Lawful ?
"no access to lawful interception data"
Does this mean that they didn't have the keys to the backdoor used by our governements or that they only had acces to unlawful interception data ?
Huawei was able to snoop on the Dutch prime minister's phone calls and track down Chinese dissidents because it was included in the core of the Netherlands' mobile networks, an explosive news report has claimed. Dutch national daily Volkskrant (behind a pay wall) reported over the weekend that mobile operator KPN, which used …
Khaptain,
I think it's a reference to one of the allegations that Huawei could see the list of numbers under investigation by Dutch police and intelligence services. Not reported specifically in this piece, but apparently in the original Dutch news piece.
Whether that's access to just the list, or to actual call and intercept data I don't know.
The allegation they could listen to any call by anybody was separate.
Yeh why would Huawei put a backdoor into KPN's network? oh right Dutch authorities require it for their "lawful intercept".
And why would that include the Dutch PM phone? Ahhh yes, "lawful intercept" includes him too.
And why can you set the lawful intercept without any technical mechanism from the courts? Because the good guys trust the good guys to the point where trust is assumed.
And why would Huawei's kit store those intercept settings on Huawei's kit? Ahh yes because how the fook otherwise would it know what to intercept!
And why would Huawei's kit have access to the intercept files Huawei writes....oh right, that's a dumb question, of course they need to write those files.
And why would, you, KPN, give Huawei network access to their own switches on your site when you control that network access? Because KPN outsourced maintenance of the servers remotely to Huawei.
The Dutch backdoored their phone system, and there is the potential that the vendor of the hardware can misuse the backdoor which apparently has no technical checks on it and can be remotely set.
At some point, you're going to have to recognize why pier to pier encryption is essential, and opposing it, or backdooring it, weakens your own security and undermines your own country.
Dutch comms is badly compromised, the UK situation is far worse, courtesy of GCHQ and 5-eyes.
See this?
https://www.justsecurity.org/71279/trump-pushed-cia-to-give-intelligence-to-kremlin-while-taking-no-action-against-russia-arming-taliban/
This is how close you came to losing democracy right across the west. Courtesy of you lot in Cheltenham.
>They outsourced the maintenence to Huawei and were then surprised that Huawei has access to their systems?
Modern mobile networks are so complex that vendors managing the core network is rather a rule than an exception.
But I would like to see how KPN would manage their network without Huawei having access to it. It's like explaining how to assemble a spaceship over phone, good luck with that.
Anyway, the real people to blame are whoever keeps the SS7 (the international set of telephony protocols) alive: bureaucrats at ITU-T. With SS7, the insecure protocol stack from 1975, any country can effectively wiretap a mobile phone in any other country, Dutch PM or Scotch MP, whomever. Maybe it is the need of the 'good' countries to wiretap the 'bad' countries (or occasionally a random Bundeskanzler) that keeps it alive.
I don't believe there have been any allegations of misdoing, excep for KPN granting access that appears to be problematic. But there is no allegation in the article that that access was misused. Of course, it appears to be Huawei, as the system admin, that they would rely on to verify that.
US agencies have been caught listening on German Chancelor's phone converstations and it didn't seem to have any impact. Oh, and they're still able to do that unless of course Huawei equipments stand in their way.
Something tell me that this is actually the problem: Huawei equipments might be aware of those TLS snooping and this would give the Chinese governement an advantage.
This post has been deleted by a moderator
Well actually conquered by the Normans, who happened to have earlier conquered a bit of Northern France. France itself was a very small bit stuck in the middle of a bunch of warring dukedoms. It was centuries before the French crown had conquered and married its way to control of what we now know as France.
And even there, the Normans ruled - but stopped speaking norman french and learned english eventually.
Could well be, but he couldn't speak it. It wasn't really until the time of the Edwards, the name might be a clue, that the royal family was spending less time in Anjou and Aquitaine and, consequently, coming into contact with the language of their subjects more often.
Dear El Reg,
I hope you come back to this story. Saw it this morning, and was hoping for more technical coverage.
The main points of the story appear to be:
They had full network access. Could listen into any call (including the PM's phone) and also had a list of all accounts under intercept/surveillance from both police and intelligence services. Didn't see if they'd actually done this, or if it was even possible to check.
Huawei had also accessed the network from inside China. Don't know if that was in accordance with the network management outsourcing agreement or in breach.
They'd also put in place measures to see subscriber data, and been looking at it. Including for a subsidiary company - and continued to do so even after being told to stop.
Which rather sounds like blackmail, as the company didn't release the report out of fear of exposure. So maybe Huawei played on that? Why otherwise directly ignore an instruction from your client?
Finally the translation I saw alleged that Huwawei were still managing the network, depsite the company's claim they were no longer outsourcing to them.
It's a phone system: everybody from a bloke at the box on the corner with a clip on phone, to anyone in customer server, to anyone with root access to any of the switches, to anybody in the other office who picks up an extension has access.
