back to article GCHQ's cyber arm report on Huawei said to be burning hole through UK.gov desks

Britain is all a-tizzy about Huawei again as talk swirls over the imminent release of an unofficial report into the Chinese company’s influence over prominent Britons and a ban on its telco equipment. The volume of industry chatter was turned up to 11 this week after newspaper reports that a controversial former MI6 spy had …

Page:

  1. amanfromMars 1 Silver badge

    WTF ....... Is the service demented and infiltrated?

    Can you imagine the damage done to British intelligence services and the information leaked to all and sundry whenever any controversial former MI6 spy such as a Christopher Steele is wheeled out of confinement/quarantine/therapy/shady shadows to share his formerly anonymised ramblings?

    And yes, as someone may not unreasonably suggest, here we might know all about such shenanigans, or certainly a great deal more than most about them and their efficacy, or not as the case may be for some. :-)

    1. Chris G Silver badge

      Re: WTF ....... Is the service demented and infiltrated?

      Christopher Steele seems to write whatever he is paid to write, the question is, who is paying him now?

      1. Arthur the cat Silver badge

        Re: WTF ....... Is the service demented and infiltrated?

        the question is, who is paying him now?

        The Daily Mail. 'Nuff said.

        1. Rich 11 Silver badge

          Re: WTF ....... Is the service demented and infiltrated?

          "The dossier, seen by the Daily Mail, is not being formally published, and does not contain corroborating evidence of some of its claims."

          The Daily Mail is not paying him; the report was commissioned by a human rights activist, Andrew Duncan. The reason it does not contain corroborating evidence will be because Steele constructs analyses as if he were still a spy. I haven't seen this particular dossier, but the Trump one was written in terms of qualified likelihoods, exactly as happens in the murky and uncertain world of espionage.

          "I always say Britain can only be great when it can have its independent foreign policy."

          Translation: "China is pleased when Britain does not act in cooperation with its allies."

          1. amanfromMars 1 Silver badge

            Re: WTF ....... Is the service demented and infiltrated?

            By the evidence of this account ...... https://www.aa.com.tr/en/asia-pacific/china-attempting-elite-capture-in-uk-report/1902676 ..... is there a trio of authors with the real possibility then, and therefore most likely certain probability, that one of them be at least be a major sub-prime wannabe bullshit artist.

            The bigger question here in the now to be further considered though is, ........ are dodgy, heavily caveated reports shared with supposedly intelligent agencies responsible and liable for present day crazy actions and any hypermanic demonic reactions .....Resulting in and Creating the Garbage In Garbage Out Truism ‽

            The next logical step there then is ......... Commission and Follow the Tales in an Altogether Much Better and More Attractively Addictive Imaginative Report and Breathe Life into IT via Universal Media Sharing of Pictures and Sound Presenting a Quite Different Novel AIdVenture ....... with Alternate Virtual Realities Composed and Exposed for Mass Outing as Future General Knowledge to Be Aware Of rather than Be Beware Of?

            Or does anyone have a simpler or more complicated way of doing all of that?

            There's surely more than just a few regulars on El Reg would love to hear anything at all from any of them.

            1. Cliff Thorburn

              Re: WTF ....... Is the service demented and infiltrated?

              And they said the UK Arts industry is dead, certainly not the UK Dark Arts industry!

              Good old Christopher St ee le, they wheel out this bad actor when the great game requires yet another sock puppet, what next?, Edward Snowden?, or another Salisbury fiasco?, pantomime poison perfume bottles?, or pandemic

              pièce de résistance?.

              The scriptwriters really must come up with something innovative, as even natives are beginning to smell a RAT ‘remote access trojan‘ running firmly in what doesn’t read well in the pages of stagnant modern history, where do we go from here? ....

              New ambitius direction, not cataclysmic, revolution as opposed to lennon on sale again ...

        2. Roland6 Silver badge

          Re: WTF ....... Is the service demented and infiltrated?

          >the question is, who is paying him now?

          Friends of Vladimir?...

      2. Jellied Eel Silver badge

        Re: WTF ....... Is the service demented and infiltrated?

