Huawei the truth and the myth.

Huawei the truth and the myth.

Huawei the truth and the myth.

By Philip Ingram MBE

*** Edited 14th July 2020 to add in a paragraph about why the UK Government has made a decision to ban Huawei equipment from the UKs 5G Network***

We are hearing one name, causing news presenters angst when it comes to pronouncing it, in the press at the moment, it is that of the Chinese telecom giant Huawei. So why are government ministers interested in Huawei? Why are the 5 Eyes community talking about it so much? What is the truth and what is the hype? Finally is there anything else we should be worried about? Philip Ingram MBE, a former Senior British Intelligence officer who has worked with signal intelligence organisations, takes a look.

Techadvisor.co.uk said “You can’t ignore Huawei any more. With increasingly premium smartphones on the market,” the Chinese company is challenging Samsung, LG, Sony and Apple who according to analysis by consulting firm Counterpoint Research, it outsells globally.

Given this great accolade then why are the US Government putting certain Chinese companies under increasing scrutiny and even more. In February, FBI Director Chris Wray told the Senate Intelligence Committee that the FBI was “deeply concerned” about the risks posed by the Chinese phone and telecommunications equipment providers Huawei and ZTE. Both Huawei and ZTE have repeatedly insisted that their consumer devices don’t pose a security threat to the US or anywhere else across the globe. (ZTE like Huawei provide telecom infrastructure devices). The Australian Government has decided, reportedly on national security grounds, to exclude Huawei from involvement in their National Broadband Network.

Nothing New
In a report to the UK parliamentary Intelligence and Security Committee, the Security Service (MI5) said in 2008 that, theoretically, the Chinese State may be able to exploit any vulnerabilities in Huawei’s equipment in order to gain some access to the BT network, which would provide them with an attractive espionage opportunity. So the issue in the press today is nothing new!

Looking at the UK market, Huawei makes everything from the routers and switches that steer traffic across the internet, to BT’s green street cabinets, to the transmission equipment used in mobile phone masts. If you send an email from your home computer or make a mobile phone call, wherever you are in the UK, the chances are your private communications and data will be carried over Huawei equipment. However, it is not the private communications that concerns are being raised about. It is the linking of our national infrastructure across the 5G network.  5G is a step change in the ability to transmit high speed data and will enable our already connected life style to reach levels probably unimagined as yet.

On the back of that report, BT who control the communications infrastructure across the county, started a programme to strip Huawei equipment out of the current 3G and 4G networks and have not planned to put Huawei devices into the core of developing 5G Networks. However, Huawei hit back and opened the Huawei Cyber Security Evaluation Centre (HCSEC) (known as “The Cell”) in 2010 just outside Oxford and put it under the oversight of what was then called the CESG and is now NCSC, the public facing part of the UK’s GCHQ.

This is why in recent statements senior personnel from GCHQ have been able to say they had “a unique oversight and understanding of Huawei engineering and cyber security”. One of the major issues over Huawei engineering is around so called ‘back doors’ being engineered into the hardware on the orders of the Chinese Government, so that the Chinese had a secret method of taking control of the hardware when they wanted to.

This fear was enhanced when China introduced its new National Intelligence Law and in particular Article 7 of that law which states, “any organisation or citizen shall support, assist, and cooperate with state intelligence work according to law.” Then Article 14 says, ‘state intelligence work organs, when legally carrying forth intelligence work, may demand that concerned organs, organisations, or citizens provide needed support, assistance, and cooperation.” This just reinforces that the Chinese state can overrule Huawei’s claimed independence. Huawei continue to insist that the law is being mis-interpreted.

Back doors
This idea of back doors is nothing new and ‘The Cell’ has found no evidence of back doors being deliberately put in Huawei hardware and they have denied they would ever do so, even if there was pressure from the Chinese Government. One area that possibly leaves hardware vulnerabilities however, is in their basic engineering.

Dr Ian Levy, technical director of the National Cyber Security Centre (NCSC), said on BBC Panorama, “The security in Huawei is like nothing else – it’s engineering like it’s back in the year 2000 – it’s very, very shoddy and leads to cyber security issues that we then have to manage long term.” But what does shoddy engineering mean?

As electronics are developed rapidly and for the mass market therefore as cheaply as possible, development is happening continuously. That development is in the hardware – the physical bits connected together and the software. What many don’t realise is those bits are made of bits and individual chips with a role in a device have their own software giving instructions. Developers have ‘development backdoors’ on chips and component so that updates can be quickly coded or integrated and the sides are supposed to be closed down before the production version is manufactured. Frequently this doesn’t happen as it is another process and therefore cost and development is ongoing often even after manufacture has started, so chips are put into production devices with engineering flaws.

