Attacks/Breaches
7/19/2013
11:09 AM
Connect Directly
RSS
E-Mail
50%
50%

Huawei Spies For China, Former NSA Director Says

Michael Hayden, a former NSA and CIA chief, accuses Chinese telecom equipment maker Huawei of engaging in espionage on behalf of the Chinese state.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
Chinese telecom equipment maker Huawei actively spies for the Chinese government.

That accusation was leveled by Michael Hayden, who led the CIA from 2006 to 2009, in an interview published Friday by Australia's Financial Review.

"At a minimum, Huawei would have shared with the Chinese state intimate and extensive knowledge of the foreign telecommunications systems it is involved with," said Hayden, a retired four-star Air Force general who also served as director of the National Security Agency (NSA) from 1999 to 2005. He's now a visiting professor at George Mason University's school of public policy, a principal at security consultancy Chertoff Group, and a director of Motorola Solutions.

[ Is Snowden a hero? Read NSA Prism Whistleblower Snowden Deserves A Medal. ]

Hayden refused to comment on specific "instances of espionage or any operational matters," for example, pertaining to whether the U.S. government had discovered Huawei actively eavesdropping on equipment or networks it had installed. But in his professional opinion, Huawei is engaged in espionage on behalf of the Chinese state. "Frankly, given the overarching national security risks a foreign company helping build your national telecommunications networks creates, the burden of proof is not on us. It is on Huawei," he said. "In fact, I don't think Huawei has ever really tried hard to meet this burden of proof test."

One of the top concerns related to China's largest telecommunications equipment manufacturer spying on behalf of the Chinese state is that the country's intelligence services don't limit themselves to targeting "state secrets" or political espionage. "They have a much broader definition of legitimate espionage to include intellectual property, commercial trade secrets and the negotiating positions of private entities," Hayden said. "In other words, they don't limit themselves in the way we do in the English-speaking community."

Accordingly, the former NSA director saluted the House of Representatives Permanent Select Committee on Intelligence report on Huawei and ZTE, released in October 2012, which found that "these guys are not even transparent to themselves," he said. "There's no transparency around who appoints the board of directors or controls the ownership of the business. And there's no independent Chinese government oversight committee that could give us continuing confidence that Huawei or ZTE would not do what they promised not to do."

The House report led to a ban on U.S. government agencies buying equipment from Huawei or ZTE without prior approval from the FBI. The report's findings also influenced U.S. businesses. According to a study conducted by InformationWeek earlier this year, 37% of surveyed businesses said the findings were major cause for concern, while 34% said the results represented a deal-breaker.

But what of U.S. espionage? Asked about the need for Prism and other NSA surveillance programs, and how they differed from Chinese espionage operations, the former NSA director first offered unabashed support for the former. "I fully admit: we steal other country's secrets. And frankly we're quite good at it," he said. "But the reason we steal these secrets is to keep our citizens free, and to keep them safe. We don't steal secrets to make our citizens rich. Yet this is exactly what the Chinese do."

The details on those NSA programs were leaked, of course, by former NSA contractor Edward Snowden, who fled Hawaii for Hong Kong in May 2013, before flying to Moscow, where he requested temporary asylum earlier this week.

But how did Snowden, an infrastructure analyst, have access to such a wealth of information pertaining to so many different NSA monitoring programs?

The answer arrived Thursday, thanks to Microsoft SharePoint. "This leaker was a system administrator who was trusted with moving information to actually make sure the right information was on the SharePoint servers that NSA Hawaii needed," said NSA director Keith Alexander Thursday in a media briefing at the Aspen Security Forum in Colorado. Obviously, even spies need to store their secrets somewhere.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Number 6
50%
50%
Number 6,
User Rank: Apprentice
7/22/2013 | 6:05:14 PM
re: Huawei Spies For China, Former NSA Director Says
"I fully admit: we steal other country's secrets. And frankly we're quite good at it. But the reason we steal these secrets is to keep our citizens free, and to keep them safe. We don't steal secrets to make our citizens rich. Yet this is exactly what the Chinese do."
LOL. And making citizens rich is bad why? :)
builder7
50%
50%
builder7,
User Rank: Apprentice
7/20/2013 | 10:20:17 PM
re: Huawei Spies For China, Former NSA Director Says
Huawei is probably spying for the Chinese intelligence services like Microsoft is spying for the U.S. intelligence services of the NSA. If private companies are going to be entwined with the government, rather than strictly free enterprise where private is private and public is public. We used to complain that the Chinese system had block informers as well as other types in an organized system to determine people's loyalty. Guess who does that now and monitors every phone call, email, and snail mail? It seems like a paranoid world now because we live in a militaristic country that is turning no free. They could have left that behind and just lived life for everybody but they chose this violence path, so what would one expect?

SharePoint is probably one of the worst solutions to protect data because it is designed for the user who does not have any knowledge of computers. It is supposed to be an Internet portal, not a secure document repository, although it does have those capabilities. A program like Documentum would probably work better if it is transmitted using SSL and encrypted.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
7/19/2013 | 11:45:45 PM
re: Huawei Spies For China, Former NSA Director Says
Hayden's argument in a nutshell: It's good when we spy and it's bad when they spy. I'm not convinced.
tiger168
50%
50%
tiger168,
User Rank: Apprentice
7/19/2013 | 6:43:02 PM
re: Huawei Spies For China, Former NSA Director Says
"Frankly, given the overarching national security risks a foreign company helping build your national telecommunications networks creates, the burden of proof is not on us. It is on Huawei," he said. "In fact, I don't think Huawei has ever really tried hard to meet this burden of proof test."

EXCUSE ME...

But, did Cisco or any major US Network equipment companies show the burden of proof to any of the other countries it sold to to help building their telecommunication networks?

For a retired government worker, whom is desperate to earn a few chips for his lavish living, can his words be trusted??
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5104
Published: 2014-07-28
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action ...

CVE-2014-5105
Published: 2014-07-28
Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) a_country parameter in a process action to affiliate_signup.php or (2) entry_country_id parameter in an edit action to admin/create_account.php.

CVE-2014-5106
Published: 2014-07-28
Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php.

CVE-2014-5107
Published: 2014-07-28
concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations.php, (4) system/mail/importers.php, (5) system/mail/method.php, (6) system/permissions/file_types.ph...

CVE-2014-5108
Published: 2014-07-28
Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.