The fact that they are applying so much pressure, but cannot provide evidence, even of a classified nature, speaks volumes. Given all the other events that have happened, such as the imposition of tariffs against the steel and aluminum industries of allied countries, it seems likely that that this is just another case of protecting US industry.
You're on a Huawei to Hell, US Sec State Pompeo warns allies: Buy Beijing's boxes, no more intelligence for you
US Secretary of State Mike Pompeo has confirmed that Uncle Sam will no longer provide top-secret intelligence to countries that use Huawei equipment in their core networks. Speaking to Fox Business on Thursday, Pompeo said allies using the Chinese vendor's gear in their critical infrastructure can't be trusted to keep …
COMMENTS
-
-
-
Friday 22nd February 2019 09:37 GMT bombastic bob
Re: Protecting their own industry AND their involuntary intel sources
from article: "less than convinced there is a threat to national security"
from post: "As the NSA is known to be bugging US-bult servers and routers before delivery for years now"
I'm a bit skeptical of both claims, that either the USA or Huawei are adding spy-hardware [or firmware] to things being sold to governments. And I would guess that governments should consider an anti-"Not Invented Here" policy if they want REAL security.
So i totally get it if the US gummint wants ONLY U.S. gear and software/firmware from approved vendors in government information roles. That's just prudent.
The jury is still out on the Bloomberg article, though. Why has there been SILENCE on that?
-
Saturday 23rd February 2019 09:31 GMT michael.Misc
Re: Protecting their own industry AND their involuntary intel sources
It so clear that What USA is doing.
NSA - Intelligent will loose their capability of Intelligence (other than USA is call Spying capability) if other countries implement non US Tech.
This why USA use the entire Govt machinery impose fear on other alias if they implement Huawei technology. Why was US capable of taping conversation of German german chancellor!!! THis is fact! THis because US has back door the system! If anyone use Huawei US will no longer has access to this!
Check the latest Japanese article on how US access others system to spy on other countries.
-
Friday 22nd February 2019 22:45 GMT sprograms
The tariffs have openly been scheduled as a means to motivate trade negotiations. With Mexico and Canada the treaty awaits only congressional approval. With China the list of necessary (not merely reasonable) demands is also public. With the EU autos and agriculture need (from the US perspective) re-negotiation.
Not trusting Huawei flows from pronouncements by the Party mandating corporate obedience, combined with the reality that Chinese hacking to steal IP, actual theft on-site by CCP agents, and onward, calls for a pointed response.
As for Germany's reluctance to use EU-sourced equipment (which is available from multiple firms), perhaps it has some connection to the convenience of the One rail-Road leading from east-coast China straight to the Duisburg inland port? Volvo cars, Huawei network gear, soon-to-be Chinese-made Kuka auto manufacturing robots, all from one Amazon-like industrial source. What could go wrong? Germany's only response will be, not whether Huawei, but how much and how soon. Eriksson et al must love it. EU solidarity at work.
-
-
Thursday 21st February 2019 23:47 GMT Yes Me
Economic warfare
Since there is no known call-home risk with Huawei equipment, and their alleged security issues are run-of-the-mill, this is purely about supporting US (and partly US) vendors. Part of the decline and fall of the American Empire, one suspects.
If Huawei announced plans to create thousands of jobs in Detroit, we might see a change of tune.
-
Thursday 21st February 2019 23:54 GMT Anonymous Coward
Re: Economic warfare
> "Since there is no known call-home risk..."
So the fact that we don't know of any means there aren't any? Probably? Fine, but just remember who we are discussing here. A very large company in China. You may think it's okay to just assume the best, but some other people are a little worried, given the track record of the folks in question.
-
Friday 22nd February 2019 00:13 GMT Geoffrey W
Re: Economic warfare
Given the track record of the accusers here, a very large country that thinks it's exceptional and which is currently run by a somewhat haphazard and maladroit administration, I'm a little worried too so pardon me if I spare more than a little of that suspicion for them as well. I don't trust any large powerful country with a track record of spreading misinformation, lies, and propaganda.
-
Friday 22nd February 2019 10:30 GMT jmch
Re: Economic warfare
"a very large country that thinks it's exceptional and which is currently run by a somewhat haphazard and maladroit administration"
Right now that is an equally apt description of the US, China, Russia and Brazil. I'm not that current with what's happening in India, Indonesia, Nigeria and various other Asian an African large countries but I suspect that the same might apply.
In fact, given the messes variously heard about in the UK (Brexit), France (gilets jaunes), Australia (breaking encryption), various EU countries (right-wing / immigration-related issues) etc etc... is there ANY administration in a first-world country that is NOT "somewhat haphazard and maladroit"?
