SAN FRANCISCO (Reuters) – A White House-ordered review of security risks posed by suppliers to U.S. telecommunications companies found no clear evidence that Huawei Technologies Ltd had spied for China, two people familiar with the probe told Reuters.
Instead, those leading the 18-month review concluded early this year that relying on Huawei, the world’s second-largest maker of networking gear, was risky for other reasons, such as the presence of vulnerabilities that hackers could exploit.
These previously unreported findings support parts of a landmark U.S. congressional report last week that warned against allowing Chinese companies Huawei and ZTE Corp to supply critical telecom infrastructure.
But it may douse speculation that Huawei has been caught spying for China.
Some questions remain unanswered. For example, it is unclear if security vulnerabilities found in Huawei equipment were placed there deliberately. It is also not clear whether any critical new intelligence emerged after the inquiry ended.
Aided by intelligence agencies and other departments, those conducting the largely classified White House inquiry delved into reports of suspicious activity and asked detailed questions of nearly 1,000 telecom equipment buyers, according to the people familiar with the probe.
“We knew certain parts of government really wanted” evidence of active spying, said one of the people, who requested anonymity. “We would have found it if it were there.”
White House National Security Council spokeswoman Caitlin Hayden declined to comment on the review. A spokesman for Huawei said the company was not familiar with the review but it was not surprised that no evidence of Huawei espionage was found.
Last week’s report from the Republican and Democratic leaders of the House Intelligence Committee noted the potential for spying through Huawei gear installed to manage traffic on wireless networks. The committee also criticized Huawei’s leadership for failing to provide details about its relationships with Chinese government agencies.
Huawei, whose chief executive officer, Ren Zhengfei, founded it 25 years ago after he was laid off by the Chinese army, has rejected the House report as unfair and inaccurate. China’s Commerce Ministry has also called the accusations “groundless.”
“Huawei is a $32 billion independent multinational that would not jeopardize its success or the integrity of its customers’ networks for any government or third party. Ever,” the company’s U.S. spokesman Bill Plummer said on Wednesday.
The House Intelligence Committee’s report did not present concrete evidence that either Huawei or ZTE have stolen U.S. data, although it said a classified annex provided “significantly more information adding to the committee’s concerns” about the risk to the United States.
Speculation has swirled about the contents of the secret annex, and both committee Chairman Mike Rogers and some intelligence officials have hinted at evidence that Huawei has participated in espionage.
Rogers, the report’s lead author, stoked concerns by saying some customers had seen routers sending off “very valuable data” to China.
But in the one case a committee staff member pointed out to Reuters, the victim – Leap Wireless International Inc – said that while some of its computers were infected with viruses earlier this year, an investigation found no evidence that the infection was deliberate or that confidential data had been stolen.
PREVENTIVE MEASURES
Pressed about why the White House review and unclassified version of the House Intelligence Committee report had not turned up a “smoking gun,” two officials familiar with intelligence assessments said U.S. agencies were most concerned about the capability for future spying or sabotage.
Similarly, Chris Johnson, a former CIA analyst on China, said he had been told that the White House review had come up empty on past malicious acts. Nonetheless, officials emerged from the review with “a general sense of foreboding” about what would happen if China asked Huawei for assistance in gathering intelligence from U.S. customers, he said.
“If the Chinese government approached them, why would they say no, given their system?” Johnson said.
Preventing state spying through technology is a high priority for U.S. President Barack Obama’s administration, which is lobbying for legislation to raise private-sector security standards and readying a more limited executive order along those lines.
Reuters interviews with more than a dozen current and former U.S. government officials and contractors found nearly unanimous agreement that Huawei’s equipment poses risks: The company could send software updates that siphon off vast amounts of communications data or shut them down in times of conflict.
More than anything else, cyber experts complained about what they said was poor programming that left Huawei equipment more open than that of rivals to hacking by government agents or third parties.
“We found it riddled with holes,” said one of the people familiar with the White House review.
At a conference in Kuala Lumpur last week, Felix Lindner, a leading expert in network equipment security, said he had discovered multiple vulnerabilities in Huawei’s routers.
“I’d say it was five times easier to find one in a Huawei router than in a Cisco one,” Lindner said.
Lindner, who spent months investigating Huawei code, said the vulnerabilities appeared to be the result of sloppy coding and poor procedures, rather than any deliberate attempt at espionage. Huawei is looking into his findings, he said.
Some in the U.S. government, however, have said the alleged poor security practices at Huawei could be a deliberate cover for future attacks.
One computer scientist, who helped conduct classified U.S. government research on Huawei routers and switches four to six years ago, told Reuters that he had found “back doors” that his team believed were inserted with care.
