Huawei Can Covertly Access Telecom Networks, US Officials Say (wsj.com) 133
U.S. officials say Huawei can covertly access mobile-phone networks around the world through "back doors" designed for use by law enforcement [Editor's note: the link may be paywalled; an alternative source was not immediately available.], as Washington tries to persuade allies to exclude the Chinese company from their networks. From a report: Intelligence shows Huawei has had this secret capability for more than a decade, U.S. officials said. Huawei rejected the allegations. The U.S. kept the intelligence highly classified until late last year, when American officials provided details to allies including the U.K. and Germany, according to officials from the three countries. That was a tactical turnabout by the U.S., which in the past had argued that it didn't need to produce hard evidence of the threat it says Huawei poses to nations' security. When telecom-equipment makers build and sell hardware such as switching gear, base stations and antennae to carriers -- who assemble the networks that enable mobile communication and computing -- they are required by law to build into their hardware ways for authorities to access the networks for lawful purposes. They are also required to build equipment in such a way that the manufacturer can't get access without the consent of the network operator. Only law-enforcement officials or authorized officials at each carrier are allowed into these "lawful interception interfaces," generally with the carrier's permission. Such access is governed by laws and protocols specific to each country. U.S. officials say Huawei has built equipment that secretly preserves the manufacturer's ability to access networks through these interfaces without the carriers' knowledge.
pot calling kettle? (Score:2)
Re: pot calling kettle? (Score:2)
Re: (Score:2)
Re: (Score:2)
Hypocrisy is not a logical fallacy merely a tool of persuasive impact with no genuine logical basis. The US is not China, what the US does or does not do has no impact on whether or not it is okay for China to do it.
In other words, those who have claimed there is no evidence or security issue were wrong and they are trying to deflect and defend their original position instead of doing the sane thing in response to finding out they were incorrect. Just because it turned out people who claimed there was no ev
Re:pot calling kettle? (Score:5, Insightful)
Actually, it does. This is along the same lines when people say the U.S. should use torture to try and extract information, despite all the evidence showing it doesn't work.
If we say it's okay for us to do it, then we cannot complain when another country does it. Either we set the standard and abide by that standard, or we abandon our hypocrisy at saying one thing while doing the very thing we said shouldn't be done.
If we're saying it's not acceptable to use products which have backdoors in them, put there at the direction of a government, we can't then tell U.S. tech companies to put backdoors in their products which will allow access for the U.S. government.
Re: (Score:1)
"If we say it's okay for us to do it, then we cannot complain when another country does it."
Your logic is faulty. We absolutely could complain when another country does it. They are not all the same and interchangeable and we are not bound for the same standard to apply despite their differences. The United States and China do not have the same history. China has enslaved it's people and brutally murdered the surounding peoples pretending their nations were part of China all along. The US has expended incre
Re: (Score:3, Insightful)
>The United States and China do not have the same history. China has enslaved it's people and brutally murdered the surounding peoples pretending their nations were part of China all along.
African-Americans and native peoples might disagree with your broad-stroke painting of US history there...
Re: (Score:2)
Pretending the actions of people hundreds of years ago when most of the world had different standards and norms are comparable to today when China still commits atrocities.
"African-Americans and native peoples might disagree with your broad-stroke painting of US history there.."
Yes, even if they mostly would complain so they can exploit history to get unfair advantages and reparations today. And really who could blame them? It's just basic self-interest.
Re: (Score:2)
Nope but it is nice to have my own special troll.
Re: (Score:2)
This is the US intelligence community doing this. The same people who betrayed the principles of liberal order with their bellicose unilateralism, by agitating for preventive war in Iraq in March 2003 without an explicit UN mandate, and by justifying torture.