If you think a prime minister's un-encrypted phone call suddenly becomes secure by having the backhaul supplier being from Finland you are a GCHQ
It's a mobile phone system. 3G and 4G in this case.
I've only seen a quick translation of the Dutch report, which conflates the risk of using Huawei kit with using Huawei as outsourced network management. Assuming no backdoors in Huawei kit - those are two vastly different risks!
But if it's true that Huawei were downloading and subscriber data, even after being told to stop, then that is definitely nefarious - even if everything else alleged is only a risk that they could have - not proof that they did.
On t'other hand, if they had the keys to manage the network, they presumably had at least some abiltiy to cover their tracks and make audit of their actual actions hard to impossible.
Did you catch the part where they said that Huawei was paid to have that access?
Strangely yes, I can read and everything. Did they hire Huawei to download susbcriber data (not needed to run the network core) and then refuse to stop after being told to?
That's a concrete accusation of wrongdoing. Much of the other stuff comes from an audit report, and is (as you say) a risk - and no more.
Also the logging into the core network from China, rather than management offices in the Netherlands may or may not be dodgy depending on the contract.
Substitute Ericsson or Nokia for Huawei in that report and absolutely nothing changes. If you can manage a network without subscriber information then fair play to you. that said, if you don't know how to manage customer confidential information securely, then you probably shouldn't put yourself into a situation where you have to. It gets very, very expensive when you get it wrong.
"if you don't know how to manage customer confidential information securely, then you probably shouldn't put yourself into a situation where you have to. It gets very, very expensive when you get it wrong."
I've heard that claim before. Are there any real-world examples where incompetence (or worse) in IT security actually ends up getting "very very expensive" for the incompetents?
Substitute Ericsson or Nokia for Huawei in that report and absolutely nothing changes.
True enough. Outsourcing core network management, rather than buying kit and managing it yourself means you've handed over the keys to the kingdom to someone else - and you're little better than an MVNO - except with all the insecurity of trying to manage a network you don't have the competence to control. It's like banks and supermarkets outsourcing their core IT - madness. A bank is just a database with branches attached, and a supermarket that doesn't control its stock control system is insane - which is why Sainsbury's had to do an emergency reverse-ferret in-source 20 years ago.
Though there is one major difference. The Swedish and Finnish governments are vegetarians, in comparison to the Chinese government carnivores (or is that wolf warriors?). Plus there aren't allegations that Ericsson and Nokia are under their governments' control - though it ought to worry the Dutch a lot less even if they were.
If you can manage a network without subscriber information then fair play to you.
The allegation in the original Dutch article, was that Huawei had put in place software to allow them to exfiltrate subscriber data, and had regularly updated this, as well as regularly using it to do so. Even after being told to stop. The manager of your systems has no excuse or legal right to steal data from your systems - though clearly they may need access to said data while operating your systems. I still think your statement above is wrong though, there should be little need for the people running the core network to ever look at individual subscriber info - that should be accessed by the customer service people.
KPN outsourced management of the core of their network to Huawei, and were then surprised by a report that said Huawei had the access to functions which KPN had given them...
Why is this a surprise or 'explosive' in any way other than for an assessment of the competency of KPN's management?
Was there any evidence that Huawei had actually used the access for 'bad stuff(tm)' ?
Pretty sad when you have to use adverbs like, "potentially" to describe what may or may not have happened more than a decade ago to smear Huawei. I trust Huawei far more than any company from American allied countries such as the 14 eyes which unsurprisingly, Netherlands just happens to be one of them. It's also not blind trust Huawei has proven to be far more transparent than any other company on the planet. So it's of no surprise that they are still churning enough profits despite American sanctions to remain as the largest telecommunications company in the world.
I will just mention two notorious cases of western countries using western manufacturers to eavesdrop on foreign communications, including government communications.
Of course Huawei could do this. And maybe they did. But every TEM can do this, and 5-eyes seem to make regular use of them to do so. There is nothing surprising about this, and all modern governments are well aware of the issue (even if they fail to convince their politicians to actually use the encrypted comms tools they provide).
it provides more than enough arguments to start a war (economic at the beginning but eventually evolving into good old, full blown one) which (why am I not surprised ?) will benefit US more than EU.
History repeats itself, first as tragedy, second as farce. -- K.Marx
Let Me Wikipedia That For You. Founded 100 years ago as left-of-centre and catholic. Currently centre.
Very few papers in the rest of Europe are like the Sun and the Daily Mail. Maybe there's some conclusion to be drawn from that.
