Welcome to DefenceTalk.com Forum!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Huawei

Discussion in 'Cybersecurity' started by rossfrb_1, Oct 10, 2012.

Share This Page

  1. Sampanviking

    Sampanviking Banned Member

    Joined:
    Jul 21, 2008
    Messages:
    328
    Likes Received:
    0
    Following the recent revelations from Mr Snowden, I am left with the very strong impression that the main Western Official objection to Huawei is not that the equipment will enable the Chinese Govt to spy on their citizens, but rather it may hinder their own efforts to spy on them themselves :D
     
  2. gf0012-aust

    gf0012-aust Grumpy Old Man Staff Member Verified Defense Pro

    Joined:
    Dec 9, 2003
    Messages:
    18,005
    Likes Received:
    2
    Location:
    Australia

    Good god, why do you have to inject such pithy commentary - I realise that you like skating along the edges to avoid Mod attention, but gimme a break

    Chinese parts in CISCO boxes were the very reason why various countries started pulling chinese made CISCO gear from national centres 2-3 years ago.

    The chinese didn't need Huawei to look inside sites and traffic of interest, they only needed CISCO - hence why CISCO gear started getting dropped from various "users"

    as for looking etc... all the people screaming at the hypocrisy of the americans and who try to draw some tangential line between US and Chinese surveillance philosophies seem to not understand that the issue about Huawei is principally around the fact that Huawei wants to set up infrastructure whereas CISCO will always just be a box flogger.

    It's about them owning the bearers - not the routers.

    for crying out loud, at least pretend to make the effort to understand the issue than coming in with the predictable idealogical rant
     
    Last edited: Jun 24, 2013
  3. Beatmaster

    Beatmaster New Member

    Joined:
    Sep 29, 2008
    Messages:
    506
    Likes Received:
    0
    No disrespect buddy, but its commonly known that Governments keep taps on virtually everything.
    As a IT guy myself i can understand everything you have said and most of it i can agree to as this is simply truth.
    On the flip side you are both right and wrong, as both posters do have a point.
    In this case Both Cisco and Huawei have extensive connections to both civilian and governmental networks.
    And both have "dirt" under their finger nails.

    This does not make Cisco bad and neither does it make Huawei bad.
    But it does say everything about local authorities and policy making factors.

    For example the US requires vendors (If asked and without asking lmao) to provide access to their systems and data, and most routers and networks switches have been configured and developed in exactly that way.
    Because on virtually every system there is a "back" way in.

    So its a given that when you buy Cisco or a Huawei hardware that someone will be able to watch/see/listen.
    Which applies to virtually any system out there regardless if its a smartphone, a laptop or a pc or a router/switch for that matter.

    And imo the US is just as lame as China both are spying and monitoring data while pointing fingers... just like the rest of the world.
    Nothing new there...

    Now here i have a interesting question for you:

    Why would a (US Build) Cisco router be subject to a law that enables the NSA (Or any US agency) to bypass its security and monitor traffic while this router is also being sold overseas thus giving agencies the ability to tune in to non US people.

    And why would a Chinese build system not being allowed to follow the same protocol?

    You have to realize that it does not matter if your chip set comes from Asia, EU or US...it will have a hidden access point, it will be exploitable and it will be hacked.
    And as long policy makers in the Washington make laws and regulations that enables US agencies to monitor the world, then you can be sure that others will do the same. (And vice versa)

    or did you forgot this:
    "The Communications Assistance for Law Enforcement Act (Calea) passed in 1994 forces all US manufacturers to produce equipment compliant with that law.

    That same law says that "agencies" must have unrestricted access.
    The Communications Assistance for Law Enforcement Act (CALEA) is a United States wiretapping law passed in 1994, during the presidency of Bill Clinton (Pub. L. No. 103-414, 108 Stat. 4279, codified at 47 USC 1001-1010).

    CALEA's purpose is to enhance the ability of law enforcement and intelligence agencies to conduct electronic surveillance by requiring that telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure that they have built-in surveillance capabilities, allowing federal agencies to monitor all telephone, broadband internet, and VoIP traffic in real-time.

    So the US government fears that Huawei products are bugged with BD's and vulnerabilities while by law US manufactured systems are bugged by law...
    way to go...lol

    That being said, last but not least China is known for its massive amounts of Cyber attacks upon western systems and for its industrial/military espionage but on the flip side the US and the rest are doing exactly the same. And both trying to find ways to make it more stealthy and more effective both offensive and defensive.
    And given that Huawei and Cisco are both market leaders in their respective area you will see both having more and more connections to military and espionage related issues. Same goes for giants like: MS, Google, Yahoo, Facebook, Twitter and so on....

    Cisco has been open to the NSA dating back from win 95 with its first build in internet as the router direct traffic to the cdn's and thus enabling tapping in realtime.

