Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms

Soulskill posted about 2 years ago | from the somebody-should-build-a-big-wall dept.

China 240

An anonymous reader writes "A former Pentagon analyst reports the Chinese government has 'pervasive access' to about 80 percent of the world's communications, and it is looking currently to nail down the remaining 20 percent. Chinese companies Huawei and ZTE Corporation are reportedly to blame for the industrial espionage. 'Not only do Huawei and ZTE power telecom infrastructure all around the world, but they're still growing. The two firms are the main beneficiaries for telecommunication projects taking place in Malaysia with DiGi, Globe in the Philippines, Megafon in Russia, Etisalat in the United Arab Emirates, America Movil in a number of countries, Tele Norte in Brazil, and Reliance in India.'"

cancel ×

240 comments

Wait, what? (4, Insightful)

girlintraining (1395911) | about 2 years ago | (#40652159)

This "former pentagon analyst"... Did he have access to intelligence reports of this nature? If so, and he's disclosing this now, I'm assuming the relevant documentation would be available via a Freedom of Information Act request? Since disclosing classified intelligence would be an act of treason, you know.

Just out of curiousity, this "former pentagon analyst" wouldn't happen to be employed with a defense firm now that would stand to profit from any products the company offers to combat this threat, would it? As many a scientist has uttered before, "Extraordinary claims require extraordinary proof." That doesn't change because we're discussing a matter of national security: You still have to put up, or shut up.

Re:Wait, what? (2, Insightful)

Anonymous Coward | about 2 years ago | (#40652205)

I'm sure there is someone profiting off this. I'm also sure it's true. The problem is we don't require the source code to be free and readily available. THIS STUFF SHOULD BE PUBLIC INFORMATION!

It might not stop hackers although it would give us the opportunity to lock down infrastructure. The code should be reviewed by security experts.

Re:Wait, what? (4, Insightful)

mysidia (191772) | about 2 years ago | (#40652617)

If the source code were free and publicly available.... still... how do you verify the code on the device was compiled from the source you were given, and there's not a hardware component that changes the code after it's in memory?

Re:Wait, what? (0)

stanlyb (1839382) | about 2 years ago | (#40652207)

You are both right. He wants the piece of cake. The China already has it.

Re:Wait, what? (1, Funny)

Anonymous Coward | about 2 years ago | (#40652369)

Hello Miss South Carolina Teen USA!

Freedom (0)

Anonymous Coward | about 2 years ago | (#40652229)

It seems like the chinese have all the freedom.

Re:Wait, what? (5, Insightful)

k(wi)r(kipedia) (2648849) | about 2 years ago | (#40652235)

Right. The not so Fine Article is low on details. It makes a grand connection between two rather uncontroversial facts: (1) Chinese net equipment can be found in an overwhelming majority of countries around the world and (2) the Chinese engage in cyberwarfare (as does the US and a few other advanced countries). Conclusion:

The Chinese government and the People's Liberation Army are so much into cyberwarfare now that they have looked at not just Huawei but also ZTE Corporation as providing through the equipment that they install in about 145 countries around in the world, and in 45 of the top 50 telecom centers around the world, the potential for backdooring into data.

Emphasis added on the word potential. Now where's the proof (preferably from a chip teardown by a reputable hardware hacker or hacking group)?

Re:Wait, what? (5, Interesting)

girlintraining (1395911) | about 2 years ago | (#40652361)

Emphasis added on the word potential. Now where's the proof (preferably from a chip teardown by a reputable hardware hacker or hacking group)?

There won't be any. Anyone with the capability of analyzing and reverse-engineering thousands of ICs would need deep pockets -- Either a large corporation or a government. A hacking group won't have the resources, even a well-funded one. You're talking about several hundred highly trained engineers from a dozen different disciplines working for years on the project, with no return on investment. There's no reason for a large corporation to conduct such business domestically -- they already have comparable products, and the Chinese equipment doesn't have any capabilities that aren't commonly available elsewhere. That leaves governments with a GDP in excess of a hundred billion USD per year. Short list. Said governments wouldn't disclose the results of such a search either, as it's a legitimate intelligence asset that would need to remain classified -- you don't want your enemy to know what you know, especially not before you come up with a way to defend against the attack or co-opt the infrastructure for your own purposes.

Second, forensically analyzing tens of thousands of chips and microprocessors would be pointless anyway: There still has to be some method of communicating the information back, and they can't compromise the entire communications chain, which is what would be required. Telecommunications equipment is designed to be evesdropping-friendly; Complete with port mirroring, trace and audit logs, selective forwarding based on rules... it's all standard. We're not even talking about the law enforcement black boxes, this is just stuff used for legitimate business purposes. The moment any such 'bug' went active, it would set off alarms -- by necessity, the communications would have to occur over the provider's own network. Unless their network admins are idiots they should notice the abberant traffic.

China would have to be very stupid to leverage such an intelligence asset for peanuts; It's basically a one-shot, and it would cost them billions in telecommunications contracts domestically. So if they do have such a capability, they're not going to use it until the value of the intelligence they would gain from it equals or exceeds that amount.

