Slashdot Mirror
The Chinese Telecom That Spooks the World
wrekkuh writes "The Economist has printed an interesting look at the concerns and speculations of the fast-growing Chinese telecom giant Huawei, and its spread into western markets. Of particular concern is Huawei's state funding, and the company's founder, Ren Zhengfei, who once served as an engineer in the People's Liberation Army (PLA). However, another article from The Economist goes into greater detail about the steps Huawei has taken to mitigate some of these concerns in England — including co-operating with the GCHQ in Britain, the UK's signals-intelligence agency, to ensure equipment built by Huawei is not back-doored."
How can you be absolutely sure they are not back-doored?
Why is it ok that all internet equipment cc's a copy to the usa, but not ok to send the same copy to china?
Not that they're total shit from a security POV? (warning: pdf)
So, they are being tested by the security watchdog in the U.K. Big deal, they load up a specially prepped software image (like they do for all their customers) and pass the test. Next step is to have all operators buy their heavily discounted gear for almost nothing, implement it and have them install a critical software update to avoid exploits. Have that image backdoored and they are one step closer to total world domination.
I'm not a complete idiot... Some parts are missing.
The Reason the US is concerned about other countries using telecommunication equipment for spying is because they have done it already. A lot.
If you don't want to be spied on, encrypt it.
"First they came for the slanderers and i said nothing."
When we buy stuff from China without a corresponding increase in our own exports, they've already backdoored our economy.
The Chinese Telecom That Spooks the Spooks
This message is encrypted with Quad ROT-13 to protect the author's copyright under the DMCA.
As anyone familiar with the underhanded code contest knows, it's possible to create code that looks fine, easily passes reviews from people even who are on the lookout for back doors, yet still contains back doors.
It's essentially impossible to prove that your equipment is NOT backdoored, unless you designed and built it in-house and believe that your own engineering staff is trustworthy (its own problem, when there is a history of governments buying off employees within companies that have access to critical data and processes).
I thought it was ZTE that really scared the world. I'm pretty sure ZTE's management was tied to the People's Liberation Army.
I normally don't post anonymously but my employer deals with Huawei.
According to Recurity Labs they don't need a back door when the front door is locked with a piece of masking tape that says in faded yellow ink "Do not enter". Huawei's security is a joke. Their software is riddled with buffer overflows, including buffers allocated on the stack making hacking their stuff trivial. Huawei has virtually zero security. Much of their stuff runs on VxWorks which is quite insecure. (I spent many years writing software for VxWorks). All you have to do is get to the T-shell and you're basically god. In the T-shell you can look at and modify variables and memory and call C functions directly, passing whatever arguments you want.
Even without the T-shell it looks like it's easy to get to the shell with full admin privileges on Huawei's boxes. See their DEFCON presentation at: http://www.phenoelit.org/stuff/Huawei_DEFCON_XX.pdf
If you value security, stay far away from Huawei. Their stuff is cheap but you get what you pay for. I guess it's good for the US that Huawei is mostly used in the Middle East and Asia. It makes life easy for the NSA.
Sure, eliminating eavesdropping opportunities is just the kind of business that SigInt spooks kindly engage in all the time...
http://www.fiercetelecom.com/story/huawei-banned-making-equipment-bids-australias-nbn/2012-03-26
Not just a handicap against them, and no reason given. It's not like there are a lot of world class Australian router companies. They are buying Taiwanese, French-ish, and US-ish, so it isn't nationalism. Just seems to be anti-China sentiment, with no substance backing it up, in this case, or the Aussie NBN.
Learn to love Alaska
post WW2, the UK sold enigma-based encryption machines to Empire/Commonwealth countries. Of course, they didn't tell the recipients that the UK could crack enigma encryption with ease.... Its why the wartime decoding of enigma remained a state secret until the early 70s, when even the most poverty-stricken Commonwealth countries had moved onto something a bit more sophisticated!
Its important to know what both "friends" and enemies are saying about you!
How Israeli Backdoor Technology Penetrated the U.S. Government's Telecom System and Compromised National Security
An Israeli Trojan Horse
http://www.counterpunch.org/2008/09/27/an-israeli-trojan-horse/
We do not distrust you, we do not dislike you.
We distrust and dislike your authoritarian government. We do not want your government to have more power in the world. Not because we are afraid of or oppose the empowerment of China on the world stage, or have anything against Chinese culture or Chinese people. But because we oppose authoritarian government, of any kind, from any part of the world.
