US Asks Foreign Allies To Avoid Huawei (cnet.com) 185
The US government is reportedly trying to persuade its foreign allies' wireless and internet providers to avoid Huawei equipment. From a report: Officials have spoken to their counterparts and telecom bosses in Germany, Italy, Japan and other friendly countries where the Chinese company's equipment is already in use, the Wall Street Journal reported, citing unnamed sources. The US is reportedly particularly worried about the use of Huawei equipment in countries with American military bases, since most nonsensitive communication travels via commercial networks, and it's concerned about Chinese meddling.
So they won't cooperate with the NSA? (Score:5, Insightful)
You can't buy this kind of premium advertising.
Re:So they won't cooperate with the NSA? (Score:5, Interesting)
You can't buy this kind of premium advertising.
I've had a couple of Huawei's 4G usb/wifi connectors. Thus far they have turned both turned out to be a complete and utter pile of crap so the US Govt. is preaching to the converted as far as I am concerned since I am already avoiding Huawei products like the bubonic plague.
Re: (Score:2)
Dammit! I've been trying to get (hold of) the bubonic plague for some time. Where are you avoiding it so I can get me some (lemme know in the comments' section).
CAP === 'parlor'
Over 80% of United States plague cases have been bubonic plague: https://www.cdc.gov/plague/map... [cdc.gov] ... now have fun with it.
Re: (Score:2)
Otherwise, you can go to any undeveloped nation and find it in various mammals.
Re:So they won't cooperate with the NSA? (Score:5, Interesting)
One vendor is typically from a Five Eyes country (there's only so many options for this kind of hardware), and the other absolutely will not be - internal firewalls may also be deployed. Rulesets on both with be default deny, and both will be actively monitored for suspicious traffic coming from the other as part of the standard IDS/IPS setup. Even if both are backdoored on behalf of their manufacturer's governments, it's going to be very hard for either country's security services to get into the network through both firewalls, or to successfully exfiltrate data from a compromised box on the inside.
Well, that's the theory at least. If one or both know about the other's backdoors (which is why this is such a terrible idea in the first place, because sooner or later they probably will) then all bets are off.
Re: (Score:1)
Or you just go with a different vendor like Palo Alto or Sonicwall which thus far have not been subject to these problems. Dual vendor firewall solutions are a nightmare scenario. Most companies can barely manage one firewall product much less a second product from an entirely different vendor.
This is why you deployed HIDS as well as NIDS and use a proper SIEM to alert you if any configurations are modified. NIDS will also find any hidden communications from your hypothetical supermicro server sending info
Re: So they won't cooperate with the NSA? (Score:3)
If your network is important enough, and you don't have the resources to build your own equipment from the ground-up, layering is the only way to mitigate these hardware backdoors. You won't close them, oh no... But now an attacker needs to get through 2 doors instead of 1.
Re:So they won't cooperate with the NSA? (Score:4, Insightful)
Explain this reasoning.... how is a foreign backdoor preferable to a domestic one?
Re: (Score:1)
the foreign entities are outside of your jurisdiction
Re: (Score:2, Insightful)
Re: (Score:1)
Because the Chinese government can't use any information it has on me against me. The Chinese government can't arrest me for wrongthink. That's why a foreign backdoor is preferable to a domestic one.
Re: (Score:2)
China and Russia do this heavily. And if you think that a foreign backdoor is preferable to a domestic one, then you have NO clue of what is going on in the world. At times, I wish that ppl like you could see/hear some of what goes on. You would understand that in general there is a real reason why the western nations, along with Japan/S. Korea, are banded together and de
Re: (Score:2)
Re: (Score:2)
What does you scare more? Hearing from some devastating natural disaster that's happening on the other side of the world. Or hearing from a devastating natural disaster that happening inside your country is headed your way?
Now I don't know how you would answer that question. But a lot of people would probably be more concerned when something like that goes down in their neighbourhood. Things that happen in your vicinity are a more immediate concern to most people.