So there's two arguments right there based just on the economics of the situation. I strongly suspect that this unnamed pentagon analyst is being paid to spread disinformation. Such disinformation would serve the purpose of keeping the american public sucking the tit of the Department of Homeland Security's fear juice, and exaggerating our actual intelligence capabilities -- rather than waste hundreds of millions on a reverse engineering project that could never be made public, we'll just insinuate that "We know. We're on to you," and rattle our sabre a little. Maybe it deters them, maybe it forces them to expend resources to find out whether we're telling the truth or not, but it costs us nothing to make such a statement.

Re:Wait, what? (1)

k(wi)r(kipedia) (2648849) | about 2 years ago | (#40652473)

So if they do have such a capability, they're not going to use it until the value of the intelligence they would gain from it equals or exceeds that amount.

Too many backdoors and the house is wide open to the public. So basically we shouldn't be terrified of backdoors being installed in off-the-shelf products but of backdoors being installed in some custom-built equipment that manages to sneak into the office. Security-wise, this makes it more important to do a background check on people installing and administering critical hardware than doing random hardware audits. Hardware would still need to be checked, of course, for bugs and defects that would affect performance.

Re:Wait, what? (1)

Anonymous Coward | about 2 years ago | (#40652569)

There are a few companies that are specialized in reverse engineering chips and does not require hundreds of engineers. e.g. Chipworks

Re:Wait, what? (0)

Anonymous Coward | about 2 years ago | (#40652809)

...sucking the tit of the Department of Homeland Security's fear juice

Now there's an image I could have happily made it through the day without.

Re:Wait, what? (5, Insightful)

erp_consultant (2614861) | about 2 years ago | (#40653003)

Exactly. More DHS scaremongering in yet another lame attempt to justify their existence. Started nine years ago it is now one of the largest departments in the entire federal government with 260,000 employees. Under the guise of combating "terrorism" - a very broad term that can mean whatever they want it to - and bolstered by the Patriot Act, this agency violates the rights of American citizens on a daily basis. And just like every other federal agency, it's never going away. It will only get larger.

Re:Wait, what? (1)

Anonymous Coward | about 2 years ago | (#40653191)

True enough.

Admittedly, the image that came to mind was getting fear juice direct from Janet Napolitano.... and then wondering what might be on the nutritional label.

He's right. (0)

Anonymous Coward | about 2 years ago | (#40652257)

I can assure you that China has access to America's back door.

We sure have been getting it up the ass.

Re:He's right. (1, Troll)

jcr (53032) | about 2 years ago | (#40652757)

Yeah, it's so evil the way they sell us stuff we want for far better prices than anyone else would charge. The nerve of some people.

-jcr

Re:He's right. (2)

cold fjord (826450) | about 2 years ago | (#40652885)

Penny wise, pound foolish.

Re:He's right. (0)

Anonymous Coward | about 2 years ago | (#40652889)

"comparative advantage": Google it, you economic ignoramus.

Re:He's right. (0)

Anonymous Coward | about 2 years ago | (#40652913)

We sure have been getting it up the ass.

No, THEY have. We keep getting the stuff they make, and they get US dollars. Once they figure out what dollars are really worth, it's game over.

Re:He's right. (5, Insightful)

arth1 (260657) | about 2 years ago | (#40653213)

No, THEY have. We keep getting the stuff they make, and they get US dollars.

They don't always get dollars - due to the trade imbalance, they get IOUs. Our debt to China increases every year, and China can't cash in on it, because that would crash our economy completely, and they would get even less.

We're like an old exiled royal who lives on debt - nobody dares to call him out on being insolvent and having a snowball's chance in hell of ever getting to his former riches, because that would make the chits and IOUs people hold (much of it from when he was solvent) worthless. So everyone continues to lend him money to keep the pretence of solvency and prevent him from defaulting, yet will quietly sell off the debt to new players if given a chance.

Re:Wait, what? (4, Informative)

gtall (79522) | about 2 years ago | (#40652275)

Apparently, he writes stuff for www.wnd.com...kind of hard to tell what they are but they seem to be a net media company. Anyhow, the fellow saying these things, Michael Maloof, seems to be saying a lot of things on WND. It is hard to believe that he'd be revealing secret information because he'd be arrested for that sort of thing. So maybe he's just running off at that mouth? It wouldn't surprise me that Huawei (I think's that's pronounced Way-Way) has back doors in their equipment given their relationships with the PLA.

So at least on the surface your knee-jerk reaction appears to be unsubstantiated, he's not overtly working for a defense contractor.

Re:Wait, what? (5, Insightful)

number11 (129686) | about 2 years ago | (#40652391)

This "former pentagon analyst" is a writer for WND, a rightwing web news site with all the credibility of the National Enquirer.

Not to say that China wouldn't build backdoors into telco gear, of course they would. The US requires telcos to provide access for it to spy on calls, it wouldn't particularly surprise me if the Chinese just built it in without talking publicly about it. After WWII, many countries purchased Swiss encryption gear, and many years later it was divulged that the US had inserted a backdoor into that gear. Why would China, or telco gear, be any different?

The fact is, around the world everyone should assume that anything done over a telephone is shared with unknown parties. Unless they've got trustworthy gear to encrypt calls end-to-end.

