Chinese spies accused of using Huawei in cyberattack

The United States Government has been warning for years that the products of the Chinese company Huawei Technologies Co, the world’s largest manufacturer of telecommunications equipment, represent a risk to the national security of the countries that use them.

While Washington has waged a global campaign to block the company from providing next-generation 5G wireless networks, Huawei and its supporters have dismissed the claims for lack of evidence.

Now, a Bloomberg News investigation has found a key piece of evidence supporting America’s efforts: an unreported violation that occurred in half the world nearly a decade ago.

In 2012, Australian intelligence officials informed their US counterparts that they had detected a sophisticated intrusion into the country’s telecommunications systems. It started, they said, with a Huawei software update that was loaded with malicious code.

The breach and subsequent intelligence sharing were confirmed by nearly two dozen former national security officials who received reports on the matter from Australian and US agencies between 2012 and 2019.

The incident corroborated both countries’ suspicions that China used Huawei’s equipment as a conduit for espionage, and it has remained a central part of a case they have built against the Chinese company, even though the breach has never been found. made public, the former officials said.

The episode helps clarify the previously vague security concerns fueling a battle over who will build 5G networks, which promise to bring faster internet connectivity to billions of people around the world.

Shenzhen-based Huawei dominates the global telecommunications equipment market of more than $ 90 billion, where it competes with Sweden’s Ericsson AB and Finland’s Nokia Oyj.

But the US, Australia, Sweden and the UK have banned Huawei from their 5G networks, and some 60 countries have joined a US State Department program in which they have pledged to bypass the equipment. Chinese for their telecommunications systems.

These efforts, which have also included US sanctions against the Chinese company, have slowed Huawei’s growth and increased tensions with China.

The reports described to Bloomberg contained varying degrees of detail, and the former officials who received them had varying levels of knowledge – and willingness to discuss – the details. Seven of them agreed to provide detailed accounts of the evidence discovered by the Australian authorities and included in their reports.

The center of the case, according to these officials, was a Huawei software update that was installed on the network of a major Australian telecommunications company.

The update appeared legitimate, but contained malicious code that functioned similarly to a digital wiretap, reprogramming the infected computer to record all communications that passed through it before sending the data to China, they said.

After a few days, that code erased itself, the result of a clever self-destruct mechanism embedded in the update, they explained.

In the end, Australian intelligence agencies determined that China’s spy services were behind the breach, having infiltrated the ranks of Huawei technicians who helped maintain the equipment and sent the update to telecommunications systems.

Guided by information from Australia, US intelligence agencies confirmed that year a similar attack by China using Huawei equipment located in the US, said six of the former officials, declining to provide further details.

Mike Rogers, a former Republican congressman from Michigan who served as chairman of the U.S. House of Representatives intelligence committee from 2011 to 2015, declined to discuss the incidents. But it confirmed that national bans against Huawei have been fueled in part by evidence, privately presented to world leaders, that China has tampered with the company’s products through tampered software updates, also known as patches.

“All their intelligence services have studied the same material,” said Rogers, a former FBI agent who is now a national security commentator on CNN. “All of this work has come to the same conclusion: this is administrative access, and the administrative patches coming out of Beijing cannot be trusted.”

Many people familiar with Australian intelligence told Bloomberg that they were bound by confidentiality agreements and could not officially discuss the matter. But Michèle Flournoy, a former Defense Department Under Secretary of Defense for Policy during Barack Obama’s presidency, said she was not required to do so.

Flournoy, co-founder and managing partner of WestExec Advisors LLC, a national security consulting firm closely aligned with the Obama and Biden Administrations, confirmed Huawei’s intrusion and tampered software update. He said that he learned of the episode after leaving the government in early 2012, emphasizing that the information was shared in unclassified forums.

“Australians from the beginning have been courageous in sharing the information they had, not just through intelligence channels but more widely through government channels,” Flournoy said. “Australia experienced it, but it was also an indirect wake-up call for Australia’s allies.”

Australia’s Signals Directorate (ASD), the country’s main cybersecurity agency, declined to answer specific questions about the incident.

“Whenever ASD discovers a cyber incident affecting an entity, it contacts the appropriate entity to provide advice and assistance,” the agency said in a statement. “ASD assistance is confidential; it is a matter that the pertinent entities should comment publicly on any cybersecurity incident ”.

“Australia is not alone in the threats we face from state actors in cyberspace,” the agency said, noting that the Government “has joined others around the world in expressing grave concern about malicious cyber activities. of the Ministry of State Security of China ”.

In the United States, the Federal Bureau of Investigation, the National Security Agency, the Cybersecurity and Infrastructure Security Agency and the National Center for Counterintelligence and Security declined to comment.

Bloomberg found no evidence that Huawei’s top executives were implicated or aware of the attack. Huawei declined to answer specific questions.

“It is difficult to comment on speculation and unspoken ‘high-level sources’,” John Suffolk, Huawei’s head of global cybersecurity, said in a statement. “It is also difficult to comment on generalizations such as ‘Australian telecommunications’, ‘software update’, ‘equipment’, etc.

“But, he added,” no tangible evidence of any willful crime of any kind has ever been presented. “

Suffolk said that Huawei technicians can access networks only when customers authorize it, and that customers control when updates are installed on their systems.

It stated that Huawei considers the possibility of its workers being compromised a “valid threat” and takes steps to protect itself against it, including restricting access to source code and using “tamper-proof mechanisms” to protect against the abuse.

“We closely monitor all of our engineers. When permitted by law, we conduct additional investigation, ”he said. “We monitor the software and equipment they use, and mandatory compliance training is required every year.”

Suffolk noted that Huawei urges governments, customers and the “security ecosystem” to review their products and look for vulnerabilities, and “it is this openness and transparency that acts as a great protector.”

China’s Foreign Ministry said in a statement that the country “opposes and will crack down on any form of cyberattack and spying activities on the internet in accordance with the law, not to mention refraining from encouraging, supporting or conspiring with piracy attacks ”.

Australia’s slanders about China’s cyberattacks and espionage are purely a crying thief-like maneuver to catch another thief. This type of arbitrary defamation of another country is an extremely irresponsible action that China strongly opposes, ”the ministry said. “We urge Australia not to abuse the name of ‘national security’ and put unfounded accusations and unreasonable pressure on Huawei and other Chinese companies.”

Huawei was founded in 1987 by a former China People’s Liberation Army officer, Ren Zhengfei, as a sales agent for business phone systems, and over the past three decades has grown to become the world’s largest manufacturer of telecommunications equipment, which It includes routers, switches, and cell tower antennas that are used to carry voice and data traffic over mobile networks.

Huawei entered the Australian market in 2004 and established relationships with two of the top three wireless network operators in the country.