Philippine Lawmakers Worry China Telecom May Be a 'Trojan horse'

An anonymous reader shares a report: Opposition members of the Philippine Congress raised concern on Wednesday that China Telecom Corp, which may enter the Philippine industry, could be a "Trojan horse" aimed at giving China access to state secrets. The Southeast Asian country aims to name a third telecom operator within the first quarter that will break the duopoly of PLDT and Globe Telecom State-run China Telecom has been named as a possible investor in that third entity. President Rodrigo Duterte, who has warned both PLDT and Globe to shape up or face competition, has welcomed Chinese entities specifically to become the third telecoms operator. Beijing has selected China Telecom to invest in the Philippines, according to Philippine officials, but it would need to partner with a local company as it cannot operate alone under the law. China Telecom's presence in the Philippines, however, does not sit well with some lawmakers, given China's telecommunications expertise and sophisticated technology.

Re:What about american software?

[burtosis]

At this point I suspect most closed source software of being a Trojan horse.

Encryption

[DrYak]

If you're worried about *an infrastructure provider* putting your state secret at risk, then there's a high chance that you're doing encryption wrong.

- use server encryption (communication between you and the server are over sopme form of SSL like HTTPS, nobody else along the line can access them)
- use end-to-end encryption (you encrypt your message before sending it, the recipient decrypts it after receiving, even the server doesn't have any idea what you're saying)
- use onion routing (hard for an external observer to guess who is communicating with whom).

Combin those depending on the needed protection.

China already CAN

Damn, Duterte is smart. Economics 101 shows a duopoly can and will rip consumers off.
China will shake that status quo. As for secrets, satellites and boxes on top of the embassy roof would catch a lot anyway (and its not just China). And with the USA keeping .cn handsets out, China needs a mass outlet. Now he needs to play that off with a Korean supplier like Samsung.

Re:China already CAN

[slashrio]

It's ironic that a product from a communist country is used to get capitalism going again in another country.

America isn't actively trying to steal land there

[Zontar_Thing_From_Ve]

China is. Look up the South China Sea disputes. China and the Philippines have an ongoing major dispute about various territories there. If America steals their secrets, they aren't going to use that to gain a military advantage over the Philippines because they are security allies and the USA has no territorial claims in the disputed area. China, on the other hand, could use secret information to their advantage.

133 Chinese hackers caught just 2 days ago

According to local news there at Manila, 133 Chinese hackers were caught at Ilocos Sur around 2 days ago. Not sure what they're doing with those telephone lines and phone units with a lot of sim cards, but ATM fraud and unusual withdrawals from innocent victims there at Manila is rampant since 1 month ago. [url=http://www.remate.ph/2018/01/133-chinese-natls-nakapasok-ilocos-sur-police-pinagpapaliwanag/]Local News report in their native Filipino Language[/url].

Re:133 Chinese hackers caught just 2 days ago

Local News report in their native Filipino Language.
URL link fixed.

Re:133 Chinese hackers caught just 2 days ago

[slashrio]

So what, wasn't it Filipinos that tried to steal 80 billion from the Central Bank of Bengladesh last year?

Re:133 Chinese hackers caught just 2 days ago

[Bob+the+Super+Hamste]

Local News report in their native Filipino Language.

You probably mean taglish. While a joke it wasn't meant to be taken as a slight against them as just about everyone in Manila I have met speaks that mix of Tagalog and English and you hear it on the radio and TV as well.

Open Source or Open Secrets

If you can't read the code and understand the software 100% , then you are trusting a third party with your state secrets and trade secrets.

Open Source or Open Secrets ? Your Choice - there is no middle ground.

Re:Open Source or Open Secrets

Except security softwares, especially encryption softwares, are not easy to audit even for a professional programmer. One needs to be both a mathematician and an elite coder in order to audit cipher suites. As an example, grab the source code of AES (this is in public domain) and try to read that source code. There are constants peppered everywhere in the source where even the best C programmers cannot comprehend.

Re:America isn't actively trying to steal land the

[plague911]

Everyone is stealing everything. The US,China,Russia,Germany,UK etc etc etc are all doing their best to get ahold of every bit of information they can from everyone they can. It is childlike naivete to think anyone is not in this game. At BEST you can control WHO gets the information. Choose American made, the American's get your info easily, Choose Russian tech, the Russians AND Americans get your info, Choose Chinese tech the Chinese, Russians, Americans AND everyone including even your pet chicken get your information.

"Could Be"?

[Greyfox]

I assume they mean that in the same sense that the Chinese telcom "could be" Chinese?

Re:Encryption //can be defeated

Yeah right, because MITM is impossible, correct? Wrong. Because even Kaspersky AV and most AV software is doing MITM on browsers, and that is just a software and no hardware is involved! Just for discussion, what happens if a company is providing there own hardware, like router, NAS, switches, firewall etc... That company would have physical access to these devices before delivery to customers and you know what happens once there is PHYSICAL ACCESS in the equation I suppose.