    And with the NSA security compliance and the new encryption standards US agencies can tap anyone at anytime.

    On top of that Huawei is having some vulnerabilities but NO confirmed back-doors (except those required by local/international law)
    While Cisco on the other hand has multiple ways in.
    Granted i would pick any Cisco over Huawei product.

    as for looking etc... all the people screaming at the hypocrisy of the Americans and who try to draw some tangential line between US and Chinese surveillance philosophies seem to not understand that the issue about Huawei is principally around the fact that Huawei wants to set up infrastructure whereas CISCO will always just be a box flogger.

    Lol so?
    Whats the difference Cisco delivering routers to direct traffic to cdn's? which are monitored? thus setting up a infrastructure?

    Or Huawei which uses microchips to connect smartphones and such? and basically doing the same.
    You have to understand that the BIGGEST issue is just plain the many vulnerabilities in H-Products and fear.
    What if the Chinese government builds backdoors into H-Chips? this fear is based upon a few clueless US politicians while their own Cisco is so bugged you could use it to tune it to Saturday live...

    That being said actions are being taken by both Cisco and the US government to calm this fear, and so will Huawei do the same with their Chinese policy makers.
    And in the meantime when you or me or anyone else for that matter says something during a call using a smartphone someone will have it on record somewhere.
    Same goes for the Cisco router... if they want they can check back virtually every dirty site i might have visited:D and they probably listen in when i have dirty talks with my wife over skype...lmao.

    Anyway Huawei is used in so many systems and Cisco (And other US brands) are equally used in a wide variety of systems that it would be virtually impossible to rule everything out.
    I mean come on this whole espionage thing, the whole PRISM thing... you got to admit... its a bit much.
    So we can draw one conclusion here: Regardless where your system comes from or who the vendor is there will be always a vulnerability and there will be always a agency being able to tap in at will. Some by law or some by having a BD build in and some because they found a way in
    But that has nothing to do with the products itself as both have proven them selfs to be market leaders in what they do.
    So i do understand your points, but being a bit more open minded would not hurt your post.

    Again no disrespect or trolling.flaming intended buddy.
     
  4. gf0012-aust

    gf0012-aust Grumpy Old Man Staff Member Verified Defense Pro

    Joined:
    Dec 9, 2003
    Messages:
    18,005
    Likes Received:
    2
    Location:
    Australia
    I am not going to go into a point by point response.

    However, specific alerts went out about compromised CISCO gear a few years back
    There was a mad scramble to check all boxes installed at the time. CISCO is an example, its not the only example.

    I am certainly not going to expand on any other issue about how surveillance practices are conducted
     
  5. Pendekar

    Pendekar New Member

    Joined:
    Oct 31, 2004
    Messages:
    242
    Likes Received:
    0
    Location:
    Malaysia
    I was under the impression that every networking devices out there got some software/hardware backdoor for the intelligence agency of the origin country.
     
  6. Beatmaster

    Beatmaster New Member

    Joined:
    Sep 29, 2008
    Messages:
    506
    Likes Received:
    0
    Yes and No.

    Yes for the simple reason that your "device" is going to connect to a network.
    Either by being a part of it, Either as "visitor"
    Data and Routes, Ip and Location will be logged. (Just like virtually every server and webpage does)
    On top of that ISP servers and Hubs have their own surveillance programs running.
    And last government organizations and the local / international law itself will have access to virtually everything including your private details (If there is a need for it)
    So yes your router, will give access if there is a need for it.

    No for the simple reason that generally most devices require some sort of special key which can only be obtained by a court order.
    Obviously the backdoor will NOT open to everyone and connecting to it is a whole new process on its own, which will require special methods and systems.
    So one could say that a agency can connect to your device within minutes if there is a need for it, but on the other hand it does require extensive hardware and software which is not easy to obtain by everyone.
    Most of this software and hardware is custom made.

    Now IMO there are enough hawks on the internet who try to defend US surveillance methods and keep a shroud of secrecy around the way how its done.
    Fact however is that anyone with a bit of network and computer knowledge can tie up 1 +1.

    And you know what? its ok because everyone doing it, one on a less extensive way the other in a very extensive way.
    This is what the cyber world has come to.

    One famous guy said: Knowledge is power.

    Its really not that hard to find out.
    Not to mention that you have spiders on super computers running who search the internet in Realtime for keywords, phrases and such.
    And while you connect to a monitored webpage or server they can see virtually everything you have done on your pc and on the internet as MS by default has enough data collecting files.
    That being said these are just some very obvious ways to monitor. The more advanced ways are enable a agency to virtually have unlimited access to any device.
    So the conclusion is if one knows how to read those files then one can read your darkest secrets on the pc.

