Huawei Technologies' volatile relationship with the U.S. government has taken an interesting twist. Two years ago, Huawei turned its focus to growing its European customer base after being hampered by security concerns in the United States (see Huawei focuses on EU after U.S. congressional grilling). This time, rather than being accused as a spy for the Chinese government yet again, Huawei is reportedly the target of hacking by the National Security Agency (NSA).

During the course of a project code-named "Shotgiant," the NSA penetrated the corporate networks of Huawei so completely that U.S. officials were able to read email from the company's CEO, download sensitive documents on more than 1,400 large Huawei customers, as well as technical data on current products and those still in development, according to documents released by former NSA contractor Edward Snowden to Der Spiegel and The New York Times.

"We currently have good access and so much data that we don't know what to do with it," according to one NSA report from 2010 quoted in Der Spiegel.

Rather than stop at simply collecting more information than it could process, however, a NSA special-operations unit bored into the company's technical data, eventually compromising servers holding source code for the firmware that runs the routers and switches Huawei builds for large corporations and telecommunications companies.

The goal was to build secret backdoors or security flaws into the source code, which Huawei would then build into its own products and distribute to a customer base so large that Huawei boasts that its products connect a third of the world's population.

"Many of our targets communicate over Huawei-produced products," according to one of those reports. "We want to make sure that we know how to exploit these products," in order to "gain access to networks of interest," according to the document.

Rather than being an anomaly, the plan to bug Huawei firmware fit neatly into an apparently ongoing NSA effort to magnify the impact of its efforts by installing bugs and backdoors into the firmware of commercial technology products to be distributed by oblivious technology vendors and sold to potential targets with no indication the NSA had ever been involved. Previously released documents report similar efforts to compromise products from Western Digital, Seagate, Maxtor, Samsung, and other, mostly U.S.-based companies.

The NSA unit involved—the Office of Tailored Access Operations (TAO), which is based in Ft. Meade, Md.—is a cadre of encryption and penetration specialists who can be called into action like a special-forces strike team to penetrate high-value targets with unusually tough security, according to Der Spiegel. A TAO sub-group known as ANT builds circuit boards disguised as USB devices or other, more subtle camouflage, which can be implanted in targeted servers and secretly broadcast everything they do to nearby NSA relay stations.

ANT has also developed bits of malware collectively referred to as "Persistence" that is designed to penetrate and install its payload in the BIOS of PCs, servers, and the firmware of routers or other networking equipment. Once installed, the payloads become part of the core operating code of the device in which they're implanted, and are reinstalled on motherboards or hard drives even after previous versions of the firmware and operating systems have been wiped and replaced, according to Der Spiegel, which got a look at the TAO catalogue of attack devices courtesy of Snowden.

There is no information available on the specific techniques the NSA used to attack either the Huawei servers or source code. The catalogue and many other reports released by Snowden were from the same period as the NSA's attacks on Huawei, making it likely the exploits and tactics used were similar to those in the Snowden documents.
It's not clear whether they were involved with the effort to bug Huawei source code, but the initial attacks on Huawei were launched after consultation with the White House intelligence coordinator and with cooperation from the FBI.

The NSA was hardly alone in worrying about digital espionage from China, or even suspicion about Huawei. A 2008 report to Congress from the U.S. Defence Department described significant increases in China's ability to attack servers belonging to Western governments and corporations, and a suddenly increasing will to do so.

Secret U.S. State Department cables published by WikiLeaks in 2011 traced a series of cyberattacks code-named "Byzantine Hades" the cables said were launched by units of the Chinese People's Liberation Army (PLA) against Western government, university, and corporate servers beginning in 2006.

U.S.-based investigators told Reuters at the time that Chinese hackers had stolen "terabytes" of sensitive data ranging from usernames and passwords to details of sophisticated weapons systems.

Huawei got plenty of attention as one of the fastest-growing networking companies in the world at the time, but was also highlighted as a possible security risk.

In 2008, prompted by Huawei's effort to break into the U.S. market by buying a stake in 3Com, the U.S. Congress launched the first of what would be two separate in-depth investigations of Huawei. The investigation was dropped after Huawei backed out of the deal with 3Com.

Suspicion was intensified by the favour shown by Chinese officials pushing some domestic companies to "go global," and by the early career of Huawei CEO Ren Zhengfei as a PLA officer and member of the Communist Party, according to a 2008 story in The Australian, which also revealed that India had cancelled plans to invest $60 million in the company during 2005 after becoming suspicious of its ties to the Chinese government.

Executives at Huawei and Chinese government officials both scoffed at the accusations.

The suspicions of members of Congress, the U.S. military, and intelligence agencies drove a year-long investigation by the US House of Representatives Permanent Select Committee on Intelligence that ultimately concluded the company "cannot be trusted to be free of foreign state influence."

The report led to legislation that banned Huawei from selling telecom gear to US agencies and, effectively, from selling into the US telecommunications market at all.

A statement from Huawei slammed the verdict for using "rumours and speculation to prove non-existent accusations," and accused Committee members of "trade protectionism masquerading as national security."

Investigations by British, Indian, and Australian government agencies also failed to turn up hard evidence of collusion between Huawei and the Chinese government. If the NSA's operation "Shotgiant" turned up hard evidence of espionage, no word of it has leaked into critical reports on Huawei by Congress, the DoD or other government agencies since 2010—the dates on the "Shotgiant" status reports.

Nevertheless, the suspicions of U.S. intelligence agencies that Huawei's networking gear could be exploited for espionage by a foreign power turn out to be entirely correct, though making the suspicions come true required intervention by those harboring them in the first place.

An NSA spokesperson didn't respond to the Shotgiant revelations specifically, but said the agency isn't in the business of industrial espionage. Chinese officials are demanding explanations for the NSA attacks alleged in the Snowden documents. A Huawei spokesman called the NSA revelations an ironic reversal and called for an end to both suspicion and spying, especially on Huawei.

"Governments should agree amongst themselves what the acceptable norm of society is in cyberspace. Monitoring private emails and stealing its property is not acceptable," Huawei spokesman William B. Plummer said in a published statement.

By: DocMemory
Copyright © 2023 CST, Inc. All Rights Reserved