Huawei the truth and the myth.

Huawei the truth and the myth.

Huawei the truth and the myth.

By Philip Ingram MBE

*** Edited 14th July 2020 to add in a paragraph about why the UK Government has made a decision to ban Huawei equipment from the UKs 5G Network***

We are hearing one name, causing news presenters angst when it comes to pronouncing it, in the press at the moment, it is that of the Chinese telecom giant Huawei. So why are government ministers interested in Huawei? Why are the 5 Eyes community talking about it so much? What is the truth and what is the hype? Finally is there anything else we should be worried about? Philip Ingram MBE, a former Senior British Intelligence officer who has worked with signal intelligence organisations, takes a look.

Techadvisor.co.uk said “You can’t ignore Huawei any more. With increasingly premium smartphones on the market,” the Chinese company is challenging Samsung, LG, Sony and Apple who according to analysis by consulting firm Counterpoint Research, it outsells globally.

Given this great accolade then why are the US Government putting certain Chinese companies under increasing scrutiny and even more. In February, FBI Director Chris Wray told the Senate Intelligence Committee that the FBI was “deeply concerned” about the risks posed by the Chinese phone and telecommunications equipment providers Huawei and ZTE. Both Huawei and ZTE have repeatedly insisted that their consumer devices don’t pose a security threat to the US or anywhere else across the globe. (ZTE like Huawei provide telecom infrastructure devices). The Australian Government has decided, reportedly on national security grounds, to exclude Huawei from involvement in their National Broadband Network.

Nothing New
In a report to the UK parliamentary Intelligence and Security Committee, the Security Service (MI5) said in 2008 that, theoretically, the Chinese State may be able to exploit any vulnerabilities in Huawei’s equipment in order to gain some access to the BT network, which would provide them with an attractive espionage opportunity. So the issue in the press today is nothing new!

Looking at the UK market, Huawei makes everything from the routers and switches that steer traffic across the internet, to BT’s green street cabinets, to the transmission equipment used in mobile phone masts. If you send an email from your home computer or make a mobile phone call, wherever you are in the UK, the chances are your private communications and data will be carried over Huawei equipment. However, it is not the private communications that concerns are being raised about. It is the linking of our national infrastructure across the 5G network.  5G is a step change in the ability to transmit high speed data and will enable our already connected life style to reach levels probably unimagined as yet.

On the back of that report, BT who control the communications infrastructure across the county, started a programme to strip Huawei equipment out of the current 3G and 4G networks and have not planned to put Huawei devices into the core of developing 5G Networks. However, Huawei hit back and opened the Huawei Cyber Security Evaluation Centre (HCSEC) (known as “The Cell”) in 2010 just outside Oxford and put it under the oversight of what was then called the CESG and is now NCSC, the public facing part of the UK’s GCHQ.

This is why in recent statements senior personnel from GCHQ have been able to say they had “a unique oversight and understanding of Huawei engineering and cyber security”. One of the major issues over Huawei engineering is around so called ‘back doors’ being engineered into the hardware on the orders of the Chinese Government, so that the Chinese had a secret method of taking control of the hardware when they wanted to.

This fear was enhanced when China introduced its new National Intelligence Law and in particular Article 7 of that law which states, “any organisation or citizen shall support, assist, and cooperate with state intelligence work according to law.” Then Article 14 says, ‘state intelligence work organs, when legally carrying forth intelligence work, may demand that concerned organs, organisations, or citizens provide needed support, assistance, and cooperation.” This just reinforces that the Chinese state can overrule Huawei’s claimed independence. Huawei continue to insist that the law is being mis-interpreted.

Back doors
This idea of back doors is nothing new and ‘The Cell’ has found no evidence of back doors being deliberately put in Huawei hardware and they have denied they would ever do so, even if there was pressure from the Chinese Government. One area that possibly leaves hardware vulnerabilities however, is in their basic engineering.

Dr Ian Levy, technical director of the National Cyber Security Centre (NCSC), said on BBC Panorama, “The security in Huawei is like nothing else – it’s engineering like it’s back in the year 2000 – it’s very, very shoddy and leads to cyber security issues that we then have to manage long term.” But what does shoddy engineering mean?

As electronics are developed rapidly and for the mass market therefore as cheaply as possible, development is happening continuously. That development is in the hardware – the physical bits connected together and the software. What many don’t realise is those bits are made of bits and individual chips with a role in a device have their own software giving instructions. Developers have ‘development backdoors’ on chips and component so that updates can be quickly coded or integrated and the sides are supposed to be closed down before the production version is manufactured. Frequently this doesn’t happen as it is another process and therefore cost and development is ongoing often even after manufacture has started, so chips are put into production devices with engineering flaws.