Re:Wait, what? (4, Insightful)

Anonymous Coward | about 2 years ago | (#40652587)

If I were China, I would put spying devices into hardware we build for well known American Telecom companies. Everything is made in China these days, with all the CAD files, firmware binaries, hardware schematics etc. all handed over to the factories in China.

Why ruin your own brands when the American brands can get into more places.

Re:Wait, what? (4, Informative)

Anonymous Coward | about 2 years ago | (#40652601)

National Enquirer, the "non-credible" news source that first ran the story on John Edward's affair and child out of his marriage while on the campaign trail. The same news source that broke the story on Jessie Jackson's illegitimate child that he was funnelling hundreds of thousands from his organization to keep the mother quiet.

While 10 years ago I would have agreed with that comment of yours, they are now more accurate and truthful than NBC has been over the last few years. NBC had both of those stories I listed, but decided to bury them leaving the Enquirer the only news outlet that would run them, and both turned out completely accurate.

Re:Wait, what? (0)

Anonymous Coward | about 2 years ago | (#40652907)

Not to mention some of the best OJ Simpson coverage out of all the media....

Re:Wait, what? (5, Insightful)

LordLimecat (1103839) | about 2 years ago | (#40652543)

Article read like FUD.

As a consequence, sources say that any information traversing "any" Huawei equipped network isn't safe unless it has military encryption.

Wow, military grade encryption? Would that be, like, AES, one of the most widely deployed, tested, and recognized encryption schemes out there? Wow man, that stuff is hard to come by.

I also like the implication that unless you have a VPN, it will still magically find its way out to Huawei regardless of what other network controls you have in place. Having backdoors is one thing, getting thru a firewall is something completely different.

Sources add that most corporate telecommunications networks use "pretty light encryption" on their virtual private networks, or VPNs.

Proprietary information could be not only spied upon but also could be altered and in some cases could be sabotaged.

Someone want to explain to me the difference between "altered in transit" and "sabotaged"?

Im sorry, when so many of the assertions in the article read like uninformed drivel, its kind of hard to take the headline seriously. I have a strong feeling that the person who wrote this doesnt understand any of the terms hes going on about.

Re:Wait, what? (4, Insightful)

Luckyo (1726890) | about 2 years ago | (#40652565)

He's just ignoring the convenient fact that US has access to 100% by the same measuring stick.

Re:Wait, what? (3, Insightful)

jcr (53032) | about 2 years ago | (#40652747)

Since disclosing classified intelligence would be an act of treason, you know.

Espionage, not treason. Under American law, there's a very specific definition of treason.

-jcr

Re:Wait, what? (1)

dbIII (701233) | about 2 years ago | (#40653047)

What is it again - playing chess against Russians :)
I know selling weapons via Iran to a terrorist group that has just killed 220 US marines doesn't count, North was still calling himself a patriot after that.

Re:Wait, what? (0)

Anonymous Coward | about 2 years ago | (#40652931)

Now all we need is a "former sports analyst" to say that China has access to 80% of the world's athletes as they have implanted nano-technology in the clothing. :)

Re:Wait, what? (0)

Anonymous Coward | about 2 years ago | (#40653045)

He's working for WND which is a known wingnut publication. A healthy grain of salt is warranted.

Re:Wait, what? (2)

sg_oneill (159032) | about 2 years ago | (#40653207)

I wouldnt actually be surprised if there was some substance. A while back, when Australia was doing its tendering for constructing the national broadband network (fibre to the home + backbone upgrade), it excluded these companies on the grounds of "security concerns" but declined to state why. It was puzzling as australia is as close to china as we are to the united states, and perhaps more so economically.

Perhaps the US Pentagon had a word to Australian intelligence about the concerns, and this guy has heard those concerns too.

Re:Wait, what? (0)

Anonymous Coward | about 2 years ago | (#40653217)

There is a slight conflict of interest here.
This is like Microsoft slagging linux.
This guy is as believable as Microsoft unless he can show "citations".

"Don't ever invade China" (0, Interesting)

Anonymous Coward | about 2 years ago | (#40652165)

Seriously, I think that in the next war someone will have with China, it will be breathtaking how powerful and effective China's cyberattacks will be at breaking that country's will or ability to fight.

Re:"Don't ever invade China" (5, Funny)

Anonymous Coward | about 2 years ago | (#40652175)

Never fight a LAN war in Asia.

Re:"Don't ever invade China" (1)

ChunderDownunder (709234) | about 2 years ago | (#40652315)

Do LAN even fly to Asia?

I know they fly all over South America, to Europe and AUS/NZ...

Re:"Don't ever invade China" (-1)

Anonymous Coward | about 2 years ago | (#40652353)

"Never fight a LAN war in Asia" LoL, pure genius!

Re:"Don't ever invade China" (1)

sconeu (64226) | about 2 years ago | (#40652487)

That's INCONCEIVABLE!!!

Re:"Don't ever invade China" (1)

jamstar7 (694492) | about 2 years ago | (#40652709)

Correlary: Nobody ever won a LAN war in Asia without controlling the opium trade.

Reach me over my heroin, please. The Kardashians are coming on...

Re:"Don't ever invade China" (1)

Teresita (982888) | about 2 years ago | (#40652177)

All Your Base Are Belong To Us!

