back to article Huawei could have snooped on the Dutch prime minister's phone calls thanks to KPN network core access

Huawei was able to snoop on the Dutch prime minister's phone calls and track down Chinese dissidents because it was included in the core of the Netherlands' mobile networks, an explosive news report has claimed. Dutch national daily Volkskrant (behind a pay wall) reported over the weekend that mobile operator KPN, which used …

  1. Khaptain

    Lawful ?

    "no access to lawful interception data"

    Does this mean that they didn't have the keys to the backdoor used by our governements or that they only had acces to unlawful interception data ?

    1. I ain't Spartacus Gold badge

      Re: Lawful ?

      Khaptain,

      I think it's a reference to one of the allegations that Huawei could see the list of numbers under investigation by Dutch police and intelligence services. Not reported specifically in this piece, but apparently in the original Dutch news piece.

      Whether that's access to just the list, or to actual call and intercept data I don't know.

      The allegation they could listen to any call by anybody was separate.

    2. Grauenwolf

      Re: Lawful ?

      It means that (a) the government installed interception software into the core and (b) the government didn't give Huawei that particular password when they hired Huawei to maintain the hardware.

  2. Anonymous Coward
    Anonymous Coward

    And people said it was an unjustified witch hunt against Huawei...

    1. Anonymous Coward
      Anonymous Coward

      Yeh why would Huawei put a backdoor into KPN's network? oh right Dutch authorities require it for their "lawful intercept".

      And why would that include the Dutch PM phone? Ahhh yes, "lawful intercept" includes him too.

      And why can you set the lawful intercept without any technical mechanism from the courts? Because the good guys trust the good guys to the point where trust is assumed.

      And why would Huawei's kit store those intercept settings on Huawei's kit? Ahh yes because how the fook otherwise would it know what to intercept!

      And why would Huawei's kit have access to the intercept files Huawei writes....oh right, that's a dumb question, of course they need to write those files.

      And why would, you, KPN, give Huawei network access to their own switches on your site when you control that network access? Because KPN outsourced maintenance of the servers remotely to Huawei.

      The Dutch backdoored their phone system, and there is the potential that the vendor of the hardware can misuse the backdoor which apparently has no technical checks on it and can be remotely set.

      At some point, you're going to have to recognize why pier to pier encryption is essential, and opposing it, or backdooring it, weakens your own security and undermines your own country.

      Dutch comms is badly compromised, the UK situation is far worse, courtesy of GCHQ and 5-eyes.

      See this?

      https://www.justsecurity.org/71279/trump-pushed-cia-to-give-intelligence-to-kremlin-while-taking-no-action-against-russia-arming-taliban/

      This is how close you came to losing democracy right across the west. Courtesy of you lot in Cheltenham.

    2. Grauenwolf

      Yes, this is part of a witch hunt.

      They outsourced the maintenence to Huawei and were then surprised that Huawei has access to their systems?

      That's like letting a plumber into your house, then complaining that the plumber had access to your water pipes.

      1. Muppet Boss

        >They outsourced the maintenence to Huawei and were then surprised that Huawei has access to their systems?

        Modern mobile networks are so complex that vendors managing the core network is rather a rule than an exception.

        But I would like to see how KPN would manage their network without Huawei having access to it. It's like explaining how to assemble a spaceship over phone, good luck with that.

        Anyway, the real people to blame are whoever keeps the SS7 (the international set of telephony protocols) alive: bureaucrats at ITU-T. With SS7, the insecure protocol stack from 1975, any country can effectively wiretap a mobile phone in any other country, Dutch PM or Scotch MP, whomever. Maybe it is the need of the 'good' countries to wiretap the 'bad' countries (or occasionally a random Bundeskanzler) that keeps it alive.

      2. Kevin McMurtrie Silver badge

        It's more like hiring Putin to fix your plumbing. You probably should have made a better background check, and you probably shouldn't have let him install the soda fountain with facial recognition software. You can't act all shocked when you find some extra flavors in the machine.

        1. Muppet Boss
          Joke

          >It's more like hiring Putin to fix your plumbing.

          I don't think he is that desperate, I heard he still has a trillion or 2 somewhere in his backyard.

