OSINT: The Real & Perceived Threat of Huawei

A Look at How China’s Huawei Technologies Company is under the persistent observation of the United States

Introduction

In February 2015, the Director of National Intelligence (DNI), identified one of the major risks facing the United States (US) within the “Cyber” domain is the insertion of malicious code into Information Technology (IT) hardware and software items sold to the US. According to the DNI: “Despite ever-improving network defenses, the diverse possibilities for…supply chain operations to insert compromised hardware or software…will hold nearly all [Information and Communication Technology] systems at risk for years to come” (DNI, 2015, p.1).

While there are several foreign IT equipment and software companies that have been accused of such activities, the major concern in this arena is the Chinese company, Huawei (Wah-way) Technologies Company, Limited.  In 2012, the House Permanent Select Committee on Intelligence had major concerns.  Specific to its investigation of the operating practices of Huawei, the committee reported that: “The threat posed [by Huawei/China] to U.S. national-security interests… in the telecommunications supply chain is an increasing priority…” (US House of Representatives, 2012, p.1).

            While there are no specific unclassified details of such injections of malicious code into Huawei products, in 2006, for example, a discreet ban by several Western nations, to include the US, was initiated against the Chinese firm of Lenovo Personal Computers.  Shortly after Lenovo purchased International Business Machine’s (IBM) personal computing division, the use or purchase of Lenovo PCs  “…due to backdoor vulnerabilities” (Infosec Institute, 2013) was banned. 

Huawei represents a similar and more pervasive threat to the international IT supply chain.  Huawei has both the means and motives to compromise IT equipment and systems on the behalf of the Chinese government. “…Huawei has refused to explain its relationship with the Chinese government or the role of the Communist Party…inside the company…” (Simonite, 2012), and it can be assumed, based on multiple Huawei senior leaders with close ties with the People’s Liberation Army (PLA) that Huawei has an explicit connection with the Chinese government.

Threat

The major motivation for Huawei, as a surrogate for the Chinese government, is to support its 5-year Plan focused on it becoming a major global economic super-power.  Huawei is implicitly aligned with this plan that “State-owned enterprises are instructed to acquire assets perceived as valuable by Beijing” (Scissors, 2013 ).  It continues a wide-range of acquisitions to include mergers with American and other Western IT companies.

The People’s Liberation Army (PLA)

The PLA’s Unit 61398 has been extensively analyzed by government and private cybersecurity firms.  In 2013, Mandiant released an exhaustive and authoritative report based upon deep-analysis of code and techniques specific to Unit 61398.  The most conclusive statement made was that the “…Communist Party of China is tasking the Chinese People’s Liberation Army [Unit 61398 and others] to commit systematic cyber-espionage and data theft…” (Mandiant, 2013, p. 7).

It may be further surmised that some of that training, equipment and expertise is provided by Huawei directly to the PLA.  The Far Eastern Economic Review reported “…Huawei received a key contract to supply the PLA’s first national telecommunications network” (Ahrens, 2013).  These ties point to connections with the Chinese government and the PLA; there is little doubt that China continues aggressive cyber-activities in support of its intentions to increase its economic standing in the world.

China has not demonstrated a desire to quash cyber-espionage activities from within its borders.  It can be surmised that a majority of Chinese cyber-activities are supported and controlled under the auspices of the Chinese government.  The most lucrative target for China, and more specifically Huawei, is the US; it will continue to focus its vast resources against US economic and business entities.

Additionally, Huawei has multiple cyber-relevant capabilities to include hardware and software development, IT manufacturing, and in-house technical expertise.  However, the major capability afforded Huawei is through its direct backing by the Chinese government. As noted, in terms of government contracts and resources Huawei has powerful direct support.

In terms of its infrastructure, it is vast and vibrant.  Access to the Internet as a surreptitious mechanism to hide its activities is another potential threat posed by Huawei to subvert the worlds’ IT architecture.  By leveraging its own internal infrastructure, in conjunction with the Chinese state, it has near limitless capabilities to disrupt the US and its allies via the Internet. 

According to Lachow, Huawei as a complex agent, would require “…a team of individuals (or perhaps multiple teams) with expertise in a number of technical areas…” (Lachow, 2008, p. 444).  Huawei, in coordination with the PLA (or vice versa), has access to such formidable resources; “[t]he PLA is reaching out across a wide swath of [the] Chinese civilian sector to meet the intensive requirements necessary to support its burgeoning [Information Warfare] capabilities, incorporating people with specialized skills from commercial industry…” (Krekel, 2009, p. 7).

Huawei should be expected to mostly use the Internet for passive cyber-espionage collection activities; however, it has the potential to engage in more active operations.  This could include establishing secretive Command and Control (C2) nodes within its own sold equipment and software, and also in “infected” competitors’ equipment sold in the international marketplace.  With this access, it could pose a formidable offensive capability.

Vulnerabilities

Huawei has a huge target-set to pursue.  With its growth throughout the global IT marketplace, any nation requiring IT products offers a target-rich environment for Huawei to exploit. Targets available to Huawei are wide-ranging and span the entire developed and industrial nations that conduct regular business with Huawei.