Re:"Don't ever invade China" (0)

Anonymous Coward | about 2 years ago | (#40652727)

Just remember, absence of evidence is not evidence of absence, and just because you're paranoid, doesn't mean they're not out to getcha!

  -- D. Rumsfeld, Professor of Political Science, School of Hard Knox --

Even if it's not true, it's a compelling argument that won't be overlooked or overworked to the benefit of 'our' industry, intelligence or law enforcement 'communities'. Except, of course when the investors need a pay-off and want to sell an asset like IBM's Thinkpad division to Lenovo. Or someone with mission critical IC chips wants the job(s) to go to a foreign competitor in order to enjoy the fruits of union free pricing.

Re:"Don't ever invade China" (1)

Cute Fuzzy Bunny (2234232) | about 2 years ago | (#40652255)

The 1.5B screaming Chinese charging at the lines will be a bit effective as well.

Re:"Don't ever invade China" (1)

WindBourne (631190) | about 2 years ago | (#40652653)

Actually, it is far more likely for China to launch an attack. In addition, their wonderful Chinese great network wall is designed for TWO ways. IOW, it will also serve to protect their own infrastructure. Sadly, the west is going to allow it because the GD neo-cons want cheap goods as well as more money from Chinese gov. in their slimy pockets.

New Legislation in the works (1)

the eric conspiracy (20178) | about 2 years ago | (#40652173)

CISPA for telephony.

A bit hypocritical... (0)

Anonymous Coward | about 2 years ago | (#40652197)

Isn't this a case of the pot calling the kettle black?
The US has echelon, spy satellites, and other ways to intercept communication and they're upset that China does it?
 

Australian govt bans huawei from national network (4, Interesting)

bug1 (96678) | about 2 years ago | (#40652201)

There was a story a few months ago about how Australia banned Huawei from involvment in a big project, they didnt say why.

http://tech.slashdot.org/story/12/03/24/0424215/australian-govt-bans-huawei-from-national-network-bids [slashdot.org]

Re:Australian govt bans huawei from national netwo (5, Interesting)

Crypto Gnome (651401) | about 2 years ago | (#40652299)

Actually they DID say why: specifically it boiled down to "because we cannot be *absolutely certain* that the Chinese Government does not have such a close relationship with Huawei that deploying their equipment would not (ever) compromise our national security".

Seems to me that someone in The Australian Government has learned a few important life lessons from The X-Files. (ie trust No-One).

Either that (a) or (b) they're just playing The Obvious "Devil You Know / Devil You Don't" card; and/or decisions were influenced by vendor-$ and Huawei could-not/would-not/weren't-given-a-chance-to cough up enough.

Personally Option (b) sounds more typical of government.

I for one will be eternally surprised to see any government making a well researched, informed, well reasoned decision - they're almost always a pack of retarded monkeys interested in looking after themselves and their friends.

Go On Mr Government - PROVE ME WRONG - I Dares Ya!

Re:Australian govt bans huawei from national netwo (1)

WindBourne (631190) | about 2 years ago | (#40652665)

Or they knew the situation.

Re:Australian govt bans huawei from national netwo (1)

jamstar7 (694492) | about 2 years ago | (#40652719)

Or they didn't get a big enough bribe.

Er. excuse me. 'Campaign contribution'. Yeah, that's the ticket...

Re:Australian govt bans huawei from national netwo (0)

Anonymous Coward | about 2 years ago | (#40652481)

I can tell you from experience that the level of corruption in Huawei rivals that of even American and British companies so I would suspect that was the issue (not the corruption, the getting caught).

espionage? (0)

Anonymous Coward | about 2 years ago | (#40652203)

How is this espionage v NSA intercepting telecoms in US?
China is like every other sovereign nation with sufficient resources to spy on global citizens. If they can they are and will continue to do so. Not really news.

Re:espionage? (2)

tomhath (637240) | about 2 years ago | (#40652321)

Last I checked the NSA wasn't bidding on contracts to build telecommunication infrastructure. Of course they might have shell companies that do, kind of like China has Huawei and ZTE

Re:espionage? (2)

WindBourne (631190) | about 2 years ago | (#40652673)

Sigh. How much global telecom info does NSA look at?

Personally, I would be more upset about the ability of China to shut down our infrastructure just prior to an attack, then their ability to listen. Listening is about 'Trust, but Verify'. Shutting down infrastructure is what you do to your enemies that are stupid enough to trust your word (esp. when you have been breaking it all along).

What the report did not say... (0)

Teresita (982888) | about 2 years ago | (#40652213)

...is that we have access to 100% of Chi-com comms, including 100% military. We tend to be ahead of the curve. We just do not brag about it.

Re:What the report did not say... (1)

gtall (79522) | about 2 years ago | (#40652221)

Why would you say this?

Re:What the report did not say... (1)

WindBourne (631190) | about 2 years ago | (#40652683)

And you can confirm this how? My guess is that you are making a BIG assumption that you should not.

The U.S. has like 99% listening coverage. (3, Insightful)

cpu6502 (1960974) | about 2 years ago | (#40652215)

We even have the power to shutdown foreign companies like Megaupload w/o needing to prove they did anything wrong. But we're the "good" guys. So that makes it okay. After all we only killed 300,000 people this last decade, versus China who killed..... ummm..... wait there's something wrong with my theorem.