We DO have a built in prejudice against your government (not against you), because your government clearly attempts to control and manipulate communication channels. Yes, they also manipulate communication channels in the West, but not for state control of political dialogue.
We in the West believe the ability to express our political opinions freely is very important to the health of our society, that is how and why we call our society free (despite the fact some of our media companies are trying to hurt our freedoms on our communication structure in the effort to prop a media business model that only works in a world without the Internet: don't worry, they will clearly fail, their efforts are the death throes of a dying way of business).
You will see some responses to this comment of mine attempting to falsely equate Chinese authoritarian control of political opinion with various vile things the West does. Don't get me wrong: the West does plenty of evil things and there is plenty I criticize about my government. The difference is: they can express this political opinion of theirs freely, here in the West, and ironically, as they indulge false equivalency, they do not admit or do not know they would experience fear and intimidation if they tried to equally criticize Beijing, from within China.
I myself disagree with those who falsely believe that the West is just as bad as China in regards to suppression of freedoms, but I fully support their right to spout their nonsense, unhindered by fear of government backlash. Here in the West, we believe that the natural competition of ideas that only comes from every single one of them being freely expressed, NATURALLY leads to the flawed opinions sinking and the good opinions rising. Only in this natural competition of ideas do good ones endure the test of criticism and one fail it. If the state attempts to impose its own idea son the people, the state itself might wind up imposing ideas that are flawed, because they are unexamined. The people know better than the state, in this way. In other words, state control of politicla thought is a form of weakness that will eventually harm China.
So Chinese people: since you cannot likewise criticize your own government freely within China, do you not have a problem with this fact? If you are proud to be Chinese, as you should be, do you not believe you should be free to speak your mind like I can in your effort to make China strong as a Chinese patriot?
Chinese people: please understand that we in the West respect the Chinese people and wish you prosperity and freedom. And so we await the day you respect yourselves as well to not be treated like slaves by your own government, and to throw off the yolk of the efforts at mind control which exists in Beijing, pointed against the Chinese people and the free expression of your own thoughts, an effort whose only purpose is to serve the continuation of a power structure that is not necessarily good for China, only good for a few rich and connected Chinese at the detriment of all other Chinese.
Sure, this authoritarian power structure has done great things for you economically. But growth doesn't last forever, and when your economy fully matures, I am confident you finally turn your attention to freeing yourselves from the authoritarian government who wants to control your mind and your thoughts.
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
We do not distrust you, we do not dislike you.
We distrust and dislike your authoritarian government. We do not want your government to have more power in the world. Not because we are afraid of or oppose the empowerment of USA on the world stage, or have anything against USA culture or USA people. But because we oppose authoritarian government, of any kind, from any part of the world.
We DO have a built in prejudice against your government (not against you), because your government clearly attempts to control and manipulate communication channels. Yes, they also manipulate communication channels in Europe, but not for state control of political dialogue.
ZDNet, CNN.
and have them install a critical software update to avoid exploits.
I love how Cisco did something along these lines recently, including the siphoning off of web history, along with a slew of other privacy violations completely in the clear, with no permission whatsoever.
Another possible point of hypocrisy is the CIA's partial funding of Facebook, which seems to suggest that if a foreign company wants to build a network in the US, that is government funded, it's a National Security issue... but if a domestic company, which is funded by the US government, wants to build a network all over the world, and a foreign government says, "Um, no." then it's censorship.
There is also the fact that Huawei has hired a former defense contractor for the US government as it's Chief Security Officer.
They can't catch Chinese athletes that are doping, I doubt they can tell if Huawei gear is not back-doored.
I work for a telco supplier, so have had glimpses into the weird world of what happens behind the shonky service and bills.
Huawei when they started out produced kit that was 'very similar' to Cisco. Now you suggest that perhaps they were paying too much homage to their US competitor, but it did mean their kit was pretty easy to deploy. You can setup a VPN in IOS, you can switch to Huawei kit and barely notice the difference.
Next bit of their success was how they engaged with the customer. Legacy vendors have whole stacks of sales all hell-bent on shafting the telco for as much money as possible. Huawei wanted a foothold, kit was cheaper, but they really put in some effort to push the sale - Buy your new network from us, and we'll let you buy it on lease over a decade, our engineers will install/config/support it for you, we'll tweak stuff if it currently doesn't do what you want etc. Legacy vendors might have got a bit of a kicking from the dot.com crash, but they still dragged in the overly-complex vendor structure that makes that makes the proposal of similar flexible solutions somewhat difficult. Simply meant that if you were a small player with a valid business model, picking Huawei allowed you to very easily work out what the kit was going to cost you.