Convers
Re: (Score:2)
Re: (Score:2)
You don't bring the foreign "disaster" to your neighbourhood as you don't grant them jurisdiction over you or your neighbourhood just by owning a device that was compromised by them. So unless you plan to go to China yourself or some other place that puts you within the reach of Chinese authorities, what can they do to y
Re: (Score:2)
Actually, that was *exactly* the point of my question. For the same reason that any backdoor that might be intended only for use by legitimate law enforcement would certainly be exploited by nefarious individuals as well, whether because of the almost inevitable leaks or through hacking efforts or what you, any backdoor
Re: (Score:2)
But I think your reasoning appears to rely on the premise that a backdoor planted by the Chinese government is inherently less secure than a backdoor planted by authorities like the NSA. And therefore the Chinese backdoor would be more prone to exploitation, which then outweighs the dangers that may come from surveillances by a local authority. Feel free to correct an
Re: (Score:2)
I wouldn't suggest that it is any less secure, but I think it's unlikely to be more secure... and so would be vulnerable to nefarious entities exactly as any domestic backdoor would be.
Further, all other things equal, the NSA I believe is more likely to be fairer even to those it may persecute than the Chinese government would be. I realize that the Chinese government is far away and not able to significantly impact you or I right now, but I feel that when something wrong is happening, wanting to ign
Re: (Score:3)
Domestic spies can make my life much worse than ones who have no jurisdiction.
Re: (Score:3)
Explain this reasoning.... how is a foreign backdoor preferable to a domestic one?
The Chinese government isn't going to try to arrest a US citizen in his own home, put them on a no-fly list because they read the Koran once, or whatever.
Re: (Score:2)
Re: (Score:3)
What will the Chinese secret service do if I google the wrong topics?
And now, what will the NSA do?
And which of the two do you think will have more impact on my quality of life?
Re: (Score:2)
Please explain how, exactly, a backdoor that is usable by the chinese could not also be usable by the NSA.
Leaks happen. Hacks happen. Backdoors are inevitably found, with enough time.
Re: (Score:2)
Well, considering that all that crap is made in China anyway, it essentially means that the NSA has to jump over one more hurdle to get to my data. China has it anyway.
Re: (Score:2)
Re: (Score:2)
Maybe by Trump supporters. Outside of America there is no contest.
America is not even in the running. If you want Quality, you buy European or Japanese. If you want cheap, you buy Chinese. Nobody buys American.
A quick trip round my house:
European products: 50%
Chinese products: 30%
Japanese products: 10%
Unidentifiable/Korean/other: 10%
American products: 0%
Obviously, I live in Europe.
Looking in the streets outside, almost every
Re: (Score:2)
Re: (Score:2)
OTOH, The Chinese gov can and WILL use that evidence against you to turn you against America. For example, if they can get evidence that makes it look like you committed murder of some scientists, they might fabricate a bit more and then approach you and blackmail you
Re: (Score:2)
Explain this reasoning.... how is a foreign backdoor preferable to a domestic one?
Furthermore, if you're the Germans, who do you trust the least, the Americans or the Chinese? The Germans already have over 30,000 US soldiers on its soil that it willing supports. Would the Germans be willing to do that with the Chinese? The US has been outed spying on Germans, including Merkel herself, and yet Merkel has still emphasized the importance of future US-German intelligence cooperation [wsj.com]. Would the Germans have that same attitude toward the Chinese?
And this is only considering political and m
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
If you're a US citizen, the NSA can snatch you out the stree, the Chinese government can't.
Boom.
Re: (Score:2)
The NSA can not touch a single American. They are NOT allowed to do that. And Chinese gov. DOES grab ppl from foreign soils. So does America, but China/Russia do it far far more.
Re: (Score:3)
Re: (Score:2)
But owing to the inherent insecurities that backdoors of *ANY* kind can cause, any backdoor that is usable by the chinese could be invaded upon by the NSA anyways, either because of leaks, or simply as the result of a successul hacking effort, etc.
There is no objectively justifiable rationale for preferring a foreign backdoor to a domestic one, and in some ways it could be worse in that it may impact your ability to travel as well.
The only justifiable reason I can see for thinking it is somehow better
depends on what you are up to (Score:2)
OTOH, if that does not apply to you, you can get networking gear from America, Canada, Spain, Germany, France, Australia, Japan, S. Korea, etc.
Re: (Score:2)
Re: (Score:2)
The Chinese are not the good guys (Score:5, Insightful)
Even if we assume that the Chinese have a backdoor into that equipment, it's better than the NSA/GCHQ having a backdoor into it.
I really have to point this out: the Chinese government are really NOT the good guys.
Yeah, the slashdot echo chamber says over and over "NSA bad!", but, really, learn something about what the Chinese government is doing to see some serious repression.
