Why worry about cost of banning certain Chinese comms providers? Fire Huawei, says analyst The cost of banning Huawei from European 5G markets would be minimal, and not significantly slow the deployment of upgraded networks, according to an analyst whose opinion flies in the face of some mobile operators. Strand Consulting said it believes the cost of ripping and replacing Huawei equipment could be as low as $3.5bn …
It's a 'One Person Consultancy' business, I didn't even know they still exited.
They were kinda hot during the mobile boom in the 'naughties. When Ericsson and everyone else needed media stories about our bright and glorious future to sell their wares, and their stocks.
The Cold War is rebooting and all these 'You pay, we play!' 'experts' and 'consultants' come crawling out of retirement, telling Europe what to do and how to think, only this time it is more blatantly for the benefit of American Business interests and the detriment of ours.
PS: I don't think Cisco paid, maybe some UK LLP shell company with ties to Langley, Virginia, did?
If you consider a company's nationality to depend on where their HQ is, then sure, they aren't American
But Nokia have extensive American operations - the Lucent half of Alcatel-Lucent, some product lines that Alcatel themselves had (like their 7x50 routers and derivatives, coming from Silicon Valley startup Timetra)
Works the other way of course - I used to work on a major Cisco product line where all of the R&D happened in a couple of European countries, originating from two companies that merged and then Cisco bought out - does that make the products American or not?
Even if you assume that Nokia & Ericsson will help the US spy on you the only way to avoid it would be to rip and replace all their gear and go 100% Huawei. I guess that much larger cost is worth it to you if you think US spying is worse than Chinese spying.
The bigger concern is that all telecom gear is rife with security holes, and even the basic protocols like SS7 have issues built into them. So you will probably get spied on by all the major powers regardless of who you buy from.
.......I NEVER heard anyone complain that the internet runs on a single supplier's kit (well mostly).
*
And who would that be? Cisco Systems of course!
*
And would it be that IOS has never had any bugs, and was never suspected of allowing taps on internet traffic? Of course not!!
*
Ah......but it's really those naughty Chinese people doing stuff that no one else would even contemplate.......Uh oh!!....I forgot about the Snowden stuff....silly me.
And of course our own spooks are are heavily involved. I wouldn't be surprised if after Brexit the EU starts running cables to the US from Spain/France to opt out of our spooks' surveillance.
And of course if you'e an 'enemy of the state', a climate protestor perhaps, a seditious Scottish independence campaigner or a member of CND. I lay claim to the last two. People are known to have MI5 files for less.
I don't think I'm worth it, I'm just a foot soldier, but that doesn't seem to stop them.
Historically, the US presented a very different threat profile compared to China. US spying targeted governments and terrorist organizations, not industry. US taxpayers paid the bills, so the US government didn't need hacking for profit. The US has a history of cooperating with other countries to combat hacking for profit. The US once had effective whistle-blower mechanisms (intended to provide a way for someone like Snowden to pass information to overseers), Congressional oversight, and an independent court system. Before the Trump administration, a US entity found hacking for profit would have been shut down and faced legal proceedings. In
practice, many such hacks come from jurisdictions beyond the reach of US and EC authorities.
Today, the biggest security problem for individuals is the potential for leaks from data compiled by the "internet giants" and large corporations. These data are used in a variety of ways that involve internet access, and there have been many examples where "for profit" hackers have stolen data.
We should be focusing on internet infrastructure without examining mechanisms (whistleblower protection, independent oversight and courts) to ensure that bad behavior can't be hidden and that bad actors are punished.
US spying targeted governments and terrorist organizations, not industry.
Not true. Not even true a generation ago in (at least the tail end of) the Cold War era.
Google 'Menwith Hill' to find documentaries on the subject from reputable sources in the mainstream media.
Chinese kit : those pesky Chinese will might hack us ... possibly ... despite there being no evidence of state backed 'holes'.
USA backed kit : easily hacked with hardcoded back doors and shown to be used by the USA state surveillance system.
Do you trust Mr Orange or Winnie the Pooh? Make your choice.
Let me fix this for you:
"USA backed kit : easily hacked with hard coded protocols used by the USA, Europe and many other countries for "lawful interception"
China backed kit : the same but from China."
It's not a "back door" if the vendors publish documentation around the functionality and law enforcement publish it as a requirement.
It's almost as if the state-mandated tapping of communications is a requirement rather than optional...
CEO John Strand told The Register: "This is an important debate to have. Companies know that the main threat they face in terms of cyber espionage and hacking comes from China the USA any foreign country. They also know that the Chinese the US any government controls Chinese US their equipment makers."
So, China has its fingers in Huawei, hmm ? And nobody mentions that the NSA has access to Cisco equipment ? If you're beating the security drum, beat it all the way.
The main hacking threat comes from China ? Really ? So Russian hackers are not that much of a threat, then ? All the data encryption and ransomware we have heard about this year came from China ? I don't think so. And let's not forget North Korea. I seem to recall a lot of fuss centered around a state-sponsored Nork team, but that is not important anymore now, right ? Riiight.
Strand Consulting is obviously just another Trump muppet, spouting the bull and spreading the FUD. He's toeing the line, dumping on China and waving unicorns. The US has achieved nothing in 5G. Show me the market using it before telling me how good you are.
It's a private contractor. Basically a one-person business running from an office hotel located at an address in a good part of central Copenhagen. 'Strand Consult Aps' is registered under the main name of 'DIALOG MANAGEMENT ApS', but, same owner/CEO as always :).