Scandinavian countries? Switzerland? anyone else?
-
Friday 22nd February 2019 12:44 GMT Adair
Re: Economic warfare
'...is there ANY administration in a first-world country that is NOT "somewhat haphazard and maladroit"'
Absolutely not, but there are nations that also have a grossly inflated view of their own importance, and the means and the will to attempt to enforce that view on others. The US and China are members of this ignoble group, and their actions all too frequently prove it.
-
Friday 22nd February 2019 23:21 GMT sprograms
Re: Economic warfare
Should the EU be counted as a nation? It seems ambiguous. On the one hand, Germany is very vocal about its opinions, nation like. On the other hand, Chancellor Merkel has said true patriotism is not nationalism, but loyalty a higher political body.
It's all so confusing. Why, then, not buy European network infrastructure?
-
-
Monday 25th February 2019 07:22 GMT martinusher
Re: Economic warfare
>Right now that is an equally apt description of the US, China, Russia...
American exceptionalism isn't just an observed phenomenon, its something that's openly discussed here by our politicians. We're not that good at self-examination which is why you can have leading figures in the Administration openly trying to bring down an elected President in Venezuela so that they can install their own hand picked one and claim its 'restoring democracy'.
The difference between the US and China and Russia is that the latter two countries have a sense of national purpose and government policies that enable that purpose. The US has to resort to slogans because there isn't any coherent policies. (Brazil I'd class differently -- its current government appears to be a bunch of murderous gangsters -- its at war with sections of its people which isn't a very good way to try to run a society.)
-
-
-
Friday 22nd February 2019 00:15 GMT JohnFen
Re: Economic warfare
"So the fact that we don't know of any means there aren't any?"
This exact same thing is true of equipment from every other nation as well. Why is there no outcry about them? Since the US is refusing to actually show why China deserves to be singled out, the only reasonable thing to think is that there isn't a justifiable reason.
-
Friday 22nd February 2019 12:09 GMT jmch
Re: Economic warfare
"Since the US is refusing to actually show why China deserves to be singled out, the only reasonable thing to think is that there isn't a justifiable reason."
OR, there IS a reason that they don't want to make public. For example that the NSA etc haven't managed to compromise any Huawei kit because it is more secure than that from other vendors.
-
-
Friday 22nd February 2019 00:25 GMT veti
Re: Economic warfare
"Being a little worried" is fine and rational. I'm "a little worried" every time I cross the street, particularly with kids in tow. But letting that worry dictate what you should and shouldn't do - that's a whole other kettle of neuroses.
If the US wants others to think of it as an ally, then it should tell them why it thinks Huawei kit is dodgy. (And no, 'because it's Chinese' is not a reason.) If it won't do that, then either (1) it's already withholding important material information, and so we've nothing to lose by ignoring them, because they've already acted on this "threat", or (2) it doesn't have any such information.
-
-
-
Friday 22nd February 2019 00:13 GMT JohnFen
That seems like a dangerous stance
Since the US heavily relies on the cooperation of other nation's spy agencies, and it's probably fair to expect that any nation the US cuts off would also stop sharing intelligence with the US, this sounds like it would hurt the US more than anybody else.
-
Friday 22nd February 2019 00:40 GMT Jellied Eel
Re: That seems like a dangerous stance
Since the US heavily relies on the cooperation of other nation's spy agencies,
Ah, well, this is politics. So the Snowden debacle showed that the US was quite happily spying on it's allies.. But that's what intelligence services do. As Sir Humphrey would probably have said, "How are we meant to know they're our allies, unless we spy on them?".
But as Snowden also showed, the US needs to get it's own house in order. There was also an embarassing incident where a Pakistani IT consultant ended up as sysadmin for a lot of Democratic congresscritters. Which probably has the US PTB banging their heads against a wall because senior fedeal employees and contractors still seem to run a DIY approach to IT.
Rest is a best practice thing for any critical infrastructure, ie limit access, log the hell out of it and view any 288f bundles appearing in the back of core switches with a 'Please No Touch!' sticker with suspicion.
-
Friday 22nd February 2019 14:07 GMT Laura Kerr
Re: That seems like a dangerous stance
"this sounds like it would hurt the US more than anybody else"
'Zackly. And to put the old tin lid on it, it might be quite some time before Lord Dampnut's cabal realised the impact that would have. The days of American hegemony are slipping away, and just like the way empires throughout history have disintegrated, the people in charge will be the last to know; and they'll find it out the hard way.