Fucking TORTURE. They did this without asking us if it was OK. They just went ahead and did it, despite a mountain of evidence that it doesn't work. This is the intelligence community that is telling us we need to fear Huawei. No, we need to fear
Re: (Score:3)
Re: (Score:1)
They asked the President, who is our representative for the entire executive branch so technically they did ask us. He delegated to Cheney but this crap didn't really start there or end with Bush. Actually intelligence was massively expanded under Obama so don't let anyone hand you partisan bullshit.
"This is the intelligence community that is telling us we need to fear Huawei. No, we need to fear the intelligence community."
Distraction. There is nothing about needing to fear the intelligence community that
Re: (Score:2)
"It's what's better for us, and here the intelligence community is a much greater threat than China could ever be. It's the near enemy vs. the far enemy."
If you honestly think our own intelligence community, who as much as I disagree with their actions are generally extreme patriots are as big a threat to us as China? Our intelligence community is ignoring rules intended to preserve the power of the people in our democracy and that is a huge deal but their motive is still a factor. In the modern age distanc
Re: (Score:2)
This is the intelligence community that is telling us we need to fear Huawei. No, we need to fear the intelligence community.
Por qué no las dos?
Re: (Score:2)
No it's not okay.
But if you think an American hegemony has been bad, do you think a Chinese run world-order would be better?
What do you get when you combine:
1.3b people, with a looming demographic crisis (namely male / female ratio)
a booming economy, mainly due to manufacturing
an extreme sense of nationalism, with fanatic public support (and for the few who don't toe the line, a ruthless and efficient ability to silence dissent)
and to top it all off, a chip on the shoulder from the last 200 odd years of wes
Unfortunately for the spooks in the US.... (Score:5, Interesting)
Re: (Score:3, Informative)
BTW that Huawei Cyber Security Evaluation Centre you trust. manned by Huawei employees with the UK government having oversite, it is not a "government department". It was setup because Huawei hardware and software got detected sending large amoun
Re: (Score:3, Insightful)
the UK and US are there to protect the citizens;
Your naivite would be hilarious if it wasn't so scary.
Re: (Score:1)
Dude the fricking intelligence community are the ones who lied about WMD in Iraq. Did we forget that?
We spent decades building up a great reputation in the world as the good guys, and they ruined in a few short years with their military adventures and TORTURE. You remember torture? That they used in our name? And then they got caught spying on us despite their solemn promises that they would never commit such a serious crime?
Who would have thought? (Score:5, Insightful)
Re: (Score:1)
Re: (Score:3)
So you're telling me that law enforcement back doors (of the kind the FBI would like Apple to put into their devices, for example) can be abused by bad actors elsewhere? What an incredible discovery!
And the coverage is exactly what I would expect. Instead of the correct response - that the computer nerds were right all along, and "LEO-only" backdoors were guaranteed to be exploited - all the press will cover is the state-level sniping.
Maths for the ruling classes and for the plebs (Score:2)
Well, the solution is simple:
Just pass a law that stipulates that maths works differently for the plebs than for the ruling classes.
This way the ruling classes will use encryption based on the ruling class maths, while the plebs will use the same encryption, but based on the inferior plebeian maths that makes it breakable by the ruling classes.
This way the back doors will affect only the plebs and abuse by bad actors elsewhere will not matter to the ruling classes.
It is insolence for the plebs to believe th
Gee.... This sounds familiar. (Score:1)
Proof they're bugging us... (Score:5, Funny)
That's proof. If it were legit, they'd be selling antennas, and not insect appendages.
I am shocked! (Score:2)
Shocked to find out that espionage is going on here.
Seems to me (Score:2)
.....I just recently read about highly ranked US officials advocating for back doors designed for use by law enforcement.
The intelligence community is clearly a misnomer.
Re: (Score:3)
Intelligence, when qualified with an adjective longer than four characters in length, is always an oxymoron.
The obvious question (Score:1)
What service providers use Huawei equipment?
Re: (Score:2)
What service providers use Huawei equipment?
The german company deutsche telekom for one. It seem like an unlikely proposition that the current white house administration can demonstrate back doors in huawei 5g networks and the german government just letting it slide.