        2. Anonymous Coward
          Anonymous Coward

          Although after years of investigation all that can be suggested is that Huawei "could" have snooped, whereas the only country that has been caught actively snooping on European politicians phone calls has been America.

    3. Sil

      1. These are still no more than allegations.

      2. The US is known to have hardware modified IT/communication systems ordered by external foreign parties.

      3. How many times have there been flaws found in Cisco systems giving full rights to the system?

      1. Imhotep Silver badge

        I don't believe there have been any allegations of misdoing, excep for KPN granting access that appears to be problematic. But there is no allegation in the article that that access was misused. Of course, it appears to be Huawei, as the system admin, that they would rely on to verify that.

  3. Anonymous Coward
    Anonymous Coward

    In the mean time

    US agencies have been caught listening on German Chancelor's phone converstations and it didn't seem to have any impact. Oh, and they're still able to do that unless of course Huawei equipments stand in their way.

    Something tell me that this is actually the problem: Huawei equipments might be aware of those TLS snooping and this would give the Chinese governement an advantage.

    1. Yet Another Anonymous coward Silver badge

      Re: In the mean time

      >listening on German Chancelor's phone converstations and it didn't seem to have any impact.

      That's because they couldn't understand it, sounded like total gibberish.

      1. Yet Another Anonymous coward Silver badge

        Re: In the mean time

        Although to be fair it's tricky for certain American leaders to understand a language where words can be more than 140 characters

        1. This post has been deleted by a moderator

          1. Yet Another Anonymous coward Silver badge

            Re: In the mean time

            We were conquered by France and a 1000years later we can just about ask the way to the station (but not understand the answer)

            1. I ain't Spartacus Gold badge

              Re: In the mean time

              Well actually conquered by the Normans, who happened to have earlier conquered a bit of Northern France. France itself was a very small bit stuck in the middle of a bunch of warring dukedoms. It was centuries before the French crown had conquered and married its way to control of what we now know as France.

              And even there, the Normans ruled - but stopped speaking norman french and learned english eventually.

              1. Charlie Clark Silver badge

                Re: In the mean time

                stopped speaking norman french and learned english eventually.

                Nearly 400 years after the conquest: IIRC Henry V was the first to swear his oath of loyalty in English. Fascinating area of linguistic history which helped make English as rich as it is.

                1. I ain't Spartacus Gold badge

                  Re: In the mean time

                  I believe Henry II was the first to put some law and government business in english? And also adopt parts of the old Saxon legal system into what had basically been a Norman legal code.

                  1. Charlie Clark Silver badge

                    Re: In the mean time

                    Could well be, but he couldn't speak it. It wasn't really until the time of the Edwards, the name might be a clue, that the royal family was spending less time in Anjou and Aquitaine and, consequently, coming into contact with the language of their subjects more often.

              2. HildyJ Silver badge
                Angel

                Re: In the mean time

                William had the Domesday Book written in Latin. None of those silly languages like French or English.

  4. I ain't Spartacus Gold badge

    The report actually seems worse than this

    Dear El Reg,

    I hope you come back to this story. Saw it this morning, and was hoping for more technical coverage.

    The main points of the story appear to be:

    They had full network access. Could listen into any call (including the PM's phone) and also had a list of all accounts under intercept/surveillance from both police and intelligence services. Didn't see if they'd actually done this, or if it was even possible to check.

    Huawei had also accessed the network from inside China. Don't know if that was in accordance with the network management outsourcing agreement or in breach.

    They'd also put in place measures to see subscriber data, and been looking at it. Including for a subsidiary company - and continued to do so even after being told to stop.

    Which rather sounds like blackmail, as the company didn't release the report out of fear of exposure. So maybe Huawei played on that? Why otherwise directly ignore an instruction from your client?

    Finally the translation I saw alleged that Huwawei were still managing the network, depsite the company's claim they were no longer outsourcing to them.

    1. Yet Another Anonymous coward Silver badge

      Re: The report actually seems worse than this

      It's a phone system: everybody from a bloke at the box on the corner with a clip on phone, to anyone in customer server, to anyone with root access to any of the switches, to anybody in the other office who picks up an extension has access.

