Alleged Chinese hacking of American companies may have diminished since tensions over the issue came to a head during Xi Jinping’s state visit to the U.S. last year. At Lawfare, however, security technologist Bruce Schneier describes a recent series of attacks which appear to show “someone […] learning to take down the internet.” “The data I see suggests China, ” he writes, “an assessment shared by the people I spoke with.”
Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don’t know who is doing this, but it feels like a large a large nation state. China or Russia would be my first guesses.
[…] Who would do this? It doesn’t seem like something an activist, criminal, or researcher would do. Profiling core infrastructure is common practice in espionage and intelligence gathering. It’s not normal for companies to do that. Furthermore, the size and scale of these probes – and especially their persistence – points to state actors. It feels like a nation’s military cybercommand trying to calibrate its weaponry in the case of cyberwar. It reminds me of the US’s Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities. [Source]
Schneier is not given to sensationalism or to demonizing China: he has written in the past about the inflated threat of “cyberwar” and emphasized the United States’ lack of relative moral high ground.
At Bloomberg, meanwhile, Eli Lake notes other suspicions about Chinese threats to internet infrastructure as tech giant Huawei vies for a role in America’s next-generation 5G mobile network.
For more than a decade, the U.S. military and intelligence community has quietly warned that the world’s largest telecom equipment manufacturer, Huawei, is an arm of the People’s Liberation Army and that its phones, circuits and routers are instruments of Chinese eavesdropping.
Now these agencies are starting a formal review, led by the FBI and the NSA, examining the national security implications of Huawei’s potential participation in building the U.S. 5G wireless network, according to current and former U.S. intelligence officials.
[… A major] concern for the U.S. intelligence community has been the prospect that Huawei’s closeness to the Chinese government makes it an intelligence asset, similar to how U.S. telecom providers such as AT&T have given the NSA access to data on their networks, as documents disclosed through former contractor Edward Snowden have shown.
Through Huawei, China could gain this kind of access by implanting microscopic beacons inside its routers and circuits allowing the People’s Liberation Army to peer into U.S. communications networks. One former U.S. intelligence operator told me these beacons were first detected by the U.S. military in 2004. “We freaked out because we knew these routers would phone home to China,” this source said. [Source]
The company has rejected such accusations, arguing that compromising its products in this way would constitute “corporate suicide.” The Wall Street Journal’s Juro Osawa reports that Huawei has now partnered with Microsoft in an effort to allay their respective governments’ suspicions.
Chinese antitrust regulators are investigating Microsoft, and Huawei has been shut out of the U.S. telecommunications-equipment market over concerns it might be a front for cyberspying.
None of that is good for business. And now the two have joined forces in a “buyers guide,” meant to allay fears that each new information-technology contract poses a cybersecurity threat. Aimed at governments and corporations shopping for information- and communications-technology products and services, it was produced in cooperation with the nonprofit EastWest Institute.
Rather than reviews and rankings, this buyers guide offers a discussion of security issues in technology development, manufacturing, distribution and supply-chain management. It is part of a broader effort to shift the global cybersecurity debate away from what trade groups describe as protectionist initiatives triggered by political tensions between governments.
[…] “Businesses on both sides are frustrated by continued friction between the U.S. and China,” said Duncan Clark, chairman of Beijing-based consulting firm BDA China, who has worked with many Chinese companies including Huawei.
There are, however, some signs of changes in the debate. [Source]
Also at The Wall Street Journal, Li Yuan writes that Huawei’s difficulties abroad have helped burnish its image at home:
“Huawei has a special quality that it dares to challenge Western high-tech giants and defeat them,” says Tian Yiyan, a mobile-app developer in Shanghai. He says he believes Huawei’s claim that it can surpass Apple and Samsung to become the world’s top smartphone maker by sales in five years—and that adds to the company’s allure.
[… In China,] the company is widely seen as an innovator that stands apart from the stodgy state-owned sector.
Even its research-and-development budget is positioned as a selling point in China. Huawei reported $9.2 billion in R&D spending in 2015, higher than the $8.1 billion Apple spent in its most recent fiscal year, a fact widely noted in the Chinese media. Huawei generated excitement in June when it sued Samsung, claiming violation of its mobile patents—a reversal for Chinese manufacturers that long have been on the receiving end of patent disputes.
[… E]ven its struggles in the U.S. are a selling point for some consumers in China. “It represents the Western world’s attempts to rein in China’s growth and rise,” says Ge Chuanfeng, a geological engineer in Beijing who has bought three Huawei phones. He urges people on social media to “Buy Huawei, support Chinese brands and dump Apple.” [Source]