Chinese Tech Giant Huawei Attacked Aussie and US Networks in 2012
Australia discovered Huawei’s cyber spying in about 2012 and informed the United States, according to a new Bloomberg News investigation.
The Aussie discovery started a long process of investigating and finding Huawei hacks in other countries. The result: a too-quiet information campaign against the company’s attempts to monopolize the world’s wireless networks, from 2G to 5G.
But the campaign failed to alert the public early and does not address China’s deeper links to European telecom companies such as Nokia and Ericsson, or its potential espionage among technicians in telecom companies globally.
The Australian officials claim that Huawei’s attack began with a malicious software update. “In 2012, Australian intelligence officials informed their U.S. counterparts that they had detected a sophisticated intrusion into the country’s telecommunications systems,” according to the Bloomberg report by Jordan Robertson and Jamie Tarabay.
That cyber breach and its discovery led to Australian and U.S. intelligence sharing with other countries.
The Bloomberg report, first published on Dec. 16, is based on interviews with almost two dozen national security officials from Australia and the United States who got briefings on the matter between 2012 and 2019.
The officials, some of whom confirmed only parts of the story pieced together by Bloomberg, include the following: former Congressman Mike Rogers (R-Mich.), who chaired the U.S. House Intelligence Committee from 2011 to 2015; Michael Wessel, a current commissioner on the U.S.-China Economic and Security Review Commission; Keith Krach, former under secretary of state for Economic Growth, Energy, and the Environment; and Michèle Flournoy, former under secretary of Defense for Policy. The report also drew from National Security Agency documents leaked by Edward Snowden.
The report is the first time the 2012 breach of Australia’s telecom networks has been made public.
The Australian Signals Directorate (ASD), while declining to answer Bloomberg’s specific questions on the incident, did point to China’s Ministry of State Security (MSS) as a malign actor.
“Australia is not alone in the threats we face from state-based actors in cyberspace,” the ASD said, noting that Australia has “joined with others in the world to express serious concerns about malicious cyber activities by China’s Ministry of State Security.”
Huawei Is Not the Only Risk
Huawei, with its headquarters in Shenzhen, China, dominates the global telecom market, which amounts to approximately $90 billion annually. The data that flows through these networks, however, is far more valuable and explains why Huawei and other Chinese telecommunications companies, like ZTE, arguably undercharge for their offerings and pose a high risk to global data security.
Sweden’s Ericsson and Finland’s Nokia compete with the Chinese telecom giant, but even they source some of their equipment from China, and sell to China. They are thus in part beholden to China—likely technically compromised—and only weak competitors to Huawei. Nokia even co-owns a company with Huawei that may be planning to sell Huawei-designed phones.
The interlinking of Western telecom companies with China will make it difficult to ensure the safety of clean networks even if Huawei and other Chinese companies are banned.
The United States, Britain, Australia, and Sweden have all banned Huawei from 5G networks, and approximately 60 nations have signed onto the U.S. Clean Network program that commits them to rejecting Chinese telecommunications equipment.
Huawei’s Malware
According to seven of the officials who spoke with Bloomberg, an apparently legitimate software update from Huawei for a major Australian telecommunications company “contained malicious code that worked much like a digital wiretap, reprogramming the infected equipment to record all the communications passing through it before sending the data to China.”
The code deleted itself after a few days, “the result of a clever self-destruct mechanism embedded in the update” meant to cover the malware’s traces.
Australia’s intelligence services ultimately discovered that China’s spies caused the breach, “having infiltrated the ranks of Huawei technicians who helped maintain the equipment and pushed the update to the telecom’s systems.”
“The seven former officials who provided detailed accounts of their briefings said that Australia’s intelligence agencies had detected suspicious traffic flowing from the country’s telecommunications systems to China, a trail that led to Huawei equipment,” according to Bloomberg.
The investigators accessed the infected systems, but arrived only after the self-destruct mechanism began its own deletion.
“Digital forensics on those systems revealed only fragments of the malicious code’s existence, and investigators reconstructed the attack using a variety of sensitive sources, including human informants and secretly intercepted conversations,” according to Bloomberg.
The attack siphoned all data flowing through the Huawei equipment over the course of the malware’s operation.
“The data gave them access to the contents of private communications and information that could be used to target specific people or devices in future attacks,” according to the Bloomberg sources.
Bloomberg named two telecommunications companies operating in Australia that reportedly utilized Huawei equipment. Optus, a division of Singapore Telecommunications, utilized Huawei starting in 2005 for digital and wireless networks.
In addition to being Australia’s second-biggest mobile carrier,” according to Bloomberg, “Optus also operates Australia’s largest fleet of satellites, and it works closely with the Australian military.”
It is unclear why Australia would trust—with its most sensitive satellite and military data—companies associated with an authoritarian government like Singapore, especially since they cooperate closely with China’s Huawei.
Vodafone Hutchison Australia, Australia’s third-biggest mobile carrier, “selected Huawei to overhaul its entire 2G and 3G infrastructure in 2011 and later for parts of its 4G networks as well,” according to Bloomberg.
The breached network, according to two officials with whom Bloomberg spoke, was Optus, which claimed to “have no knowledge of the alleged incidents.”
American intelligence officials, guided by the Aussie tip in 2012, discovered a similar Chinese attack the same year that used Huawei equipment in the United States.
Chinese Spies Need Admin Access to Succeed
“All their intelligence services have poured over the same material,” Bloomberg quoted Rogers as saying. “This whole body of work has come to the same conclusion: It’s all about administrative access, and the administrative patches that come out of Beijing are not to be trusted.”
Even John Suffolk, Huawei’s global cybersecurity officer, admits that “Huawei considers the possibility of its workers being compromised a ‘valid threat,’” according to Bloomberg. The countermeasures that Huawei claims, however, including annual “compliance training,” are laughably inadequate.
Huawei, founded in 1987 by Ren Zhengfei, a former Chinese military officer, claims not to know about the spying.
This is highly unlikely. But Ren’s plausible deniability points to the problem running deeper than just Huawei. If Huawei’s leadership can claim not to know about the spying, they may be purposely looking the other way. China’s spy services could infiltrate any company from any country, the officials from which likewise ignore spying for short-term market gains. If a low-level technician from any company with administrative access is compromised by China’s spy agencies and gains personal access, he or she can insert the necessary malicious code.
The Huawei Problem Is Actually the CCP Problem
International telecommunications companies, including Huawei, make billions of dollars from business with China and have numerous short-term financial incentives to both ignore the danger, and encourage their home governments to do the same.
The problem is international. Huawei has reportedly helped two African governments utilize espionage against political opponents, and built data storage for the government of Papua New Guinea that included obvious security gaps that made sensitive files vulnerable to theft. Published Huawei documents have demonstrated how the company helps Beijing track its own population.
In recent years, with China’s growing economic and technological power, the problem has only increased. Robust Chinese cyberattacks continue today against Australia, for example. “Chinese hackers have targeted Australian institutions with relentless attacks since the country called last year for an independent probe into the origins of Covid-19,” according to Bloomberg.
The root of the problem is not Huawei, but the links and dependency of corporations from all countries on the Chinese Communist Party (CCP), and their willingness to allow the continuation of the CCP’s aggressive and unethical approach to the promotion of its international business and illiberal influence.
The problem of Beijing’s cyberhacking—which empowers its industrial espionage, political influence, and privacy violations globally—will not be solved until China democratizes its totalitarian political system and, thus, rids itself of the CCP’s all-consuming hunger for ever more power.
No comments:
Post a Comment
Comments always welcome!