      If you think a prime minister's un-encrypted phone call suddenly becomes secure by having the backhaul supplier being from Finland you are a GCHQ

      1. I ain't Spartacus Gold badge

        Re: The report actually seems worse than this

        It's a mobile phone system. 3G and 4G in this case.

        I've only seen a quick translation of the Dutch report, which conflates the risk of using Huawei kit with using Huawei as outsourced network management. Assuming no backdoors in Huawei kit - those are two vastly different risks!

        But if it's true that Huawei were downloading and subscriber data, even after being told to stop, then that is definitely nefarious - even if everything else alleged is only a risk that they could have - not proof that they did.

        On t'other hand, if they had the keys to manage the network, they presumably had at least some abiltiy to cover their tracks and make audit of their actual actions hard to impossible.

    2. Grauenwolf

      Re: The report actually seems worse than this

      Did you catch the part where they said that Huawei was paid to have that access? It's subtle, but that's what they meant when they were taking about outsourcing. They hired Huawei to work on those systems.

      1. I ain't Spartacus Gold badge

        Re: The report actually seems worse than this

        Did you catch the part where they said that Huawei was paid to have that access?

        Strangely yes, I can read and everything. Did they hire Huawei to download susbcriber data (not needed to run the network core) and then refuse to stop after being told to?

        That's a concrete accusation of wrongdoing. Much of the other stuff comes from an audit report, and is (as you say) a risk - and no more.

        Also the logging into the core network from China, rather than management offices in the Netherlands may or may not be dodgy depending on the contract.

        1. Anonymous Coward
          Anonymous Coward

          Re: The report actually seems worse than this

          Substitute Ericsson or Nokia for Huawei in that report and absolutely nothing changes. If you can manage a network without subscriber information then fair play to you. that said, if you don't know how to manage customer confidential information securely, then you probably shouldn't put yourself into a situation where you have to. It gets very, very expensive when you get it wrong.

          1. Anonymous Coward
            Anonymous Coward

            Re: The report actually seems worse than this

            "if you don't know how to manage customer confidential information securely, then you probably shouldn't put yourself into a situation where you have to. It gets very, very expensive when you get it wrong."

            I've heard that claim before. Are there any real-world examples where incompetence (or worse) in IT security actually ends up getting "very very expensive" for the incompetents?

          2. I ain't Spartacus Gold badge

            Re: The report actually seems worse than this

            Substitute Ericsson or Nokia for Huawei in that report and absolutely nothing changes.

            True enough. Outsourcing core network management, rather than buying kit and managing it yourself means you've handed over the keys to the kingdom to someone else - and you're little better than an MVNO - except with all the insecurity of trying to manage a network you don't have the competence to control. It's like banks and supermarkets outsourcing their core IT - madness. A bank is just a database with branches attached, and a supermarket that doesn't control its stock control system is insane - which is why Sainsbury's had to do an emergency reverse-ferret in-source 20 years ago.

            Though there is one major difference. The Swedish and Finnish governments are vegetarians, in comparison to the Chinese government carnivores (or is that wolf warriors?). Plus there aren't allegations that Ericsson and Nokia are under their governments' control - though it ought to worry the Dutch a lot less even if they were.

            If you can manage a network without subscriber information then fair play to you.

            The allegation in the original Dutch article, was that Huawei had put in place software to allow them to exfiltrate subscriber data, and had regularly updated this, as well as regularly using it to do so. Even after being told to stop. The manager of your systems has no excuse or legal right to steal data from your systems - though clearly they may need access to said data while operating your systems. I still think your statement above is wrong though, there should be little need for the people running the core network to ever look at individual subscriber info - that should be accessed by the customer service people.

      2. Pascal Monett Silver badge
        Trollface

        Whereas you don't need to pay the NSA to access your systems, it does that on its own.

  5. Anonymous Coward
    Anonymous Coward

    To paraphrase

    KPN outsourced management of the core of their network to Huawei, and were then surprised by a report that said Huawei had the access to functions which KPN had given them...

    Why is this a surprise or 'explosive' in any way other than for an assessment of the competency of KPN's management?