He said these back doors could enable attackers to install malicious software that would make critical government networks inoperable, allow hackers to gain entry into highly classified systems and enable them to spy on all traffic. He requested anonymity because he was not authorized to discuss the research.
Huawei has denied the existence of these back doors. Plummer also noted that any vendor’s gear could be targeted by hackers, and the company would address any vulnerabilities it finds.
The United States’ closest allies have rendered a split verdict on Huawei. Earlier this year, Australia barred Huawei from becoming a contractor on the country’s National Broadband Network, and Canada said last week that Huawei could not bid to help build a secure national network. In Britain, however, a spokesman for the Cabinet Office said Huawei’s products were fully vetted and did not represent a security concern.
Dutch Ruppersberger, the ranking Democrat on the House Intelligence Committee and co-author of the report, told Reuters that the burden of proof had been on Huawei and ZTE, which cited Chinese government restrictions in limiting their responses.
“China has the means, opportunity, and motive to use telecommunications companies for malicious purposes,” Ruppersberger said.
Republican Rogers’ staff did not respond to questions about the contents of the classified annex or the White House review.
(Reporting by Joseph Menn in San Franciso, Jim Finkle in Boston, and Mark Hosenball in Washington; Additional reporting by Paul Eckert and Jim Wolf in Washington and Jeremy Wagstaff in Kuala Lumpur; Editing by Tiffany Wu and Lisa Von Ahn)
Cyber terrorism and espionage have been highlighted as growing threats to Australian organisations and government departments, according to a new annual report by the Australian Security Intelligence Organisation (ASIO).
The Annual Report 2011-12, which was tabled in the federal parliament this week, found that ASIO completed more than 150,000 counter terrorism security assessments during the reporting period.
“Emerging technology and an Internet-connected world offer new avenues of espionage,” read the report.
“The espionage threat is evidence by foreign intelligence services seeking agents in relevant positions, including in the Australian public service and working for Australian businesses, but also seeking access to any computer system or network holding data that could be targeted for espionage activity.”
According to the report, cyber espionage state and non-state actors continued to target Australian organisations.
ASIO pointed out that critical infrastructure, such as SCADA networks, is one area organisations need to focus on protecting in Australia.
“Critical infrastructure by its very nature poses a potential target for those who wish to do harm to Australia and so careful consideration must be given to matters having an impact on the security of critical infrastructure,” read the report.
“No single element of critical infrastructure stands alone and the potential for threats against auxiliary assets must also be considered.”
Over the 2011-12 period, ASIO provided 25 briefing sessions on potential or specific threats to critical infrastructure and produced 22 reports. These were sent to more than 153 government and private sector organisations.
Cyber terrorism
Turning to terrorism, ASIO reported that international influences through the Internet will continue to inspire some Australians to potentially join terrorism groups such as al-Qa’ida.
“Over the 12 months, al-Qa’ida and its affiliates have suffered a number of setbacks including the loss of senior figures such as Anwar al-Aulaqi, in Yemen,” read the report.
“The continuing counter-terrorism efforts of Australia’s partners in South-East Asia are also having an effect on regional extremist networks, although terrorist threats persist.”
However, ASIO conceded that these setbacks have not lessened the extent of what the report referred to as “violent jihadist” groups to promote, foster and engage in terrorism.
“The global tempo of terrorist activities, including attacks, attempted attacks, plotting, fundraising and recruitment, remains undiminished.”
CREST
The report went on to highlight ASIO’s connection with the Australian arm of the Council of Registered Ethical Security Testers (CREST) which was established in March 2012.
“CREST Australia is the product of co-ordinated engagement with industry involving ASIO, CERT Australia and the Defence Signals Directorate [DSD] and will have an important role in establishing clear and agreed standards for cyber-security testing.”
According to the report, the CREST standards will help the business sector be confident that the work conducted by CREST-accredited IT security professionals is completed with integrity, accountability and to agreed international standards. In addition, CREST Australia is affiliated with CREST Great Britain.
Federal agents picked through garbage, spied on phone calls and captured reams of email as they went after a Houston businessman now accused of leading a scheme to ship sensitive U.S. technology to Russia’s military.
The 11-person ring, allegedly led by Alexander Fishenko, is not accused of espionage, as classified documents were not given to Russia, but of breaking U.S. law by sending loads of protected microelectronics that can be used for guiding anti-ship missiles or radars as well as have civilian-world uses.
One of the most damning yet simplest bits of evidence made public so far came from the mouths of one of the company’s managers while being interviewed over the phone by an employee working on a college paper and seeking to understand how Fishenko’s company, ARC Electronics, got around strict export laws and avoided suspicion.