The second area is that security is not designed in at chip level. There isn’t enough coding room for this to happen. However, Huawei is not the only international giant with reported security flaws.

Not just Huawei

Last year there were several reports on the blogging site Reddit saying that some Samsung Galaxy S9 and Note 8 phones were sending users’ pictures to their contacts without their permission and linked the issue to the Samsung Messages app.

Then we had Google confirming that it allows some external software developers to read and analyse the inboxes of Gmail users. “External apps can integrate with Gmail, so customers have options around how they use their email,” director of security at Google Cloud Suzanne Frey said in a blog post.

So who is listening to your conversations?
On the 3rd of July 2018 in the UK Parliament, the UK Defence Secretary, Gavin Williamson was updating MPs on Syria was rudely interrupted, not by another MP, but by his iPhone’s AI App Siri which boomed out “Hi Gavin, I found something on the web for: ‘In Syria, democratic forces supported by coalition…”

Trying to make light of the interruption Mr Williamson said, “It is very rare that you’re heckled by your own mobile phone.” Very quickly afterwards sources close to the minister denied that having the voice recognition software switched on posed a security risk, saying he did not carry that phone during confidential and sensitive meetings.

However, what wasn’t said is if he has sensitive conversations on that phone or with people when the phone is in his pocket. It is always listening.

In 2015 Samsung again warned its customers about discussing personal information in front of their smart television set. The warning applied to TV viewers who control their Samsung Smart TV using its voice activation feature. Samsung said, “when the feature is active, such TV sets ‘listen’ to what is said and may share what they hear with Samsung or third parties.”

Many of these companies use Chinese made chipsets in their technologies.

Papers leaked from America’s National Security Agency (NSA) by Edward Snowden through Wikileaks, revealed that it had hacked into Huawei’s headquarters, obtaining technical information and monitored the communications of its top executives. One of the reported aims was to try and uncover vulnerabilities or back doors in the products to use them for US surveillance operations.

The US Hacks Huawei

This could be why the US director of national intelligence and heads of CIA, FBI, NSA gave public warnings, but it is likely they know more about Huawei than they would be willing to say publicly. There is a distinct possibility that they found vulnerabilities not just in the software run on the phones, but the firmware (the code that makes components talk to each other) and even in some cases the hardware, the components themselves.

The Chinese Government’s cyber capability is provided by the Strategic Support Force (SSF) and is the military organisation tasked with gaining a strategic advantage in the information and cyber domain via its Network Systems Department. Given Chinese government control over most of its industry and that has been clear reporting for many years that the Chinese government forces its domestic electronic equipment providers to hand over their source code, this will be used by the SSF to exploit vulnerabilities in devices globally. Linking this to the new law reinforces the suspicions with regard to Huawei.

More back doors.
However, when it comes to ‘backdoors,’ it is not the Chinese who have been found out recently. In 2018 five undocumented back doors were found in CISCO routers and detailed in a book entitled No Place to Hide,” by Glenn Greenwald, the journalist who originally broke the Edward Snowden story. Greenwald states that unbeknown to CISCO the NSA intercepts routers and network devices bound for overseas customers and “then implants backdoor surveillance tools, repackages the devices with a factory seal, and sends them on. The NSA thus gains access to entire networks and all their users.”

There is merit to being wary of any one nation having potential access no matter how small it is to critical communications networks by what ever means. However, what is clear is that every nation is at the espionage game and if Huawei routers are being used then possibly another manufacturers tampered with routers are not being used, blinding that intelligence agency.

They are just doing their job.
It is the remit of national intelligence agencies to gain an advantage and they will do so by what ever means. The whole intelligence game revolves around data. Data is key to everything so it can be analysed, cross referenced, processed, assessed and turned into intelligence. The Russians targeting priorities are to gain political advantage and steal military secrets the Chinese focus is primarily on intellectual property; President Trump has stated the US priority, “America First.”

Huawei deny any Chinese state control or vulnerabilities and set up an organisation staffed by UK security cleared personnel to test the equipment they attach into the critical national infrastructure (CNI) and that organisation is called “The Cell.”

Jerry Wang, CEO of Huawei in the UK, wrote to The Times: “Their accusations are a smokescreen for an attack on our recognised technological innovation. They are not based on security concerns, but a barely concealed protectionist trade agenda.”

 

** New**

New UK Ban

On 14th July 2020 the UK announced a decision to ban Huawei from the UK 5G network and this has been called a U Turn. It isn’t – it is a change in the situation.  The US Commerce Department amended an export rule to block shipments of semiconductors to Huawei to “strategically target Huawei’s acquisition of semiconductors that are the direct product of certain US software and technology.”