Re:The U.S. has like 99% listening coverage. (3, Insightful)

Anonymous Coward | about 2 years ago | (#40652419)

China has killed tens of millions of their own people under communism in the last 60-70 years. Huh? You think China's the nice or good guys??? Sarcasm doesn't bold well here.

Re:The U.S. has like 99% listening coverage. (0, Interesting)

Anonymous Coward | about 2 years ago | (#40652525)

And the USA are, of course, innocent of any atrocity [wikipedia.org] and would never kill their own citizen too. [wikipedia.org]

INB4 "Your numbers are smaller then my claim, therefore are not applicable!" The number scale with the population, China is a much bigger nation. Ignoring the scale, both country are equally evil.

Re:The U.S. has like 99% listening coverage. (2)

WindBourne (631190) | about 2 years ago | (#40652693)

Yes, things from 200-400 years ago, is certainly relevant to the conversation. And I hate to say this, esp. to another AC troll, but the slaves were captured by Africans, brought and instituted here by the europeans, and it was our war to say NO to it that costs us.

OTOH, a civil war, is not the same thing as going after your citizens to make them support you 100% or die.

Re:The U.S. has like 99% listening coverage. (0)

Anonymous Coward | about 2 years ago | (#40653267)

Yes, things from 200-400 years ago, is certainly relevant to the conversation.

So? "Too early" to forgive china yet?

OTOH, a civil war, is not the same thing as going after your citizens to make them support you 100% or die.

It was exactly like that.

Re:The U.S. has like 99% listening coverage. (4, Informative)

Sarten-X (1102295) | about 2 years ago | (#40652791)

China executes roughly 5000-8000 [hrw.org] people each year for various crimes. The United States has been declining since 1999, and is currently somewhere around 40 [deathpenaltyinfo.org] per year. Accounting for (rather than ignoring) scale, China executes about 30 to 40 times as much of its own population as the United States. Of course, that's just one metric, but it's pretty illustrative.

China is big, but it's not big enough to dilute its atrocities.

Re:The U.S. has like 99% listening coverage. (0)

girlintraining (1395911) | about 2 years ago | (#40652455)

We even have the power to shutdown foreign companies like Megaupload w/o needing to prove they did anything wrong. But we're the "good" guys. So that makes it okay. After all we only killed 300,000 people this last decade, versus China who killed..... ummm..... wait there's something wrong with my theorem.

Yeah. We own up to the people we kill. We rationalize their deaths, minimize them, call them collateral damage, but we do say "Yup. That was our bomb." The Chinese are not so transparent: There is no way to know how many die in their country each year. And yes, we can shutdown foreign companies, but that's because foreign companies were stupid enough to put their assets in this country to begin with. There's plenty of other countries and businesses to choose from that don't feel the laws of their country extend worldwide. And other sovereign powers are starting to notice the US' aggressive use of extradition treaties. The UK won't extradite anyone facing charges in Minnesota, for example, due to laws about indefinite detainment (which is against their human rights policy) -- in fact, that may well be EU law as well, meaning that in cases where indefinite detainment is sought, they won't extradite. Several EU countries also won't extradite anyone to Texas due to their love of the death penalty (also against human rights legislation). The list continues to grow daily of treaty obligations other countries will no longer honor because of our broken judiciary.

It's a slow process... but feather by feather, the goose is plucked.

Re:The U.S. has like 99% listening coverage. (2, Interesting)

fredprado (2569351) | about 2 years ago | (#40652743)

The problem is, once the guy is extradited to anywhere else within US he can end in Minnesota or Texas, or whatever place they decide to send him in.

US may not be as bad as North Korea, but it is every bit as bad as China these days. Both are countries were justice is unreachable for common people, and where dominant groups do basically whatever they want. China censures information, US floods it in an ocean of propaganda and disinformation. In the end all is the same.

Re:The U.S. has like 99% listening coverage. (1)

Anonymous Coward | about 2 years ago | (#40652765)

But we're the "good" guys. So that makes it okay.

Interesting question: How much of China's ability to compromise our telecom systems is based on leveraging the CALEA-mandated [wikipedia.org] backdoors we built into it, naively believing that only the "good" guys would use it.

If we'd built our communications systems to be secure, they'd have to actually do work to break them; depending on how good our mathematicians are, possibly intractable amounts of work. Instead, all our adversaries have to do is implant a mole (using the sorts of routine espionage techniques that have been around since before there were computers) and use the backdoors we built into the system.

Moral of the story: If you're pass a law that mandates all communications systems are to be insecure by design, you've given up any right to act surprised when it gets pwn3d.

Dont do anything I wouldnt do... (0)

Anonymous Coward | about 2 years ago | (#40652227)

Not good, but what a bunch of kettle callers.

Can You See The FNORDs? (1)

Crypto Gnome (651401) | about 2 years ago | (#40652249)

So some random guy who used to work in Place With A BIG Name mouths off about "phaer teh commies".

And then proceeds to cite absolutely ZERO evidence to back up his claims.

In most circles this would be considered libel of the worst kind (libel because it was written, slander is the same thing when applied orally), he deserves to be sued out of existence.

