India

Chinese Military Sabotage India’s State Owned Telco BSNL’s Base Station

Report by Shelley Kasli (Geopolitical Analyst)
In a major incident of national security breach, India’s top intelligence agencies and Department of Telecom is all set to jointly launch an investigation into the alleged role of Chinese telecom equipment giant Huawei in hacking into Bharat Sanchar Nigam Limited (BSNL)’s network and sabotaging its expansion plans in Rajahmundry in coastal Andhra Pradesh. Curiously, this is probably the first case where the Centre is also looking at inter-corporate rivalry between two Chinese telecom companies, the other being ZTE, which has bagged BSNL’s network expansion project including the one in Rajahmundry.

The BSNL broad band system at the Anna Road Telephone Exchange

Following reports of Huawei engineers hacking a ‘base station controller’ (BSC), which controls several ‘base transceiver station’ (BTS) or mobile radio base station in an area, during network upgradation work at Rajahmundry in September/October this year, the National Security Council Secretariat (NSCS) in the Capital alerted the Department of Telecom, which in turn sought reply from the BSNL. Though the state-run telecom company conceded there has been a breach by Huawei, it failed to give a detailed account of damage done to the national security or the penal action taken against the Chinese firm.

Now, a five-member team comprising senior official from NSCS, Intelligence Bureau, Ministry of Home Affairs and BSNL will reach the core of the entire issue. “Several key questions have remained unanswered by the BSNL Andhra Pradesh circle…We will find out entire details about the hacking of BSC like failure of password management, change in database, accessibility of BSC from remote location and authorisation of commands to Huawei personnel,” a senior official engaged in the probe told The Hindu.

What is more startling is the fact that the BSNL even failed to report the matter to police or intelligence sleuths in Andhra Pradesh even after finding out the gravity of the situation. It just reported the matter to the Huawei, says an internal communication between the NSCS and the DoT. Initially, the BSNL did not take the matter seriously. It was only after the DoT’s follow ups on the issue, the telecom PSU responded.

Earlier NSC warned of Huawei, ZTE’s links with Chinese Military

The National Security Council (NSC) Secretariat, the apex agency looking into the country’s political, economic, energy and strategic security concerns, has warned against Chinese gearmakers, especially Huawei and ZTE, and said that India must take steps to overhaul its domestic manufacturing capabilities to ‘check, investigate and ultimately replace risks that come with foreign equipment’.

Intelligence officials claim the use of Chinese components in telecoms equipment is a security concern

Intelligence officials claim the use of Chinese components in telecoms equipment is a security concern

“ZTE of China was recently awarded a contract for enterprise solutions by the Power Grid Corporation of India to provide fixed-network transmission services across the country. This network will carry the traffic of both the National Knowledge Network and well as the Rural Broadband Project. Open sources indicate that a Chinese company was the lowest and highest bidder for the same equipment for two Power Grid tenders for different regions, thereby implying that a pricing policy motivated by strategic considerations rather than purely commercial factors,” its report added.

As per the NSC, the demand for telecom equipment in India constituted 6.2% (Rs 76.940 crore) of the global demand ( Rs 1,638,255 crore) in 2012-13, even as it pointed out that failure to initiate domestic manufacturing would force the country to import $150 billion worth of equipment during the next ten years.

“This dependence on equipment imported from abroad raises inherent security concerns,” it added.

Western intelligence agencies are also alert to the risks of eavesdropping and cyber-attacks because they themselves are practitioners (a prime example being the Stuxnet virus, aimed at Iran’s nuclear programme).

[ Although the target of STUXNET was Iran most activity was observed in India. The figures released by Symantec & Kaspersky Lab Experts indicate that it was actually India that was the epicenter of STUXNET activity. If so, what were its targets and what are its implications ?

India on the Grand Geopolitical Energy Chessboard

As per our analysis it was actually STUXNET that caused the largest power outage in Indian history, occurring as two separate events on 30 and 31 July 2012 which affected over 620 million people, about 9% of the world population or half of India’s population, spread across 22 states in Northern, Eastern, and Northeast India. An estimated 32 gigawatts of generating capacity was taken offline in the outage.

For a thorough understanding on the subject kindly go through my article India on the Grand Geopolitical Energy Chessboard ]

“According to UN data, China exported more than $7 billion worth of telecommunication equipment and $2 billion in computers to India in 2011. This represented 55% of total imports in these two product categories.