        I'm sure Mr Steele's drummed up some useful contacts whilst working for his US clients. They may even have helped pay a former Russia desk chap to learn Chinese and develop contacts in China.

    2. David Shaw

      Re: WTF ....... Is the service demented and infiltrated?

      A British judge today found ex-MI6 spy Steele guilty of making things up, in his dossier(1)

      https://justthenews.com/accountability/russia-and-ukraine-scandals/british-court-rules-against-christopher-steele-orders

      So....., he's written a *new* dossier.....fast forward 4 years and...?

      (1) Justice Mark Warby of the High Court of England and Wales ruled Wednesday that Christopher Steele violated a data privacy law by failing to check the accuracy of information in his infamous [the Trump] dossier, ordering the former spy’s firm [Orbis, not her Maj's MI6] to pay damages to two businessmen [Петр Авен & Михаил Фридман] he wrongly accused of making illicit payments in Russia.

      I've just bought some cheap huawey 802.11ac routers for playing with, all fine until you plug THREE in, then they secretly form a mesh network, and all the passwords you set become a random one, as one of the routers becomes quietly in control......

      1. cd

        Re: WTF ....... Is the service demented and infiltrated?

        Isn't it supposed to be a gang of four?

      2. Yet Another Anonymous coward Silver badge

        Re: WTF ....... Is the service demented and infiltrated?

        You can't just make things up in an intelligence dossier - that sounds dodgy

        1. RPF

          Re: WTF ....... Is the service demented and infiltrated?

          Stuff like WMD in Iraq, you mean?

    3. John Brown (no body) Silver badge

      Re: WTF ....... Is the service demented and infiltrated?

      "whenever any controversial former MI6 spy such as a Christopher Steele is wheeled out of confinement/quarantine/therapy/shady shadows to share his formerly anonymised ramblings?"

      It appears he managed to elude the large bouncy beach balls.

  2. JetSetJim Silver badge

    > UK telco sources who spoke frankly to El Reg off the record have generally praised the Chinese company’s wares and general approach while shrugging their shoulders at the political war over its presence in Britain.

    Indeed, they've come a long way and are a good example of what happens when you put 60,000 bright young things together to buld a networking business. There are probably ways and means to put backdoors in the kit, but GCHQ and others don't seem to have found any significant ones they're willing to publish (or at least ones that aren't "oh, that's a debug port that accidentally got left in. Soz").

    Compare that to other companies under a lot less organised scrutiny who regularly emit security vulnerabilities in their s/w. Security vulns are regularly found in Cisco kit, Nokia kit, and many others, but politicians don't seem to care about those ones.

    1. John Robson Silver badge

      "Security vulns are regularly found in Cisco kit, Nokia kit, and many others, but politicians don't seem to care about those ones."

      Correction - they care deeply. After all they (or rather their puppet masters) put them in.

    2. Anonymous Coward
      Anonymous Coward

      "UK telco sources who spoke frankly to El Reg off the record have generally praised the Chinese company’s wares and general approach while shrugging their shoulders at the political war over its presence in Britain."

      When senior middle managers get a 2 week paid for trip to China with their family which is denoted a "factory visit" and security is seen as a pain to be dealt with, within the telco company, and technical excellence is discouraged in the telco (because they just want it delivered), then the shrug the shoulders approach is really one of, they don't care, they don't understand, and they want their bonus by delivering the equipment into the network.

      1. toffer99

        Just an average backhander in the most corrupt country in Europe -the UK.

    3. Doctor Syntax Silver badge

      Cisco, Nokia and the rest should be subject to the same inspection by NCSC as Huawei. After all, if they've nothing to hide...

      1. Anonymous Coward
        Anonymous Coward

        By that 1 down vote it appears Chuck Robbins disagrees with you.

      2. Yes Me Silver badge

        Nothing to hide?

        They've nothing to hide. They all include back doors in their kit because most governments require them.

        Huawei kit works well and it's cheaper. That makes any kind of dirty tricks permissible for their competitors.

      3. AlbertH

        The reality is....