It's probably far too late for America to recover its dominance, anyway. Lord Dampnut's just presiding (for very small values of 'presiding') over a great power in its death throes. Some time in the next few decades, future historians will point to a date between December 1972 and November 1989 as the end of the American empire.
It was the same on this side of the pond. It's a popular belief that the British Empire ended on 15th August 1947 with Indian independence, but the first nail was hammered into the imperial coffin on 21st January 1906, with the election of the last Liberal government. By the time India gained independence forty years later, the British Empire was rotten to the core.
Britain had its day of glory. So did the United States - and to an extent it still does - but the sun's sinking towards the horizon. I might not live to see it finally set, but my kids probably will.
-
Friday 22nd February 2019 23:36 GMT sprograms
Re: That seems like a dangerous stance
British power declined steadily from 1916-1944 due to the enormous financial drain of, together with France, not facing the reality of German ambition soon enough, actively enough. Too much effort was expended on global issues, not enough on European threats. Sound familiar?
I'm all for watching Germany go heavily with Huawei, and seeing how it turns out. Germany is so deeply in bed with Russia (for fuel) and China (for the huge market it thinks it will prosper from) that there is no need to worry about Germany as an ally. As an ally it has proven insincere for decades. Not a problem.
-
Monday 25th February 2019 10:58 GMT Laura Kerr
Re: That seems like a dangerous stance
"Too much effort was expended on global issues, not enough on European threats. "
Well, with an empire spanning the globe, Britain had to focus on international issues. And though you're right about the financial drain following the First World War, there are a few tricks you've missed:
1. At the Versailles conference in 1919, Woodrow Wilson explicitly threatened a transatlantic arms race, which eventually led to the Washington Naval Treaty. That imposed a level of parity between the naval powers, and was weighted in America's favour, and against Britain. Britain had a huge empire to protect; America did not. It was probably the first time the US successfully flexed its muscles on the international stage.
2. During the First World War, Britain and Japan were allies. That alliance was terminated under American pressure, weakening Britain's position in the Far East and necessitating greater defence expenditure there. There's proof of the rot setting in here - the guns of Singapore could have pulverised an attacking naval force, so the Japanese simply advanced down the Malay peninsula instead.
3. By 'German ambition' I'm assuming you're referring to the rise of Hitler. The Nazis weren't a serious threat until after the Wall Street crash of 1929. Fear of a return to the hyper-inflation of the 1920s stoked by a nationalistic demagogue helped to persuade more people to vote for the Nazis in the elections up to 1933. And after Hitler became Chancellor, it didn't help that the US had retreated into isolationism.
You could argue that Clemenceau and Lloyd George should have told Wilson to sod off back to the ranch, but that's looking back with a hundred years of hindsight. The war-weariness of Britain and France helped to accelerate their decline, while the US, who had not suffered anything like as much, slowly but surely pushed them aside.
-
-
-
Friday 22nd February 2019 23:27 GMT sprograms
Re: That seems like a dangerous stance
Going it alone actually worked fine after Kim Philby et al. Not a big deal. It's a free world. I find the US markets more open than the Chinese at the moment. I wouldn't want to rely on China for parts and code maintenance/bug-fixes down the road. Silly me, eh?
-
Friday 22nd February 2019 00:42 GMT Anonymice
If everything's encrypted, what's the problem?
Even if they didn't strictly audit the src & dst of all the packets traversing their networks, if all communications are strongly encrypted end-to-end, especially those carrying critical &/or top secret information, then what does it matter if the network gear tries to syphon data?
And from my own limited experience working on a low-level MoD network, the job came with a 600 page manual just for the encryption & security requirements alone. I recall 4096-bit keys were a minimum.
-
Friday 22nd February 2019 00:47 GMT JohnFen
Re: If everything's encrypted, what's the problem?
This.
Even in my own little home network, all traffic (except for the open WiFi I run, but it's on an isolated subnet) is encrypted, even when it's not leaving my LAN. I don't do this because I don't trust my router, I do it as a layer in my multilayered security: it's yet another roadblock should an attacker gain access to my network.
-
Friday 22nd February 2019 02:14 GMT eldakka
Re: If everything's encrypted, what's the problem?
Agree with this comment chain.
The OSI model should add a specific, mandatory, date encryption layer (probably between existing presentation and session layers), rather than the current "just another optional Presentation Layer service" it exists as. And this should be incorporated into the TCP/IP stack within it's application layer as mandatory (or in RFC-speak a "MUST" requirement).
-
-
-
-
Friday 22nd February 2019 21:44 GMT Nick Kew
Re: institutionally autistic
Was that addressed to me? Institutionally autistic is a play on the phrase "institutionally racist", which entered the language here in Blighty after a high-profile report used the phrase to describe London's police. And a 600-page book - in a context that indicates it's one of many - suggests a staggering lack of empathy for the poor buggers expected to abide by the contents.
