Friday, October 19, 2012

Huawei: Cleared Of spying?...LOL

Last week's report from the Republican and Democratic leaders of the House Intelligence Committee noted the potential for spying through Huawei gear installed to manage traffic on wireless networks. The committee also criticized Huawei's leadership for failing to provide details about its relationships with Chinese government agencies.

Huawei, whose chief executive officer, Ren Zhengfei, founded it 25 years ago after he was laid off by the Chinese army, has rejected the House report as unfair and inaccurate. China's Commerce Ministry has also called the accusations "groundless."

"Huawei is a $32 billion independent multinational that would not jeopardize its success or the integrity of its customers' networks for any government or third party. Ever," the company's U.S. spokesman, Bill Plummer, said on Wednesday.

The House Intelligence Committee's report did not present concrete evidence that either Huawei or ZTE has stolen U.S. data, although it said a classified annex provided "significantly more information adding to the committee's concerns" about the risk to the United States.

Speculation has swirled about the contents of the secret annex, and both committee Chairman Mike Rogers and some intelligence officials have hinted at evidence that Huawei has participated in espionage.

Rogers, the report's lead author, stoked concerns by saying some customers had seen routers sending off "very valuable data" to China.

But in the one case a committee staff member pointed out to Reuters, the victim - Leap Wireless International Inc - said that while some of its computers were infected with viruses earlier this year, an investigation found no evidence that the infection was deliberate or that confidential data had been stolen.

PREVENTIVE MEASURES

Pressed about why the White House review and unclassified version of the House Intelligence Committee report had not turned up a "smoking gun," two officials familiar with intelligence assessments said U.S. agencies were most concerned about the capability for future spying or sabotage.

Similarly, Chris Johnson, a former CIA analyst on China, said he had been told that the White House review had come up empty on past malicious acts. Nonetheless, officials emerged from the review with "a general sense of foreboding" about what would happen if China asked Huawei for assistance in gathering intelligence from U.S. customers, he said.

"If the Chinese government approached them, why would they say no, given their system?" Johnson said.

Preventing state spying through technology is a high priority for U.S. President Barack Obama's administration, which is lobbying for legislation to raise private-sector security standards and readying a more limited executive order along those lines.

Reuters interviews with more than a dozen current and former U.S. government officials and contractors found nearly unanimous agreement that Huawei's equipment poses risks: The company could send software updates that siphon off vast amounts of communications data or shut them down in times of conflict.

More than anything else, cyber experts complained about what they said was poor programming that left Huawei equipment more open than that of rivals to hacking by government agents or third parties.

"We found it riddled with holes," said one of the people familiar with the White House review.

At a conference in Kuala Lumpur last week, Felix Lindner, a leading expert in network equipment security, said he had discovered multiple vulnerabilities in Huawei's routers.

"I'd say it was five times easier to find one in a Huawei router than in a Cisco one," Lindner said.

Lindner, who spent months investigating Huawei code, said the vulnerabilities appeared to be the result of sloppy coding and poor procedures, rather than any deliberate attempt at espionage. Huawei is looking into his findings, he said.

Some in the U.S. government, however, have said the alleged poor security practices at Huawei could be a deliberate cover for future attacks.

One computer scientist, who helped conduct classified U.S. government research on Huawei routers and switches four to six years ago, told Reuters that he had found "back doors" that his team believed were inserted with care.

He said these back doors could enable attackers to install malicious software that would make critical government networks inoperable, allow hackers to gain entry into highly classified systems and enable them to spy on all traffic. He requested anonymity because he was not authorized to discuss the research.

Huawei has denied the existence of these back doors. Plummer also noted that any vendor's gear could be targeted by hackers, and the company would address any vulnerabilities it finds.

The United States' closest allies have rendered a split verdict on Huawei. Earlier this year, Australia barred Huawei from becoming a contractor on the country's National Broadband Network, and Canada said last week that Huawei could not bid to help build a secure national network. In Britain, however, a spokesman for the Cabinet Office said Huawei's products were fully vetted and did not represent a security concern.
Last week's report from the Republican and Democratic leaders of the House Intelligence Committee noted the potential for spying through Huawei gear installed to manage traffic on wireless networks. The committee also criticized Huawei's leadership for failing to provide details about its relationships with Chinese government agencies.

Huawei, whose chief executive officer, Ren Zhengfei, founded it 25 years ago after he was laid off by the Chinese army, has rejected the House report as unfair and inaccurate. China's Commerce Ministry has also called the accusations "groundless."

