Chinese-Made Huawei Equipment Could Disrupt US Nuclear Arsenal Communications, FBI Determines (cnn.com) 84
There's been "a dramatic escalation of Chinese espionage on US soil over the past decade," sources in the U.S. counterintelligence community have told CNN this weekend.
But some dramatic new examples have been revealed. For example, in 2017 China's government offered to build a $100 million pavilion in Washington D.C. with an ornate 70-foot pagoda. U.S. counterintelligence officials realized its location — two miles from the U.S. Capitol — appeared "strategically placed on one of the highest points in Washington DC...a perfect spot for signals intelligence collection." Also alarming was that Chinese officials wanted to build the pagoda with materials shipped to the US in diplomatic pouches, which US Customs officials are barred from examining, the sources said. Federal officials quietly killed the project before construction was underway...
Since at least 2017, federal officials have investigated Chinese land purchases near critical infrastructure, shut down a high-profile regional consulate believed by the US government to be a hotbed of Chinese spies and stonewalled what they saw as clear efforts to plant listening devices near sensitive military and government facilities.
Among the most alarming things the FBI uncovered pertains to Chinese-made Huawei equipment atop cell towers near US military bases in the rural Midwest. According to multiple sources familiar with the matter, the FBI determined the equipment was capable of capturing and disrupting highly restricted Defense Department communications, including those used by US Strategic Command, which oversees the country's nuclear weapons.... It's unclear if the intelligence community determined whether any data was actually intercepted and sent back to Beijing from these towers. Sources familiar with the issue say that from a technical standpoint, it's incredibly difficult to prove a given package of data was stolen and sent overseas.
The Chinese government strongly denies any efforts to spy on the US.... But multiple sources familiar with the investigation tell CNN that there's no question the Huawei equipment has the ability to intercept not only commercial cell traffic but also the highly restricted airwaves used by the military and disrupt critical US Strategic Command communications, giving the Chinese government a potential window into America's nuclear arsenal.... As Huawei equipment began to proliferate near US military bases, federal investigators started taking notice, sources familiar with the matter told CNN. Of particular concern was that Huawei was routinely selling cheap equipment to rural providers in cases that appeared to be unprofitable for Huawei — but which placed its equipment near military assets.
But some dramatic new examples have been revealed. For example, in 2017 China's government offered to build a $100 million pavilion in Washington D.C. with an ornate 70-foot pagoda. U.S. counterintelligence officials realized its location — two miles from the U.S. Capitol — appeared "strategically placed on one of the highest points in Washington DC...a perfect spot for signals intelligence collection." Also alarming was that Chinese officials wanted to build the pagoda with materials shipped to the US in diplomatic pouches, which US Customs officials are barred from examining, the sources said. Federal officials quietly killed the project before construction was underway...
Since at least 2017, federal officials have investigated Chinese land purchases near critical infrastructure, shut down a high-profile regional consulate believed by the US government to be a hotbed of Chinese spies and stonewalled what they saw as clear efforts to plant listening devices near sensitive military and government facilities.
Among the most alarming things the FBI uncovered pertains to Chinese-made Huawei equipment atop cell towers near US military bases in the rural Midwest. According to multiple sources familiar with the matter, the FBI determined the equipment was capable of capturing and disrupting highly restricted Defense Department communications, including those used by US Strategic Command, which oversees the country's nuclear weapons.... It's unclear if the intelligence community determined whether any data was actually intercepted and sent back to Beijing from these towers. Sources familiar with the issue say that from a technical standpoint, it's incredibly difficult to prove a given package of data was stolen and sent overseas.
The Chinese government strongly denies any efforts to spy on the US.... But multiple sources familiar with the investigation tell CNN that there's no question the Huawei equipment has the ability to intercept not only commercial cell traffic but also the highly restricted airwaves used by the military and disrupt critical US Strategic Command communications, giving the Chinese government a potential window into America's nuclear arsenal.... As Huawei equipment began to proliferate near US military bases, federal investigators started taking notice, sources familiar with the matter told CNN. Of particular concern was that Huawei was routinely selling cheap equipment to rural providers in cases that appeared to be unprofitable for Huawei — but which placed its equipment near military assets.