The second area is that security is not designed in at chip level. There isn’t enough coding room for this to happen. However, Huawei is not the only international giant with reported security flaws.

Not just Huawei

Last year there were several reports on the blogging site Reddit saying that some Samsung Galaxy S9 and Note 8 phones were sending users’ pictures to their contacts without their permission and linked the issue to the Samsung Messages app.

Then we had Google confirming that it allows some external software developers to read and analyse the inboxes of Gmail users. “External apps can integrate with Gmail, so customers have options around how they use their email,” director of security at Google Cloud Suzanne Frey said in a blog post.

So who is listening to your conversations?
On the 3rd of July 2018 in the UK Parliament, the UK Defence Secretary, Gavin Williamson was updating MPs on Syria was rudely interrupted, not by another MP, but by his iPhone’s AI App Siri which boomed out “Hi Gavin, I found something on the web for: ‘In Syria, democratic forces supported by coalition…”

Trying to make light of the interruption Mr Williamson said, “It is very rare that you’re heckled by your own mobile phone.” Very quickly afterwards sources close to the minister denied that having the voice recognition software switched on posed a security risk, saying he did not carry that phone during confidential and sensitive meetings.

However, what wasn’t said is if he has sensitive conversations on that phone or with people when the phone is in his pocket. It is always listening.

In 2015 Samsung again warned its customers about discussing personal information in front of their smart television set. The warning applied to TV viewers who control their Samsung Smart TV using its voice activation feature. Samsung said, “when the feature is active, such TV sets ‘listen’ to what is said and may share what they hear with Samsung or third parties.”

Many of these companies use Chinese made chipsets in their technologies.

Papers leaked from America’s National Security Agency (NSA) by Edward Snowden through Wikileaks, revealed that it had hacked into Huawei’s headquarters, obtaining technical information and monitored the communications of its top executives. One of the reported aims was to try and uncover vulnerabilities or back doors in the products to use them for US surveillance operations.

The US Hacks Huawei

This could be why the US director of national intelligence and heads of CIA, FBI, NSA gave public warnings, but it is likely they know more about Huawei than they would be willing to say publicly. There is a distinct possibility that they found vulnerabilities not just in the software run on the phones, but the firmware (the code that makes components talk to each other) and even in some cases the hardware, the components themselves.

The Chinese Government’s cyber capability is provided by the Strategic Support Force (SSF) and is the military organisation tasked with gaining a strategic advantage in the information and cyber domain via its Network Systems Department. Given Chinese government control over most of its industry and that has been clear reporting for many years that the Chinese government forces its domestic electronic equipment providers to hand over their source code, this will be used by the SSF to exploit vulnerabilities in devices globally. Linking this to the new law reinforces the suspicions with regard to Huawei.

More back doors.
However, when it comes to ‘backdoors,’ it is not the Chinese who have been found out recently. In 2018 five undocumented back doors were found in CISCO routers and detailed in a book entitled No Place to Hide,” by Glenn Greenwald, the journalist who originally broke the Edward Snowden story. Greenwald states that unbeknown to CISCO the NSA intercepts routers and network devices bound for overseas customers and “then implants backdoor surveillance tools, repackages the devices with a factory seal, and sends them on. The NSA thus gains access to entire networks and all their users.”

There is merit to being wary of any one nation having potential access no matter how small it is to critical communications networks by what ever means. However, what is clear is that every nation is at the espionage game and if Huawei routers are being used then possibly another manufacturers tampered with routers are not being used, blinding that intelligence agency.

They are just doing their job.
It is the remit of national intelligence agencies to gain an advantage and they will do so by what ever means. The whole intelligence game revolves around data. Data is key to everything so it can be analysed, cross referenced, processed, assessed and turned into intelligence. The Russians targeting priorities are to gain political advantage and steal military secrets the Chinese focus is primarily on intellectual property; President Trump has stated the US priority, “America First.”

Huawei deny any Chinese state control or vulnerabilities and set up an organisation staffed by UK security cleared personnel to test the equipment they attach into the critical national infrastructure (CNI) and that organisation is called “The Cell.”

Jerry Wang, CEO of Huawei in the UK, wrote to The Times: “Their accusations are a smokescreen for an attack on our recognised technological innovation. They are not based on security concerns, but a barely concealed protectionist trade agenda.”

 

** New**

New UK Ban

On 14th July 2020 the UK announced a decision to ban Huawei from the UK 5G network and this has been called a U Turn. It isn’t – it is a change in the situation.  The US Commerce Department amended an export rule to block shipments of semiconductors to Huawei to “strategically target Huawei’s acquisition of semiconductors that are the direct product of certain US software and technology.”