This rule stops any manufacturer that uses US software and technology from supplying Huawei without a US license (which will never be granted), cutting off many of Huawei’s trusted suppliers. This will cause Huawei to turn to potentially untrusted Chinese component suppliers increasing the potential vulnerabilities of Huawei systems.

The UK Governments decision is siting security correctly, but it is because of a changed security situation caused purely by US trade sanctions. The Huawei issue is nothing more than a move in a US/China trade dispute but enhanced by China’s move to ignore its treaty with the UK on Hong Kong and a message on its wider Human rights stance.

How can I assess this? On 09 July 2020 the UK Parliaments Science and Technology Committee interrogated Huawei about the risk. Huawei said they didn’t know where they were going to get the components to replace those affected by US sanctions from, but asked for a few more weeks to clarify that.  They haven’t been given that time, so in reality we don’t know if there would be an increased risk or not. We have just spent £2Bn on a decision that didn’t need to be made just yet!

**New paras end**

We have several elements to the current debate, espionage, a distinct probability but all sides do it. Trade, and security is an easy cry to scare the markets into protectionist trade policies. Manufacturing standards, whether one manufacturer should have a monopoly on critical elements of a network and with 5G the way we structure our future Satan enabled world.

One thing to remember about anything you process electronically on a device that is connected to any network, WIFI, mobile provider, is that that data may not be as safe and personal as you think. It is your choice as to what tech you buy but whatever your choice is, think security, think risk, think compromise.

 

If you would like any further comment from Philip, please contact him by clicking HERE

The GRU is on the Ropes

The GRU is on the Ropes

The GRU is on the Ropes

****Updated 1230 on 04 Oct 18*****

At one-minute past midnight on 4thOctober 2018 a statement came out from the British Government saying that the National Cyber Security Centre (NCSC) had “identified that a number of cyber actors widely known to have been conducting cyber-attacks around the world are, in fact, the GRU.”

The GRU is the Russian Military Intelligence organisation also known as the Main Intelligence Directorate who have been accused of being responsible for the assassination attempt on Sergei Skripal in Salisbury in March this year.

Since then, the British Prime Minister Teresa May has openly accused the GRU of their involvement in the attack, saying the two attackers, Alexander Petrov and Ruslan Boshirov had flown into Gatwick on 02 March and out of Heathrow on 04 March and these names were almost certainly pseudonyms.

The investigative journalism website Bellingcat went on to expose the real identity of the man who travelled under the name Ruslan Boshirov as Colonel Anatoliy Chepiga, a highly decorated GRU Officer who had received the Hero of the Russian Federation award in 2014.

In what Philip Ingram MBE a former British Colonel in British Military Intelligence believes is a swipe at the GRU the head of the Russian Foreign Intelligence Service, Sergey Naryshkin, when he said the Salisbury attack was “unprofessionally done.”

Almost sensing the GRU is ‘on the ropes’, openly outed for the Skripal attack, embarrassed by the ease with which investigative journalists with Bellingcat managed to expose serious flaws in the administration of their secret agents and expose the real identity of one of their highly decorated agents, linking him to Salisbury, for the first time, the UK authorities have come out fighting.

What is the GRU accused of this time?

The NCSC has attributed a number of recent attacks to the GRU.  The October 2017, BadRabbit ransomware attack encrypted hard drives and rendered IT inoperable.  This caused disruption including to the Kyiv metro, Odessa airport, but was almost an own goal as it also caused disruption at Russia’s central bank and two Russian media outlets. NCSC assess with high confidence that the GRU was almost certainly responsible.

In August 2017, confidential medical files relating to a number of international athletes, including the cyclist Sir Bradley Wiggins were released.  WADA stated publicly that this data came from a hack of its Anti-Doping Administration and Management system. NCSC assess with high confidence that the GRU was almost certainly responsible.

In 2016, the Democratic National Committee (DNC) was hacked and documents were subsequently published online. NCSC assess with high confidence that the GRU was almost certainly responsible.

Of interest in July 2018 the team of special investigator Robert Mueller named 12 apparent GRU officers over the alleged hacking and leaking of Democratic party emails.

Between July and August 2015, multiple email accounts belonging to a small UK-based TV station were accessed and content stolen. NCSC assess with high confidence that the GRU was almost certainly responsible.

This is not the first time the GRU has been accused.