No shit (Score:5, Insightful)
Why a hostile foreign power is even allowed to sell telecommunications equipment, medical supplies, etc here is a question future historians will be debating ad infinitum.
They'll be working in a hot new scholarly discipline: Suicidal Dumbass Studies.
Re: No shit (Score:2)
No, I'm blaming the Pentagon for putting the kid in charge of security and believing him when he says, "It's all good. Pinky swear."
Re: (Score:1)
Maybe the military shouldn't be using civilian infrastructure to transfer data. And at the very least fucking encrypt the data so it doesn't matter when you do use civilian infrastructure.
Re: (Score:2)
Maybe the military shouldn't be using civilian infrastructure to transfer data. And at the very least fucking encrypt the data so it doesn't matter when you do use civilian infrastructure.
I have two words for you:
Pizza Delivery
Re: (Score:2)
Or a single word. Fitbit
Re: (Score:3)
Re: (Score:3)
Yes, China never plays a strategic long game, and we have never found evidence of them doing these things, and anyone who thinks otherwise is a moron.
What's amazing to me is how much effort the enemy is putting into Slashdot today. It's rather flattering!
Re: (Score:2)
Please reference evidence that Huawei equipment comes with placed backdoors. I am an IT security expert and I keep current on things. It would be very interesting to have evidence of intentionally placed backdoors that are clearly for spying. Note: Backdoors placed at the request of law-enforcement do not count and default credentials the operator can and should change do not count either. As to bugs, they only count if they are bizarre enough to not be credible coding mistakes.
So, do you have anything? Bec
Re:No shit (Score:4, Insightful)
It's not China that's your enemy, it's your politicians.
More likely, the enemy is you. Trying to divide people from their good politicians is pretty clearly an enemy tactic, along with the saying things like "both sides are just the same" so that people don't try to choose the less corrupt politicians.
Re: (Score:1)
Re: (Score:2)
We need negative votes.
No just team jerseys that have sponsor names sized by cash contributed. They must be worn at all public speaking events.
Who funds top Democrats (Score:2)
Interesting you mention that.
He financed Chuck Schumer's campaigns for 18 years.
He donated to Pelosi's campaigns.
He donated to Clinton's campaign.
He's Donald Trump.
Think about that and so with it what you will.
Re: (Score:2)
It's both, but the politicians are the closer and more pressing problem. Sadly 85% of America thinks the politicians wearing their team color aren't the problem. We need negative votes.
Sadly 85% of America thinks the politicians wearing their team color aren't the problem.
That is one thing I really do not get. Both sides are corrupt and incompetent and greedy. But everybody is cheering for their own team like they are completely blameless. This "us-vs-them" mind-set is not how you keep a nation successful or existent, for that matter. The population of a democratic nation needs to understand that while there are difference, in the end it is a common, shared endeavor and it can only work if there is a set of common goals. "Sticking it to the other side" is basically sticking
Re: (Score:2)
+1 insightful if I had mod points.
Thanks for posting that.
Re: (Score:2)
No you fucking idiot, it's both. Anyone who think's China is our ally is either woefully misinformed, an absolute fucking moron or some combination of the two. Turns out two bad things can happen simultaneously. Who knew!?
Who decided that China is an enemy? Who is it that's declaring "war" instead of trying to build diplomatic bridges?
Hint: It isn't the general populace.
Re: (Score:2)
It's not China that's your enemy, it's your politicians.
Well, it is both. But since recognizing that US politics is utterly corrupt would require the capability to accept that the _voter_ may share a significant part of the blame for that, that is not something people are going to accept. After all, they may well need to find flaw with themselves in order to do that and that is a skill many people do not posses.
