Thread: Telecom Spyware (Lookin' at you Huawei)

Chinese Spies Accused of Using Huawei in Secret Australia Telecom Hack


Chinese Spies Accused of Using Huawei in Secret Australia Telecom Hack
By Jordan Robertson and Jamie Tarabay
Fri, December 17, 2021

(Bloomberg) -- The U.S. government has warned for years that products from China’s Huawei Technologies Co., the world’s biggest maker of telecommunications equipment, pose a national security risk for any countries that use them. As Washington has waged a global campaign to block the company from supplying state-of-the-art 5G wireless networks, Huawei and its supporters have dismissed the claims as lacking evidence.

Now a Bloomberg News investigation has found a key piece of evidence underpinning the U.S. efforts — a previously unreported breach that occurred halfway around the world nearly a decade ago.

In 2012, Australian intelligence officials informed their U.S. counterparts that they had detected a sophisticated intrusion into the country's telecommunications systems. It began, they said, with a software update from Huawei that was loaded with malicious code.

The breach and subsequent intelligence sharing was confirmed by nearly two dozen former national security officials who received briefings about the matter from Australian and U.S. agencies from 2012 to 2019. The incident substantiated suspicions in both countries that China used Huawei equipment as a conduit for espionage, and it has remained a core part of a case they’ve built against the Chinese company, even as the breach’s existence has never been made public, the former officials said.

The episode helps clarify previously opaque security concerns driving a battle over who will build 5G networks, which promise to bring faster internet connectivity to billions of people around the globe. Shenzhen-based Huawei dominates the more than $90 billion global telecommunications equipment market, where it competes against Sweden’s Ericsson AB and Finland’s Nokia Oyj. But the U.S., Australia, Sweden and the U.K. have all banned Huawei from their 5G networks, and about 60 countries signed on to a U.S. Department of State program where they’ve committed to avoiding Chinese equipment for their telecommunications systems. Such efforts, which have also included U.S. sanctions against the Chinese company, have slowed Huawei’s growth and heightened tensions with China.

The briefings described to Bloomberg contained varying degrees of detail, and the former officials who received them had different levels of knowledge of — and willingness to discuss — specifics. Seven of them agreed to provide detailed accounts of the evidence uncovered by Australian authorities and included in their briefings.

At the core of the case, those officials said, was a software update from Huawei that was installed on the network of a major Australian telecommunications company. The update appeared legitimate, but it contained malicious code that worked much like a digital wiretap, reprogramming the infected equipment to record all the communications passing through it before sending the data to China, they said. After a few days, that code deleted itself, the result of a clever self-destruct mechanism embedded in the update, they said. Ultimately, Australia's intelligence agencies determined that China’s spy services were behind the breach, having infiltrated the ranks of Huawei technicians who helped maintain the equipment and pushed the update to the telecom’s systems.

Guided by Australia's tip, American intelligence agencies that year confirmed a similar attack from China using Huawei equipment located in the U.S., six of the former officials said, declining to provide further detail.

Mike Rogers, a former Republican congressman from Michigan who was chair of the U.S. House of Representatives intelligence committee from 2011 to 2015, declined to discuss the incidents. But he confirmed that national bans against Huawei have been driven in part by evidence, presented in private to world leaders, that China has manipulated the company’s products through tampered software updates, also known as patches.

“All their intelligence services have pored over the same material,” said Rogers, a former FBI agent who is now a national security commentator on CNN. “This whole body of work has come to the same conclusion: It's all about administrative access, and the administrative patches that come out of Beijing are not to be trusted.”

Many people familiar with Australia’s intelligence told Bloomberg that they were bound by confidentiality agreements and couldn’t discuss it on the record. But Michèle Flournoy, former under secretary of defense for policy at the Department of Defense under President Barack Obama, said she wasn’t constrained from doing so.

Flournoy, who is co-founder and managing partner of WestExec Advisors LLC, a national security consulting firm closely aligned with the Obama and Biden administrations, confirmed the intrusion and the tampered software update from Huawei. She said she learned about the episode after leaving government in early 2012, emphasizing that the information was shared in unclassified forums.

“The Australians from the get-go have been courageous in sharing the information they had, not only with the intelligence channels but more broadly in government channels,” Flournoy said. “Australia experienced it, but it was also a vicarious wake-up call for Australia’s allies.”
The Australian Signals Directorate, that country’s leading cybersecurity agency, declined to answer specific questions about the incident. “Whenever ASD discovers a cyber incident affecting an entity, it engages the relevant entity to provide advice and assistance,” the agency said in a statement. “ASD’s assistance is confidential — it is a matter for relevant entities to comment publicly on any cybersecurity incident.”
“Australia is not alone in the threats we face from state-based actors in cyberspace,” the agency said, noting that the government has “joined with others in the world to express serious concerns about malicious cyber activities by China’s Ministry of State Security.”

In the U.S., the Federal Bureau of Investigation, the National Security Agency, the Cybersecurity and Infrastructure Security Agency and the National Counterintelligence and Security Center declined to comment.

Bloomberg didn’t find evidence that Huawei’s senior leadership was involved with or aware of the attack. Huawei declined to address specific questions. “It is hard to comment on speculation and unquoted ‘senior sources,’” John Suffolk, Huawei’s global cybersecurity officer, said in a statement. “It is also hard to comment on generalizations such as ‘Australian telecommunications,’ ‘software update,’ ‘equipment,’ etc.”
But, he added, “no tangible evidence has ever been produced of any intentional wrongdoing of any kind.”

Suffolk said that Huawei’s technicians can access networks only when customers authorize it, and that customers control when updates are installed on their systems. He said Huawei considers the possibility of its workers being compromised a “valid threat” and takes steps to protect against it, including restricting access to source code and using “tamper-proofing mechanisms” to guard against abuse. “We closely monitor all of our engineers. Where the law allows we undertake additional vetting,” he said. “We control the software and equipment they use, and mandatory compliance training is required every year.”

Suffolk said that Huawei urges governments, customers and the “security ecosystem” to review its products and look for vulnerabilities, and “it is this openness and transparency that acts as a great protector.”
China’s Ministry of Foreign Affairs said in a statement that the country “opposes and would crack down on any forms of cyberattack and internet espionage activities in accordance with the law, not to mention refraining from encouraging, supporting or conspiring with hacking attacks.”

“Australia’s slander on China carrying out cyberattacks and espionage penetration are purely a move like a thief crying to catch a thief. This kind of arbitrary smear on another county is an extremely irresponsible action that China firmly opposes,” the ministry said. “We urge Australia not to abuse the name of ‘national security’ and put groundless accusations and unreasonable pressures on Huawei and other Chinese companies.”

Huawei was founded in 1987 by a former officer of China’s People’s Liberation Army, Ren Zhengfei, as a sales agent for business telephone systems, and over the last three decades it has grown to become the world's biggest maker of telecommunications equipment, which includes the routers, switches and cell-tower antennas used to shuttle voice and data traffic over mobile networks.

...remainder of article here: Chinese Spies Accused of Using Huawei in Secret Australia Telecom Hack