The answer: “We’re lying.”
In another conversation, the manager, Alexander Posobilov, is asked by an employee in Russia, who is among three fugitives in the case, what would happen if word gets out about what is going on: “We will be f—–.”
Those words were among thousands recorded by the FBI. The conversations leave little doubt at least some of the persons charged likely knew they were doing something dubious.
Three people charged, including Fishenko, appealed Wednesday to U.S. Magistrate Judge George C. Hanks Jr. to free them on bond pending trial. All appeared in court wearing green prisoner uniforms and shackled at the waists and ankles as about two dozen family members and friends looked on.
The hearing is to continue Thursday.
The eight defendants who have been arrested are Slavic country immigrants, several from Russia, who now live in Houston. Most if not all have no known criminal records. Several are U.S. citizens with extended family here, although they have been issued passports by both countries.
No aid from consulate
The Russian consulate in Houston submitted a letter that stated should any of the defendants be released, it would not help them escape, an apparent attempt to belay concerns it could issue them travel documents or take diplomatic actions to assist them.
Prosecutor Daniel Silver argued none should be released pending an outcome of charges in the case, as they would most certainly flee the United States to countries abroad where they have relatives and the ability to rebuild their lives aboard.
In testimony Wednesday, FBI agent Crosby Houpt said that ARC disguised itself as a traffic-light manufacturer, then lied about what the microelectronics were to be used for in order to avoid drawing any suspicion from suppliers.
The equipment would be shipped from Houston through an airport in New York and then ultimately on to Russia.
“ARC would receive shopping lists from Russian entities, and they would go about acquiring the parts on the shopping lists,” Houpt testified.
He also said Fishenko and other company managers took steps to try and hide what was going on from some of their employees, especially any word that parts would be sent to the military.
Among the evidence are documents in Russian that the FBI seized that show that a company tied to Fishenko was authorized to procure parts for the military, and another in which an intelligence arm of the government complains that it had been sent defective parts.
Defense attorneys have sought to portray most of the accused as Houstonians with productive lives here who immigrated to the U.S. years ago.
Fishenko’s attorney, Eric Reed, said his client is a family man who moved to Houston in 1994 with his wife, who is Jewish and came as what she described as a refugee fleeing discrimination based on her religion.
He noted how important Fishenko was in the life of his young son, whom he dropped off at elementary school before being arrested last week.
Grandmother charged
Another person charged, Lyudmila Bagdikian, is a grandmother who had survived cancer, had no criminal record anywhere, and had only worked for Fishenko’s Houston company, ARC Electronics, for a short time before it was raided last week, said her attorney Kent Schaffer
Yet another, Sevinj Taghiyeva, came to Houston on a student visa to study at the University of Houston and went on to get a work visa through ARC.
Charles Flood, an attorney for ARC saleswoman Viktoria Klebanova, said his client didn’t know what the higher-ups were doing.
He portrayed the charges as a nonviolent export violation and mocked the idea she was any kind of James Bond as he questioned the FBI agent.
“She doesn’t have machine guns behind the headlights of her 2003 Savannah (car), does she?” Flood asked the agent. “She doesn’t have a secret phone in her shoes, does she?”
And why not? Spend some time here and you can feel as if you’d been admitted to the backstage preparations for a magic show. The difference is that in espionage, life or death and the fate of nations are at stake, rather than whether a woman can be successfully sawed in half or an ace of spades pulled from a shuffled deck. These magicians weren’t performing; they were dueling.
Here, drawn from the immense private collection of the intelligence historian H. Keith Melton, and the collections of the C.I.A., the Federal Bureau of Investigation and the National Reconnaissance Office, are objects ranging from a poisoned needle, hidden inside a coin, to a fragment of the United States Embassy in Moscow that the Soviets riddled with bugs during its construction in the 1980s; two floors were razed and rebuilt.
There is a K.G.B. model of the umbrella that injected a poison ricin pellet into the Bulgarian defector Georgi Markov in 1978; a handmade pair of shoes made for a United States ambassador to Czechoslovakia in the 1960s that Czech intelligence officers bugged with a listening device in the heel; a Stasi-created molar that was hollowed out to allow microdots to be safely stored in a spy’s mouth; and a well-preserved rat with a Velcroed body cavity that was used by Americans in Moscow for exchanges of information without agents’ actually meeting. The rodent, treated with hot pepper sauce to discourage scavenging cats, was easily tossed from a passing car for these “dead drops.”