In June 2017 a destructive cyber attack targeted the Ukrainian financial, energy and government sectors but spread further affecting other European and Russian businesses. The UK Government attributed this attack to the GRU in February 2018.  NCSC assess with high confidence that the GRU was almost certainly responsible.

In October 2017, VPNFILTER malware infected thousands of home and small business routers and network devices worldwide.  The infection potentially allowed attackers to control infected devices, render them inoperable and intercept or block network traffic

In April 2018, the NCSC, FBI and Department for Homeland Security issued a joint Technical Alert about this activity by Russian state-sponsored actors.

The Foreign Secretary, Jeremy Hunt said:

“These cyber attacks serve no legitimate national security interest, instead impacting the ability of people around the world to go about their daily lives free from interference, and even their ability to enjoy sport.

“The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens.  This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences.

“Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.”

The UK is not alone with accusing the GRU and last night the Australians came out to support the UK statement. Of note, the Australians are part of the 5 eyes community.  This is an intelligence-sharing community of the US, UK, Canadians, Australians and New Zealand.

Timing is of interest as it is almost certainly a swipe at President Putin, waning him off interfering with the US midterm elections due on 6thNovember 2018.

The UK Prime Minister said in Parliament on 5 September 2018, the UK will work with our allies to shine a light on the activities of the GRU and expose their methods.  Her dancing queen speech in Birmingham is turning into her Rocky Balboa attack on the GRU, for the first time she is taking the fight to the Russians.

The announcement this morning by the Major General Onno Eichelsheim from the Dutch MIVD intelligence service regarding the expulsion of 4 GRU agents who were targeting the OPCW in the Netherlands is significant in it shows the international community joining Teresa May in ‘the ring’  helping with the fight against the Russians in an unprecedented way.  Of significance, what is being exposed are some very bad ‘drills’ by the GRU operatives  and this reinforces Sergey Naryshkin comments that the Skripal attack was ‘unprofessionally done.’

Note: This blog is written by Philip Ingram MBE, a former Colonel in British Military Intelligence, who was based near Salisbury and has assessed Russian activity for many years. If you would like any further comment from Philip, please contact him by clicking HERE

Global Counter Terrorism Conference

Global Counter Terrorism Conference

Global Counter Terrorism Conference and more

The Grey Hare Media team are supporting the UK Security Expo on the 29th and 30th November 2017 at Olympia in London and a flagship event at the expo is the Global Counter Terrorism Conference.

Given our relationship with the event we are able to offer special rates for the only paid element of the event, the Global Counter Terrorism Conference to Grey Hare Media contacts.

This exclusive two day Global Counter Terrorism Conference featuring a series of world renowned experts including head of authorites and senior government sepakers from across the globe.

So good even the mayor of Melbourne in Australia is telling the Australian Press all about it: Australia Herald and Sun

There are confirmed representatives from Barcelona, Melbourne, Brussels, The Hague, Rotterdam, London, and hopefully Berlin and Manchester.

Topics covered will include Border Security Post Brexit and free movement in the EU, Countering Radicalisation & Tackling Extremism, Cyber Warfare, UK/Europe/NATO and Trump’s America and Migration.

Keynote Speakers include:

>> UK Security Minister, Ben Wallace MP

>> Dr Erroll Souther – A former FBI Agent, who also previously served as Governor Arnold Schwarzenegger’s Deputy Director in the California Office of Homeland Security and President Barack Obama’s first nominee for Assistant Secretary of the Transportation Security Administration.

The ‘Early Bird’ rates for the Global Counter Terrorism Conference taking place at UK Security Expo on the 29-30 November in London have now expired but for a limited time only I have a special code you can enter online to roll back the current prices to the pre Early Bird prices of £199+vat for a one day pass and £299+vat for a two day pass.

If you would like to attend the Exclusive Global Counter Terrorism Conference please select pass option ‘UK Security Expo Pass including Global Counter Terrorism Conference’ when booking online by clicking on the picture Global Counter Terror Conference and be sure to enter code GCTROLLBACK.

There are so many other events at the show that are free and one of the things I love about this event is that the organisers are not just about selling floorspace and getting random visitors – they genuinely want to add value knowing that it is adding that value that will encourage visitors and exhibitors.  This is the only event I see taking this approach.

Peter Jones who, with his great team organise the whole thing, is adamant that he wants to create the platform needed to enable the exchange of best practice, other ideas and a better understanding of lessons and technology in a way that brings together Government agencies and security forces, the private sector and equipment manufacturers to give a strong foundation to build the content on.

If you can’t make the Global Counter Terrorism Conference and just want to come to the event and other conferences which are all free then just click on the picture below and register for your FREE pass:

UK Security Expo