That said, nobody competent places backdoors for spying. They are far too easy to find and then can be used to feed misinformation. There are countless e
Re: (Score:2)
China is subject to the same limitation as everybody else in the IT attack game. They use the same tech, they use the same types of tools, they are not smarter or dumber than the other players, and they read the same publications and go to the same conferences. Studying techniques, approaches and what works and does not work is key to being able to evaluate and devise defensive strategies, large and small. And that is something I have been involved with for now about 30 years. That comes with some real capa
Re: (Score:2)
It's almost like you're indirectly saying something stupid like we should go ahead and use their spy equipment because it would be hard for them to use it to spy. What point are you trying to make here? They want to put spy equipment here. We don't want them to. Only a moron
I can think of someone, other than a moron, who would want to spin it that way.
Re: (Score:2)
It's almost like you're indirectly saying something stupid like we should go ahead and use their spy equipment because it would be hard for them to use it to spy. What point are you trying to make here? They want to put spy equipment here. We don't want them to. Only a moron
I can think of someone, other than a moron, who would want to spin it that way.
That is because you have no clue how real-world IT security risk management works. Here is a hint: "We do not like them so they _must_ be spying on us!" is not an approach done by actually competent professionals.
Re:No shit (Score:5, Insightful)
the guy grumbled on his Chinese made computer, at his Chinese desk under the Chinese light bulb, as he sipped his coffee from a Chinese mug.
What percent of the stuff we buy isn't Chinese, excluding the food and fuel?
Re: (Score:2)
What percent of the stuff we buy isn't Chinese, excluding the food and fuel?
And what percent of Chinese people actually want their government to be acting that way?
Re: (Score:1)
What percentage of Chinese people have any say in their government?
And having been there, anecdotally I would say a very large majority are generally very happy with their government and even larger percentage are in favor of hostile us v them aggressive foreign policy.
Re: No shit (Score:2)
This is a recent development. And not a complete one, either.
Computers used to be assembled in US from mostly US-sourced components. The phone I'm posting this on is made in South Korea. The chair I'm sitting on right now, and most of the better furniture in my house, is made in US. My "Japanese" car was made in Indiana from mostly US and Japanese sourced components.
About half the stuff I get from Home Depot is made in US. Back in the 90s when I was a kid helping my dad gut and renovate our house, the perce
Re: (Score:2)
Your south korean phone is full of chinese components. And many of the models are totally farmed out to China. Your Japanese branded U.S. car is full of chinese components, I have one too. China is the only source for many major components like brake rotors (even if some have finish machining done in USA)
In short, China owns our asses at the moment and economy would collapse tens of percent for a while if we suddenly stopped doing business with them.
Re: No shit (Score:2)
Again...this is a recent development. It wasn't always like that. The transition was slow, but it occured. It can occur in the other direction too.
And if the Chinese keep laying seige to their own cities because zomgcovid, governments won't have to do a thing to make it happen. All the cheap labor in the universe isn't worth much at all if it's welded into its apartment building.
Re: (Score:3)
It's not just the equipment, it's the standards. Huawei developed a lot of the technology used in 5G and WiFi. Even products made in America that implement those standards still have Huawei technology inside them.
You may remember when the US previously used US developed standards to weaken encryption or backdoor them in ways that would affect even foreign made products.
Re:No shit (Score:5, Informative)
Because for the most part, China wasn't a hostile foreign power until recently. They were a relatively benign country. It is that, after all, which attracted foreign investment into the country - investors generally are aware of political situations because they don't want to put their money where they can't easily get it back out.
Of course, a foreign power can easily go from friend to foe quite easily - witness President Trump - who basically tried to blow up probably the world's biggest friendship between two countries during his term (US and Canada - there's a big humongous reason the the vast majority of the border is undefended (and unmonitored) and there has been no effort at all to change that)
So crap happens. Telecommunications gear is relatively specialized, made by only a few companies in Europe, the US and Asia. And well, Huawei was cheap gear - you could pay more for Ericsson/Nokia gear or Alcatel/Lucent, but Huawei was cheap and readily available. And quite likely, you already have an investment in Huawei gear already so all the stuff and management is the same.
You want vendor lock in, iOS and Android have nothing compared to the specialized gear market. If you went with Huawei in the 3G arena, you have a huge advantage using them for 4G/LTE and 5G gear because with minor upgrades, the equipment will fit together with your existing gear and management systems. You want to switch to Ericsson/Nokia gear, or Alcatel/Lucent? You basically have to rip everything out and start over from scratch, learn the new systems and all that.