    The biggest problem is 128 bits encrypted connections and variants of it.
    Because there are ways to stop a agency monitoring your data traffic.
    Using custom protocols, and encryption techniques.
    It might not stop them for ever but it would require money, time and resources to penetrate local security.
    Hence why the US law requires VPN programs and other programs to follow one standard.

    As the past has shown that when targeted computers are being secured by Custom Protocols and Encryption techniques it can take serious time and effort to penetrate that in fact if a network is properly maintained and uses strictly own custom protocols and encryption techniques while running on "own" servers on local territory then agencies like NSA are not as good as they think they are.

    Not saying that NSA for example would not be able to access the network, but it would severely limit their options.
    And one have to keep in mind that outside the US there are more people with lots of knowledge as the US is not the only one who can field some great minds.
    The only real asset NSA for example has is money, resources and time.
    But when it comes to Hardware and Software programming they are limited and in some ways behind the rest of the world.

    That being said companies like MS have been making standards in protocols and device drivers. Understand these protocols and you can modify them.
    As most device drivers, firmware and protocols allow technical people to modify them, so that they can serve a dual purpose (and so on)

    Making your own protocols, hardware, software and drivers and encryption standards can make any agency grow gray hair.
    And specially in the open source community there are some very great minds who are capable of doing just that.
    So by maintaining by law a certain standard allows agencies always access and rules out custom stuff to some degree.

    Hypothetical speaking if a government would invest and time in a custom hardware setup with custom firmware and drivers + a brand new custom OS with strict policies it could create a network outside the internet and make it virtually hack free.

    But back on topic if they want to monitor you, then they will.:grab
     
  7. Volkodav

    Volkodav Defense Professional Verified Defense Pro

    Joined:
    Oct 28, 2010
    Messages:
    5,631
    Likes Received:
    159
    As a non-IT guy this is quite simple. It is a case of risk and the mitigation of that risk. If you know there if the capacity to do something that is a risk, when there is also the will then you have to assume it is happening.

    One factor that seems to have been overlooked is the economic and commercial factors involved. When you think espionage the first thing that comes to mind is state secrets and military technology, well in the case of China there is also the suspicion of government sponsored industrial espionage to give government owned enterprises an advantage over competitors. With a disregard to IP, copyright and patents there is very little recourse against government sponsored companies using technology stolen for them by the government for the express purpose of gaining a competitive advantage.
     
  8. Beatmaster

    Beatmaster New Member

    Joined:
    Sep 29, 2008
    Messages:
    506
    Likes Received:
    0
    Yes exactly you are so right.
    And obviously the economic gains could be HUGE specially if a third party manages to get accurate technological data and indeed the Chinese government has directly and indirectly being linked to the numerous hack attempts and covert cyber operations.
    That being said the US on its own has a pretty extensive record of gathering data as well.
    So to get back at what i said earlier there is no really bad side here as both powers are doing their part.
    The ugly side however is that the general population is being caught in the middle.

    Software firms, and hardware/chipset companies have business and regular costumer versions of their software and hardware.
    And generally the business versions are a bit more advanced and a bit more well rounded but adding backdoor technology to it does only create more hassle as any mediocre pc geek could figure out a way to access a device or a software program using the very same backdoor technology.

    So imo a better protection would be point to point encryption which still enables "governmental access" but stops the average hacker as getting a access key is virtually impossible without having to fiscally break in to the complex itself to obtain a key from the pc itself.

    This way the government can tap into all the devices they want as they "would have been" provided with a set of master keys by the manufacturer.
    Obviously this is just a minor part there is way more to it as it would require a full overhaul of the infrastructure itself not to mention that the industry needs to change as well.

    That would be a BIG step in the right direction and would save millions of dollars.
    Because at this point the backdoor in for example a router or a Huawei device/chipset is pretty much open either because the source code is flawed and obtainable.
    Or the backdoor is actively searching for a connection.
    And thats just ports and sourcecode/firmware related.
    So i am not even going into other more important things.
    Obviously Point To Point Encryption is pure pc related and has nothing to do with chipsets and such. But the same technology could be used to lock source and firmware. Have a centralized server hand out 1 time authentication keys to those who need them and you are done.

    I know its a bit off-topic but my point here is the very reason Chinese hackers are able to obtain technological data is because most devices are open to receive commands.
    So those flawed firmware/source codes and backdoor protocols within hardware and software are just open to be exploited.
    And this applies for Huawei as well for any other product.
    If one would use the right available security measures then i venture to say that you can stop Chinese hackers (Or US based hackers for that matter)

    Just saying that companies like Boeing, EADS, Lockheed and many others should have a security level way past anything that a hacker can trow at them.
    And they certainly should not have sensitive data stored on just some servers.

