The Threat of the East
Once upon a time, state sponsored surveillance and privacy threats were the domain of the West. But as Chinese telecom infrastructure vendor Huawei shows, Asia is emerging as a formidable threat to our businesses.
I remember where I was when the Snowden revelations hit the public’s consciousness in 2013. I was working for Google, running a 28 country regional business in Central & Eastern Europe and as was typical, that week I was spending a most of my time on planes from Warsaw to various capitals. The news—that the US government’s PRISM programme was so intrusive as to be able to intrude almost any network and surveil all your email and telecom communications, could turn on your phone camera and microphone without you realizing it—was shocking to say the least. Having grown up in the final gasp of communism, state level spying was something I and my family knew first hand. But that America would use technology for the same purpose, even with the justification of fighting terrorism, made even a jaded cynic like myself surprised at the disappointment of it all.
And it didn’t stop there. As a person who understands how dependent society is and has become on technology for our way of life, the cyberattacks that were unleashed after the stolen NSA digital weapons by the Fancy Bear hacking group, linked to Russian covert battalions, is something that threatened our whole network fabric. The Eternal Blue exploit was used in the WannaCry/Not Petya attack which infected hundreds of thousands of computers, exposed that these weapons are real and can cost damages in the billions of dollars and disruptions that last years (just ask Maersk shipping who is still recovering and estimated costs of 300 million).
This story of backdoors and western, state level cyber warfare is something that anyone who pays attention to cybersecurity knows all too well. But what is lesser known—and I would argue constitutes a greater threat, certainly to business continuity—is the rising threat from the East. China and North Korea are emerging as new, dangerous players in this new Weapons of Digital Destruction (WDDs) scenario. Though with different agendas, these two countries point to the expansion of the threat surface that is originating in Asia but threatening all businesses, from around the world.
From a business perspective though, Huawei is a parable of just one (but not the only example) of what the near future’s largest economy can achieve when it focuses its resources and history of intellectual property theft to use technology for its agenda. Huawei has methodically positioned itself as the biggest telecom infrastructure provider in the world, using the Chinese state’s long arm of investment in Africa and other developing countries to win tenders for the tech firm and subsidizing it to beat the other vendors like Nokia and Ericsson on price. At prima facie, that follows a similar industrial price dumping strategy and for years, was assessed through that lens. But slowly the evidence grew that Huawei’s technology had a darker intention.
In 2011 and 2012 Vodafone found that Huawei’s technology had deliberate backdoors inserted that allowed undetected intrusion into networks and mobile communications. The telecom giant insisted Huawei remove backdoors in home internet routers and received assurances from the supplier that the issues were fixed. However, further testing revealed that the security vulnerabilities remained, the documents show. Vodafone also identified backdoors in parts of its fixed-access network known as optical service nodes, which are responsible for transporting internet traffic over optical fibers, and other parts called broadband network gateways, which handle subscriber authentication and access to the internet, company testers said. The people asked not to be identified because the matter was confidential. In Vodafone’s case, the risks included possible third-party access to a customer’s personal computer and home network, according to the internal documents.
The Vodafone example against Huawei is just one of many that Americans have used as justification for their increasingly aggressive trade war with China and they cite other vendors like ZTE. They cite that the real aim of these backdoors is the Chinese strategy of using industrial espionage and reverse engineering to steal intellectual property and leapfrog their economy’s weakness in innovation. And consider: as 5G is used by businesses to place their whole IIoT infrastructure and data in the cloud, how vulnerable would companies be if the very hardware and architecture that facilitates 5G is open to surveillance and IP theft?
Furthermore, a recent article in the Wall Street Times shows that the Chinese are even ready to use cyber weapons in a hired gun fashion to friends in need. Recent investigative reporting found that Huawei technicians helped Ugandan strongman Museveni intercept encrypted messages from political opponents aligned to challenger Bobi Wine using Pegasus spying software. Again, this reinforces the opinion that Chinese technology vendors can be directed at the Peoples Republic of China’s strategic political behest.
If US, NSA surveillance was backdoors 1.0 then the new rise of Asian cyberthreats is 2.0. With 5G coming, we should be vigilant that one of the most important critical structures is free from all backdoors, from East or West.
Read more about Security by Sweden and read our white paper on #Nobackdoors here
Sienkiewicz is Clavister’s Chief Stategy Officer, tasked with looking at forward trends in the market and technology. He has a background with Google, IBM and tech companies.