If you wonder why the carriers are whining about Huawei gear being banned, that's basically it in a nutshell - because everything has to be replaced - none of the gear will be compatible with each other, and everyone will have to learn a new system. It's why it's being done for 5G only right now because at least it's least disruptive as you wouldn't be too locked in to Huawei at the moment, and the 4G equipment can be transitioned out or left until retired on a more relaxed timeline.
And yes, even companies like Huawei know this, but they are hobbled by the CCP - once Europe and American markets are shut out, chances are they're gone because carriers won't want to rip out their equipment all over again.
How high-tech is the Huawei gear? (Score:3)
Re:How high-tech is the Huawei gear? (Score:5, Interesting)
Simple. Every one of these devices is a receiver and can receive all sorts of signals. The days of looking at the hardware and verifying what a device can do are long gone. If you think so, let me introduce you to something called Software Defined Radio (SDR)
https://en.wikipedia.org/wiki/Software-defined_radio [wikipedia.org]
https://www.besthamradio.com/best-cheap-rtl-sdr-radio-kits/ [besthamradio.com]
https://blog.bliley.com/10-popular-software-defined-radios-sdr [bliley.com]
Software Defined Radio takes the signals from a receiver and uses software to recover the information from the signals. It doesn't matter if the information is TCP, Bluetooth, Morse Code, slow-scan TV, spread-spectrum -- it is up to the software to decode the information.
If you looked at any of the SDR kits available you will notice they are built around a cheap digital-TV tuner. Pretty innocent looking, yes? It isn't the hardware that does all the work, it's the specialized software.
Trying to analyze the encrypted software embedded in the Huawei receivers to prove they are only doing what we think they are doing would be very difficult. Hell, the software doesn't even need to be in the units. They can update the software remotely so it only resides in RAM while they are actively searching for intelligence. Look at the embedded software all you like - it doesn't get weaponized until someone is ready to gather data. When they're done gathering this week's dump, either reload the innocent software or just wipe that routine from RAM.
You let me put a software controlled radio anywhere near an intelligence source and I guarantee I can gather ALL SORTS of useful information. It might take me a week or two do decode the encrypted stuff, but if I can do that without you knowing I'm listening, I'm in heaven.
Re: (Score:3, Interesting)
To build an SDR you still need a programmable oscillator that works in the desired frequency range, meaning it is easily detectable with a simple probe and an oscilloscope. To receive anything useful it will need a decent antenna too, especially since this hardware is usually contained inside a metal box, inside a metal server rack, inside a building with lots of wiring in the walls and ceiling, i.e. multiple Faraday cages.
I suppose things like phones make it a bit more practical, but what you suggest about
Re: How high-tech is the Huawei gear? (Score:3, Interesting)
Re: (Score:2)
Yep, pretty much. No, the Chinese are not decades ahead in this game. The while "SDR" angle as a practical threat is stupid for this equipment. It is a nice research topic though.
Re: (Score:1)
SDR as backdoor? Seriously? What are you smoking? Do you even begin to understand the limitations that come with this, like very short range?
Re: (Score:2)
Trying to analyze the encrypted software embedded in the Huawei receivers to prove they are only doing what we think they are doing would be very difficult. Hell, the software doesn't even need to be in the units. They can update the software remotely so it only resides in RAM while they are actively searching for intelligence. Look at the embedded software all you like - it doesn't get weaponized until someone is ready to gather data. When they're done gathering this week's dump, either reload the innocent software or just wipe that routine from RAM.
Shouldn't there be a way to disable updates or such phoning home feature if it exists? If not, then it seems the only way to solve it is to mandate opensource firmware (or at least "gated" source firmware verified by a trusted third party) for all devices placed near sensitive installations. Hardware with non-upgradable firmware or firmware that can be upgraded only locally (e.g. old-fashioned serial cables) could also be given a free pass under this scheme.
Re: (Score:2)
Simple: It cannot.