Info here (nasty url, if it doesn't work the CVR-number 20044586 will).
https://datacvr.virk.dk/data/visenhed?enhedstype=virksomhed&id=20044586&soeg=Strand%20Consult%20ApS&type=undefined&language=da
"Basically a one-person business"
That's harsh, from the link you provide we can see that it's actually a "2-4 employees" company ;-)
5G apart (and I'm still not sure about the usefulness of this) I do hope Trumpy gets off Huawei's back some day. Or gets impeached. Just bought a (very nice) Huawei tablet to one of the kids and if at some point she doesn't have access to the Play Store anymore I'll get into serious trouble.
I know, alternate stores, sideloading APKs and all, but that was not the general idea when buying an Android tablet.
Here: Working link
Although, according to that link, John Strand was terminated in 2016, when Knud William Strand took over. So perhaps this is the wrong entry?
Agreed, The BS level is really high.
And this:
"Strand said it is illogical to think the Chinese government has effectively locked down the country's communications networks but allows hacking to carry on."
Who thinks the Chinese gov has comms locked down? Not somebody who's ever been to China, or even knows anybody living in China. VPNs there are a mainstream thing for anybody who wants to get through the GFW. It's well-known by regular phone users, not just tech-savvy types. And that's not even considering how common computer crimes are there, with dodgy websites, WeChat accounts and phone numbers.
Oh yes, they do censor heavily, but that's not anywhere near an "effective lock down".
Fearmonger and BS-peddler.
"And nobody mentions that the NSA has access to Cisco equipment ?"
Look through this thread and almost all anyone mentions is that Cisco snoops on you. And the NSA did it across Cisco/Fortinet/Juniper devices and appear to have alternative solutions for Checkpoint (OS level) and Palo Alto (SSL VPN client bugs that allowed significant levels of access).
The idea that you can buy an alternative product and avoid these issues is ridiculous - if the state level intelligence agencies target you and your defences consist of a single unmonitored device, you
The challenge with 5G is that you're not just buying the hardware, you are also buying support access from your vendor and support/licensing for a very visible service. While this is carefully controlled, in my view, the challenges are around the supply side of security rather than necessarily back doored equipment.
No, the main hacking threat is from China. It's not a debate.
Anyone with any involvement in InfoSec knows this, some outside of the industry know it too, unfortunately they require brains.
Some people know not to comment on things they have no clue about, take that into consideration next time. trump is nazi btw
Have you noticed how not everyone in infosec agrees with you? Anyone with a brain would maybe stop and think that there is a reason for that? but no not you. You are the smartest man in the room, Always, Even when you don't know what on earth you're talking about.
Trump is a national socialist is he? Get your head out of your arse. You realise nearly every one of his kids is married to a Jewish person right? Kosher step children isn't really a nazi thing.
you realise he is in no way a socialist right? he is a capitalist. He is a businessman.
No of course you don't. Not everyone you disagree with is Hitler. grow up.
The NSA/CIA was intercepting packages in shipment and modifying the hardware itself. That's always been their preferred method because they can insure their access will survive discovery of whatever holes they used (or planted, if you are suitably paranoid though Cisco code is buggy enough no one needs to go to the trouble of adding more bugs)
The use of "0 days" like the one in the article you link to is what they do for more casual spying, but in a targeted attack they want to their hands on the hardware. Presumably via some type of black bag operation where the package is stolen from a Fedex warehouse or something and then reappears a couple days later. So if you are a high priority target and your tracking info goes dark and then comes back with a day or two long gap where the package didn't move, time to worry!
So should we also ban kit from other vendors where there have been allegations (true or otherwise) of back-doors ?
The ONLY way round this is to use open source firmware in all of your routers - that you install yourself. This is not a guarantee of no back-doors but it makes placing them much harder. Yes: the hardware might be compromised, but this is more difficult.
Through my career I came from the networking side of IT rather than the applications side. I still think in terms of networks. Such is life.
The problem I have with all this is the question of evidence.
The case against Huawei is a syllogistic argument.
a. Huawei (and indeed all Chinese tech companies) are subject to Chinese government control.
b. The Chinese government (as with all governments) reserves the right to use their powers to conduct espionage on other nations.
c. Therefore Huawei is spying for the Chinese government.
The problem with this assertion is that it assumes that what may happen must be happening.
For any individual country (the UK for example) to ban Huawei on this basis and remain consistent, it should also ban any other tech company's products from outside that country except where it has positive proof that spyware doesn't exist. Proving a negative can be a real bugger. They have been trying to do that at the joint GCHQ/Huawei centre in the UK for some time, apparently with little success :)
As I said at the beginning, I am from networks. I ask where is the evidence that any of this spying is happening?. It is a truism that any network control/management system has access to all sorts of valuable information about the network and the traffic being passed across it. It is the collection, filtering and transmission of that information outside the network to "bad actors" that would give the game away. Has there been any evidence that this has happened? Network traffic analysis using kit from a different supplier would be a good start.
All governments act in what they think is the good of their country. Trouble is governments are run by politicians and they are not particularly good people. They often confuse the good of the country with the good of their political position/party and sometimes even the good of their wallets.
There have been many zillions of wasted internet packets spent arguing about what could and may be happening (this post included). I would like to see some evidence. One credible and testable instance of spyware found in a piece of Huawei kit would be a game changer. Where is it?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