Indian law enforcement agencies have been expressing concern that widespread use of imported sophisticated equipment, particularly in strategically sensitive sectors like telecom could compromise the country’s security. This is mainly due to the potential for embedded malware, rouge software, remote access, denial of source codes, denial of transfer of technology, denial of maintenance know-how and possibly denial of proper and timely service in the event of breakdowns.

Malicious hardware or software implants could be a potent espionage tool for penetrating sensitive and strategic Indian national security sectors which could be exploited in any future conflict with India,” the NSC warned in its report.

The NSC has suggested that India adopt a two track approach – building domestic manufacturing capabilities of telecom equipment as well as ‘strengthening measures to test and certify equipment that is being integrated into national critical infrastructure networks to mitigate security vulnerabilities’. It has also welcomed the country’s new telecom policy (National Telecom Policy – 2102) which states that domestic production of telecommunication equipment should meet up to 80% of the sector’s requirements by 2020.

The agency also pointed out that a recent report by the US Congress Panel that said the two technology majors from China have ties to that country’s government and military and must be barred from mergers and acquisitions in the United States.

House Intelligence Committee Report : U.S. National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE

Chinese telecom firms Huawei and ZTE pose a security threat to the US, a congressional panel has warned after an investigation into the two companies. The two firms should be barred from any US mergers and acquisitions, according to a House Intelligence Committee report.

Investigative-Report-on-US-National-Security-Issues-Posed-by-Chinese-Telecommunications-Companies-Huawei-and-ZTE

Investigative Report on the U.S. National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE  – A report by Chairman Mike Rogers and Ranking Member C.A. Dutch Ruppersberger of the Permanent Select Committee on Intelligence

The panel says the firms failed to allay fears about their association with China’s government and military.

Huawei and ZTE denied the accusations in front of the panel in September.

Charles Ding of Huawei, left, and Zhu Jinyun of ZTE testified on Capitol Hill about their companies in September

Charles Ding of Huawei, left, and Zhu Jinyun of ZTE testified on Capitol Hill about their companies in September

Later ZTE issued a statement insisting its equipment met all US standards and posed no threat.

Mr Rogers delivered a blunt verdict to the 60 Minutes programme on US network CBS.

“If I were an American company today… and you are looking at Huawei, I would find another vendor if you care about your intellectual property, if you care about your consumers’ privacy, and you care about the national security of the United States of America,” he said.

Among the report’s recommendations were to exclude any Huawei or ZTE equipment or component parts from being used by government contractors, as well both companies becoming “more transparent and responsive to US legal obligations”.

Huawei – The Company that Spooked the World

The success of China’s telecoms-equipment behemoth makes spies and politicians elsewhere nervous

The success of China’s telecoms-equipment behemoth makes spies and politicians elsewhere nervous

The success of China’s telecoms-equipment behemoth makes spies and politicians elsewhere nervous

BANBURY, a little English town best known for a walk-on part in a nursery rhyme and as the eponymous origin of a fruitcake, is an unlikely fulcrum for the balance of power in the world of telecoms. But the “Cyber Security Evaluation Centre” set up there by Huawei, a Chinese telecoms giant, in 2010 marks a new way of persuading purchasers, and the British government, that equipment from the manufacturer that runs it can be trusted. It operates in close co-operation with GCHQ, Britain’s signals-intelligence agency, located conveniently just over the Cotswolds in Cheltenham. Its security-cleared staff, some of whom used to work for GCHQ, are responsible for making sure that the networking equipment and software that the Chinese firm wishes to sell to British telecoms companies are reliable, will only do what customers want them to do and cannot be exploited by cybercriminals or foreign spies—including Chinese ones.

GCHQ, Britain’s Signals-Intelligence Agency

Over the past ten years or so, Chinese telecoms firms such as Huawei and ZTE, another telecoms equipment provider, have expanded from their vast home market to become global players. This is a worry not just for the rich-world incumbents under threat but also for those responsible for the integrity of critical infrastructure such as phone systems. They fear that the companies’ networking gear and software could be used by China’s spooks to eavesdrop on sensitive communications, or that it might contain “kill switches” which would allow China to disable the systems involved in the event of a conflict. “I think it’s ridiculous to allow a Chinese company with connections to the Chinese government and the People’s Liberation Army (PLA) to have access to a network,” says Dmitri Alperovitch of CrowdStrike, a web-security outfit.