With regards to spying, if they were, it wouldn't be let anywhere near the tier zeros. As far as I can make out, there's no real evidence of China using Huawei to spy and most of the allegations come from the incumbents/vested interests, trying to come up with a reason to oppose the shift in purchasing.
If you're worried about back-doors - don't. They're already everywhere. I've been in plenty of offices which have the 'special room' that everything has to go through and telco employees don't even have the keys to. So just to carry on with this, if your kit DOESN'T have a back-door, it ain't going to be deployed. The only real topic of interest is just working out who holds the back-door-keys.
Those "mistakes" are only a small part of Cisco "features" - there are even more unknown exploits embedded inside Cisco hardware, courtesy of NSA and other 3-letter spy agencies working for Uncle Sam
Muchas Gracias, Señor Edward Snowden !
asshole
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
"another article from The Economist goes into greater detail about the steps Huawei has taken to mitigate some of these concerns in England â" including co-operating with the GCHQ in Britain, the UK's signals-intelligence agency, to ensure equipment built by Huawei is not back-doored".
Shouldn't that be the steps Huawei has taken to ensure equipment built by Huawei can be back-doored by GCHQ as easily as the spooks can back-door western companies.
"Internet Security Systems researcher Tom Cross unveiled research on how easily the "lawful intercept" function in Cisco's IOS operating system can be exploited" Feb 2010
AccountKiller
There are the backdoors you know about, and then there's the backdoors you don't. The concern isn't really china eavesdropping. The fact of the matter is, they've got the talent to just hack their way in with or without a backdoor. The concern is that China is producing a large percentage of the networking equipment in the world right now, and it would be very easy for them to introduce something far smaller, and far more dangerous. For example, a kill switch. They broadcast some per-determined signal or something and 90% of the routers outside of short their power supplies across a resistor, spiking their power usage all at once world wide causing blackouts and frying all of the equipment. The utility of that isn't all that great but it would be devastating during a war and nearly impossible to detect in their code. The possibilities are endless.
A private, for-profit company would never invest in such things and anything of the sort that would arise would be the result of a bug or something forced on them by federal regulation. Either way, whatever it was that compromised the equipment would be an accident and far less dangerous. When the company is funded and run by the state... and their motives are governed by ideology rather than profit, you can never truly know what the equipment is capable of. You could literally be installing a bomb in your rack and not even know it.
I suspect the concerns of the British intelligence community would be around having their own back door to Huawei equipment. The Chinese won't be worried because they probably already have complete access to everything the GCHQ do anyway. There is no such thing as privacy anymore. All major governments have back doors to this gear....and have done for many years. Illegally, of course, in most cases, though 9/11 let them pass laws making legal what they had been doing illegally for quite some time. Governments don't care what the law is unless YOU'RE breaking it.....and if you tell anyone they are breaking it, then you're a criminal and a terrorist. Enjoy. You voted for these crooks.
Only boring people are ever bored.
it would be very easy for them to introduce something far smaller, and far more dangerous. For example, a kill switch.
They could, sure. And some people think the CIA has AES cracked. These people didn't think before forming an opinion. You don't put a backdoor on a sytem you yourself use, because if you do an enemy (who might not use your system) will be able to shut you down once it finds the backdoor.
A private, for-profit company would never invest in such things
Oh, boy, aren't you naive. Companies will do anything for money. A big company is not much different from a big government - both have great power and a great urge to abuse that power. Search for Room 641A.
A private, for-profit company would never invest in such things
Oh, boy, aren't you naive. Companies will do anything for money. A big company is not much different from a big government - both have great power and a great urge to abuse that power. Search for Room 641A.
Whaaat? But of course they are diferent... in terms of the efficiency they can screw you... the big companies will do it faster, with a lower cost and potentially at a larger scale.
Why, you only need to look on how US rednecks defaulting on their loans make all world's retirement funds worth nothing: even if they'd try the hardest they could, the US govt would have taken decades for the same outcome.
Questions raise, answers kill. Raise questions to stay alive.
I'm sure they can't.
The truth or interpretation..