        Nokia, Siemens, Cisco and several other European and American companies are perfectly capable of providing the infrastructure for the UK 5G network. The only reason that the telcos want to go with Huawei is that they're cheap - as in about 40% of the prices of the European gear.

        The truth is that the telcos just want to maximise their profits by buying the cheapest gear. That's all there is to it. The fact that the Chinese will probably have embedded all sorts of digital nastiness into the firmware really doesn't bother them!

    4. NeilPost Bronze badge

      The article failed to mention Huawei’s deep entrenchment in Openreach’sFibre Broadband portfolio where it generally seems to work well.

      1. slinkywizard

        Well it certainly works better than the alternative ECI kit at least!

  3. This post has been deleted by its author

  4. Chris Hills
    Black Helicopters

    If only

    If only we had some sort of committee that could be convened to handle matters like this.. an Intelligence and Security Committee if you will.

    1. Commswonk Silver badge

      Re: If only

      If only we had some sort of committee that could be convened to handle matters like this.. an Intelligence and Security Committee if you will.

      Well yes, quite. However, any advice or "decision" from that committee would still be based on input from others; it has not, and could not have, and independent intelligence - gathering capabilities of its own.

      On top of that, the I & S C is made up of politicians, and by all accounts many of those suspected of being "captured" by Middle Kingdom interests are current or one - time, er, politicians.

      As a simple member of the public I expect a British government to make sure that it puts British interests ahead of those of any other country, and at the moment I worry that that may be far from the case.

    2. Slef

      Re: If only

      Cant have a security committee as it might publish embarrassing/damaging things about our own useful idiot!

      1. BebopWeBop Silver badge

        Re: If only

        Quite. Russia report - what Russia report?

  5. Greybearded old scrote
    Black Helicopters

    Can't identify the smell

    Either this is like Peter Wright's, "Current government is working for communists," or else, "WMD strike in 45 minutes." Possibly a mixture of the two. It does read like he's worked backwards from the result required for political purposes.

    However, from Snowden's leaked papers we know that the 'merkin spooks have inserted back doors into exported Cisco kit. So they're no better. Nokia, who knows?

    Shame we don't have our own hardware capability really. Past gov. policy was to favour the finance industry gamblers over manufacturing though.

    1. Commswonk Silver badge

      Re: Can't identify the smell

      However, from Snowden's leaked papers we know that the 'merkin spooks have inserted back doors into exported Cisco kit. So they're no better. Nokia, who knows?

      A perfectly fair point, but IMHO the present situation regarding Huawei is only a small part of the much greater problem of actual or potential Chinese influence being to the detriment of wider British interests. Any involvement of foreign interests in the UK is there because the foreign interests see it as being to their benefit rather than ours, much the same as if I buy shares in company X it is on the basis that I hope that in the long term it will benefit me.

      Shame we don't have our own hardware capability really. Past gov. policy was to favour the finance industry gamblers over manufacturing though.

      Just stop thinking about the companies that the UK used to have; it's simply too depressing for words. If the names still exist it is only for the purpose of Badge Engineering. I think the way British electronic manufacturing has disappeared down the drain should be seen as a mark of shame.

      <sniff>

      1. Yet Another Anonymous coward Silver badge

        Re: Can't identify the smell

        Quite surprised that any superpower would consider that the UK's foreign policy was significant enough to be worth influencing

        1. BebopWeBop Silver badge

          Re: Can't identify the smell

          But Britain has shown a remarkable facility for screwing up alliances. So that might well be the reason.

        2. TechHeadToo

          Re: Can't identify the smell

          We are still a moderately major economy, so being able to pull some strings and influence policy by having ministers and officials in debt - actual or moral, or even unethical, is all to the good. We seem to be heading towards being a failing country, so plenty of opportunity to extract profit. All those foreign investors in steel, cars, universities knowledge, smashing our high streets are not in it to keep a few jobs afloat, they're here so they can take their money home.

          And they're here because they come from a culture where NOT playing by rules and laws is normal, so they have an advantage.

          .