Re: (Score:3, Insightful)
Sure, but if you live in the USA, the Chinese aren't the ones who can put you in jail.
Re: (Score:3)
G. Bush allowed (this is well documented, BTW) allowed the Chinese to assassinate a dissonant reporter on U.S. soil.
The phrase "this is well documented", posted without any documentation, can be translated as meaning "this is not documented; I heard it from some conspiracy paranoid on the internet somewhere".
China does execute more people than rest of world combined [independent.co.uk]
Re: (Score:2)
Yeah, the slashdot echo chamber says over and over "NSA bad!", but, really, learn something about what the Chinese government is doing to see some serious repression.
They're not doing it to me or anybody I know. The NSA/GCHQ just might.
Re: (Score:3)
Yes, the Chinese government is a million times worse than the US one. The story about getting an automatic ticket when crossing the road while the traffic light shows red because their CCTV with facial recognition is linked to their passport database alone is creepy to say the least.
And a swine flu pandemic in Asia certainly is more critical than a common flu over here. Yet I'd be more concerned of getting the common flu over here because I rarely travel to Asia. And I'm more concerned about an agency that
Re: (Score:1)
The U.S. government has directly and indirectly killed over a hundred thousand women, children, and other civilians, in the Middle East in the last 15 years. There's nothing that Chinese government has done that would put them close to being worse than the U.S. government.
Re: (Score:2)
True, the Chinese prefer to do that to their own people [wikipedia.org].
More considerate to the world, granted, but then again, does it really matter that much where the humans are from that are being killed?
Re: (Score:2)
The Chinese government aren't good guys either, but they don't have any jurisdiction over me either.
Of course I build my own network hardware these days.
Re: (Score:2)
Re: (Score:2)
https://www.theguardian.com/bo... [theguardian.com]
However, the 96% of the worlds population who are NOT US citizens would like to invoke Trumpian politics and say "USA LAST" and this trade war is yours, not ours. Also No deal with the US is better than a bad deal with the US.
Re: (Score:1)
Re: (Score:3)
Well, probably the only one that fails to grease the right palms.
Re: (Score:2)
Even if we assume that the Chinese have a backdoor into that equipment, it's better than the NSA/GCHQ having a backdoor into it.
Yep. Unless you're a company who competes directly with Chinese imports or something.
For home use? Chinese all the way!
Re: (Score:2)
Re: So they won't cooperate with the NSA? (Score:2)
How is it better? While legally speaking it's better I suppose, it seems to me I'd rather have my data abused to serve American interests rather than Chinese.
Re: (Score:2)
Re: (Score:2)
Your own locally made switches and routers.
Re: So they won't cooperate with the NSA? (Score:2)
They might get a miniscule PR bump from not going along with this backbone upgrade idea. We know Apple's shills still hammer on th
Of course! (Score:5, Insightful)
If people use Huawei, the NSA-Backdoors (e.g. Cisco) are not present! They cannot have that...
Re: (Score:1)
If people use Huawei, the NSA-Backdoors (e.g. Cisco) are not present! They cannot have that...
No, if the Chinese have a backdoor into Huawei phones, you can assume that the NSA has found it and is piggybacking on it. Don't assume that just because the Chinese compromised a model, that it's not being listened to by the NSA.
Backdoor (Score:3, Informative)
USA asks countries to only use NSA backdoored equipment.
Why? (Score:2)
For most users the difference between American or Chinese backdoors in their hardware means jack shit!
Cool I'm safe (Score:5, Funny)
Re: (Score:1)
Slashdot, please disable code/monotype tags.
Re: (Score:2)
Re: (Score:3)
I did not miss the sarcasm, but I think this is abusing the code/monotype tag. As AC said above, I see it as "vanity plates" for comments, i.e. "look at me, I'm different!"
Re: Cool I'm safe (Score:2)
Re: (Score:2)
Bullshit ... (Score:1)
This is complete and utter bullshit, because Trump has decided America has no foreign allies.
Tell you what, we don't care what the US says any more, so stop trying to dictate to us and fuck off.
Signed, everybody-but-America-first because we don't give a fuck about what you want.
Allies my fucking ass, Trump has pretty much stated there is no such thing. And, no, we're not just going to forgive and forget this time.