Honestly

[Pig+Hogger]

Honestly, what state secrets are there in the Philippines?

And, given how Filipinos are hated throughout Asia, who in is right mind would invade them to be stuck with them afterwards?

Re: Honestly

Don't be a racist fool. China needs the Philippine govt to be on their side. China has already invaded Philippine sovereign territory and they already steal fish from Philippine seas.

War is coming. Duerte has betrayed his people.

Re: Honestly

[slashrio]

The Philippines is to China what Granada and Panama are to the USA: for the taking.
There's no war coming. Merely an invasion if you don't give them what they want.

Re:America isn't actively trying to steal land the

[NettiWelho]

Everyone is stealing everything. The US,China,Russia,Germany,UK etc etc etc are all doing their best to get ahold of every bit of information they can from everyone they can. It is childlike naivete to think anyone is not in this game. At BEST you can control WHO gets the information. Choose American made, the American's get your info easily, Choose Russian tech, the Russians AND Americans get your info, Choose Chinese tech the Chinese, Russians, Americans AND everyone including even your pet chicken get your information.

So what you're saying is we need an armed uprisings to replace all the leadership?

Re:America isn't actively trying to steal land the

[DNS-and-BIND]

Chinese tech? A patriotic Chinese-American just got busted by the FBI for spying for his people. He was responsible for the CIA's network of spies in China being rolled up and executed for treason. How does it follow if Chinese tech is installed, the Americans get it? They have no sources in China, no leverage.

Confidence

[DrYak]

Yeah right, because MITM is impossible, correct? Wrong. Because even Kaspersky AV and most AV software is doing MITM on browsers

Because, as part of the installation of the software, you installed their certificate and decided to trust it.
You are actually deciding that you won't consider your AV software maker as a "man in the middle", but as a trusted source.

(Also note that some certificate pinning systems actually prevent this type of changes : your browser will notice that suddenly the signing of a website changed from your bank to AV vendor)

You cannot have it both way. You cannot both decide to trust a company (you invite their certificate) and to try to shield your self from them.

Just for discussion, what happens if a company is providing there own hardware, like router, NAS, switches, firewall etc... That company would have physical access to these devices before delivery to customers and you know what happens once there is PHYSICAL ACCESS in the equation I suppose.

If you've correctly though out the way you handle sensitive data : nothing much will happen.
Nothing more than what happens already due to the tons of relay out there that are already compromised (that's why you encrypt traffic) and server that get hacked (that's why you end-to-end so only your correspondent can decrypt).

For any proper security planning, you need to start by considering that you can't trust any machine that you don't control directly.
You might consider your laptop trusty (though IntelME and co seem to be bent on destroying that).
You should not consider trust worthy any 3rd party network element to which you plug said equipment.

No matter if the manufacturer of your router is Chinese, USAmerican or Russian, you should not trust with high level state secrets it if you don't controll it yourself (if you didn't install a trusted spin of OpenWRT/LEDE yourself).
Same applies to any software that you install on that laptop, including security certificates.

Re:What about american software?

[slashrio]

It's just that this is what they (the 'opposition') are supposed to do: Oppose every proposal coming from the current government.

Re:What about american software?

[slashrio]

I remember reading an article in a newspaper that said that the Philippines already voluntarily send a copy of every text and (phone) conversation to the NSA. So it's irrelevant whether 'muricunt software contains trojan (or American for that matter) horses or not.

Horses

I get the historical implications of using the term "Trojan Horse", but don't the Trojan's sort of own that term? And the Philippines aren't close to Troy, not in any respect.

So Chinese Horse then, except "Chinese Horse" has no fame or meta-meaning. The same problem exists with Philippine Horse. No, I propose that the term used must be "Mongolian Horse", because at least those were famous horses.

No expertise and technology please?

[slashrio]

China Telecom's presence in the Philippines, however, does not sit well with some lawmakers, given China's telecommunications expertise and sophisticated technology.

What the heck does this mean... Philippine lawmakers don't want expertise and sophisticated technology deployed in their country? Like they want to stay in the middle ages?

Re:No expertise and technology please?

[chardgomez]

China Telecom's presence in the Philippines, however, does not sit well with some lawmakers, given China's telecommunications expertise and sophisticated technology.

What the heck does this mean... Philippine lawmakers don't want expertise and sophisticated technology deployed in their country? Like they want to stay in the middle ages?

Not all lawmakers. As the summary correctly mentioned, opposition lawmakers. The headline probably gave you the impression that all lawmakers had that opinion. The opposition in the Philippines, unfortunately, seem to just be jumping at whatever it just so it can live up to its name.