A Maoist approach to markets 

The giant causing all this angst rose from humble roots. Although the company is not as forthcoming as it might be about the background of Ren Zhengfei, its founder, he is not the princeling scion of an elite family. He attended the Chongqing University of Civil Engineering and Architecture in the 1960s and served in the PLA’s engineering corps, reportedly in its information-technology research unit. Huawei says he rose to the position of deputy director, but did not hold military rank. After cuts to the armed forces he left the army in 1983 and moved to Shenzhen, a boomtown near Hong Kong.

Ren Zhengfei, founder and CEO of Huawei, is a former PLA officer

Mr Ren set up Huawei in 1987 with just 21,000 yuan, a bit more than $5,000 at the time. It mostly sold telephone-exchange equipment imported from Hong Kong. Five difficult years later, the firm made its first breakthrough with its C&C08 digital telephone switch, which had a greater capacity than any other on the Chinese market. That positioned Huawei perfectly to ride the wave of China’s telecoms infrastructure boom of the 1990s.

Excluded from China’s lucrative coastal markets, which were reserved for the better-connected, Mr Ren put to new purpose Mao’s strategy of using the countryside “to encircle and finally to capture the cities.” He encouraged his salesmen to undercut competitors in markets deemed minor. Huawei went on to use a similar approach overseas, initially targeting peripheral markets. It priced competitively: in Africa it undercut Ericsson and Nokia by 5% to 15%, according to a report by Wharton Business School.

A Maoist approach to markets - Mr Ren put to new purpose Mao’s strategy of using the countryside “to encircle and finally to capture the cities.”

A Maoist approach to markets – Mr Ren put to new purpose Mao’s strategy of using the countryside “to encircle and finally to capture the cities.”

Beginning life servicing rural China; within 10 years Huawei was generating revenues of about $250m. In 1999, the company established its first research and development (R&D) centre outside China, in Bangalore, India. A year later it set up in Sweden and a year after that in the US. By 2002, sales outside China had hit $500m.

Back-door Imbroglios and Espionage Fears

Critics are convinced that there is more to Huawei’s rise than strategy, guts and Mr Ren’s devotion to innovation. They think it has stolen vast amounts of intellectual property and that it has been heavily subsidised in its expansion by the Chinese government, eager to use it as a Trojan horse with which to infiltrate itself into more and more foreign networks. Huawei rejects all these allegations.

Westerners fret that the networks the firm is building are used by Chinese spooks to eavesdrop during peacetime and could be shut down suddenly during wartime

Westerners fret that the networks the firm is building are used by Chinese spooks to eavesdrop during peacetime and could be shut down suddenly during wartime

John Chambers, the boss of Cisco, an American supplier of network equipment, recently claimed that Huawei does not always “play by the rules” on intellectual property; many in America are convinced that Huawei stole the design of one of its early products from Cisco, though the Chinese company hotly denies this. Cisco settled a lawsuit it had brought against Huawei in 2004 in a way that both sides spun as vindication.

Reportedly, due to the US Government’s insistence, Symantec dissolved its joint venture Huawei Symantec with a $535 million payout. Recent open sources indicate that Los Alamos National Laboratory in New Mexico dealing with American nuclear arsenals had discovered that is computer systems contained some Chinese made network switches and they thereafter replaced some components due to national security concerns. H3C technologies based in Hangzhou made these devices,” the report said. It also said that the Australian government had blocked Huawei from participating in their $ 38 billion National Broadband network.

“In 2011, the US Department of Commerce blocked Huawei from bidding for a contract to construct US National Wireless Network for emergency responders on security concerns. The US Committee for Foreign Investment also blocked the company’s attempt to takeover the server company 3Leaf Systems.

This leaves the most troubling criticism: that the firm might be a creature of China’s security services. Mr Ren’s past in the PLA fuels such suspicions, as does a reasonable perception that privately held Chinese companies are often in cahoots with the powers that be. The firm’s dealings with Iran, where its salesmen boasted that their equipment makes it easier to spy on potential troublemakers, are taken as supporting this view.

ZTE is also facing accusations it sold US telecoms equipment to Iran, in breach of US sanctions. Telecoms giant Cisco ended its relationship with ZTE, after its equipment was included in the Tehran deal.

“Believe no one and check everything,” is the right attitude for dealing with Huawei or anyone else, says John Suffolk, now Huawei’s global cyber-security officer, previously the British government’s chief information officer. Huawei equipment for America and Canada, he says, is independently vetted by Electronic Warfare Associates, an American defence contractor well supplied with security clearances and experience.

But absence of evidence is not evidence of absence; flaws in telecoms gear, whether put there deliberately or accidentally, are hard to find. “Most security problems we encounter are due to very subtle bugs in code that even the original programmers may miss,” says Steven Bellovin of Columbia University. “Identifying back doors in hardware is also a really, really hard challenge.” So doubts remain.