No evidence, no proof, no oversight (Score:4, Interesting)
If the US government has information that Huawei is nefarious, why not present the evidence? Instead, we must trust the say-so of an organization that asserts the right to snoop on it's own citizens, to drone-strike them without trial, and to prosecute non-US whistleblowers.
I realize that the Chinese are not innocent, but from the point of view of an American they are the lesser of two evils.
Re:No evidence, no proof, no oversight (Score:5, Insightful)
I realize that the Chinese are not innocent, but from the point of view of an American they are the lesser of two evils.
Only an ignorant American. Our government may be just as stupid, corrupt and evil as China's but their respective methods of maintaining control differ enough that it's obvious which regime people usually try to escape from... and which one* they try to escape to.*
*Media grandstanding notwithstanding (say that fast)
Re: No evidence, no proof, no oversight (Score:3)
I think the question is different... as a private US individual just doing my own stuff unrelated to national security, I'd prefer to be spied upon by the Chinese rather than the US government, simply because they won't care about most of the things I do.
Re: (Score:1)
Re: (Score:2)
+1000.
If I had mod points, you'd get them.
Re: (Score:2)
Re: No evidence, no proof, no oversight (Score:2)
Bleeding the bank accounts or trashing the credit of random unimportant citizens would be a nice way to throw a wrench in the US economy, as well. This could be arranged so that each instance looks like "normal" fraud. (Funnily enough the US does have double the bank/CC fraud of anyone else by most measures...)
And now, the modern miracle of social media has enabled targeted misinforma
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
As an American living in the U.S. not handling classified material, Chinese spying is not much of a personal concern. If I was Chinese or living in China, it would bve much more concerning personally.
Re: (Score:2)
I realize that the Chinese are not innocent, but from the point of view of an American they are the lesser of two evils.
More importantly, from the POV of the american government, the backdoors your manufacturers added and told you about are better than the backdoors foreign manufacturers added and didn't tell you about.
Re: (Score:2)
Likely to protect the inside source of of the intelligence. The Chinese government isn’t exactly known for exorcising due process and the protection of human and civil rights.
Well, yes, if the Chinese figure out how the US got their information, people will die. http://www.thedrive.com/the-war-zone/22952/chinas-dismantling-of-cia-spy-ring-highlights-growing-dystopian-like-surveillance-state [thedrive.com], https://www.businessinsider.com/how-china-found-cia-spies-leak-2018-8 [businessinsider.com]
--
(*"exercising", I think. Although "exorcising due process" is an apt bon mot)
Interesting (Score:1)
I understand other nations have asked the US to cooperate in other affairs, being rebuked. Now comes the US asking for cooperation, I wonder how that will go?
Pre-Existing Meddling (Score:1)
If these countries wanted to avoid meddling by foreign powers, they might start with throwing out the US military bases.
Re: (Score:2)
Commercial networks ... (Score:2)
Re: (Score:2)
First, that's a pretty big assumption. And if true, then what good would securing the middle of the network be? (the place you'd find the Huawei equipment.)
I'm confused (Score:3)
Any phone is easy to monitor... (Score:2)
...there are PLENTY of Darkhat Youtube videos out there that will tell you in DETAIL how to do it, just with a little patience and 2 hours on your hands, you can do it to your OWN PHONE PLEASE just to get the idea of you being "protected" by a particular country out of your head, if you REALLY want to know - that is.
Anyway, I have a lot of smartphones, and I got the Huawei Pro 20 for the Camera, but what surprises me is how snappy it is in comparison to all the other phones, to me - that indicates less bloa
NSA installing spyware on Cisco routers (Score:1)
Everyone still remembers the information about NSA installing spyware on Cisco routers, right? Maybe sales and thus information from such have strangely decreased? So let's call an ad-campaign!
How not to get spied on (Score:2)
Got skilled scientists and lots of new patents? Winning international contracts with real innovation and actual skill? Can your company win a bid on price and quality?
Got smart staff who can out think the global competition as they got promoted on merit?
Selling dual use https://en.wikipedia.org/wiki/... [wikipedia.org] products globally?
Understand what the NSA, GCHQ, Chain, EU wants from deep in your electronic networks.
Have nothing of future interest on your internet facing networks o
So *now* we are "Foreign Allies... (Score:1)
manufactured in China (Score:2)
What is the difference between a Chinese company and an American company that manufactures in China? It seems like either can have a Chinese backdoor. But I suppose it's easier for the NSA to put a backdoor into an American company's product.