Huawei hacked three years before NBN ban

Three years before Australia banned Huawei from bidding for the National Broadband Network (NBN), the US National Security Agency (NSA) burrowed into the company’s networks to steal email and product source code, according to reports published on Saturday.

The networking giant was hacked by the NSA as part of “Shotgiant”, an operation that by 2009 had given the agency more information on the company than it knew what to do with, according to a report by Der Spiegel that's based on documents from former NSA contractor Edward Snowden.

The hack gave the agency a list of 1,400 customers, internal Huawei training documents, source code for its routers and switches and, from January 2009, wide access to the company’s email messages including those from Huawei’s CEO Ren Zhenfei and chairwoman, Sun Yafang.

According to the <i>New York Times</i>, which also published a story based on the documents, the operation began in 2007 and was aimed at establishing whether Huawei had links to Zhenfei’s former employer, the People’s Liberation Army. The campaign was also looking for ways to exploit products used in networks which fall into its scope of targets.

The attack on Huawei was part of Shotgiant’s larger ambition to target China’s top brass in politics, finance and technology industries.

Neither report suggest the NSA was able to plant its own backdoors in Huawei's equipment, however they do not include evidence that the Chinese government did it either.

“The irony is that exactly what they are doing to us is what they have always charged that the Chinese are doing through us,” Huawei spokesperson William Plummer told NYT.

Huawei was excluded from bidding for work on Australia’s NBN in March 2012, which the Attorney’s General Department said at the time was to preserve the integrity of the network.

At the time, Huawei hoped it could emulate the model it had established with the UK’s intelligence agency, GCHQ, which cleared its path for inclusion into British Telecom’s role in the nation’s fibre expansion plans. The arrangement allowed the agency to vet Huawei equipment via the Cyber Security Evaluation Centre (HCSEC), which staffed by Huawei employees.

The Australian ban preceded a US House intelligence-committee report released in October that concluded products from Huawei and fellow Chinese mobile company ZTE should be viewed with suspicion.

Following that report, Huawei Australia said it was willing to cough up its source code to Australian regulators — so long as its rivals such as Ericsson and Alcatel Lucent did the same — to assuage local concerns its equipment in the NBN posed a national security threat.

Neither report claims the documents confirm any evidence of a link between Huawei and China’s government.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags HuaweinsaNational Broadband Network (NBN)NBN

More about BT AustralasiaCSOEnex TestLabEricsson AustraliaGCHQHuaweiLucentNational Security AgencyNSASpiegelZTE

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place