        3. Jellied Eel Silver badge

          Re: Can't identify the smell

          Quite surprised that any superpower would consider that the UK's foreign policy was significant enough to be worth influencing

          Powers want to stay or become super based on the political/economic/military might. So the UK is becoming independent and busily setting up trade deals. Alice flies off to negotiate one, gets to the meeting, realises they don't have a copy of their negotiating points. Bob, sitting across the table says "Don't worry, here's a copy".

          Or for a relatively recent example.. Security types tell their users to only use official, secure devices. User says "But Crackberry!" and uses that plus their own mail system instead. That gets hacked, emails leaked, ITSEC people around the world bang their heads on their desks. That was only a cabinet level person, so not at all a high value target for state or random hackers.

          Then there's industrial espionage, so being able to steal IP or give yourself an advantage. Happens a lot, sometimes with state support. And linked to that, industrial sabotage, so an ability to disrupt critical infrastructure like utilities.

          And then there's conflicting policy, like backdoors. Sometimes they're legislated, like my favourite example of CALEA. Kit in the US was meant to comply with those requirements. Cisco did, so just load their CALEA compliant version of IOS onto your routers and you're golden.. Which assumes nobody other than official users could utilise those features, and unofficial ones couldn't do their own unlawful intercepts. Or given it's a software feature, sneakily load it onto a non-US device. Most states have legislation for lawful intercept, but implementation requirements vary.

          But that's lead to interesting stories, like 'fake' base stations appearing near sensitive locations. Several companies make those, for sale to official users only.. But unofficial users sometimes get hold of them as well, and then they're reverse engineered, and anyone can play. And if you don't trust the networks, you can (and probably should) encrypt. But that makes law enforcement's job a lot harder, so there's pressure to compromise security.

          But throw your data into the cloud, take a seat, and enjoy the security theatre. It's a problem that's existed since the first mugging of a classified courier, and it's not likely to change. One thing I think would be a GoodThing(tm) is if states flexed their legal muscles and levied meaningful punishments on companies that develop insecure 'secure' kit and software. BP spills oil, gets fined billions, MS spills secrets.. and nothing much happens.

      2. Doctor Syntax Silver badge

        Re: Can't identify the smell

        "only for the purpose of Badge Engineering."

        Badge engineering was sticking different badges on variants of stuff you'd made yourself. This is brand engineering - printing your own name on stuff somebody else made.

    2. NeilPost Bronze badge

      Re: Can't identify the smell

      Yes, Openreach’s decision to put Huawei at the core of 21CN and fibre broadband nuked what was left of Marconi which was flogged off to Ericsson and then closed down.

      No-one seems to mention this kit though. Only 5G.

  6. N2 Silver badge

    No doubt

    The Fail headline was something like:

    Spy shocker in very TINY bikini...

    1. Arthur the cat Silver badge

      Re: No doubt

      Spy shocker in very TINY bikini...

      To be followed two weeks later with "Spy has massive cellulite/alcohol/cocaine problem."

    2. Avatar of They
      Thumb Up

      Re: No doubt

      Nah, for the daily fail it has to include immigrant in the title.

      1. Andy Denton

        Re: No doubt

        Don't forget the price of his house along with a sidebar of shame piece about how "His daughter has really grown"

      2. phuzz Silver badge

        Re: No doubt

        Or "Huawei causes cancer!" Followed in a few months by "This one weird Huawei trick can cure cancer!".

        I propose the 'Daily Mail Quantum Cancer Uncertainty Principal', whereby everything exists in a supposition of states of both, curing, and causing, cancer, until a journalist has tor knock out a quick article to hit their story count.

        1. Yet Another Anonymous coward Silver badge

          Re: No doubt

          Which scientist was it that was being interviewed by the Fail and was asked "does this cure cancer or cause cancer?" and when he/she hesitated was told "it must be one or the other!"

    3. macjules Silver badge

      Re: No doubt

      More like "We sneaked a look in Super Spy Steele's drawers: you won't believe what we found!"

  7. Tom 7 Silver badge

    "the Mail caveated its reporting"

    in the hope Huawei dont do the world a favour and sue them into oblivion.

