backtop


Print 50 comment(s) - last by Granseth.. on Oct 10 at 8:20 PM

Panel suggests Chinese OEMs like ZTE and Huawei could face pressure to steal U.S. financial secrets

Could your router or smartphone be used to spy on you and betray your nation?  That's the allegation the U.S. House of Representatives' Intelligence Committee made in a draft report [PDF] released Monday.

I. Chinese Phonemakers Could be Spying on You For the PLA

In the wake of an attack on the White House by Chinese hackers, potentially working for the Chinese government, cybersecurity tensions are high between the U.S. and China.  Unsurprisingly, the new report focuses on the Chinese cybersecurity threat to American customers and businesses.

The report singles out two top Chinese equipment manufacturers -- ZTE Corp. (SHE:000063) and Huawei Technologies Comp. (SHE:002502) -- suggesting that U.S. lawmakers take the unusual step of banning the Chinese companies' products from the market.
 
Congress Buillding wide
Congress accuses Chinese phonemakers of blocking its probe into their potential cyberespionage ties, and suggest a ban. [Image Source: U.S. Congress]

Globally, ZTE is the fourth largest maker of mobile phones, while Huawei is sixth.  In the routers, switches, and telecommunications market, Huawei is the world's second largest company in revenue, while ZTE ranks fifth.  Both companies are looking to expand their sales base in the U.S.

But according to Congress, the companies could face pressure from the Chinese government to include subtle hardware or software constructs to spy on U.S. communications.  That could allow the theft of valuable information that could hurt U.S. companies financially or leak sensitive defense secrets.

II. ZTE, Huawei Blast "Baseless" "Political Distractions"

Both companies firmly denied the cyber-spying allegations.

William Plummer, a Washington- based spokesman for the Huawei, told Reuters, "Baseless suggestions otherwise or purporting that Huawei is somehow uniquely vulnerable to cyber mischief ignore technical and commercial realities, recklessly threaten American jobs and innovation, do nothing to protect national security, and should be exposed as dangerous political distractions from legitimate public-private initiatives to address what are global and industry-wide cyber challenge."

China cell phone
Chinese cell phone makers promise they're not spying on U.S. citizens.
[Image Source: Chinadangvu]

ZTE released a statement highlighting that it was not owned by China's ruling Communist Party.  It writes, "ZTE is committed to provide maximum cybersecurity through transparent, comprehensive, and continuous standards-based assessments of ZTE software, firmware, and hardware."

Chinese government officials were also quick to deny they were applying pressure on their domestic electronics firms to spy on the U.S.  Commented Foreign Ministry spokesman Hong Lei, "Chinese telecommunications companies have conducted their international operations based on market-economy principles.  Their investments in the U.S. reflect the mutual benefits brought about by U.S.-China trade relations."

III. Huawei, Founded by ex-PLA Officer, is Client of PLA's Cyberwar Unit

But there is some compelling evidence that Huawei may have a close relationship with cyberwar units inside China's "Peoples Liberation Army" (PLA).  A source gave a document tying Huawei to an "elite cyber-warfare unit" in the PLA, which the company was contracted to provide "special network services" to.  Huawei's founder and chief executive Ren Zhengfei is a former PLA officer.

Ren Zhengfei
Ren Zhengfei, founder and CEO of Huawei, is a former PLA officer. [Image Source: CFP]

Previously, U.S. regulators had blocked Huawei/ZTE acquisitions of domestic communications equipment manufacturers on similar grounds.  Huawei attempted to acquire 3Com Corp. in 2008 for $2.2B USD, but the deal was blocked on security concerns.  Instead, Hewlett-Packard Comp. (HPQ) ended up scooping up the company for $2.7B USD.  Likewise the 2011 sale of sale of patents from 3Leaf Systems Inc. was unwound on similar security concerns. 

But until now there had been no suggestion to directly ban ZTE or Huawei from the commercial communications market or the consumer electronics market.  But that is precisely the unprecedented recommendation the panel -- led by Rep. Mike Rogers (R-MI) -- is making.

While the companies strongly deny its claims, the panel complains that both companies failed to cooperate fully with the investigation and tried to dishonestly disguise their relationships with the Chinese government.

Sources: U.S. House Intelligence Committee, Reuters [Yahoo! News]



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Absolutely an issue
By FITCamaro on 10/8/2012 12:38:34 PM , Rating: 2
The reason the DoD banned thumb drives from machines is because they found that Chinese built drives were programmed to steal information from the PC they were plugged into and send it back to China.

No that is not a tinfoil hat statement.




RE: Absolutely an issue
By ArcsinZ on 10/8/2012 12:55:10 PM , Rating: 1
Can you provide some sources for that? I hadn't heard of it and I would like to read about it.


RE: Absolutely an issue
By The Raven on 10/8/2012 1:05:43 PM , Rating: 2
Send it back to China via what?!


RE: Absolutely an issue
By The Raven on 10/8/2012 1:08:27 PM , Rating: 5
They also stopped using chinese finger traps as detainment equipment for the same reason.


RE: Absolutely an issue
By SilthDraeth on 10/8/2012 1:10:51 PM , Rating: 1
Give this guy a 6!


RE: Absolutely an issue
By BifurcatedBoat on 10/8/2012 1:10:57 PM , Rating: 2
I would presume if this is correct that the idea is that it would be a way of extracting information from machines that are not connected to the internet.