This rule stops any manufacturer that uses US software and technology from supplying Huawei without a US license (which will never be granted), cutting off many of Huawei’s trusted suppliers. This will cause Huawei to turn to potentially untrusted Chinese component suppliers increasing the potential vulnerabilities of Huawei systems.

The UK Governments decision is siting security correctly, but it is because of a changed security situation caused purely by US trade sanctions. The Huawei issue is nothing more than a move in a US/China trade dispute but enhanced by China’s move to ignore its treaty with the UK on Hong Kong and a message on its wider Human rights stance.

How can I assess this? On 09 July 2020 the UK Parliaments Science and Technology Committee interrogated Huawei about the risk. Huawei said they didn’t know where they were going to get the components to replace those affected by US sanctions from, but asked for a few more weeks to clarify that.  They haven’t been given that time, so in reality we don’t know if there would be an increased risk or not. We have just spent £2Bn on a decision that didn’t need to be made just yet!

**New paras end**

We have several elements to the current debate, espionage, a distinct probability but all sides do it. Trade, and security is an easy cry to scare the markets into protectionist trade policies. Manufacturing standards, whether one manufacturer should have a monopoly on critical elements of a network and with 5G the way we structure our future Satan enabled world.

One thing to remember about anything you process electronically on a device that is connected to any network, WIFI, mobile provider, is that that data may not be as safe and personal as you think. It is your choice as to what tech you buy but whatever your choice is, think security, think risk, think compromise.

 

If you would like any further comment from Philip, please contact him by clicking HERE

Novichok and Salisbury – a British Military failure

Novichok and Salisbury – a British Military failure

Novichok and Salisbury – a British Military failure

It should have been a strategic gift, an assassination attempt using an agent that as we have heard from Gary Aitkenhead, the chief executive of the MoD, Defence Science and Technology Laboratory (DSTL), said was a military-grade novichok nerve agent, which could probably be deployed only by a nation-state. Instead, we are being led a merry dance in information terms regarding the burden of proof and apportionment of blame.

The Russians, who I more firmly than ever assess were behind this attack have a doctrine of маскировка (maskirovka), literally masking. This was defined in the International Dictionary of Intelligence from 1990 as the Russian military intelligence (GRU) term for deception and if we are ever seeing a deception operation in play today just look at all of the Russian statements around every reason why everyone else was to blame for the Salisbury attack.

Looking at what we the public know and the thinking behind it means there can be only one guilty party. That guilt is based on an intelligence assessment and intelligence is not an exact science.  In fact, to make an intelligence call, very often you are working only on a balance of probabilities rather than what a court of law would require with a ‘beyond reasonable doubt’ call.  Intelligence does not, and rarely is as certain.  That is why it is a professional business and why, when amateurs or politicians, such as happened in the ‘dodgy dossier’ case for the Iraq war, think they can amend carefully worded assessments, they get it wrong in a spectacular way.  We have not seen and won’t see the publication of a political interpretation of the intelligence, we have seen a political statement of what the agencies assess.

Intelligence looks at two things, capability and intent, and Gary Aitkenhead, a MoD employee, has clearly outlined the capability side of the argument.  Often scientific analysis can identify not just the lab was an unusual substance is made but the individual who made it; that is clearly not the case with this novichok compound. However, it is not the remit of DSTL to comment on intent.

The theories I outlined in my blogs here: https://greyharemedia.com/sergei-skripal-assassination/ and here: https://greyharemedia.com/sergei-and-yulia-skripal-assassination-attempt-further-comment/  continue to hold accuracy and I continue to believe that on the balance of probabilities, the Russian President, Vladimir Putin ordered this assassination attempt using novichok. He did it for a number of reasons including sending a powerful message to anyone who opposes him and remember this happened 14 days before the Russian Presidential election and to stick a proverbial 2 fingers up at the West, he wanted the world to know it was probably him hence the choice of a novichok agent, as he would have known it would be traced back to him. This was a political attack rather than an assassination attempt; the means required the assassination attempt.

So why do I call this a British Military failure? Earlier this year Robert Hannigan, the ex-director of GCHQ, said of the Russian threat in an interview, ‘We didn’t see Russian use of disinformation coming‘.  Combine this with the Vice Chief of the Defence Staff General Sir Gordon Messenger telling The Times that the need to win the information war concerns him more than the latest model of tank, fast jet or warship.