"Huawei is a $32 billion independent multinational that would not jeopardize its success or the integrity of its customers' networks for any government or third party. Ever," the company's U.S. spokesman, Bill Plummer, said on Wednesday.

The House Intelligence Committee's report did not present concrete evidence that either Huawei or ZTE has stolen U.S. data, although it said a classified annex provided "significantly more information adding to the committee's concerns" about the risk to the United States.

Speculation has swirled about the contents of the secret annex, and both committee Chairman Mike Rogers and some intelligence officials have hinted at evidence that Huawei has participated in espionage.

Rogers, the report's lead author, stoked concerns by saying some customers had seen routers sending off "very valuable data" to China.

But in the one case a committee staff member pointed out to Reuters, the victim - Leap Wireless International Inc - said that while some of its computers were infected with viruses earlier this year, an investigation found no evidence that the infection was deliberate or that confidential data had been stolen.

PREVENTIVE MEASURES

Pressed about why the White House review and unclassified version of the House Intelligence Committee report had not turned up a "smoking gun," two officials familiar with intelligence assessments said U.S. agencies were most concerned about the capability for future spying or sabotage.

Similarly, Chris Johnson, a former CIA analyst on China, said he had been told that the White House review had come up empty on past malicious acts. Nonetheless, officials emerged from the review with "a general sense of foreboding" about what would happen if China asked Huawei for assistance in gathering intelligence from U.S. customers, he said.

"If the Chinese government approached them, why would they say no, given their system?" Johnson said.

Preventing state spying through technology is a high priority for U.S. President Barack Obama's administration, which is lobbying for legislation to raise private-sector security standards and readying a more limited executive order along those lines.

Reuters interviews with more than a dozen current and former U.S. government officials and contractors found nearly unanimous agreement that Huawei's equipment poses risks: The company could send software updates that siphon off vast amounts of communications data or shut them down in times of conflict.

More than anything else, cyber experts complained about what they said was poor programming that left Huawei equipment more open than that of rivals to hacking by government agents or third parties.

"We found it riddled with holes," said one of the people familiar with the White House review.

At a conference in Kuala Lumpur last week, Felix Lindner, a leading expert in network equipment security, said he had discovered multiple vulnerabilities in Huawei's routers.

"I'd say it was five times easier to find one in a Huawei router than in a Cisco one," Lindner said.

Lindner, who spent months investigating Huawei code, said the vulnerabilities appeared to be the result of sloppy coding and poor procedures, rather than any deliberate attempt at espionage. Huawei is looking into his findings, he said.

Some in the U.S. government, however, have said the alleged poor security practices at Huawei could be a deliberate cover for future attacks.

One computer scientist, who helped conduct classified U.S. government research on Huawei routers and switches four to six years ago, told Reuters that he had found "back doors" that his team believed were inserted with care.

He said these back doors could enable attackers to install malicious software that would make critical government networks inoperable, allow hackers to gain entry into highly classified systems and enable them to spy on all traffic. He requested anonymity because he was not authorized to discuss the research.

Huawei has denied the existence of these back doors. Plummer also noted that any vendor's gear could be targeted by hackers, and the company would address any vulnerabilities it finds.

The United States' closest allies have rendered a split verdict on Huawei. Earlier this year, Australia barred Huawei from becoming a contractor on the country's National Broadband Network, and Canada said last week that Huawei could not bid to help build a secure national network. In Britain, however, a spokesman for the Cabinet Office said Huawei's products were fully vetted and did not represent a security concern.

Dutch Ruppersberger, the ranking Democrat on the House Intelligence Committee and co-author of the report, told Reuters that the burden of proof had been on Huawei and ZTE, which cited Chinese government restrictions in limiting their responses.

"China has the means, opportunity, and motive to use telecommunications companies for malicious purposes," Ruppersberger said.

Republican Rogers' staff did not respond to questions about the contents of the classified annex or the White House review.


Dutch Ruppersberger, the ranking Democrat on the House Intelligence Committee and co-author of the report, told Reuters that the burden of proof had been on Huawei and ZTE, which cited Chinese government restrictions in limiting their responses.

"China has the means, opportunity, and motive to use telecommunications companies for malicious purposes," Ruppersberger said.

Republican Rogers' staff did not respond to questions about the contents of the classified annex or the White House review.

No comments:

Post a Comment

Comments always welcome!