Pull some data off of a non-internet connected machine that it was plugged into, store it in a location that is hidden to the user, and then when the thumb drive is connected to a computer that does have internet, upload it.

Some systems are intentionally kept off the internet for security reasons. It seems like the odds of successfully getting the information you want are low, but I guess maybe they'd figure it's worth a shot.


RE: Absolutely an issue
By The Raven on 10/8/2012 1:36:22 PM , Rating: 5
I guess I will be sticking with my Japanese-made Taiyo Yudens then. Who knows if there is a hidden partition on there, but at least if the Japanese get a hold of my sex tapes they will legally have to censor them.


RE: Absolutely an issue
By Granseth on 10/8/2012 1:25:57 PM , Rating: 3
The Chinese computer nerds are so proficient that they manage to tap your phone while leaving no evidence behind.

I can't understand why you don't get that :P

Or maybe they have specialized hardware thats made especially to spy on US citizens.

If it is true it would be great to have someone link to a source that shows this to be true.


RE: Absolutely an issue
By othercents on 10/8/2012 2:33:10 PM , Rating: 2
Some facts from previous new articles.

http://www.nytimes.com/2012/02/11/technology/elect...


RE: Absolutely an issue
By Granseth on 10/10/2012 8:20:14 PM , Rating: 2
The article mentions a lot of evidence of the hack, and no evidence that the hardware made in China is to blame.

I can imagine the phone companies is a good place to put malicious software into though. But that will be found out.


RE: Absolutely an issue
By Schadenfroh on 10/8/2012 1:45:00 PM , Rating: 4
To be fair, those were mainly just entrepreneurs shipping flash drives (and even digital photo frames) with autorun.inf files tied to trojans on them.

Most of them would have just harvested your credit card number or hijacked your World of Warcraft account instead of trying to pave the way for a Red Army invasion.


RE: Absolutely an issue
By Reclaimer77 on 10/8/2012 2:05:14 PM , Rating: 4
Is that supposed to be some sort of silver lining? lol... Think about it man.


RE: Absolutely an issue
By Samus on 10/8/12, Rating: -1
RE: Absolutely an issue
By Reclaimer77 on 10/8/2012 2:35:35 PM , Rating: 3
huh? What have I "come up" with? I didn't even come out and say I was agreeing with Fit.

But it's simply a matter of record that China has been sponsoring cyber attacks and has attempted other crap with OEM's. That's not even debatable.

What's the controversy here again? Sorry but I can't hear it over how not-awesome this debate is. Wake me up when there's something here to get upset about.


RE: Absolutely an issue
By Samus on 10/8/12, Rating: -1
RE: Absolutely an issue
By FITCamaro on 10/9/2012 7:47:19 AM , Rating: 1
Members of the armed forces who deal with cyber security issues.


RE: Absolutely an issue
By Samus on 10/9/2012 2:13:31 PM , Rating: 1
Fine, let's just ban importing electronics from China. Let's just stop global trading all together! Tea Party 2012, er, 1812, FTW?

You guys are ridiculous. Banning imports of any product is suicidal to foreign affairs, let alone our economy. Look what the ITC/Customs hold-up did to HTC 6 months ago. They are PISSED OFF at us because it was clearly a anti-competitive, politically motivated move by Apple.

We don't need to ban products, we simply need a system that inspects and verifies them for function inside the United States. The FTC tests radio interference. Why doesn't ITC thoroughly/randomly inspect products from every crate of electronics that comes shore? It'd help create some legitimate jobs at least.


RE: Absolutely an issue
By nocturne_81 on 10/8/2012 7:03:09 PM , Rating: 3
Any sources..? Very interesting subject, so I tried a few web searches to no avail..

As I recall from back in '09 or so, the Dep't of Homeland Security released a new addition to it's standard security policy urging governmental agencies to wean themselves off of thumb-drive usage. Though I'm sure that the bargain-bin thumbdrives pre-loaded with trojans (nothing to do with the Chinese gov't as far as I ever heard) that were common at the time were indeed an issue, I'm sure this had much more to do with the rash of massive losses of data involving the use of thumb-drives by contracted entities hired by various gov't agencies. One instance happened here in my own home state of OH; where it was common practice for a contracted private company working for the office of the Secretary of State to store all their data daily on a thumbdrive and send it home with a random employee each night. An intern assigned the task ended up having the thumb-drive stolen from their car while parked in a BB parking lot resulting in 30k OH public employees having their personal info along with 110k citizens who hadn't cashed their tax return stolen, prompting them to place this holy grail of a thumb-drive in a fire-proof safe instead.. *roll eyes*

So.. I really doubt that had anything to do with China.. just common sense as far as security goes.


RE: Absolutely an issue
By Integral9 on 10/9/2012 11:54:48 AM , Rating: 2
Umm... I highly doubt Chinese made USB drives come pre-programmed with virii et al. You are probably thinking of the counterfeit Cisco routers from China from back in 2008 that in addition to being shoddy and catching fire, would leave back doors open. http://www.businessweek.com/stories/2008-10-01/the...

The issue with USB drives is that people take their USB drives home, work, Target, Walmart, and wherever and plug them into anything with a USB slot. Essentially whoring them out to every computer they run across, and since they are writable by every computer they get put into, it opens them up to infection from god knows what. Then people unknowingly take their USB drives back to work and plug them into their work computers infecting them and the networks they are on.


"The Space Elevator will be built about 50 years after everyone stops laughing" -- Sir Arthur C. Clarke














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki