The NSA Hacked Huawei Long Ago

The US government has warned for years that products from China’s Huawei Technologies, the world’s biggest maker of telecommunications equipment, pose a national security risk for any countries that use them.

While some technology experts claimed that there was no solid evidence that Huawei and other Chinese brands employ any hidden and malicious privacy invasion. But more recently, Huawei devices have taken the centre stage in cyber security and several European countries have expressed major concerns.

Consider a scenario where you may use a Huawei telephone to have a conversation with a friend or a work colleague. It could be a discussion about a business deal, a programming project you're working on, or important business meetings. You could inadvertently pass along proprietary information to a foreign government without realising it.

The National Security Agency (NSA) is an intelligence agency of the United States Department of Defense responsible for the collection and analysis of foreign communications and foreign signals intelligence, as well as protecting US government communications and information systems, which involves cryptanalysis and cryptography.

In 2014 documents were leaked from the NSA that revealed the US spy service was secretly stealing electronic data and other secrets by hacking Huawei.

The sensational spying operation, code-named Shotgiant, was undermined by Edward Snowden, the former NSA contractor now living in Russia who disclosed the top-secret hacking after stealing nearly 2 million NSA documents and releasing them to the press.

An investigation by Bloomberg journalists has revealed how the NSA was able to conduct its electronic spying operations around the world, penetrating Huawei’s routers and listening to the communications that passed through them. 

A person familiar with the operation said spies working for the NSA Tailored Access Operations group, the secret hacking unit based near Baltimore-Washington International Airport, were able to get inside Huawei equipment because of an earlier hack of Cisco Systems routers.

In the early, 2000s, Huawei was sued by Cisco for stealing portions of Cisco’s Internetwork Operating System, or IOS, a family of software used in the company’s routers and switches. The case was settled quietly out of court.

While it's unlikely that Huawei and other Chinese brands would be entirely banned for the average consumer, multiple governments are looking to minimise and ban the use of Huawei technology in their telecommunications networks.

If Huawei were to acquire control over a large part of the telecommunications market in the western world, the Chinese intelligence community could potentially have access to user data. It could also intercept, or even shut down, all communications from those devices.

But in case the NSA already knows the details of Huawei's technology, they can most likely take steps to block or prevent any damaging malicious activity, and they don't need to be quite so worried about using it.

Bloomberg:    Washington Times:      ComputerWorld:     Makeuseof.com

You Might Also Read: 

Who’s Afraid Of Huawei?

 

« Using SAST To Prevent Zero Day Vulnerabilities
Three Simple Steps To Effective Cybersecurity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Hex Security

Hex Security

Hex Security Limited is a specialist Information Assurance (IA) consultancy working with associates and partners to deliver security certification and accreditation support.

Genua

Genua

Genua is a specialist in IT security services and solutions ranging from network and infrastructure security to encrypted comms and industrial automation.

Mitek Systems

Mitek Systems

Mitek's global mobile capture and identity verification technology optimizes the digital user experience for thousands of financial services organizations.

LSEC

LSEC

LSEC is a not for profit organization that has the objective to promote Information Security and the expertise in BeNeLux and Europe.

IOTA Foundation

IOTA Foundation

The IOTA Foundation is a non-profit R&D organisation focused on developing the next generation of protocols for the connected world.

Cyberhaven

Cyberhaven

Cyberhaven provides rapid enablement for GDPR and CCPA compliance, streamlined data security and modern risk management.

Corsa Security

Corsa Security

Corsa Security is leading the transformation of network security with a private cloud approach that helps scale network security services with unwavering performance and flexibility.

Next47

Next47

Next47 is a global venture firm, backed by Siemens, committed to turning today's impossible ideas into tomorrow's indispensable industries.

PurpleSynapz

PurpleSynapz

PurpleSynapz provides hyper-realistic Cyber Security Training with a modern curriculum and Cyber Range.

CleanCloud by SEK

CleanCloud by SEK

CleanCloud by SEK is a CSPM product focused on public cloud data protection and security regulations, with over 400 compliance checks for the market's leading frameworks and regulations.

Secure Systems Innovation Corp (SSIC)

Secure Systems Innovation Corp (SSIC)

SSIC is a cyber risk analytics firm whose mission is to improve how businesses manage cyber risk through the power of data analytics. SSIC developed the X-Analytics cyber risk decisioning platform.

Iconium Software

Iconium Software

DataLenz by Iconium offers continuous and real-time tracking of your data assets delivering you the tools you need to successfully reach and maintain your target security standards.

Avocado Consulting

Avocado Consulting

Avocado helps clients deliver with certainty on their complex IT change, with technology services that automate, monitor and optimise.

Purple Team

Purple Team

Purple Team is an expert cybersecurity and managed security service provider focused on arming your IT infrastructure with both red team and blue team services.

Yarix

Yarix

Yarix is the leading company in Var Group’s Digital Security division and one of the most recognised, innovative and authoritative Italian companies in the IT security sector.