    Was there any evidence that Huawei had actually used the access for 'bad stuff(tm)' ?

    1. AVee

      Re: To paraphrase

      A report written by an outsourcing company known for their deep technical knowledge and integrity. Cap Gemini definitely would never write a report out of self-interest...

  6. Grauenwolf

    Fake News

    > KPN said it decided "to not pursue further outsourcing of maintenance" of its core mobile network following receipt to the report

    Translation: Huawei had access to our systems because he gave it to them so they could perform the maintenence we paid for.

  7. Kaufman

    More fake news

    Pretty sad when you have to use adverbs like, "potentially" to describe what may or may not have happened more than a decade ago to smear Huawei. I trust Huawei far more than any company from American allied countries such as the 14 eyes which unsurprisingly, Netherlands just happens to be one of them. It's also not blind trust Huawei has proven to be far more transparent than any other company on the planet. So it's of no surprise that they are still churning enough profits despite American sanctions to remain as the largest telecommunications company in the world.

  8. Anonymous Coward
    Anonymous Coward

    Belgacom and Greece

    I will just mention two notorious cases of western countries using western manufacturers to eavesdrop on foreign communications, including government communications.

    Of course Huawei could do this. And maybe they did. But every TEM can do this, and 5-eyes seem to make regular use of them to do so. There is nothing surprising about this, and all modern governments are well aware of the issue (even if they fail to convince their politicians to actually use the encrypted comms tools they provide).

  9. Anonymous Coward
    Anonymous Coward

    Article heavy on the allegations, light on any evidence. Just paraphrasing an article from another media outlet that failed to provide any proof doesn't make for great journalism.

    1. Anonymous Coward
      Anonymous Coward

      @AC - Yeah but onto the other hand

      it provides more than enough arguments to start a war (economic at the beginning but eventually evolving into good old, full blown one) which (why am I not surprised ?) will benefit US more than EU.

      History repeats itself, first as tragedy, second as farce. -- K.Marx

    2. Anonymous Coward
      Anonymous Coward

      Not even allegations, just insinuations.

      A piss-poor job of smearing, if you ask me. Not to mention why would anyone be interested in the Dutch PM's phone? Can anyone (outside of the Netherlands) even name him/her without looking it up?

  10. Stevie

    KPN described Volksrant's reporting as "harsh"

    I heard they said Volksrant was harshing their mellow.

  11. Dan 55 Silver badge

    "We have never been held liable by the government authorities about unauthorized acts"

    Also could be translated as "they ain't got nuffink on us, right?"

    So that inspires confidence.

  12. PhilipN

    China's Faroe Islands ambassador

    I really really wish there was such an office* but sadly it is China’s ambassador to Denmark.

    *emulating Carlton-Browne of the F.O.

  13. Anonymous Coward
    Anonymous Coward

    What kind of paper is the Volkskrant, though?

    It is like the Sun or Daily Mail?

    I'd have a look at how many other papers pick up the story - it could be sensationalism.

    1. Dan 55 Silver badge

      Re: What kind of paper is the Volkskrant, though?

      Let Me Wikipedia That For You. Founded 100 years ago as left-of-centre and catholic. Currently centre.

      Very few papers in the rest of Europe are like the Sun and the Daily Mail. Maybe there's some conclusion to be drawn from that.

  14. Tempest
    WTF?

    Get In Line (Queue) after GCHQ, NSA and Uncle Tom Cobley and All

    Security is a joke, be it the Five Eyes (FVEY), NGA. SIS, MI5, CIA, DGSE (General Directorate for External Security),, Australian Secret Intelligence Services, Canadian Security Intelligence Service, Mossad, National Intelligence Service (South Korea), Foreign Intelligence Service (SVR/FSB-Russia), Research And Analysis Wing (India), National Intelligence Organization (Turkey), Inter-Services-Intelligence (Pakistan), Defense Intelligence Agency (USA), Department of Homeland Security (USA), National Geospatial-Intelligence Agency (USA), Air Force Intelligence, Surveillance and Reconnaissance (USA), Ministry of State Security (MSS - China) or Uncle Tom Cobley there are few secrets to be uncovered.

    What a waste of resources!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022