Re: (Score:2)
The alleged administration attempted to get the Brits convinced of dodgy Huawei equipment and Brits more or less told them to sail back across the pond. The Brits did decide to keep Huawei away from sensitive stuff but they probably were going to do that anyway. The alleged administration decided this meant the Brits agreed with them. The Brits merely smiled and said, "Buh bye now, here's a rubber ducky for him to play with".
What about US and Cisco? (Score:3, Insightful)
Remember when the US got busted installing backdoors in Cisco equipment? Cisco apparently has to manage the US Governments BS.
I trust Huawei more than I trust the US government..
Re: (Score:1)
Don't you think it's better to have the government spying for you instead of on you?
Tomorrow you will find out the the NSA bought Huawei, and this is just one of their regular turf wars between them and the CIA for a bigger part of the budget. SNAFU!
Re: (Score:1)
The NSA is spying on us. Remember they got caught red-handed by Snowden? In fact their extremely serious felonies are what inspired him to become a whistleblower in the first place.
The intelligence community represents their own interests, not the interests of the American people. They lied about WMD in Iraq, leading to thousands of us dying in an unnecessary war based on lies. That's not for us.
Re: (Score:1)
I know what these people are, there are no new revelations here, but when they trash talk the president, suddenly they're heroes to mass media and its followers.
There Once Was a Woman Who Swallowed a Fly (Score:3)
Not because it's insecure (Score:3, Insightful)
The US intelligence community doesn't fear Huawei equipment because it's insecure. They fear it because it is secure. From them.
They've long had backdoors into US-made equipment, and they've gotten fat and lazy. They use this access to watch their enemies. That includes the American people. Remember the NSA was caught red-handed spying on us, when it was supposed to be the most serious of felonies. Not a single person went to prison for it.
The idea that they might not be able to spy on us fills them with terror. What if we're able to communicate securely and find out what they're doing? And use these secure communications to root out these anti-Constitutional, anti-American felonious intelligence officials? It's a worst-case scenario, and it's why they're pulling out all the stops to halt it. Just look at the power that's being brought to bear. Sanctions! Against one of our only real allies in the world, the UK!
Lawful interception inconsistencies (Score:1)
Every country has its own lawful intercept provisions, and if you're going to source critical infrastructure as-is from another country, this is, of course, something you will have to live with. The only real "issue" is that Chinese and American intelligence agencies don't exchange information, which is bad news for American intelligence, as this effectively freezes them out of a growing chunk of infrastructure where they've previously had a pretty cosy presence and ease of access. At this rate, they might
Prove It. (Score:5, Interesting)
If this is true, release details and allocate CVE numbers. Until then it's FUD.
Alternative source: (Score:3)
File a CVE report (Score:2)
If you want to damage the Huawei brand and prove the allegations , make the backdoor public.
CALEA (Score:2)
Re: (Score:3)
They want the company that builds the backdoor to not know how to access it.
Turns out they had to prove it (Score:1)
Turns out they had to prove it, because no-one trusts them.
This is nothing new, and that's what's scandalous. (Score:2)
Excellent article about why this is nothing new: https://berthub.eu/articles/po... [berthub.eu]
tl;dr: Through a combination of technical brain-drain and outsourcing, the providers have long since ceded control of their networks to vendors, contractors, and layers of sub-contractors. Huawei is just the tip of the iceberg, albeit a very real and threatening tip.
Easy solution. (Score:2)
Just share the creds with each other. We already know your all hoovering up everything from both sides. Why not just work together? Remember the MAD doctrine?
I imagine they could start eavesdropping on the future if they started working together.
I'm confused (Score:2)
First u.s. law officials say law enforcement backdoors should be mandatory, now they say law enforcement backdoors are a national security threat, because surprise surprise, the manufacturers who built them can use them too.
What's that, you say? (Score:2)
"We told you this would happen!"
