Chinese Spies Accused of Using Huawei in Secret Australia Telecom Hack

Bloomberg has an article that discusses how Chinese spies were allegedly involved in deploying implants on Huawei equipment which was operated in Australia and the United States. The key parts of the story include:

At the core of the case, those officials said, was a software update from Huawei that was installed on the network of a major Australian telecommunications company. The update appeared legitimate, but it contained malicious code that worked much like a digital wiretap, reprogramming the infected equipment to record all the communications passing through it before sending the data to China, they said. After a few days, that code deleted itself, the result of a clever self-destruct mechanism embedded in the update, they said. Ultimately, Australia’s intelligence agencies determined that China’s spy services were behind the breach, having infiltrated the ranks of Huawei technicians who helped maintain the equipment and pushed the update to the telecom’s systems. 

Guided by Australia’s tip, American intelligence agencies that year confirmed a similar attack from China using Huawei equipment located in the U.S., six of the former officials said, declining to provide further detail.

The details from the story are all circa 2012. The fact that Huawei equipment was successfully being targeted by these operations, in combination with the large volume of serious vulnerabilities in Huawei equipment, contributed to the United States’ efforts to bar Huawei equipment from American networks and the networks of their closest allies.1

Analysis

We can derive a number of conclusions from the Bloomberg article, as well as see links between activities allegedly undertaken by the Chinese government and those of Western intelligence agencies.

To begin, it’s worth noting that the very premise of the article–that the Chinese government needed to infiltrate the ranks of Huawei technicians–suggests that circa 2012 Huawei was not controlled by, operated by, or necessarily unduly influenced by the Chinese government. Why? Because if the government needed to impersonate technicians to deploy implants, and do so without the knowledge of Huawei’s executive staff, then it’s very challenging to say that the company writ large (or its executive staff) were complicit in intelligence operations.

Second, the Bloomberg article makes clear that a human intelligence (HUMINT) operation had to be conducted in order to deploy the implants in telecommunications networks, with data then being sent back to servers that were presumably operated by Chinese intelligence and security agencies. These kinds of HUMINT operations can be high-risk insofar because if operatives are caught then the whole operation (and its surrounding infrastructure) can be detected and burned down. Building legends for assets is never easy, nor is developing assets if they are being run from a distance as opposed to spies themselves deploying implants.2

Third, the United States’ National Security Agency (NSA) has conducted similar if not identical operations when its staff interdicted equipment while it was being shipped, in order to implant the equipment before sending it along to its final destination. Similarly, the CIA worked for decades to deliberately provide cryptographically-sabotaged equipment to diplomatic facilities around the world. All of which is to say that multiple agencies have been involved in using spies or assets to deliberately compromise hardware, including Western agencies.

Fourth, the Canadian Communications Security Establish Act (‘CSE Act’), which was passed into law in 2019, includes language which authorizes the CSE to do, “anything that is reasonably necessary to maintain the covert nature of the [foreign intelligence] activity” (26(2)(c)). The language in the CSE Act, at a minimum, raises the prospect that the CSE could undertake operations which parallel those of the NSA and, in theory, the Chinese government and its intelligence and security services.3

Of course, the fact that the NSA and other Western agencies have historically tampered with telecommunications hardware to facilitate intelligence collection doesn’t take away from the seriousness of the allegations that the Chinese government targeted Huawei equipment so as to carry out intelligence operations in Australia and the United States. Moreover, the reporting in Bloomberg covers a time around 2012 and it remains unclear whether the relationship(s) between the Chinese government and Huawei have changed since then; it is possible, though credible open source evidence is not forthcoming to date, that Huawei has since been captured by the Chinese state.

Takeaway

The Bloomberg article strongly suggests that Huawei, as of 2012, didn’t appear captured by the Chinese government given the government’s reliance on HUMINT operations. Moreover, and separate from the article itself, it’s important that readers keep in mind that the activities which were allegedly carried out by the Chinese government were (and remain) similar to those also carried out by Western governments and their own security and intelligence agencies. I don’t raise this latter point as a kind of ‘whataboutism‘ but, instead, to underscore that these kinds of operations are both serious and conducted by ‘friendly’ and adversarial intelligence services alike. As such, it behooves citizens to ask whether these are the kinds of activities we want our governments to be conducting on our behalves. Furthermore, we need to keep these kinds of facts in mind and, ideally, see them in news reporting to better contextualize the operations which are undertaken by domestic and foreign intelligence agencies alike.


