Huawei Boasts of Remote Data Interception Capabilities

Tuesday, June 19, 2012



Chinese telecom giant Huawei raised some eyebrows at a conference in Dubai earlier this year with the disclosure that the company regularly monitors and intercepts data transmissions.

The company stated that their practice of "data mirroring" is solely for the purpose of identifying malicious code and illegal activity, but's F. Michael Maloof quotes a source familiar with the methodology used as being “plain and simple data interception.”

At issue is Huawei's use of Deep Packet Inspection (DPI) techniques to monitor data transmissions. While the company maintains the practice is not abused for illicit surveillance operations, the capability is undoubtedly present.

“Once you have access to every piece of data in a data stream, you can do literally anything with it. You can copy it, you can restrict it, you can control it – all at line speed – without any degradation of the signal," a source told Maloof.

“The challenge really is dealing with the volume of traffic in high speed links but, with advanced software, folks managing DPI appliances in networks have the capability of using advanced techniques such as protocol identification to strip out the stuff they want. “When I say ‘strip out,’ in the Chinese sense, I mean intercept and copy,” the source continued.

Huawei is already the subject of a  U.S. House Intelligence Committee probe into telecom firms suspected of aiding the Chinese government in spying activities. The committee's focus is over concerns over Chinese telecom giants Huawei and ZTE regarding their relationship to the People's Liberation Army (PLA).

Committee Chairman Mike Rogers had initiated the probe last fall after a preliminary inquiry into Chinese espionage operations subsequently determined the need for further investigation into threats aimed at the U.S. technology supply chain, critical infrastructure, and proprietary information.

Huawei's disclosure confirms that the company indeed has the ability to monitor and access data that may be sensitive in nature, and adding to the concerns is their ability to do so remotely.

“So, a network that (Huawei) monitors potentially without the carrier’s knowledge in South America, Malaysia, Indonesia, Saudi Arabia, Botswana or even Virginia can be remotely and surreptitiously monitored and potentially controlled,” the source cautioned.

The source explained how his company was contracted to do an assessment of an undisclosed nation's telecom systems, during which they discovered undocumented administrator accounts” in the Huawei network routers.

"We inadvertently discovered the second and undocumented administrator accounts and took ‘screen shots’ to record their existence,” the source said.

When they attempted to examine the accounts again, “they all mysteriously disappeared – with no trace in the router logs as to how it happened,” and that the accounts had been “mysteriously erased, we suspected remotely, as nothing was showing in the router logs to indicate how it happened or that they ever existed in the first place.”

The source believes these monitoring and surveillance capabilities are being built in to systems the company deploys, including in those used for international fiber optic cable communications.

“Embedding these capabilities in any network means…(that) they can then intercept and control those networks in any way they like. I am so worried about Chinese cyber warfare threats, their abilities to monitor and remotely shut down international communications networks, including critical infrastructure networks in Western countries," the source said.

A report which details China's electronic espionage and intelligence apparatus was released in November 2011 by researchers at the Project 2049 Institute which concluded that China's intelligence gathering is not limited to national security and military efforts, but may also be geared towards gaining an economic advantage as well.

The report, titled "The Chinese People's Liberation Army Signal Intelligence and Cyber Reconnaissance Infrastructure", indicated that China has established a sophisticated multi-departmental organization for the purpose of espionage which includes both military and civilian entities.

The report stated with confidence that China is monitoring all communications within their borders, including those associated with foreign embassies and multinational corporations, and that they are probably able to defeat all but the most advanced forms of encryption, leaving a vast amount of sensitive information vulnerable to interception.

The United States Office of the Counterintelligence Executive (ONCIX) last year also released a report that documents the billions of dollars in intellectual property and classified information being lost every year to cyber espionage.

The report, titled Foreign Spies Stealing U.S. Economic Secrets in Cyberspace, boldly suggested that state-sponsored entities in both China and Russia, among other offenders, are systematically targeting US government and private sector networks in an effort to pilfer valuable information that has tremendous economic value.

Maloof's source believes this is more than merely a “simple network security issue" and "much more of a national security issue.”

“Forget just looking for malicious code. They could just as easily identify encrypted missile launch commands, radar and defense communications, critical infrastructure command and control networks and while they may not be able to necessarily decrypt and control them, being able to block them in networks is almost as effective as a cyber-warfare strategy.”


Possibly Related Articles:
China Telecom Headlines Espionage Network Security Monitoring National Security Communication Deep Packet Inspection Huawei
Post Rating I Like this!
Amit Kumar Great Post...!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.