Yes it can. Go and watch a few Defcon videos.
https://www.youtube.com/result... [youtube.com]
Did you reply to wrong comment? (Score:3)
You are saying you CAN look at hardware and know every use it can put to?
You sought to prove that hardware cannot be used for anything other than it's intended purpose. By linking to a shit ton of videos of people using hardware for other than it's intended purpose?
My talk at Defcon will be on that list. You're linking to *me*. Since you are apparently citing me and other Defcon speakers as authoritative, I will tell you this, as your chosen authority whom you are citing:
We absolutely can and do use hardw
Re: (Score:2)
No argument about that. But if you use, say, a telco router for another purpose as intended and you may neither a) leave evidence of that happening and b) it need to continue to perform at full capacity while you are doing it, things get a lot more limited. Sure, can probably still be done, but it becomes a high-effort attack that is not really worthwhile doing when there are so many targets around that can simply be hacked from outside to get data.
The whole "Huawei bad!" "analysis" is a lie by misdirection
Re: (Score:3)
> you use, say, a telco router for another purpose as intended and you may neither a) leave evidence of that happening and b) it need to continue to perform at full capacity while you are doing it
Your argument is that a telco router, under normal conditions, can't handle one more call (to the Chinese spy) without falling over from the extra load? It can handle 100,000 simultaneous calls, but if one of those calls is to Hung Ho it can't handle that? Think about your argument for a second. You know that
Re: (Score:2)
You are saying you CAN look at hardware and know every use it can put to?
No, I'm saying you can look at hardware and know what it's currently doing.
If you're so good at this then surely you've heard that "security isn't a product, it's a process".
Re: (Score:2)
Okay what you replied to was "disassemble some of the Huawei equipment to show how they can be used for espionage".
"How they can be used".
Re: (Score:2)
Not that there's reason to doubt the overall weight of the reports (even if some sound a bit iffy), but I'm curious why nobody has bothered to publicly disassemble some of the Huawei equipment to show how they can be used for espionage. Or is Huawei using some of the tricks the Western intelligence agencies are also using, so such a "reveal" might reveal to other hostile countries lower on the technological totem pole (Nokor, Iran) how to maker such devices themselves.
These kinds of analysis of chips and equipment has been going on since at least the 1990s. The details are highly classified.
Why the public assertion in this particular instance, I won't speculate. However, I do believe it.
Re: (Score:2)
notthing to see here. (Score:5, Informative)
To be built with components shipped in diplomatic pouches? I think an intel asset on his first day of work would be questioning that one.
China has been overt in its actions, dumping products to destroy markets and even trying to steal food technology. [reuters.com] China is not our friend and we need to start treating them as the genuinely hostile player they've become on the world stage. Another fun fact that many Americans also don't realize is the huge birth tourism trade [justice.gov] that has been going on too.
Re: notthing to see here. (Score:2, Interesting)
Well I'm surprised (Score:4, Informative)
I truly expected the first or second post to be one of our resident morons ranting "the US spies in the Chinese government, so we should let them apt on us".
That's generally about 25% of the comments any time spying by China or election interference by Russia is mentioned, "the US has the CIA so this is a non-story". Some people just can't grasp that we want to defend ourselves from attack - even though we some ability to fight back.
Re: (Score:1)
I ... expected ... "the US spies in the Chinese government, so we should let them apt on us".
That's generally about 25% of the comments any time spying by China or election interference by Russia is mentioned ...
I use this as an approximate measure of how many of the posters are astroturf artists and/or bots for them. B-)
So the nuclear arsenal communication is crap? (Score:1, Troll)
Because it would have to be really crap for that to be possible. Hence I do not buy it. My take is this is 100% a propaganda lie. I would be really surprised if anything critical was not buried fiber with multiple redundancies at this time. I mean, even civilian alert systems (in Europe) have that. No way to "disrupt" that with a cell-tower. Sadly, there are tons of people with non-working minds that will eat this up.
Re: (Score:1)
They get their assets in place selling at a loss. It's a spray and pray approach that is paying off.
