Attacks/Breaches
7/19/2013
11:09 AM
50%
50%

Huawei Spies For China, Former NSA Director Says

Michael Hayden, a former NSA and CIA chief, accuses Chinese telecom equipment maker Huawei of engaging in espionage on behalf of the Chinese state.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
Chinese telecom equipment maker Huawei actively spies for the Chinese government.

That accusation was leveled by Michael Hayden, who led the CIA from 2006 to 2009, in an interview published Friday by Australia's Financial Review.

"At a minimum, Huawei would have shared with the Chinese state intimate and extensive knowledge of the foreign telecommunications systems it is involved with," said Hayden, a retired four-star Air Force general who also served as director of the National Security Agency (NSA) from 1999 to 2005. He's now a visiting professor at George Mason University's school of public policy, a principal at security consultancy Chertoff Group, and a director of Motorola Solutions.

[ Is Snowden a hero? Read NSA Prism Whistleblower Snowden Deserves A Medal. ]

Hayden refused to comment on specific "instances of espionage or any operational matters," for example, pertaining to whether the U.S. government had discovered Huawei actively eavesdropping on equipment or networks it had installed. But in his professional opinion, Huawei is engaged in espionage on behalf of the Chinese state. "Frankly, given the overarching national security risks a foreign company helping build your national telecommunications networks creates, the burden of proof is not on us. It is on Huawei," he said. "In fact, I don't think Huawei has ever really tried hard to meet this burden of proof test."

One of the top concerns related to China's largest telecommunications equipment manufacturer spying on behalf of the Chinese state is that the country's intelligence services don't limit themselves to targeting "state secrets" or political espionage. "They have a much broader definition of legitimate espionage to include intellectual property, commercial trade secrets and the negotiating positions of private entities," Hayden said. "In other words, they don't limit themselves in the way we do in the English-speaking community."

Accordingly, the former NSA director saluted the House of Representatives Permanent Select Committee on Intelligence report on Huawei and ZTE, released in October 2012, which found that "these guys are not even transparent to themselves," he said. "There's no transparency around who appoints the board of directors or controls the ownership of the business. And there's no independent Chinese government oversight committee that could give us continuing confidence that Huawei or ZTE would not do what they promised not to do."

The House report led to a ban on U.S. government agencies buying equipment from Huawei or ZTE without prior approval from the FBI. The report's findings also influenced U.S. businesses. According to a study conducted by InformationWeek earlier this year, 37% of surveyed businesses said the findings were major cause for concern, while 34% said the results represented a deal-breaker.

But what of U.S. espionage? Asked about the need for Prism and other NSA surveillance programs, and how they differed from Chinese espionage operations, the former NSA director first offered unabashed support for the former. "I fully admit: we steal other country's secrets. And frankly we're quite good at it," he said. "But the reason we steal these secrets is to keep our citizens free, and to keep them safe. We don't steal secrets to make our citizens rich. Yet this is exactly what the Chinese do."

The details on those NSA programs were leaked, of course, by former NSA contractor Edward Snowden, who fled Hawaii for Hong Kong in May 2013, before flying to Moscow, where he requested temporary asylum earlier this week.

But how did Snowden, an infrastructure analyst, have access to such a wealth of information pertaining to so many different NSA monitoring programs?

The answer arrived Thursday, thanks to Microsoft SharePoint. "This leaker was a system administrator who was trusted with moving information to actually make sure the right information was on the SharePoint servers that NSA Hawaii needed," said NSA director Keith Alexander Thursday in a media briefing at the Aspen Security Forum in Colorado. Obviously, even spies need to store their secrets somewhere.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
tiger168
50%
50%
tiger168,
User Rank: Apprentice
7/19/2013 | 6:43:02 PM
re: Huawei Spies For China, Former NSA Director Says
"Frankly, given the overarching national security risks a foreign company helping build your national telecommunications networks creates, the burden of proof is not on us. It is on Huawei," he said. "In fact, I don't think Huawei has ever really tried hard to meet this burden of proof test."

EXCUSE ME...

But, did Cisco or any major US Network equipment companies show the burden of proof to any of the other countries it sold to to help building their telecommunication networks?

For a retired government worker, whom is desperate to earn a few chips for his lavish living, can his words be trusted??
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
7/19/2013 | 11:45:45 PM
re: Huawei Spies For China, Former NSA Director Says
Hayden's argument in a nutshell: It's good when we spy and it's bad when they spy. I'm not convinced.
builder7
50%
50%
builder7,
User Rank: Apprentice
7/20/2013 | 10:20:17 PM
re: Huawei Spies For China, Former NSA Director Says
Huawei is probably spying for the Chinese intelligence services like Microsoft is spying for the U.S. intelligence services of the NSA. If private companies are going to be entwined with the government, rather than strictly free enterprise where private is private and public is public. We used to complain that the Chinese system had block informers as well as other types in an organized system to determine people's loyalty. Guess who does that now and monitors every phone call, email, and snail mail? It seems like a paranoid world now because we live in a militaristic country that is turning no free. They could have left that behind and just lived life for everybody but they chose this violence path, so what would one expect?

SharePoint is probably one of the worst solutions to protect data because it is designed for the user who does not have any knowledge of computers. It is supposed to be an Internet portal, not a secure document repository, although it does have those capabilities. A program like Documentum would probably work better if it is transmitted using SSL and encrypted.
Number 6
50%
50%
Number 6,
User Rank: Apprentice
7/22/2013 | 6:05:14 PM
re: Huawei Spies For China, Former NSA Director Says
"I fully admit: we steal other country's secrets. And frankly we're quite good at it. But the reason we steal these secrets is to keep our citizens free, and to keep them safe. We don't steal secrets to make our citizens rich. Yet this is exactly what the Chinese do."
LOL. And making citizens rich is bad why? :)
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
DNS Threats: What Every Enterprise Should Know
Domain Name System exploits could put your data at risk. Here's some advice on how to avoid them.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.