Path: EDN Asia >> News Centre >> Communications/Network >> Complex methods used in NSA's Huawei recon
Communications/Network Share print

Complex methods used in NSA's Huawei recon

27 Mar 2014  | Kevin Fogarty

Share this page with your friends

Chinese officials are furious after learning in media reports about a covert U.S. investigation into China's largest networking company, Huawei Technologies. Ongoing rumours that the company is a tool of the country's intelligence apparatus instigated the said investigation.

Even more troubling to officials is how the NSA allegedly turned the company into a tool of American intelligence instead.

China has already sought explanation from Washington over reports that the NSA infiltrated Huawei's servers through Chinese Foreign Ministry spokesperson Hong Lei.

During the course of a project code-named "Shotgiant," the NSA penetrated the corporate networks of Huawei so completely that U.S. officials were able to read email from the company's CEO, download sensitive documents on more than 1,400 large Huawei customers, as well as technical data on current products and those still in development, according to documents released by former NSA contractor Edward Snowden to Der Spiegel and The New York Times.

"We currently have good access and so much data that we don't know what to do with it," according to one NSA report from 2010 quoted in Der Spiegel.

NSA Headquarters

NSA headquarters in Fort Meade, Maryland

Rather than stop at simply collecting more information than it could process, however, a NSA special-operations unit bored into the company's technical data, eventually compromising servers holding source code for the firmware that runs the routers and switches Huawei builds for large corporations and telecommunications companies.

The goal was to build secret backdoors or security flaws into the source code, which Huawei would then build into its own products and distribute to a customer base so large that Huawei boasts that its products connect a third of the world's population.

"Many of our targets communicate over Huawei-produced products," according to one of those reports. "We want to make sure that we know how to exploit these products," in order to "gain access to networks of interest," according to the document.

Rather than being an anomaly, the plan to bug Huawei firmware fit neatly into an apparently ongoing NSA effort to magnify the impact of its efforts by installing bugs and backdoors into the firmware of commercial technology products to be distributed by oblivious technology vendors and sold to potential targets with no indication the NSA had ever been involved. Previously released documents report similar efforts to compromise products from Western Digital, Seagate, Maxtor, Samsung and others, mostly U.S.-based companies.

The NSA unit involved—the Office of Tailored Access Operations (TAO), which is based in Ft. Meade, Md.—is a cadre of encryption and penetration specialists who can be called into action like a special-forces strike team to penetrate high-value targets with unusually tough security, according to Der Spiegel. A TAO sub-group known as ANT builds circuit boards disguised as USB devices or other, more subtle camouflage, which can be implanted in targeted servers and secretly broadcast everything they do to nearby NSA relay stations.

Want to more of this to be delivered to you for FREE?

Subscribe to EDN Asia alerts and receive the latest design ideas and product news in your inbox.

Got to make sure you're not a robot. Please enter the code displayed on the right.

Time to activate your subscription - it's easy!

We have sent an activate request to your registerd e-email. Simply click on the link to activate your subscription.

We're doing this to protect your privacy and ensure you successfully receive your e-mail alerts.

Add New Comment
Visitor (To avoid code verification, simply login or register with us. It is fast and free!)
*Verify code:
Tech Impact

Regional Roundup
Control this smart glass with the blink of an eye
K-Glass 2 detects users' eye movements to point the cursor to recognise computer icons or objects in the Internet, and uses winks for commands. The researchers call this interface the "i-Mouse."

GlobalFoundries extends grants to Singapore students
ARM, Tencent Games team up to improve mobile gaming

News | Products | Design Features | Regional Roundup | Tech Impact