There goes plausabile deniability (Score:1)
The FBI should've kept their yap shut and then we could've sent a missile towards Putin and blamed the "accidental launch" on Chinese cell towers. Real sorry about that Russia, the launch mechanisms just get squirrely around 5G, you know how it is.
Re: (Score:2)
Something tells me that this guy isn't going to take an accident very well:
https://s.hdnux.com/photos/11/... [hdnux.com]
"Oops our Huawei slipped one out too!", does not end well.
Re: (Score:2)
Do the American (Score:1)
Re: (Score:2)
Don't you use paragraphs? I can help you.
There is a thing called a "topic sentence" that should start your paragraph. Then follow it up with three or four "supporting sentences" that support the main point that is presented in your topic sentence. Then move on to the next paragraph, with a topic sentence and supporting sentences.
Do so and people will respond better to what you write. They will respond better because they will understand what you are saying, as compared to that paragraphless confusion.
Re:Steaming pile of FUD (Score:4, Insightful)
There's zero evidence Huawei is doing the scary thing the US government is suggesting they could maybe possibly do if they wanted to.
There is zero evidence your bank account has been robbed either. Yet to then therefor conclude absolutely no one out there would want to do so, and no precautions against it need made, does not come from reason or logic.
Huawei's communications equipment, like all others these days, are computer driven and very configurable.
To claim it couldn't perform this function is just ignorance. Of course it can.
US law enforcement does exactly what they're accusing Huawei of doing to their own citizens in massive dragnet operations that violate our constitutional rights.
US law enforcement accusing Huawei of spying on Chinese citizens isn't even at topic here.
Nor is US law enforcement spying on US citizens at topic.
What is happening here is accusing the Chinese of spying on US military communications.
And yes of course the US government is spying on Chinese military communications.
Are you intentionally trying to conflate the former bad thing with the latter good thing?
That is the very definition of spreading FUD!
There is no reason to simply allow the Chinese government to spy on the US military. They certainly aren't going to allow us to spy on theirs. Nor should they.
Re: (Score:3)
To claim it couldn't perform this function is just ignorance. Of course it can.
Well, duh!
The real trick is to not let the Chinese government build "70-foot ornate pagodas" next to vital infrastructure, n'est pas?
(OTOH the government needs those pagodas so they can run stories like this)
Re: Steaming pile of FUD (Score:3)
Anyone with an EE degree and some computer science education could setup equipment to record wireless communication. But, sensitive government communication should be digitally encrypted and essentially garbage for those who do collect it. If the US isn't encrypting this sensitive data it's their own negligence that is the threat, not Huawei.
Re: (Score:2)
This is a steaming pile of FUD. There's zero evidence Huawei is doing the scary thing the US government is suggesting they could maybe possibly do if they wanted to. Pushing out negative stories like this will create a simmering sense of anxiety about China's true intentions, whether or not they're based in fact
That's the idea, yes.
Actual security would be to install home-made gear for the secret stuff and flood the unimportant Huawei gear with fake messages.
how dare they do something so despicable?! (Score:1)
https://www.ynetnews.com/artic... [ynetnews.com]
https://www.spiegel.de/interna... [spiegel.de]
https://www.reuters.com/articl... [reuters.com]
etc...
Re: (Score:2)
Good thing we impeached him twice for his insolence
Two wrongs don't make a right.
Software Defined Radio? (Score:2)
How are they doing this? Software Defined Radio comes to mind.
How is FAANG coping with China? (Score:1)
5 years ago, Amazon had a serious problem with Chinese developers putting in all sorts of loopholes and exploits into the retail platform to boost their sales and profits. Haven't heard anything about them resolving that problem. China spies are all over Seattle and they're quite awkward and obvious most of the time, but I'm sure there are plenty of Chinese spies that aren't even Chinese.
Facebook has similar issues but they don't seem to go unresolved as long as they do on Amazon.
Google, well, I think mos
Excuse me (Score:1)
while I get busy selling this as a movie plot.
How much closer to "sell them the rope" can we get?
https://quoteinvestigator.com/... [quoteinvestigator.com]
When will we wake up? (Score:1)