-- every crypto-nerd everywhere
LI? (Score:2)
Hypocrisy much?
It's the feds who mandated the LI (Lawful Intercept) interfaces in the first place and now they are surprised they can be exploited?
They (the FBI) literally came to the standards conferences and gave presentations showing where in the architecture they wants people to put the intercept. Huawei were doing exactly what they were told to do by the US federal government.
Re: (Score:1)
So what's the right answer? (Score:5, Interesting)
So what's the right answer?
Put a Cisco firewall in front of each Huawei firewall, and vice versa?
That way unless they collude, they might each keep you safe from the other's backdoors.
Re: So what's the right answer? (Score:2)
You are assuming the backdoor access is through IP protocol. For wireless networking devices that are by design and use intended to be accessible by anyone, the obvious entry point is wirelessly. It could leverage existing frequencies, or have an entirely separate channel that is activated by a âoeknockâ on the normal wireless channel.
Merely âoesnoopingâ wireless traffic would not detect the illicit access, since the wireless communications are encrypted by design for the security of t
Re: (Score:3)
Re: (Score:1)
Por que no los dos?
Re: (Score:2, Insightful)
Currently, all we have is the alleged administration claiming there are back doors in Huawei products. Not that I don't trust the alleged administration, but lies are cheap and they seem to have a shitload of them. Show us the evidence or they are not there.
Re: (Score:3)
That's not all we have. We have multiple (no I won't google it for you) instances of very old very widely publicised exploits still being active on their hardware even after they are explicitly warned about them.
So is it a backdoor or an open window? And whether it's intentional or reoccuring extreme security negligence it's still a risk. And you can't tell me a company of their size that can perform the advanced engineering required to be the first to market 5G can't apply basic security patches.
Re: (Score:3)
Re:Pot Meet Kettle (Score:5, Insightful)
Better. This story is about Huawei allegedly spying via the backdoors the US made them put into their equipment.
I don't think it's racism. It's a plain old example of a country using foreign affairs diplomacy to gain advantage for their own industry. Either that or their espionage apparatus. Or both!
Re: Pot Meet Kettle (Score:2)
Bwaaeeh, bwaaeeh, they're playing with my toy! It's mine, only I should have it, I get to decide who gets to play with it too...
The shitty thing is, if it's about hardware backdoors, they're not going to be easily nor generally fixed... Indeed, this goes to show that requiring backdoors for the good guys is utterly stupid. Most here already knew that, this is the opportunity to get the message out, to the voting public but especially to politicians.
Re: (Score:2)
I'm kind of mystified by the whole thing. It's trivial to encrypt your messages using simple, small, free open source code (it fits on a t-shirt!). If you absolutely have to have an app you can write a simple one yourself in an afternoon. So best case scenario these backdoors are for catching idiots, while lulling everyone into a false sense of security. It doesn't seem credible.
Re: Pot Meet Kettle (Score:2)
Re: (Score:2)
Also easy to obscure if you're not stupid (I realize you're talking about politicians). Gmail accounts are free, VPNs are cheap, Tor isn't terribly difficult to use these days, and there's a Starbucks with unsecured wifi on every second corner.
Government and similar communications are one thing, but I'm referring more to the insistence on the need for law enforcement backdoors in everything.
Re: Pot Meet Kettle (Score:2)
I guess lots can be obscured, but I was thinking just regular phone calls / connections, that give away relationships and their weight.
Re: (Score:2)
This is EXACTLY wh
Re: (Score:3)
I doubt it. Chinese intelligence may be professional enough to keep a secret, but a law enforcement backdoor is going to be used by enough people that the encryption keys are going to leak at some point. And then there's going to be holy hell to pay. Actually, it might be in someone's best interest that happen. Huawei, or Cisco, could sell a lot of new equipment or servicing. In Huawei's case, there would be the added benefit of all the chaos.
Companies can't even keep their SCADA systems secure.
Re: (Score:1)
"The US NSA does the exact same thing."
