Attacks/Breaches
7/19/2013
11:09 AM
Connect Directly
RSS
E-Mail
50%
50%

Huawei Spies For China, Former NSA Director Says

Michael Hayden, a former NSA and CIA chief, accuses Chinese telecom equipment maker Huawei of engaging in espionage on behalf of the Chinese state.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
Chinese telecom equipment maker Huawei actively spies for the Chinese government.

That accusation was leveled by Michael Hayden, who led the CIA from 2006 to 2009, in an interview published Friday by Australia's Financial Review.

"At a minimum, Huawei would have shared with the Chinese state intimate and extensive knowledge of the foreign telecommunications systems it is involved with," said Hayden, a retired four-star Air Force general who also served as director of the National Security Agency (NSA) from 1999 to 2005. He's now a visiting professor at George Mason University's school of public policy, a principal at security consultancy Chertoff Group, and a director of Motorola Solutions.

[ Is Snowden a hero? Read NSA Prism Whistleblower Snowden Deserves A Medal. ]

Hayden refused to comment on specific "instances of espionage or any operational matters," for example, pertaining to whether the U.S. government had discovered Huawei actively eavesdropping on equipment or networks it had installed. But in his professional opinion, Huawei is engaged in espionage on behalf of the Chinese state. "Frankly, given the overarching national security risks a foreign company helping build your national telecommunications networks creates, the burden of proof is not on us. It is on Huawei," he said. "In fact, I don't think Huawei has ever really tried hard to meet this burden of proof test."

One of the top concerns related to China's largest telecommunications equipment manufacturer spying on behalf of the Chinese state is that the country's intelligence services don't limit themselves to targeting "state secrets" or political espionage. "They have a much broader definition of legitimate espionage to include intellectual property, commercial trade secrets and the negotiating positions of private entities," Hayden said. "In other words, they don't limit themselves in the way we do in the English-speaking community."

Accordingly, the former NSA director saluted the House of Representatives Permanent Select Committee on Intelligence report on Huawei and ZTE, released in October 2012, which found that "these guys are not even transparent to themselves," he said. "There's no transparency around who appoints the board of directors or controls the ownership of the business. And there's no independent Chinese government oversight committee that could give us continuing confidence that Huawei or ZTE would not do what they promised not to do."

The House report led to a ban on U.S. government agencies buying equipment from Huawei or ZTE without prior approval from the FBI. The report's findings also influenced U.S. businesses. According to a study conducted by InformationWeek earlier this year, 37% of surveyed businesses said the findings were major cause for concern, while 34% said the results represented a deal-breaker.

But what of U.S. espionage? Asked about the need for Prism and other NSA surveillance programs, and how they differed from Chinese espionage operations, the former NSA director first offered unabashed support for the former. "I fully admit: we steal other country's secrets. And frankly we're quite good at it," he said. "But the reason we steal these secrets is to keep our citizens free, and to keep them safe. We don't steal secrets to make our citizens rich. Yet this is exactly what the Chinese do."

The details on those NSA programs were leaked, of course, by former NSA contractor Edward Snowden, who fled Hawaii for Hong Kong in May 2013, before flying to Moscow, where he requested temporary asylum earlier this week.

But how did Snowden, an infrastructure analyst, have access to such a wealth of information pertaining to so many different NSA monitoring programs?

The answer arrived Thursday, thanks to Microsoft SharePoint. "This leaker was a system administrator who was trusted with moving information to actually make sure the right information was on the SharePoint servers that NSA Hawaii needed," said NSA director Keith Alexander Thursday in a media briefing at the Aspen Security Forum in Colorado. Obviously, even spies need to store their secrets somewhere.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
tiger168
50%
50%
tiger168,
User Rank: Apprentice
7/19/2013 | 6:43:02 PM
re: Huawei Spies For China, Former NSA Director Says
"Frankly, given the overarching national security risks a foreign company helping build your national telecommunications networks creates, the burden of proof is not on us. It is on Huawei," he said. "In fact, I don't think Huawei has ever really tried hard to meet this burden of proof test."

EXCUSE ME...

But, did Cisco or any major US Network equipment companies show the burden of proof to any of the other countries it sold to to help building their telecommunication networks?

For a retired government worker, whom is desperate to earn a few chips for his lavish living, can his words be trusted??
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
7/19/2013 | 11:45:45 PM
re: Huawei Spies For China, Former NSA Director Says
Hayden's argument in a nutshell: It's good when we spy and it's bad when they spy. I'm not convinced.
builder7
50%
50%
builder7,
User Rank: Apprentice
7/20/2013 | 10:20:17 PM
re: Huawei Spies For China, Former NSA Director Says
Huawei is probably spying for the Chinese intelligence services like Microsoft is spying for the U.S. intelligence services of the NSA. If private companies are going to be entwined with the government, rather than strictly free enterprise where private is private and public is public. We used to complain that the Chinese system had block informers as well as other types in an organized system to determine people's loyalty. Guess who does that now and monitors every phone call, email, and snail mail? It seems like a paranoid world now because we live in a militaristic country that is turning no free. They could have left that behind and just lived life for everybody but they chose this violence path, so what would one expect?

SharePoint is probably one of the worst solutions to protect data because it is designed for the user who does not have any knowledge of computers. It is supposed to be an Internet portal, not a secure document repository, although it does have those capabilities. A program like Documentum would probably work better if it is transmitted using SSL and encrypted.
Number 6
50%
50%
Number 6,
User Rank: Apprentice
7/22/2013 | 6:05:14 PM
re: Huawei Spies For China, Former NSA Director Says
"I fully admit: we steal other country's secrets. And frankly we're quite good at it. But the reason we steal these secrets is to keep our citizens free, and to keep them safe. We don't steal secrets to make our citizens rich. Yet this is exactly what the Chinese do."
LOL. And making citizens rich is bad why? :)
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

CVE-2012-5487
Published: 2014-09-30
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

CVE-2012-5488
Published: 2014-09-30
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

CVE-2012-5489
Published: 2014-09-30
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.