    So here is the riddle.
    How can a bunch of very skilled hackers beat a couple billion dollar company like lockheed, or a government (US) based network and get 8 out of 10 times what they came for to get?
    That either shows the HUGE technological advantage on the hackers side.
    Or a incredible lack in credible security solutions on the victims side.

    The technology is there, the money is available and the knowhow is also there.
    So why is it that the general population is being caught in the middle and being tapped and monitored in all shapes and sizes when the government and industry fails maintain a credible security.

    And yes i do understand that its not all black and white as there is WAY more to it.
    But i am talking "principle" wise.

    So yes economical speaking its very attractive to hack airbus, or lockheed (Or any other company for that matter)
    As 100 hackers with nice computers is a hell of a lot cheaper then a 25 years research project.

    So back to basic start from the ground up, start with the basics.... that would already be a big step in the right direction.:D
     
  9. John Fedup

    John Fedup Well-Known Member

    Joined:
    Sep 9, 2013
    Messages:
    3,359
    Likes Received:
    153
    Location:
    Vancouver and Toronto
  10. John Fedup

    John Fedup Well-Known Member

    Joined:
    Sep 9, 2013
    Messages:
    3,359
    Likes Received:
    153
    Location:
    Vancouver and Toronto
    Two US senators, Democratic and Republican, have written Trudeau warning him that using Huawei products for Canada's 5g network can and probably will jeopardize intelligence sharing. Even if junior is paying attention, the financial support Liberals get from Chinese interests probably will result in no action. If there is anything junior excels at, it is procrastination.

    U.S. senators urge Trudeau to block Huawei from 5G
     
  11. John Fedup

    John Fedup Well-Known Member

    Joined:
    Sep 9, 2013
    Messages:
    3,359
    Likes Received:
    153
    Location:
    Vancouver and Toronto
    At the request of the US, Canada has arrested a top executive of Huawei for extradition to the US. Will be interesting to see what retaliatory measures are taken against Canada for this. It will also be interesting to see if junior takes the concerns of our 5 eye allies wrt to allowing 5g technology into our IT grid.
     
  12. t68

    t68 Well-Known Member

    Joined:
    Nov 19, 2006
    Messages:
    3,203
    Likes Received:
    58
    Location:
    NSW

    What is the extradition outlining the reason for the charges?


    Edit

    I just dug up this,
    China demands release of Huawei executive arrested in Canada
     
  13. weaponwh

    weaponwh Member

    Joined:
    Mar 8, 2016
    Messages:
    113
    Likes Received:
    1
    Location:
    ohio
    the CFO hasn't been charged yet, which is surprised. and the timing, just after G20 after truce of trade war. i'm also curious why canada willing to mix up with current China-US situation, especially at a time when US-Canada relation is not so great due to Trump NAFTA issue.
     
  14. ngatimozart

    ngatimozart Super Moderator Staff Member Verified Defense Pro

    Joined:
    Feb 5, 2010
    Messages:
    5,313
    Likes Received:
    469
    Location:
    In the rum store
    Because they will have had a legal extradition request from the US for her requiring her arrest. She will now be subject to extradition proceedings under Canadian law.
     
  15. John Fedup

    John Fedup Well-Known Member

    Joined:
    Sep 9, 2013
    Messages:
    3,359
    Likes Received:
    153
    Location:
    Vancouver and Toronto
    I suspect a Canadian judge will likely reject the request and order her out of Canada so junior doesn’t have to deal with this. Besides, Huawei probably contributes to the Liberal Party. The US could appeal this but I suspect the $hitstorm that could result isn’t worth the effort.
     
  16. ngatimozart

    ngatimozart Super Moderator Staff Member Verified Defense Pro

    Joined:
    Feb 5, 2010
    Messages:
    5,313
    Likes Received:
    469
    Location:
    In the rum store
    Would depend upon the quality of the evidence presented before the court and there is the fact that either side can appeal if the case goes against them. Could carry on for years, just like the Kim Dotcom extradition case here (Mega Upload). If junior interferes he would kiss his political career goodbye for good and end up in the dock himself. Even he ain't that stupid. I also suspect that there might be a security angle to the Meng case as well and if that is the case, no way will the Canadians let her go until the due process has been completed.
     
  17. John Fedup

    John Fedup Well-Known Member

    Joined:
    Sep 9, 2013
    Messages:
    3,359
    Likes Received:
    153
    Location:
    Vancouver and Toronto
    As I understand it, the US believes Huawei is exporting products containing US technology to Iran thus violating the US sanctions policies against Iran. From my vantage point, this is a mess. Basically we are caught between two players, neither of which are very popular here at the moment, fighting over a questionable sanction issue (is Iran violating the nuclear agreement). If there is some other security issue involved then this matter may require an aggressive response against China.