Security is a joke, be it the Five Eyes (FVEY), NGA. SIS, MI5, CIA, DGSE (General Directorate for External Security),, Australian Secret Intelligence Services, Canadian Security Intelligence Service, Mossad, National Intelligence Service (South Korea), Foreign Intelligence Service (SVR/FSB-Russia), Research And Analysis Wing (India), National Intelligence Organization (Turkey), Inter-Services-Intelligence (Pakistan), Defense Intelligence Agency (USA), Department of Homeland Security (USA), National Geospatial-Intelligence Agency (USA), Air Force Intelligence, Surveillance and Reconnaissance (USA), Ministry of State Security (MSS - China) or Uncle Tom Cobley there are few secrets to be uncovered.
What a waste of resources!
The United States last week quietly eased its ban on investors holding stock in, or otherwise profiting from, Chinese companies that are felt to have ties to China's military.
The ban was first imposed by president Donald Trump with a 2020 executive order that forbade US-based individuals or entities owning shares in private Chinese companies identified as offering support to China's military, intelligence, and security agencies, by auditing their "development and modernization."
President Biden later issued a similar order of his own.
A year after the Dutch data protector said there were too many "legal obstacles" for its civil servants to use Google Workspace, a re-worked agreement will permit the public sector to fire up the productivity suite.
Huawei has entered the datacenter construction business with an offering that it claims can be built in half the time required by competing methods, then run more efficiently.
The prosaically named “Next-Generation Datacenter Facility”, as depicted in a video posted to Chinese social media, employs suspiciously-shipping-container-sized modules stacked into a larger building.
In the video, a pre-school girl and her father use Lego to assemble a cube-shaped building. The scene cuts to film of a very similar building under construction in the real world, before the director makes sure the metaphor can’t be missed by morphing the Lego and actual buildings, as depicted below.
Huawei's long established trading relationship with Leica to integrate the German camera maker's technology into its phones is over, the companies have confirmed.
From February 2016, all Huawei flagships were slated [PDF] to have Leica-developed lenses and branding.
The Reg was generally quite impressed by the combined products over the years.
The Canadian government has joined many of its allies and banned the use of Huawei and ZTE tech in its 5G networks, as part of a new telecommunications security framework.
“The Government is committed to maximizing the social and economic benefits of 5G and access to telecommunications services writ large, but not at the expense of security,” stated the Government of Canada.
Companies using equipment or managed services from the two Chinese companies have been until 28 June 2024 to stop operating or remove the equipment.
Desktop Tourism Rightly or wrongly, Huawei has acquired a reputation for being a risky proposition, security-wise. It almost beggars belief, then, that the Chinese goliath's flagship Matebook X Pro laptop contains a literal hidden webcam secreted under a fake function key on the top row of its keyboard.
Touch the key and it clicks lightly, then springs up to reveal the camera.
It's a terrible place for the camera because when the laptop is flat on a desk and close enough to type on, the view it affords would probably please an ear, nose, and throat surgeon conducting a remote examination. Needless to say, that angle is not going to show your best side during a Zoom or Teams session. And you can't change the angle without moving the entire laptop into odd positions or placing it too far away to type.
China's Central Cyberspace Administration has revealed a plan for further and faster adoption of IPv6 across the nation and outlined plans to drive new developments for the protocol.
The Middle Kingdom's updated IPv6 ambitions were detailed yesterday in an announcement of the "2022 Work Arrangement for Further Promoting the Large-scale Deployment and Application of IPv6", which set the following goals for local IPv6 adoption by the end of 2022:
Flush from the sale of various business units, Huawei has distributed a whopping $9.65 billion dividend to current and retired staff under its Employee Shareholders Scheme (ESS).
A filing with the Shanghai Clearing House confirms the payment, and according to Huawei's recent 2021 Annual Report published last week, some 131,507 "beneficiaries" are enrolled in ESS, including founder Ren Zhengfei.
Huawei is owned by Huawei Investment & Holding Co Ltd, which is itself owned by two lots of shareholders, including Ren (0.84 percent of the company) and the Union of Huawei Investment & Holding Company (comprised of employees that hold 99.16 percent of the share capital).
Updated Chinese telecom giant Huawei has issued a mandatory month-long furlough to some of its Russia-based staff and suspended new orders, according to Russian media.
"There are no orders, so why should people go to the office – in a month the vacation will either be extended, or employees will be returned from it," an anonymous source told Forbes Russia.
The business mag also reported that Chinese nationals working for Huawei Russia are still going to the office.
Huawei executive Meng Wanzhou – who was famously held in Canada and is the daughter of company founder Ren Zhengfei – has quietly been named as one of three people who share the role as chair of the Chinese company's board.
Huawei rotatesits CEO and chair every six months, appointing the new leaders from a panel of three who each take turns in the top jobs before reverting to be mere senior advisors.
While critics of the system may question the resulting continuity and accountability, founder Ren Zhengfai justifies the unique approach by saying the rotating and acting CEOs "sought harmony in diversity," helping the company "adapt quickly to changes in the environment."
Biting the hand that feeds IT © 1998–2022