Attacks/Breaches
7/19/2013
11:09 AM
50%
50%

Huawei Spies For China, Former NSA Director Says

Michael Hayden, a former NSA and CIA chief, accuses Chinese telecom equipment maker Huawei of engaging in espionage on behalf of the Chinese state.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
Chinese telecom equipment maker Huawei actively spies for the Chinese government.

That accusation was leveled by Michael Hayden, who led the CIA from 2006 to 2009, in an interview published Friday by Australia's Financial Review.

"At a minimum, Huawei would have shared with the Chinese state intimate and extensive knowledge of the foreign telecommunications systems it is involved with," said Hayden, a retired four-star Air Force general who also served as director of the National Security Agency (NSA) from 1999 to 2005. He's now a visiting professor at George Mason University's school of public policy, a principal at security consultancy Chertoff Group, and a director of Motorola Solutions.

[ Is Snowden a hero? Read NSA Prism Whistleblower Snowden Deserves A Medal. ]

Hayden refused to comment on specific "instances of espionage or any operational matters," for example, pertaining to whether the U.S. government had discovered Huawei actively eavesdropping on equipment or networks it had installed. But in his professional opinion, Huawei is engaged in espionage on behalf of the Chinese state. "Frankly, given the overarching national security risks a foreign company helping build your national telecommunications networks creates, the burden of proof is not on us. It is on Huawei," he said. "In fact, I don't think Huawei has ever really tried hard to meet this burden of proof test."

One of the top concerns related to China's largest telecommunications equipment manufacturer spying on behalf of the Chinese state is that the country's intelligence services don't limit themselves to targeting "state secrets" or political espionage. "They have a much broader definition of legitimate espionage to include intellectual property, commercial trade secrets and the negotiating positions of private entities," Hayden said. "In other words, they don't limit themselves in the way we do in the English-speaking community."

Accordingly, the former NSA director saluted the House of Representatives Permanent Select Committee on Intelligence report on Huawei and ZTE, released in October 2012, which found that "these guys are not even transparent to themselves," he said. "There's no transparency around who appoints the board of directors or controls the ownership of the business. And there's no independent Chinese government oversight committee that could give us continuing confidence that Huawei or ZTE would not do what they promised not to do."

The House report led to a ban on U.S. government agencies buying equipment from Huawei or ZTE without prior approval from the FBI. The report's findings also influenced U.S. businesses. According to a study conducted by InformationWeek earlier this year, 37% of surveyed businesses said the findings were major cause for concern, while 34% said the results represented a deal-breaker.

But what of U.S. espionage? Asked about the need for Prism and other NSA surveillance programs, and how they differed from Chinese espionage operations, the former NSA director first offered unabashed support for the former. "I fully admit: we steal other country's secrets. And frankly we're quite good at it," he said. "But the reason we steal these secrets is to keep our citizens free, and to keep them safe. We don't steal secrets to make our citizens rich. Yet this is exactly what the Chinese do."

The details on those NSA programs were leaked, of course, by former NSA contractor Edward Snowden, who fled Hawaii for Hong Kong in May 2013, before flying to Moscow, where he requested temporary asylum earlier this week.

But how did Snowden, an infrastructure analyst, have access to such a wealth of information pertaining to so many different NSA monitoring programs?

The answer arrived Thursday, thanks to Microsoft SharePoint. "This leaker was a system administrator who was trusted with moving information to actually make sure the right information was on the SharePoint servers that NSA Hawaii needed," said NSA director Keith Alexander Thursday in a media briefing at the Aspen Security Forum in Colorado. Obviously, even spies need to store their secrets somewhere.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Number 6
50%
50%
Number 6,
User Rank: Apprentice
7/22/2013 | 6:05:14 PM
re: Huawei Spies For China, Former NSA Director Says
"I fully admit: we steal other country's secrets. And frankly we're quite good at it. But the reason we steal these secrets is to keep our citizens free, and to keep them safe. We don't steal secrets to make our citizens rich. Yet this is exactly what the Chinese do."
LOL. And making citizens rich is bad why? :)
builder7
50%
50%
builder7,
User Rank: Apprentice
7/20/2013 | 10:20:17 PM
re: Huawei Spies For China, Former NSA Director Says
Huawei is probably spying for the Chinese intelligence services like Microsoft is spying for the U.S. intelligence services of the NSA. If private companies are going to be entwined with the government, rather than strictly free enterprise where private is private and public is public. We used to complain that the Chinese system had block informers as well as other types in an organized system to determine people's loyalty. Guess who does that now and monitors every phone call, email, and snail mail? It seems like a paranoid world now because we live in a militaristic country that is turning no free. They could have left that behind and just lived life for everybody but they chose this violence path, so what would one expect?

SharePoint is probably one of the worst solutions to protect data because it is designed for the user who does not have any knowledge of computers. It is supposed to be an Internet portal, not a secure document repository, although it does have those capabilities. A program like Documentum would probably work better if it is transmitted using SSL and encrypted.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
7/19/2013 | 11:45:45 PM
re: Huawei Spies For China, Former NSA Director Says
Hayden's argument in a nutshell: It's good when we spy and it's bad when they spy. I'm not convinced.
tiger168
50%
50%
tiger168,
User Rank: Apprentice
7/19/2013 | 6:43:02 PM
re: Huawei Spies For China, Former NSA Director Says
"Frankly, given the overarching national security risks a foreign company helping build your national telecommunications networks creates, the burden of proof is not on us. It is on Huawei," he said. "In fact, I don't think Huawei has ever really tried hard to meet this burden of proof test."

EXCUSE ME...

But, did Cisco or any major US Network equipment companies show the burden of proof to any of the other countries it sold to to help building their telecommunication networks?

For a retired government worker, whom is desperate to earn a few chips for his lavish living, can his words be trusted??
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: nice post
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1750
Published: 2015-07-01
Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as cross-sit...

CVE-2014-1836
Published: 2015-07-01
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.

CVE-2015-0848
Published: 2015-07-01
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

CVE-2015-1330
Published: 2015-07-01
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vecto...

CVE-2015-1950
Published: 2015-07-01
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report