NOT that I have any reason to disagree with the core of his argument "Don't trust them, they're backed by the government of someone we used to hate vehemently". But only because I mostly agree with the primary tenet of The X-Files (ie Trust No-One. at least not where the issue of trust *really really* matters).

Re:Can You See The FNORDs? (0)

Anonymous Coward | about 2 years ago | (#40652735)

We need more American backdoors!

I guess the best example of this thought process is in the wonderful film "Cannibal Women in the Avocado Jungle of Death" [imdb.com] : (Ford Maddox) Dr. Hunt, 98 percent of the avocadoes produced in the United States come from the state of California. Most of these come from a jungle area that spreads from Bakersfield to the Mexican border: the Avocado Belt. (Margo Hunt) I'm aware of that. What does it have to do with me? (Col. Mattel) Miss Hunt, maybe you don't get the point. Avocadoes are vital to this nation's security interests. The Communists are already in control of Nicaragua and Guatemala and El Salvador, strife with revolution. California is the last secure supply of avocadoes in the free world! We're on the verge of a major Avocado Gap with the Soviet Union.

FNORDs are rather silly when you start realizing they are there.

at least they dont have control over my server! (0)

Anonymous Coward | about 2 years ago | (#40652265)

*humph*

-db

Re:at least they dont have control over my server! (2)

Farmer Tim (530755) | about 2 years ago | (#40652461)

Yes, yours is server of highest security, without so-named rear entrance contained within network controller cards. Please continue use with utmost faithin separation between the wise and glorious Communist party and our approved manufacurers.

Yours sincerely,
Ministry of State Security, PRC.

FUD ? (2)

Kohath (38547) | about 2 years ago | (#40652269)

There's something of a cottage industry in spreading FUD about Huawei and ZTE. Why should anyone believe this stuff? (Or, for that matter, why should we believe much of anything in the news or on web sites?)

Re:FUD ? (5, Informative)

hjf (703092) | about 2 years ago | (#40652619)

So you buy Cisco and are subject to US backdoors.

Re:FUD ? (1)

dbIII (701233) | about 2 years ago | (#40653101)

And abuses of the legal system. The company that Cisco is today are utter bastards that fit well with the "might makes right" mentality of China.
I'd trust even the more bribable dark corners of US intelligence more than Cisco any day.

Re:FUD ? (1)

mysidia (191772) | about 2 years ago | (#40652633)

I'm not sure it matters whether we believe it or not. Cisco stuff is manufactured in China. Can you prove that every single component is manufactured to American specs, with no 'spurious unknown compromising parts' or hardware microcode patches burned in 'by accident' ?

FUD (0)

Anonymous Coward | about 2 years ago | (#40652373)

His sole reasoning on this is that Chinese companies made it. This goes along with assuming everybody from the middle east is a terrorist and all white people are republicans.

paid for publicity (0)

Anonymous Coward | about 2 years ago | (#40652385)

You are going to have to work hard to convince me this is anything more than an article paid for by a lobbying firm working for a US company trying to win a supply contract.

Penetrated 80% of the worlds telecoms? 80% of the worlds telecoms using one or more items of Huawei equipement does not mean 'penetrated'.

Unless you mean market penetration.

Re:paid for publicity (1)

jamstar7 (694492) | about 2 years ago | (#40652739)

You are going to have to work hard to convince me this is anything more than an article paid for by a lobbying firm working for a US company trying to win a supply contract.

Most likely. But the question is begged, where does this unnamed American company buy its gear? Highly unlikely they make their own in the US...

No way eh. (0)

Anonymous Coward | about 2 years ago | (#40652403)

We Canadians got you with our Nortel DMS & Meridian systems.

Don't piss us off or we'll make you use 32 digit dialing you hoseheads!

almost as much as the US.... (1)

mschaffer (97223) | about 2 years ago | (#40652407)

... or does the US just use the front door?

Common Knowledge for Years! (3, Insightful)

GiantRobotMonster (1159813) | about 2 years ago | (#40652457)

I'm surprised at all the surprise?!
I thought it was pretty common knowledge that Huawei and ZTE were run and funded by the Chinese Military.
They have been using their financial muscle to undercut and bribe their equipment into as many countries telecoms infrastructure as they possibly can for over five years now.

Re:Common Knowledge for Years! (1)

Kohath (38547) | about 2 years ago | (#40652951)

That settles it then. "Common knowledge" is always right. Especially when there's an exclamation point !

Re:Common Knowledge for Years! (0)

Anonymous Coward | about 2 years ago | (#40652989)

China has very long term plans. That's probably how they will win the "dark war" that no one knows about. They think, plan, prepare, etc. and do everything with long term goals. This is in contrast to the US and similar countries that only care about next month's profit report.

The day is coming...

Re:Common Knowledge for Years! (0)

Anonymous Coward | about 2 years ago | (#40653103)

They think, plan, prepare, etc. and do everything with long term goals.

How'd that work out for the Cultural Revolution?

Re:Common Knowledge for Years! (2)

marcosdumay (620877) | about 2 years ago | (#40653129)

The day is coming...

What day? The day the Chinese army will be so busy fighting their own people that they'll have to stop spying overseas? Because that's the war they are currently fighting.