The CIA bought companies exactly for that, just a few articles down on the page here.
Re:Pot Meet Kettle (Score:5, Insightful)
And they did it for American benefit. Not wanting to let a foreign power do the same to you isn't hypocrisy, it's common sense.
"We did it to other people, we should let them do it to us" when it comes to national security how is that even considered a valid argument?
Re: Pot Meet Kettle (Score:2)
Re: Pot Meet Kettle (Score:1)
Re: (Score:2)
I basically suspect that escalating capabilities is impossible. That they're already as intrusive as is practical with currently existing technology. Once they made arrangements to ensure the presence of backdoors, this became inevitable.
Re:Pot Meet Kettle (Score:4, Interesting)
And they did it for American benefit.
Which may be why the Germans are using Huawei in their 5G networks.
Re: (Score:3, Insightful)
And they did it for American benefit. Not wanting to let a foreign power do the same to you isn't hypocrisy, it's common sense.
"We did it to other people, we should let them do it to us" when it comes to national security how is that even considered a valid argument?
Not buying American equipment when the US Govt. is gong full blast 'AMERICA FIRST!!!' and using it to steal your data is also common sense. Yet the Trump administration is sending US ambassadors to foreign leaders to threaten them when they come to that conclusion, now that is hypocrisy. How is it even a valid argument that people should buy US equipment even though it is riddled with US three letter agency malware but they should not buy Chinese equipment because the US three letter agencies think the back
Re:Pot Meet Kettle (Score:4, Insightful)
> The threat here is not China.
Personal data no. Industrial espionage HELL YES. That's kinda the point. Plus having a foreign power (who has designs on being the next Superpower to replace Russia) having the ability to killswitch a major communications network is a serious problem no matter what else is on the table.
Re:Pot Meet Kettle (Score:4, Insightful)
who has designs on being the next Superpower to replace Russia
They have designs on being the next superpower to replace the US. Worse, the US defeated the USSR by overpowering it economically, whereas China's economy is comparable in size to that of the US.
Back to the subject at hand, the US should be honest about its reasons for black-listing Huawei. It's not because they can spy on you, but because they can spy on you for China.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
> You're just scaremongering; are you one of those paid shills I keep hearing about?
Seriously? I could ask you the same question. Also, why not explain to me what China's ambitions are in Africa. Or have you not bothered even looking into that? Hint: Long term colonial expansion on a scale not seen for 100 years.
And like I'm going to use my low 6 digit account to be a paid shill. You can't attack the message so you're trying to go after the messenger.
Re:Pot Meet Kettle (Score:5, Informative)
Are the Chinese doing this out of the goodness of their hearts? No. It's just a business deal, when you get down to it. But at no point are the Chinese doing anything remotely similar to setting up puppet governments, or enslaving the local population, or stealing local resources. The only ambition China has in Africa is they want a trade network. The West has been holding back Africa with political donations disguised as "foreign aid". At least what the Chinese are doing in building up Africa's infrastructure is that Africa actually gets something useful out of it, instead of just fairy tales about freedom that's working so well for former Western colonies.
So no, not colonialism.
Re: (Score:2)
Re: (Score:2)
> LOL you sure changed the subject fast.
I did? I thought we were talking about how they're wanting to be another superpower and then you said "oh but they're hemmed in and not going anywhere" so I pointed out all their expansion in Africa that everyone's ignoring. Is discussing things with you always this tedious and trying?
> China is a "threat" in Africa mostly because they're offering better deals than the former colonial masters.
Yeah OK sport. "Better" for whom is the question. Hint again - not
Re: (Score:2)
That's a fallacious argument. Just because there's a local threat doesn't mean that there isn't also a more distant threat. China *is* a threat. It's just a less direct threat to the average citizen than the US government agencies are (especially if you include those entities that they share their information with, whether or not it's done officially).