But most of these objects, tools of the trade over a half-century, are not the stuff of the “Mission Impossible” franchise; they are almost all deliberately mundane. They are not meant to startle; they are meant to fade into the background. They work like tricks sold in a magic shop. And they must be used with similar skill.
Something else is similar: once explained, the magic is gone. The objects used in espionage can almost seem silly. Really! Grown people sprinkling dust (nitrophenylpentadienal) on objects to track the movements of whoever touched them? Using a hat, glasses and a fake mustache as a disguise? Employing a hollowed-out nickel to hide top-secret microfilm? All of espionage can easily seem like a kid’s game, except for the trails of blood and insight that are invariably left in its wake.
And this show, produced by Base Entertainment, contains more than enough to make it resemble a child’s game: interactive screens on which you can disguise a photo of yourself; kiosks where your voice can be distorted and filtered; a mist-filled dark room with shifting laser beams that challenge you to make your way across, without breaking the circuit. (A password-oriented interactive game is too lame for its climactic position in the exhibition.)
There are also larger objects here that reveal, more dramatically, that technological sophistication is not a requirement, nor is it something that necessarily increases over time. Next to a collapsible motor scooter with which Allied spies parachuted behind enemy lines during World War II is a saddle, draped with an Afghan blanket, that was used by a C.I.A. officer riding across the forbidding terrain during the first months after the Sept. 11 attacks.
But the objects selected by Mr. Melton — whose collection of over 9,000 spy devices, books and papers has also helped stock the International Spy Museum in Washington — are not presented simply for sensation’s sake. There are very few weapons here, aside from the ice-climbing ax that was brutally smashed into Trotsky’s skull in Mexico — and we see it mounted near his assassin’s bloodied eyeglasses.
Mr. Melton also has stories behind his acquisition of such objects, though his reluctance to share his methods in too much detail suggests a firsthand experience with the world he is documenting. (How did an original K.G.B. model of the bugged American Embassy get into his hands?)
What happens along the way is that we gain an appreciation for the magic as well as the method; we end up glimpsing what these ordinary objects actually accomplished and what was at stake when they were used. The show could have been stronger if that context had been made clearer, but even with its gadget-centered focus, we learn that this great bag of tricks was no mere game.
“Spy: The Secret World of Espionage” is on view through March 31, 2013, at Discovery Times Square, 226 West 44th Street; discoverytsx.com.
Research Electronics International (REI) asserts that corporate espionage and theft of business information is thriving.
Cookeville, TN (PRWEB) May 19, 2012
Research Electronics International (REI), a leading manufacturer of security equipment to protect against corporate espionage, asserts that corporate espionage and theft of information is thriving. According to Frank Figliuzzi, FBI Counterintelligence Assistant Director, the current FBI caseload shows that commercial secrets worth more than US$13 billion have been stolen from American companies. This number does not include the unreported or undetected losses, nor does it include the losses in the brand value of the victims. The sheer scale of economic espionage against the nation’s top companies threatens America’s economic and technical position in the global economy.
It is a common misconception that espionage only occurs at government agencies and does not affect the business world. However, REI has been promoting that companies should be aware that any information that might benefit a competitor is at risk of espionage or theft, including price lists, customer lists, marketing strategies, insider product information, and financial information. Recently, the FBI launched a campaign promoting corporate espionage awareness including billboards, signs in bus shelters, and website information educating the public about the real and present threat of corporate information theft, and encouraging companies to protect their information from theft.
Companies should be on guard and take the following steps to protect business related information, as stated on the FBI’s website:
1. Recognize there is an insider and outsider threat to your company.
2. Identify and valuate trade secrets.
3. Implement a proactive plan for safeguarding trade secrets.
4. Secure physical and electronic versions of your trade secrets.
5. Confine intellectual knowledge on a “need-to-know” basis.
6. Provide training to employees about your company’s intellectual property plan and security.
For more information on technical equipment to protect against corporate espionage, visit http://www.reiusa.net.
About Research Electronics International
For over 28 years, Research Electronics International (REI) has focused on protecting corporate information, designing and manufacturing technical security equipment to protect against illicit information theft. REI is recognized as an industry leader by corporations, law enforcement agencies, and government agencies for technical security equipment. REI’s corporate offices, RD, manufacturing facilities, and Center for Technical Security are located in Tennessee USA, with an extensive global network of resellers and distribution partners. For more information call +1 (931) 537-6032 or visit REI on the web at http://www.reiusa.net.
Contact Person: Lee Jones
Research Electronics International
Tel: +1 931 537-6032
email: sales(at)reiusa(dot)net
LEE JONES
RESEARCH ELECTRONICS INTERNATIONAL
(931) 537-6032 Email Information