  1. While it’s several years past 2012, the 2021 UK HCSEC report found that it continued “to uncover issues that indicate there has been no overall improvement over the course of 2020 to meet the product software engineering and cyber security quality expected by the NCSC.” (boldface in original) ↩︎
  2. It is worth noting that, post-2012, the Chinese government has passed national security legislation which may make it easier to compel Chinese nationals to operate as intelligence assets, inclusive of technicians who have privileged access to telecommunications equipment that is being maintained outside China. That having been said, and as helpfully pointed out by Graham Webster, this case demonstrates that the national security laws were not needed in order to use human agents or assets to deploy implants. ↩︎
  3. There is a baseline question of whether the CSE Act created new powers for the CSE in this regard or if, instead, it merely codified existing secret policies or legal interpretations which had previously authorized the CSE to undertake covert activities in carrying out its foreign signals intelligence operations. ↩︎
Link

Police Using Journalists’ Metadata to Hunt Down Whistleblowers

Police Using Journalists’ Metadata to Hunt Down Whistleblowers:

In the past year, the Australian Federal Police has been asked to investigate a piece in The Australian about the Government’s’ leaked Draft Defence White Paper, and a Fairfax Media story on a proposal to reform to citizenship laws.

Just last week, police raided Parliament House in an attempt to track down the source of an embarrassing leak about the National Broadband Network. It’s feared that these investigations, along with increased penalties for whistleblowers, are hindering the ability of journalists to hold policymakers to account.

It was with this in mind that the Opposition eventually voted for the amendments that created the Journalist Information Warrant scheme, and allowed the Data Retention laws to pass last year. In a last minute effort to shore up support for the legislation, the Government agreed to add provisions for ‘safeguards’ that would, in theory, prevent the scheme being used to target journalists’ sources. However, a closer look at the scheme reveals its flaws.

When a democracy creates warranting schemes solely to determine who is willing to speak with journalists, the democracy is demonstrably in danger of slipping free of the grasp of the citizenry.

Link

Scientists Release Air that Has Been Trapped for 800 Million Years

Scientists Release Air that Has Been Trapped for 800 Million Years:

“There was a lot of debate as to what the oxygen content was 800 million or more years ago,” said Blamey in a statement. “We’ve come up with a direct method of analyzing the content of those trapped fossil gasses in the atmosphere and found that the oxygen level was approximately half of what it is today.”

To get a nice healthy wiff of that nearly billion-year-old atmosphere, the team placed halite crystals from southwest Australia in a vacuum chamber and crushed them, releasing the actual air that circulated during this bygone era in our planet’s history.

“It’s a direct measurement of the atmosphere of that time, not an interpretation,” emphasized study co-author Uwe Brand.

Modern science is amazing.

Link

Police Commissioner defends access to Opal card records

Police Commissioner defends access to Opal card records:

NSW Police Commissioner Andrew Scipione has defended police being given powers to access Opal card records as a crucial tool to ensure the “safety and security of the community”.

The police chief’s defence came as a complaint was lodged with the state’s privacy commissioner about law enforcement agencies being able to track hundreds of thousands of commuters without a warrant.

Significantly, it isn’t just the police who could access Opal card data. It’s anyone defined with law enforcement powers which, in Australia, includes over 100 different groups. That this kind of data can be accessed without warrant – data that can reveal roughly where people live, work, the kinds of places they visit, people they commonly travel with – is absolutely absurd.

Quote

the [Australian Security Intelligence Organization] ASIO said that Snowden’s leaks will make it more difficult for the organization to collect meaningful data about a person, so the organization should be given more leeway to perform its surveillance duties. In its proposal, the ASIO asserted that certain technological advances are detrimental to its spying on bad actors (a refrain that is not often heard, as it’s generally accepted that technology is making it easier to spy on citizens).

Smaller state police organizations joined the ASIO in asking that telecom companies be obligated to retain customers’ metadata for a substantial period of time. (The ASIO cited as a preferred model President Obama’s proposal earlier this year to compel telecom companies to keep customer data rather than having the NSA siphon that data into its own repositories.) But police organizations like the Northern Territory Police and the Victoria Police also went further in requesting that the Australian government require companies to keep IP addresses and Web browsing history as part of its metadata collection.

