawei's programmers.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Mar 24th, 2014 @ 5:06am

    and the US was accusing Huawei a short while ago of building backdoors into their routers. seems it's the other way round as far as who is doing something underhand to Huawei products!!

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Mar 24th, 2014 @ 5:46am

    The question now becomes...

    ...why aren't we looking at similar leaks concerning Cisco (and Juniper et.al.)?

    To explain: this leak makes it clear that the NSA has a heavy interest in penetrating the corporate operations of manufacturers of routers and similar network gear. Huawei is an obvious target -- but so is Cisco. So (a) has the NSA attacked Cisco and the others in precisely in the same way? or (b) if not, why not? or (c) why haven't we found out about (a) or (b)?

    After all, if I was the kind of unpatriotic Constitution-shredding coward who worked for the NSA and did this to Huawei, why would I stop there?

    Let me raise a very disturbing possibility in answer to my own questions.

    Perhaps the reason the NSA hasn't hacked Cisco et.al. is that they don't need to.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Mar 24th, 2014 @ 5:51am

    "grabbed the source code" - yeah...for the war on terror, I'm sure.

    NSA is only in the spying business for corporate espionage it seems. Hey US gov, stop stealing China's IP! You hypocrites.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Mar 24th, 2014 @ 5:56am

    I knew the US government wanted to ban Huawei to help Cisco. It was actually very obvious, especially since they never had any proof along with their accusations.

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    John Fenderson (profile), Mar 24th, 2014 @ 6:12am

    The pattern

    This is just part of a larger pattern that seems to have become absolute in US politics over the past couple of decades: accusing your opponents of the very things you're doing.

    I think we can take this as strong evidence that Cisco equipment does, in fact, have back doors built into it.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    anon, Mar 24th, 2014 @ 6:36am

    Re: The question now becomes...

    I just hope that China can find backdoors created by the US and announce them to the world and destroy Cisco as a company, although I believe no country wants to use Cisco if they can avoid them.
    Using your power to undermine a business because you doesn't want anyone to do business with them is illegal and could cost the US a lot of money by the end of this.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Mar 24th, 2014 @ 6:45am

    Re:

    " Why would the US government, now being able to tap into Huawei equipment and use them for spying purposes, then go around to other countries and say to them "Don't buy Huawei!"? "

    Because they have even better back doors into Cisco equipment, purposely put there by the manufacturer? One hand washes the other.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Roman, Mar 24th, 2014 @ 6:51am

    cisco

    Doesn't Cisco provide tech to the Chinese government to get their Great Firewall to work?

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Mar 24th, 2014 @ 7:17am

    Re:

    "With Michelle Obama's goodwill tour of China underway, ..."

    I bet the Chinese have teams following after her every step of the way to remove spy bugs her entourage may have planted.

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    John Fenderson (profile), Mar 24th, 2014 @ 7:55am

    Re: cisco

    Indeed yes. In fact, there's a lawsuit against them about that that is (I believe) still working its way through the courts.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Mar 24th, 2014 @ 8:09am

    NSA: "HoHum. Been there, done that.. And so, what are you gonna do about it??"

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    edpo, Mar 24th, 2014 @ 8:10am

    NSA Threats

    The NSA is a threat to our capitalist economies, preferring instead something more closely aligned with familiar fascist economies. Even the corporatists should be upset.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, Mar 24th, 2014 @ 8:14am

    Re: cisco

    "Doesn't Cisco provide tech to the Chinese government to get their Great Firewall to work?"

    Maybe they *used* to. Heh.

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    Ninja (profile), Mar 24th, 2014 @ 9:12am

    If anything this is a clear signal to actually ditch American companies and go for Huawei. Seriously, the US has been shooting themselves in the feet so frequently that it's astonishing they are still standing..

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    John Fenderson (profile), Mar 24th, 2014 @ 9:17am

    Re:

    Yeah, I've been nudged in this direction myself. My reasoning is that if I have to choose who's spying on me, I'd rather it be China than the US. China is less likely to cause me harm.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, Mar 24th, 2014 @ 11:18am

    Re: Re:

    Yes, China does not have any incentives to prosecute foreign nationals across the world for copyrights or drug related charges, nor do they have a terrorism card to justify a crazy spend to spy on the rest of the world. Their spying is probably limited to important people in high places and not the mass general surveillance programs which the NSA has the budget to do.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Anonymous Coward, Mar 24th, 2014 @ 7:34pm

    US Gov is full of lying, corrupt hypocrites. How do US official expect to negotiate with the rest of the world, now that their words carry little to no credibility?

    I suppose they could try to strong arm countries without nuclear weapons. That's pretty much been America's foreign policy, for the last half century.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.