He said, hardware still has a role but wants to see an evolution in the military mindset about the importance of using data to help defeat and destroy an enemy. “We have to wake up to the idea that our ability to turn data into information advantage, our ability to respond faster through cleverer decision-making which is enabled by the flow of information, is actually frankly as important if not even more important than whether our tanks out-range an anti-tank missile.”

These statements clearly demonstrate a naivety with the UK’s senior defence decision makers and a failure to remember what they have been expensively taught at military staff colleges. General Messenger will be staff college trained and educated as a member of the Royal College of Defence Studies, an elite course tailored for those heading to the top, both courses will have taught the importance of маскировка (maskirovka) and its use by the Russians as well as its historical underpinning by the ancient Chinese General and Philosopher Sun Tzu in the 6thCentury. The military mindset should be there already.

How can defence have forgotten what is taught and allowed Gary Aitkenhead to give a very public interview where only the most naïve wouldn’t have realised the potential implications and the information operations gift it would give Russia? Yet it happened in a vacuum of zero MoD pre and post-interview messaging to reinforce the MoD’s part in the wider government intelligence assessment process.

This is a basic tactic that the MoD should have deployed yet instead we have silence. That silence is tantamount to providing an advantage to another state to cause harm to the UK. It has and will continue to embolden the Russian маскировка (maskirovka) campaign and cause the UK political damage domestically through naïve anti-government groups and internationally to those who want to keep Russia onside for a bit at least.

In law, often doing nothing is as much a crime as committing the criminal act if it is known about. Here we have the MoD knowing a statement from a MoD official, will likely cause national harm, yet it does nothing. That is the failure and that failure needs to be held to account. We don’t need an enemy with capability anymore, intent is good enough, we give them the capability.

It is akin to the MoD making IEDs for terrorists to use, it is wrong and has to stop. So, either CDS has failed or he has been ordered by his political master not to do anything, one or other must account for damaging the nation.

Note: This blog is written by Philip Ingram MBE, a former British Army Intelligence Offficer who was based near Salisbury in the past. If you would like any further comment from Philip, please contact him by clicking HERE

Sergei Skripal – was it an assassination?

Sergei Skripal – was it an assassination?

Sergei Skripal – was it an assassination?

by Philip Ingram MBE

Updated 08 Mar

‪As someone who commanded an intelligence unit with a capability for the covert surveillance of Russian intelligence operations, I think I am qualified to do some analysis of detail that is coming out from the reporting of the Sergei Skripal incident. ‬

I will open this with a caveat, I am analysing press reporting which is already speculation heavy but there are enough ‘pointers’ to allow me to bring some informed comment to be brought out.  The detail is likely to change, especially regarding the potential attack vector, however, the analysis should remain sound.

The two questions an intelligence analyst asks about any incident are; does the capability exist and is there an intent to use the capability? Often one exists without the other, the threat is therefore considered low. Where the two exist, the threat is considered credible.

The Russians have the capability to carry out remote assassinations overseas and within the UK using sophisticated ‘poisons’ and they are not fixed on one agent. Georgi Markov was assassinated in London in 1978 by a Soviet-trained Bulgarian secret service agent using ricin, a highly toxic, naturally occurring compound, it was embedded in a pellet fired from an umbrella. In 2006, Alexander Litvinenko an ex-KGB officer died after drinking green tea laced with polonium-210, a rare and potent radioactive isotope, again in London.

The symptoms reported in the Daily Mail and elsewhere are consistent with poisoning by an organophosphate-based nerve agent of which SARIN or GB has hit the press recently with its use in Syria by Russian backed Syrian forces. Last year the North Korean leaders’ half-brother Kim Jong-Nam was assassinated in Kuala Lumper Airport in Malaysia by another organophosphate-based nerve agent VX which is an abbreviation for “venomous agent X.” The Russians have access to very sophisticated nerve agents including GB and VX, that act within seconds. VX or a derivative would be a referred agent as it is less volatile and it being more potent than Sarin, it can have fatal effects in smaller doses absorbed through the skin.

Of course, there are many other similar compounds in the organophosphate and carbamate groups that can cause these symptoms.  And with no confirmation of agent at the moment, the suggestion it could be novel or bespoke will remain.  Caveating my comments that VX is possible and has been used before, scientists could have developed some other mycotoxin specifically for this type of assassination attempt. An issue is at least one of the first responders didn’t show symptoms till the next morning which is unusual for a nerve agent contamination but may not be immediately related.

Now the government have confirmed that a nerve agent was used it is worth having a look at some of the derivatives of the G series and V series that have been developed.  I studied these as part of my first and masters degree courses, completing specialist projects on CBRNE threats, so again, I think I am qualified to do some analysis.