  8. Anonymous Coward
    Anonymous Coward

    Can't have the Chinese take over from US spying, old chap

    The irony is, of course, that replacing Huawei's components that were thoroughly vetted by everyone & their dog with US gear that doesn't want evaluation because of "national security" and "trade secrets" is pretty much guaranteeing traffic intercept, whereas the former did at least offer openness.

    To be frank, at this moment I would not trust either so I would opt for something that had been taken apart and found clean by multiple independent parties, and which also happens to be a lot more advanced (which is, of course, where the real problem lies).

    It appears Downing Street has yet again been played by the Americans. It's like an infection you just cannot shake.

    1. Commswonk Silver badge

      Re: Can't have the Chinese take over from US spying, old chap

      It appears Downing Street has yet again been played by the Americans. It's like an infection you just cannot shake.

      Probably true, and if so it's a truth that I regret. However, I would still see it as the lesser evil by quite a large margin.

      1. Anonymous Coward
        Anonymous Coward

        Re: Can't have the Chinese take over from US spying, old chap

        However, I would still see it as the lesser evil by quite a large margin.

        After another tenure of the Trump Administration, may well narrow that.

    2. Anonymous Coward
      Anonymous Coward

      Re: Can't have the Chinese take over from US spying, old chap

      "To be frank, at this moment I would not trust either so I would opt for something that had been taken apart and found clean by multiple independent parties"

      This is sort of what GCHQ were hinting at earlier in the year. While there is the Huawei/GCHQ outpost in Banbury, there is no similar facility for the other vendors, or for the telcos' own implementations of that kit (other than their in house security teams). One of their recommendations was to build a national centre where everyone would be able to submit their kit to get the Gloucester treatment.

      It does seem a bit strange that we're dumping kit that GCHQ know all about, in favour of stuff that they've had rather less visibility into, but we can't control the Yank sanctions I guess

      1. Jellied Eel Silver badge

        Re: Can't have the Chinese take over from US spying, old chap

        This is sort of what GCHQ were hinting at earlier in the year. While there is the Huawei/GCHQ outpost in Banbury, there is no similar facility for the other vendors, or for the telcos' own implementations of that kit (other than their in house security teams).

        There kind of is.. Vendors (or users) can submit kit/designs to GCHQ/CESG for evaluation, and sometimes that's necessary before it can go live, ie in high security applications. Downside is that can be an expensive and time consuming process. Plus vendors can be reluctant to release internal architecture or source code needed for a decent evaluation. And then approvals can be conditional on a specific design, or software version, so updates would have to go through the approvals again.

        Telcos, at least the large ones can do similar, so have their engineers crawling over the kit & testing for bugs, vulnerabilities etc. BT did that when evaluating Huawei's kit for their 21CN core. But not every telco has the resources or inclination to do the same, so if it's good enough for BT, it's good enough for them.

        Which then gets to the meat of the problem, which is marketing. Lots of press releases saying Operator X installs our kit, making other customers more comfortable doing the same.. And not buying other vendor's kit instead. Which naturally upsets those vendors, even when they don't make equivalent kit, or if they do, it underperforms on features, price etc. That makes a huge difference on high volume stuff like RAN kit where you may be looking at buying edge router/switches by the thousands.. And then other factors also kick in. So a box designed to sit in an office/datacentre might not be happy sitting in a rooftop enclosure, so to use it, it'd cost more $$ to design & build enclosures to keep it happy.

        1. Anonymous Coward
          Anonymous Coward

          Re: Can't have the Chinese take over from US spying, old chap

          "Telcos, at least the large ones can do similar, so have their engineers crawling over the kit & testing for bugs, vulnerabilities etc. BT did that when evaluating Huawei's kit for their 21CN core. But not every telco has the resources or inclination to do the same, so if it's good enough for BT, it's good enough for them."

          Is vulnerability testing the same as counter espionage testing/analysis ???. I would have thought the latter required detailed investigation of the hardware from a physical perspective. If the product uses home grown/designed silicon, then detailed physical analysis is a must ?

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020