Re:Common Knowledge for Years! (4, Informative)

dbIII (701233) | about 2 years ago | (#40653155)

I thought it was pretty common knowledge that Huawei and ZTE were run and funded by the Chinese Military.

Hopefully it will soon be common knowledge that a lot of industries in China are run and funded by the Chinese Military so this connection really means nothing in isolation. They are probably about as big and diversified in their holdings as coca-cola these days if not bigger, and 99% of the time they are in it for the money. Those childrens toys made by a company owned by the Chinese Military are not there so they can spy on our kids, they are there to help pay for a new aircraft carrier. The separation of state and private companies that we are used to seeing in democracies is instead a tangled web in China, with odd gaps such as entire huge open cut coal mines with thousands of miners that the government has zero involvement with (to the point where they are not even on a map, let alone taxed).

The US has competition (0)

Anonymous Coward | about 2 years ago | (#40652533)

What he doesn't mention is how much access the US has. Most likely they have even more access.

Oh no, the yellow peril is upon us! (3, Interesting)

Jeremy Erwin (2054) | about 2 years ago | (#40652547)

The second link is to "World Net Daily", a site that has about as much credibility as the John Birch Society.

It is a LIE (2, Insightful)

WindBourne (631190) | about 2 years ago | (#40652639)

There are all sorts of ppl that are on this site, and others, saying to look the other way. The Chinese would NEVER spy on the west, or put in backdoors to use for an offensive attack. I mean, these ppl all know that the communist China are the good guys. Likewise, that bunch of Chinese naval ships caught 50 miles off the phillipines coast is a non-issue is well. The fact that they were close to a number of telecom trunks has no bearing on anything.

So, relax. China will not try what they did to India. And the communists are heading towards being capitalists so there is no chance that they are working to kill off the west.

Re:It is a LIE (1)

dbIII (701233) | about 2 years ago | (#40653223)

And the communists are heading towards being capitalists

They already are quite extreme capitalists without many of the checks and balances on capitalism in the west, but that doesn't stop them from wanting to dominate the west in every way they can.
BTW, what do you mean by "China will not try what they did to India"? Do you mean the hacking of the computers owned by the group supporting the Dalai Lama in India or something a lot bigger I've missed or forgotten about?

To most of the world, China are not the good guys but since they are the ones propping up economies built on exporting raw materials there are plenty of countries lining up to kiss Chinese backside and say they are the good guys. Australia for one is China's bitch, the right in politics (eg. the mining companies that bankroll the right) far more than the left (which many in the USA would consider raw communism even if it's still a million miles from it).
As for the espionage angle, the incident where a lot of Los Alamos nuclear weapons research ended up in China was less than ten years ago wasn't it? How do people forget that so quickly? We can be sure that everything someone like Bradley Manning could get would have been in the hands of China long ago. With so many people with so much access anyone who cared enough to put up a small bribe would have better access than some intelligence staff.

US government has backdoors to 100% of telecoms. (0)

Anonymous Coward | about 2 years ago | (#40652663)

With CC to Israel, and any paying company, of course.

Now imagine if the US had this (1)

future assassin (639396) | about 2 years ago | (#40652671)

they'd be extraditing people for breaking US laws in their own countires left and right.

So? (1, Troll)

fullback (968784) | about 2 years ago | (#40652703)

And the US has used Echelon for industrial espionage against even its "allies" for 30 years.

U.S. government agencies pass wiretapped and intercepted information to American companies all the time. Trade secrets of non-U.S. energy companies have been passed to American companies, cell phone technology, labor negotiation strategies of non-U.S. companies with factories in the U.S. and intellectual property has been stolen and transferred for decades.

Re:So? (2)

dbIII (701233) | about 2 years ago | (#40653241)

The allies got thrown a crumb of intelligence every now and again (apparently) and were to an extent complicit. The amusing thing is the existence of Echelon was confirmed by an idiot in Australian politics that complained it didn't give him forewarning of events in nearby PNG despite complete coverage of the telecommunications systems in that country. PNG had the system forced on them as part of an aid deal, so were not complicit, but their government knew it was there and avoided discussing issues of international interest on the telephone.

I may be oversimplifying but... (1)

1karmik1 (963790) | about 2 years ago | (#40652705)

I don't understand how can this subject be brought up without talking about CALEA-compliant hardware [wikipedia.org] ?

The compliance to this wiretapping law may be usually implemented at a much-higher and easier-to-circument level but in spirit it very much achieves the same.

All Network hardware *is* backdoored, regardless of the manufacturer's country and that's a FACT. The only thing we can do is improve awareness of this so we system engineers, developers, system integrators can design, code and implement around that, as much as humanly possible.

The related news about cellphones as trackers [slashdot.org] helps drawing the bigger picture just as well.

My 2c.

Credibility (1)

manu0601 (2221348) | about 2 years ago | (#40652763)

One one hand, this is credible. China has shown an extraordinary appetite for industrial espionage. On the other hand, the story seems to come from the same source that descredited itself lying about the existence of weapons of mass destruction in order to justify Irak invasion.

Really? (1)

InspectorGadget1964 (2439148) | about 2 years ago | (#40652771)

Coming from a "former" Pentagon analyst, can this information be trusted? Or has the same flavor as the weapons of mass destruction that Iraq had that triggered the invasion?