-
-
-
Friday 22nd February 2019 09:57 GMT bombastic bob
Re: If everything's encrypted, what's the problem?
even when you encrypt with SSL, if you can sniff the opening sequence (DH key exchange specifically) you can decrypt the traffic. It would still take a little bit of work, but you can see examples of this happening in Wireshark, when you view an https stream [for example].
So yeah, a router that can capture the entire stream could render encryption useless. The only way around this would be to have a secure tunnel using known certificates on both ends, along with some kind of randomly generated salt, and no decryptable key exchange up front [PGP actually does something like this already, as a good example]. But that would be subject to a form of crypto analysis where you study a large amount of traffic to crack the certs. So nothing is perfect if you don't rotate the keys every time, and so on.
that being said, a possibly 'more secure' PGP for long distance traffic would be a good way to ensure good encryption, across 'teh intarwebs' and various network backbones and so forth, but once it gets on the LAN at its destination, it's probably gonna get hoovered up if spyware [soft, firm, or hard] exists in the routers and PCs.
-
This post has been deleted by its author
-
Sunday 24th February 2019 11:09 GMT James R Grinter
Re: If everything's encrypted, what's the problem?
If you have the server private key then you can decrypt the captured TLS sessions (including at a later date, e.g. if you steal that key), *unless* they use a cipher scheme that implements perfect forward secrecy.
Then you can’t.
But you certainly can’t break TLS just by sniffing the packets as an independent observer, unless you can “break” the maths behind DH.
https://security.stackexchange.com/a/42350 has a pretty good explainer
-
Monday 25th February 2019 07:20 GMT eldakka
Re: If everything's encrypted, what's the problem?
if you can sniff the opening sequence (DH key exchange specifically) you can decrypt the traffic.
DH is intended to establish secure keys over an insecure link. Its' whole point in life is that it doesn't matter if the communications can be eavesdropped on as it can still establish a secret key known only to the sender and receiver despite the DH exchange being eavesdropped on.
Note that there are known implementation weaknesses of the DH algorithm, but that is a development error, not a problem with DH itself.
-
-
Friday 22nd February 2019 10:34 GMT jmch
Re: If everything's encrypted, what's the problem?
"If everything's encrypted, what's the problem?"
Because a lot can be made out even from the metadata. The one thing that CAN'T be encrypted is the packet headers etc - the network itself knows source, destination, volume and timing of messages, and a lot can be determined from that. For example feed a juicy bit of (mis)information to a known point on the network and note where subsequent messages are directed
-
Saturday 23rd February 2019 07:17 GMT amanfromMars 1
Re: If everything's encrypted, what's the problem?
Because a lot can be made out even from the metadata. The one thing that CAN'T be encrypted is the packet headers etc - the network itself knows source, destination, volume and timing of messages, and a lot can be determined from that. For example feed a juicy bit of (mis)information to a known point on the network and note where subsequent messages are directed .... jmch
Feed juicy bits of information to a networking point ... [and you might like to realise El Reg is just such a global networking point out in plain sight] .... and any and all subsequent activity/proactivity/inactivity regarding such information exposes top secrets to be relentlessly exploited .... and carefully groomed/further developed.
-
-
-
Friday 22nd February 2019 08:49 GMT Chris G
LaLaLa I can't hear you
No matter what GCHQ and the Germans, among others, have to say, the yanks keep banging the same old drum. Mostly to keep the home fires burning.
It may be a benefit to a lot of people to no longer receive US intelligence considering much of of it is purpose built in house.
-
Friday 22nd February 2019 09:40 GMT Spanky_McPherson
But why are they inspecting the source code?
I don't think it's feasible to guarantee that the binaries running on the network gear are generated from the inspected source code.
Unless you're planning to desolder all the flash chips and test them individually, who's to say what's actually running?
The OS can simply report whatever the attackers want it to, including lying about what binaries are running.
-
Friday 22nd February 2019 12:43 GMT Jellied Eel
Re: But why are they inspecting the source code?
I don't think it's feasible to guarantee that the binaries running on the network gear are generated from the inspected source code.
Depends on the network/application. If it's a high security network, then it should be feasible. So network must be designed in accordance with national standards for classified networks. NSA in the US and GCHQ in the UK manage those. That may require trusted/vetted components and secure OS, but that gets complicated given the cost of auditing source code. Or just vendor's reluctance to release that code. Then combine the components in accordance with say, UK IS1, pass review/audit and go live.