The Northern Territory Police, for example, argued for a two-year retention of Web browsing history. The Sydney Morning Herald reports that the police thought “a shift away from traditional telephony services to Facebook, Twitter, Google Plus, and others meant that data may be included in browser histories and was ‘as important to capture as telephone records.’”

So, given that Australians are decreasing their trust in their government based on what they’re learning their intelligence services are presently doing, the same services argue that they should have even more access to Australians’ private communications? Because more data retention combined with shadowy access to telecommunications data will improve trust in government and, as a result, strengthen the democratic spirit of the Australian people, right?

Link

Police spy on web, phone usage with no warrants

Just so it remains clear just how much surveillance can happen in Commonwealth countries when authorities enjoy broad lawful access to communications data without needing warrants:

Law enforcement and government departments are accessing vast quantities of phone and internet usage data without warrants, prompting warnings from the Greens of a growing “surveillance state” and calls by privacy groups for tighter controls.

Figures released by the federal Attorney-General’s Department show that federal and state government agencies accessed telecommunications data and internet logs more than 250,000 times during criminal and revenue investigations in 2010-11.

(…)

Access is authorised by senior police officers or officials rather than by judicial warrant.

Federal agencies making use of telecommunications data include the Australian Federal Police, Australian Crime Commission and Australian Taxation Office, departments including Defence, Immigration and Citizenship, and Health and Ageing, and Medicare and Australia Post.

Data is also accessed by state police and anti-corruption bodies, government departments and revenue offices, and many other official bodies.

Needless to say, that’s an awful lot of parties accessing an awful lot of information about Australian citizens. Not included: statistics on telecommunications data access by the Australian Security Intelligence Organisation.

Link

Huawei Blocked on National Security Grounds

We recently learned that the Australian government had blocked Huawei from tendering contracts for Australia’s National Broadband Network. The government defended their position, stating that:

As such, and as a strategic and significant government investment, we have a responsibility to do our utmost to protect its integrity and that of the information carried on it.

Of note, internally Huawei had been a preferred choice but the company was ostensibly blocked for political/security, rather than economic, reasons. This decision isn’t terribly surprising given that American, Australian, and United Kingdom national intelligence and security agencies have all come out against using Huawei equipment in key government-used networks. The rationale is that, even were a forensic code audit possible (and likely wouldn’t be, on grounds that we’re talking millions of lines of code) it wouldn’t be possible to perform such an audit on each and every update. In effect, knowing that a product is secure now isn’t a guarantee that the product will remain secure tomorrow after receiving a routine service update. The concern is that Huawei could, as a Chinese company, be compelled by the Chinese government to include such a vulnerability in an update. Many in the security community suspect that such vulnerabilities have already been seeded.

Does this mean that security is necessarily the real reason for the ‘national security card’ being played in Australia? No, of course not. It’s equally possible that calling national security:

  • let’s the government work with a company that it already has ties with and wants to support;
  • is the result of the government being enticed – either domestically or from foreign sources – to prefer a non-Huawei alternative;
  • permits purchases of a non-Huawei equipment from vendors that are preferred for political reasons; perhaps buying Chinese goods just wouldn’t be seen as a popular move for the government of the day.

Moreover, simply because Australia isn’t tendering contracts from Huawei doesn’t suggest that whatever equipment is purchased will be any more secure. In theory, were Cisco equipment used to power the National Broadband Network then the American government could similarly compel Cisco to add vulnerabilities into routers.

In part, what this comes down to is who do you trust to spy on you? If you see the Americans as more friendly and/or less likely to involve themselves closely in your matters of state, then perhaps American companies are preferred over your economic and geographical next-door neighbours.

I should note, just in closing, that Huawei has contracts with most (though not quite all) of Canada’s largest mobile and wireline Internet companies. Having spoken with high-level governmental officials about security concerns surrounding Huawei’s equipment there seems to be a total lack of concern: just because GCHQ, NSA, and ASIO have publicly raised concerns about the company’s equipment doesn’t seem to raise any alarm bells or worries with our highest government officials.