Nobody Seems To Notice and Nobody Seems To Care (1)

Anonymous Coward | about 2 years ago | (#40652933)

Nobody Seems To Notice and Nobody Seems To Care

How many rootkits does the US[2] use officially or unofficially?

How much of the free but proprietary software in the US spies on you?

Which software would that be?

Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.

How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computer's files on the basis of faith alone?

If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, don't you?

I'm now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:

APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.

Where are the commercial or free anti-malware organizations and individual's products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or 'deleted/junk posts' forum section, someone or a team of individuals will mock you in various forms 'tin foil hat', 'conspiracy nut', and my favorite, 'where is the proof of these infections?' One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed you're using the proprietary Microsoft Windows OS. Now, let's move on to Linux.

The rootkit scanners for Linux are few and poor. If you're lucky, you'll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.

Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they don't call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and I've been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.

Don't let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch the void of the APT malware described above which will survive any wipe of r/w media. I'm convinced, on both *nix and Windows, these pieces of APT malware are government in origin. Maybe not from the US, but most of the 'curious' malware I've come across in poisoned binaries, were written by someone with a good knowledge in English, some, I found, functioned similar to the now well known Flame malware. From my experience, either many forum/mailing list mods and malware developers/defenders are 'on the take', compromised themselves, and/or working for a government entity.

Search enough, and you'll arrive at some lone individuals who cry out their system is compromised and nothing in their attempts can shake it of some 'strange infection'. These posts receive the same behavior as I said above, but often they are lone posts which receive no answer at all, AT ALL! While other posts are quickly and kindly replied to and the 'strange infection' posts are left to age and end up in a lost pile of old threads.

If you're persistent, the usual challenge is to, "prove it or STFU" and if the thread is not attacked or locked/shuffled and you're lucky to reference some actual data, they will usually attack or ridicule you and further drive the discussion away from actual proof of APT infections.

The market is ripe for an ambitious company or individual to begin demanding companies and organizations who release firmware and design hardware to release signed and hashed packages and pour this information into the cloud, so everyone's BIOS is checked, all firmware on routers, NICs, and other devices are checked, and malware identified and knowledge reported and shared openly.

But even this will do nothing to stop backdoored firmware (often on commercial routers and other networked devices of real importance for government use - which again opens the possibility of hackers discovering these backdoors) people continue to use instead of refusing to buy hardware with proprietary firmware/software.

Many people will say, "the only safe computer is the one disconnected from any network, wireless, wired, LAN, internet, intranet" but I have seen and you can search yourself for and read about satellite, RF, temperature, TEMPEST (is it illegal in your part of the world to SHIELD your system against some of these APT attacks, especially TEMPEST? And no, it's not simply a CRT issue), power line and many other attacks which can and do strike computers which have no active network connection, some which have never had any network connection. Some individuals have complained they receive APT attacks throughout their disconnected systems and they are ridiculed and labeled as a nutter. The information exists, some people have gone so far as to scream from the rooftops online about it, but they are nutters who must have some serious problems and this technology with our systems could not be possible.

I believe most modern computer hardware is more powerful than many of us imagine, and a lot of these systems swept from above via satellite and other attacks. Some exploits take advantage of packet radio and some of your proprietary hardware. Some exploits piggyback and unless you really know what you're doing, and even then... you won't notice it.

Back to the Windows users, a lot of them will dismiss any strange activity to, "that's just Windows!" and ignore it or format again and again only to see the same APT infected activity continue. Using older versions of sysinternals, I've observed very bizarre behavior on a few non networked systems, a mysterious chat program running which doesn't exist on the system, all communication methods monitored (bluetooth, your hard/software modems, and more), disk mirroring software running[1], scans running on different but specific file types, command line versions of popular Windows freeware installed on the system rather than the use of the graphical component, and more.

[1] In one anonymous post on pastebin, claiming to be from an intel org, it blasted the group Anonymous, with a bunch of threats and information, including that their systems are all mirrored in some remote location anyway.

[2] Or other government, US used in this case due to the article source and speculation vs. China. This is not to defend China, which is one messed up hell hole on several levels and we all need to push for human rights and freedom for China's people. For other, freer countries, however, the concentration camps exist but you wouldn't notice them, they originate from media, mostly your TV, and you don't even know it. As George Carlin railed about "Our Owners", "nobody seems to notice and nobody seems to care".

[3] http://www.stallman.org/ [stallman.org]

Try this yourself on a wide variety of internet forums and mailing lists, push for malware scanners to scan more than files, but firmware/BIOS. See what happens, I can guarantee it won't be pleasant, especially with APT cases.

So scan away, or blissfully ignore it, but we need more people like RMS[3] in the world. Such individuals tend to be eccentric but their words ring true and clear about electronics and freedom.

I believe we're mostly pwned, whether we would like to admit it or not, blind and pwned, yet fiercely holding to misinformation, often due to lack of self discovery and education, and "nobody seems to notice and nobody seems to care".

Too many secrets... (1)

ckret (321556) | about 2 years ago | (#40653141)

... anyone?

buy American (0)

Anonymous Coward | about 2 years ago | (#40653255)

A former Pentagon analyst

Now with Cisco marketing.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...