But that's not the end, ie there's still the ongoing security monitoring, compliance, patch management etc to follow. Do all that, and you should have an officially secure and reasonably secure network. Allow senior politicians to run their own mailsever with classified data on it and you have a security problem.
The 5G stuff is much the same principle, although it's riskier given it's a public network. Same rules apply, ie how could it be abused, and how can the design prevent or mitigate abuse? That could be accidental or malicious, eg network crashes due to buggy update, lapsed security certificate etc etc, ie all the issues we see reported with depressing regularity.
-
Friday 22nd February 2019 17:23 GMT Anonymous Coward
Re: But why are they inspecting the source code?
It *should* be, the checksum of the firmware applied should match one compiled from the inspected source tree.
Except, from what I know of this process being followed for various vendor's sources, it could be a mess of dependencies and fudges, so arriving at a matching checksum to the supplied firmwares would be a very expensive and fraught exercise by which time the firmware version supported would be several releases ahead and carry important security fixes*. And the amount of people this source would be disclosed to is very very small and could be suggested to have been undertaken simply as a box ticking exercise on a requirement.
*you know, those security fixes for bugs that for eg Huawei have never had, because they keep all their customers under NDA as part of the pricing contract.
-
Friday 22nd February 2019 10:15 GMT Nerd1024
Open source all chips (cpu, memory, phones, every chip)
Just require that every product that uses chips have every chip details opened source hardware and software for every phone, tablet, tv, personal computer, server, phone tower hardware etc all be open source.....no secrets anymore!!!!!
-
Friday 22nd February 2019 13:51 GMT Anonymous Coward
Re: Open source all chips (cpu, memory, phones, every chip)
Yeah...no chips or software, either. Trade secrets mean more to many of these folks than the business itself. If they can't be applied one way, they'll find another, and you're never gonna get them to Give Information to the Enemy.
-
-
Friday 22nd February 2019 10:53 GMT Nick Kew
No intelligence
We can't share intelligence with you. Just take our word. We have a dossier showing incontrovertible proof of Iraq^Hn's WMD and evil plans, and you have to join us in yet further destabilising an ever-growing region.
Though to be fair, the dodgy dossier itself was a British contribution to f***ing up the middle-east and the Moslem world more widely. I wonder what Great Cause Richard Dearlove ("Mr Dodgy Dossier") might be championing today?
-
This post has been deleted by its author
-
Friday 22nd February 2019 15:44 GMT batfink
Meh - data can be slurped anywhere
You can't guarantee that your data can't be slurped somewhere along its route. It doesn't have to be on someone's network equipment - it could be a physical tap somewhere along the route (even on point-to-point). Therefore, it's largely irrelevant whether the network gear has been compromised or not.
The TLAs know this. So, sensitive traffic needs to be strongly encrypted for transit regardless.
Continuing down the logic trail: if compromise of the network gear doesn't matter, then something else is driving this behavior by the Americans. As they say in the detective novels: follow the money...
-
Friday 22nd February 2019 22:48 GMT Anonymous Coward
What is the alternative?
It is a little bit weird, certainly for 5G.
In 5G there are really only three suppliers to choose from: Huawei, Ericsson and Nokia. None of them are American (although both Ericsson and Nokia have some US operations, including parts closely linked to the US spooks). I get that the Americans might feel that anyone non-Chinese is a better bet than Chinese but this seems quite an extreme position to take with allies given that no US company will benefit.
Of course, in the core it is different. Two major suppliers (Cisco and Juniper) are US companies, and maybe this is mostly directed at that selection.
-
Saturday 23rd February 2019 20:42 GMT M.V. Lipvig
I'm not going to say...
... that the US is not bugging gear. In fact, only a moron would assume otherwise. What I don't get is the vast swath of people who are more than willing to believe the US is bugging gear but want to see hard, incontrovertible evidence that the Chinese, a people known to have zero regard for the laws of other nations or of individual property rights, and proven time and again to be sending spies to other nations to steal anything they see, and who have spent the last 20 years becoming masters at monitoring their own telecom networks to search for dissidents (on the same gear they sell, I might add) are somehow NOT bugging the telecom gear they sell to other nations. Come ON, they are totally bugging the gear! I get the whole security thing, and if you don't trust Uncle Sam that's fine. We aren't trustworthy as a nation. Compared to China though, we're as trustworthy as Mother Teresa. We'll spy on you for national security purposes, China will spy on you to steal the bread out of your hand. The US government isn't interested in corporate espionage outside that which applies to weaponry advances and the like (our corporations will, but that's another story) but come up with a better way to toast bread and China will steal it and have it on the market before you finish testing.