Chinese Spies Accused of Using Huawei in Secret Australia Telecom Hack bloomberg.com/news/articles/…
This is a really great story from @business and congrats to the reporters for getting the story. A few comments:
1) At its core, this is a story of a Chinese government HUMINT operation that saw intel agencies push compromised software updates to operator networks
1) At its core, this is a story of a Chinese government HUMINT operation that saw intel agencies push compromised software updates to operator networks
2) Subsequently, tipped off by this, US agencies saw similar activities targeting Huawei equipment in the USA. This is part of what has led to the drumbeat of ‘we can’t trust Huawei equipment in our networks’. (Me: I’m curious about Canadian, UK, and New Zealand networks!)
3) The other elements of the concerns are significantly associated with the wide swathe of incidental (i.e., not deliberately planted) vulnerabilities that have been found in Huawei equipment, such as by the UK HCSEC (see: gov.uk/government/pub…)
What can we take away from this?
First, the Bloomberg article actually runs counter to the idea that Huawei was controlled by, operated by, or unduly influenced by the Chinese government at the time of the HUMINT operations in 2012 or so.
First, the Bloomberg article actually runs counter to the idea that Huawei was controlled by, operated by, or unduly influenced by the Chinese government at the time of the HUMINT operations in 2012 or so.
Why? Because if you need to impersonate Huawei technicians to deploy implants, and do so without knowledge of execs, then it’s hard to say that the company writ large (or its executive staff) were complicit.
Second, this kind of operation (at the time) was presumably higher-cost/risk. HUMINT can be dicey and if you’re caught it can be pretty apparent. That doesn’t mean a HUMINT operation isn’t serious, but that they tend to be higher stakes and require a lot of prep and planning.
Third, it’s worth noting that the NSA conducted *similar if not identical* operations when they interdicted equipment to implant it before sending it along to its destination. Which is to say that multiple agencies have been playing at this game, including Western agencies.
Forth, the CSE Act (see: laws-lois.justice.gc.ca/PDF/C-35.3.pdf) that was passed into law in 2019 includes language which authorizes @cse_cst to do “anything that is reasonably necessary to maintain the covert nature of the [foreign intelligence] activity” (26(2)(d)).
The language in the CSE Act, at a minimum, raises the prospect that the CSE could also undertake operations paralleling the NSA and, in theory, the Chinese government. (There is a question of whether this was new power or a legislative formalization of an existing secret one.)
None of this is to detract from the seriousness of the Chinese government’s alleged operations towards Australian & US telecom networks. And it’s possible there’s been change in the relationship between Huawei & the Chinese government, such that it is truly captured now.
But what the reporting makes clear is that Huawei circa 2012 didn’t appear captured by the Chinese government given the government’s reliance on HUMINT ops. And, moreover, that the activities being undertaken by the Chinese government were paralleled by Western governments.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