Re: (Score:2)
The NSA does do the exact same thing, however when you're talking about your own national security do you care if your own nation is spying, or a foreign one?
Re:Pot Meet Kettle (Score:4, Insightful)
The NSA does do the exact same thing, however when you're talking about your own national security do you care if your own nation is spying, or a foreign one?
If you care about national security, the foreign power spying is a problem. If you care about your own personal security, your domestic government spying is a much bigger threat.
I consider them to be different but equal problems.
Re: Pot Meet Kettle (Score:4, Insightful)
A) When I applied for a high security clearance job, I signed off on the FBI digging up everything about my entire life and storing that information in a file at the Office of Personnel Management, or
B) The Chinese hacking the OPM and stealing my data.
Since that's a true story, I will answer for you: A is better.
Re: (Score:3)
If you give them explicit permission to snoop on you in exchange for a salaried job in the military-industrial complex, that's not spying.
Re: (Score:3)
If you give them explicit permission to snoop on you in exchange for a salaried job in the military-industrial complex, that's not spying.
Exactly. In addition we mark his opinion on the matter as colored accordingly.
Re: (Score:2)
Ok, I'll spell it out slowly for you since it was too subtle. There are circumstances under which it is ok for my government to collect and store my life's data.
Yeah, well that's irrelevant because those weren't the circumstances that were under discussion.
Re: (Score:2)
Ok, Mr "Way More OCD Than You". Here's the original GP post you commented on:
If you care about national security, the foreign power spying is a problem. If you care about your own personal security, your domestic government spying is a much bigger threat.
In what way does "domestic government spying" have anything whatsoever to do with voluntary security clearance reviews?
No need to try to explain it again, since the answer is "It doesn't".
Re: (Score:2)
There are circumstances under which it is ok for my government to collect and store my life's data.
Yes, when you explicitly give them permission to do so. (Like you did.)
How many OK circumstances are there, when your own government does it to you without your permission?
Since they are both going to try it. Which do you prefer to succeed in having all your secretes? The government you are living under, or some other government on the other side of the planet that you don't interact with in any way?
Re: (Score:1)
Well, Even I expect Americans to cheer for the home team. This is with the hope that they will be eaten last.
Re: (Score:3)
Re: (Score:3)
Since I'm living in the pot, not the kettle, I do not want the kettle to know what's inside the pot. So it does matter.
Another way of looking at this is that those turning the relative blind eye to Huawei are like teenagers who catch their parents spying on them and use those negative emotions to disregard their parents' warning about random strangers on the internet. Yes, the parents destroy trust with their kids by spying on them, but the kids act irrationally and to their own detriment by illogically tying justification of a real danger with past grudges.
uh, really? back doors OK for us but not them? (Score:4, Insightful)
seems the government just shot their argument for encryption back doors in the head. "onlly us" is not going to play in the other 200+ nations of the world that buy our tech products.
Re: (Score:1)
Re:Pot Meet Kettle (Score:5, Interesting)
Right its "racist" to be more concerned about my country deploying pieces of critical infrastructure possibly backdoor-ed by our greatest economic and political rival.
Yes we do the same thing and yes I would not be surprised by or outraged at the Chinese or Russians having similar concerns about American sourced equipment and software.
Now you can call me a Nationalist if you want for wishing for my country to succeed in maintaining an intelligence advantage or at least avoiding being placed at a disadvantage with respect to our economic rivals. Race though has nothing at all to do with this. In fact this isn't some great moral question at all. Its just we know (or at least very strongly suspect) the Chinese are spying, what will try and do about it.
Re: (Score:3)
OTOH, it's important to realize that the goal in those "wars" isn't to win, or not usually. More frequently it's to test out weapons and strategies, and to cost the opponents more than they can afford.
That said, I'm not going to claim that approach is either moral or very successful.
Re: (Score:1)
Re: Written by WSJ (Score:2)
Re: (Score:2)
It isn't news, it is merely a claim by an administration that has a long distance relationship with truth.