All countries are potentially exploitable especially in terms of their reliance on the Internet.  The need for computer hardware and software by all developed nations affords a consistent and regular vulnerability.   It can be surmised that Huawei personnel have the requisite knowledge and ability to exploit all levels of its manufactured products (and those of its competitors); this capability provides a direct ability to align with Beijing’s motivations to become the predominant economic powerhouse of the world.

Consequences

In terms of cyber-espionage, the magnitude is greater than $445 B annually “…to the world economy” (Nakashima & Peterson, 2014) as identified in a 2014 Washington Post article.  If the allegations against Huawei are true, the potential economic loss to the world could be far greater if Huawei has expanded capacity to process the volumes of exfiltrated data.  The graver implications would be damage to the global economy more in the trillions of dollars annually in stolen intellectual property and data.

The severest, and more exploitive consequence would be Huawei could have the ability to leverage injected malicious code in its products.  This would imply the ability to shutdown portions or the entire Internet because of its control of foundational backbone hardware devices such as routers, switches, and firewalls.  While the ongoing cyber-espionage economic losses to countries are serious, it has the potential to inflict massive offensive harm against countries or groups that in the future it may be in conflict to include the US.

Conclusion

Huawei is a complex threat.  Lachow reserves this label to highly coordinated and effective state actors with nearly unlimited resources.  Huawei is such a threat with the obligatory skill-sets to a very diverse and technologically capable adversary. With the presumptive backing of the Chinese government, and its resources, Huawei continues to be a major threat to US and international governments and their respective economies.

While there is no conclusive or public evidence, that Huawei has injected malicious coding into any of its products, the risk is formidable.  Michael Maloof, a former senior security policy analyst in the Office of the Secretary of Defense, ascribes from sources that “[t]he Chinese government reportedly has “pervasive access” to some 80 percent of the world’s communications, thanks to backdoors it has ordered to be installed in devices made by Huawei” (Protalinski, 2012).  Jim Lewis, at  the Center for Strategic and International Studies provides an ominous point of view working with Chinese businesses: “The Chinese will tell you that stealing technology and business secrets [are] a way of building their economy, and that this is important for national security” (Metz, 2013).  The risk to the US’s national security, its economic viability, and its critical infrastructure is directly threatened by Huawei.

EDITOR: 
This Open Source (OSINT) product is the individual work and opinion of the author only. No classified information is part of any of this work.

---

References

Ahrens, N. (2013, February). China’s Competitiveness: Myth, Reality and Lessons for the United States and Japan. Retrieved from Center for Strategic and International Studies: http://csis.org/files/publication/130215_competitiveness_Huawei_casestudy_Web.pdf

Barbozaaug, D. (2010, August 22). Scrutiny for Chinese Telecom Bid. Retrieved from New York Times: http://www.nytimes.com/2010/08/23/business/global/23telecom.html?_r=0

DNI. (2015, February 26). Statement of Record: Worldwide Threat Assessment. Retrieved from http://www.armed-services.senate.gov/imo/media/doc/Stewart_02-26-15.pdf

Infosec Institute. (2013, October 11). Hardware attacks, backdoors and electronic component qualification. Retrieved from Infosec Institute: http://resources.infosecinstitute.com/hardware-attacks-backdoors-and-electronic-component-qualification/

Krekel, B. (2009, October 9). Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation. Retrieved from George Washington University: http://nsarchive.gwu.edu/NSAEBB/NSAEBB424/docs/Cyber-030.pdf

Lachow, I. (2008). Cyber Terrorism: Menace or Myth. Cyber Power, 19-20.

Mandiant. (2013, February 18). APT1: Exposing One of China’s Cyber Espionage Units. Retrieved from Mandiant: http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf

Metz, C. (2013, December 31). U.S. to China: We Hacked Your Internet Gear We Told You Not to Hack. Retrieved from Wired: http://www.wired.com/2013/12/nsa-cisco-huawei-china/

Nakashima, E., & Peterson, A. (2014, June 9). Report: Cybercrime and espionage costs $445 billion annually. Retrieved from Washington Post: http://www.washingtonpost.com/world/national-security/report-cybercrime-and-espionage-costs-445-billion-annually/2014/06/08/8995291c-ecce-11e3-9f5c-9075d5508f0a_story.html

Protalinski, E. (2012, July 14). Former Pentagon analyst: China has backdoors to 80% of telecoms. Retrieved from ZDNet: http://www.zdnet.com/article/former-pentagon-analyst-china-has-backdoors-to-80-of-telecoms/

Scissors, D. P. (2013 , May 9). Chinese Investment in the U.S.: Facts and Motives. Retrieved from Heritage Society: http://www.heritage.org/research/testimony/2013/05/chinese-investment-in-the-us-facts-and-motives

Simonite, T. (2012, October 9). Why the United States Is So Afraid of Huawei. Retrieved from MIT Technology Review: http://www.technologyreview.com/news/429542/why-the-united-states-is-so-afraid-of-huawei/

US House of Representatives. (2012, October 8). Investigative Report on the US National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE. Retrieved from https://intelligence.house.gov/sites/intelligence.house.gov/files/documents/Huawei-ZTE%20Investigative%20Report%20(FINAL).pdf