Nerve agents are compounds that have the capacity to inactivate the enzyme acetylcholinesterase which is there to ‘turn off’ a trigger signal in a nerve caused by acetylcholine.  If you cant turn it off the nerve keeps firing.  Some of the first agents to be developed were developed by the Nazi’s just before and during the second world war and were given the designator ‘G’ for German. The 3 most common are tabun (GA), sarin (GB), and soman (GD). The man credited with their development was Dr Gerhard Schrader who had been working on pesticides when he realised the power of what he had developed.

It was the British in1954 who first synthesized O-ethyl S-(2-diisopropylaminoethyl) methylphosphonothioate, the scientific name for what the Americans designated VX.  The ‘V’ agents are at least 10 times more toxic than the most common ‘G’ agent, sarin (GB).  One of the characteristics of the ‘V’ agents is that they were much less volatile than the ‘G’ agents and were therefore considered persistent agents, able to contaminate an area or individual for longer and not reliant on inhalation as much, their persistence and toxicity made skin absorption a significant exposure threat. There are other ‘V’ agents but much of the detail about them remains classified and they have code names like VE, V-gas, VG, and VM.  Of note, V-gas is the Russian equivalent of VX and with VE, VG and VM are much rarer but act in a similar way.  The world of chemical agents and especially nerve agents and mycotoxins is a complex, fascinating and frightening one, the rarer the agent used the easier it is to apportion blame once the substance has been identified as there are very few facilities across the globe with the sophisticated laboratories able to create and test new agents.

The Russians have the intent – Putin’s clear statements about what he thinks of those caught spying in a video that emerged in 2010 where he said, “Traitors will kick the bucket. trust me. These people betrayed their friends, their brothers in arms. Whatever they got in exchange for it, those 30 pieces of silver they were given, they will choke on them,” is a clear enough statement of intent. In addition, the Russian history of similar assassinations and the clear message it sends to those who may try to undermine Putin’s power base.  From a personal perspective, Putin will likely see Sergei Skripal as a traitor no matter what.

What is slightly more frightening is it also sends a message to the international community and to the UK in particular that the Russians are willing to operate with impunity across the globe. This is consistent with their military actions in Syria and their increased military presence globally as well as statements regarding new nuclear capabilities and pictures of new conventional weapon systems.

When in October 2017, Robert Hannigan, the former head of GCHQ, described Russia’s use of cyber-attacks as “a new way” of waging war against the country’s enemies he forgot his readings of Sun Tzu the 6th century Chinese general, military strategist, and philosopher, arguably the greatest military tactician and strategic thinker ever, said in his book the Art of War, “All warfare is based on deception.” He also clearly forgot the Russian doctrine of маскировка (maskirovka) defined in the International Dictionary of Intelligence from 1990 as the Russian military intelligence (GRU) term for deception. Vladimir Putin would have “grown up” in an organisation where maskirovka was a normal part of everyday thinking and is part of their aggressive information operations doctrine.

The frightening analysis of Hannagan’s statement is that the UK intelligence services have taken their eye off the Russian threat. Resources monitoring it have been reallocated to the counter-terror threat whilst the Russians and other intelligence agencies have kept their numbers and activities at the same or greater levels in the Cold War. The UK has become an open playground for unmonitored espionage.

Putting all of this together, it is highly probable that this was a sanctioned assassination with a motivation to send a message to some of Putin’s opposition in the run-up to the Presidential Election and show ‘strength’ to his domestic audience as well as settle a score!  Of course, it won’t be obvious that it was definitely Putin sanctioned as it is not unusual for Russian agencies to use plausibly deniable outlets for their “dirty work”.  The BBC Series Mc Mafia had more than an element of truth running through its drama. The pictures of the extremely professional emergency services response show how credible the threat was and how all precautions were being taken.  The fact that the investigation was quickly handed over from Wiltshire Constabulary to the MET suggests that the national implications were recognised quickly.  I would assess that the agent used was a thickened version of one of the ‘V” group, possibly thickened V-gas but this is not based on any hard evidence.

Detailed analysis by DSTL Porton Down will be able to identify the cause and recommend the most appropriate medical treatments for Sergei Skripal‬ and his daughter, as well as the others, affected as there can be long-term effects. Their luckiest break is that it happened only a short distance from Porton Down, one of the world’s leading chemical defence research centres.  It is probable that whoever is ultimately responsible for this attack, they will have created a lot of false trails to generate an air of plausible deniability to act as a smokescreen.  However, the authorities will know the culprits with some certainty.

Note: This blog will be updated as new information is received.  The current version was updated at 2000 on 8th March 2018 – if you would like any further comment from Philip, please contact him by clicking HERE