Part of Huawei’s problem is that it gets lumped in with its rival, ZTE. America’s FBI has investigated whether that firm illegally sold American technology to Iran and then lied about the matter, something Huawei is not accused of. Back doors that might have allowed remote access appear to have been found on some ZTE mobile-phone handsets. Huawei itself is suing ZTE for stealing intellectual property (perhaps with the caution of the poacher-turned-gamekeeper, it takes piracy very seriously now it is a technology leader).

A Creature of Chinese Military – Project PLA-863

Foreign-Spies-Stealing-US-Economic-Secrets-in-CyberSpace

Foreign Spies Stealing US Economic Secrets in Cyberspace

The Office of National Counter-Intelligence anticipates that China and Russia will remain aggressive and capable collectors of sensitive US economic information and technologies, particularly in cyberspace. Both will almost certainly continue to deploy significant resources and a wide array of tactics to acquire this information from US sources, motivated by the desire to achieve economic, strategic, and military parity with the United States.

National High-tech R&D Program (Project 863 P) China

National High-tech R&D Program (863 Program)

China will continue to be driven by its longstanding policy of “catching up fast and surpassing” Western powers. An emblematic program in this drive is Project 863, which provides funding and guidance for efforts to clandestinely acquire US technology and sensitive economic information. The project was launched in 1986 to enhance China’s economic competitiveness and narrow the science and technology gap between China and the West in areas such as Nanotechnology, Computers, and Biotechnology.

Among the products known to have resulted from the 863 program are the Loongson Computer Processor family (originally named Godson) and the Shenzhou Spacecraft.

Chinese Program 863 Loongson computer processor family (originally named Godson)

 

China launched the Shenzhou-8 spacecraft in 2011 at the Jiuquan Satellite Launch Center in northwest China

China launched the Shenzhou-8 spacecraft in 2011 at the Jiuquan Satellite Launch Center in northwest China

India’s NSC said that as per Intelligence Bureau reports, Chinese vendors such as Huawei and ZTE were part of a Chinese Army project called PLA-863. “As per this programme, Huawei was mandated to focus on switches and routers, ZTE on mobile and fibre networks, Julong on switchboards and Legend on computers with the objective of dominating world telecom scene and strengthening its electronic warfare capabilities,” the National Security Council Secretariat said in an April 15 report that was reviewed by ET.

The program initially focused on seven key technological fields:

Biotechnology

Space

Information technology

Laser technology

Automation

Energy

New materials

Since 1986, two more fields have been brought under the umbrella of the program:

Telecommunications (1992)

Marine technology (1996)

Under the plan, about US $200 billion was to be spent on information and communication technologies, of which US $150 billion was earmarked for telecommunications.

In a 2011 court case, Chinese-born scientist Huang Kexue was found guilty of stealing commercial secrets from US-based corporations and passing at least some of this information to the 863 program. Huang Kexue admitted in October that he stole secrets on a pesticide and a new food product and sent them to China and Germany. Agro-giant Cargill estimated the value of the stolen information at $12m.

Chinese scientist Huang Kexue jailed for trade theft

Techno-Nationalism – The Other Side

The question of whether to trust this new giant divides the world. In Africa Huawei is everywhere, and welcome almost everywhere; in India it has found itself under attack by government and media as both a security threat and an unfair competitor. It has won significant contracts in Canada and New Zealand, while UK Prime Minister David Cameron welcomed news of the company’s $2.1bn investment. In Australia in March the government blocked it from taking part in a new national broadband system.

Techno Nationalism - Simply banning stuff on the basis of a firm’s nationality “could blow global trade away and balkanise the world of IT

Techno Nationalism – Simply banning stuff on the basis of a firm’s nationality “could blow global trade away and balkanise the world of IT

The doubts run deepest in America. Huawei has worked on networks for a number of smallish mobile operators there, but its repeated attempts to buy American tech firms have been scuppered by official opposition. It was the first foreign investment to be blocked in the US for 22 years. The Chinese firm has since sued Mr Obama, alleging the US government overstepped its authority.

Even in America, though, opinion is divided. One former member of the joint chiefs of staff dismisses the fears about Huawei as China-bashing; another says, “We’d be crazy to let Huawei on our networks, just crazy.”

Such dealings are not unknown in the world of telecoms. An investigation by Wired magazine found Cisco’s salesmen making similar claims in efforts to win contracts with a repressive government ironically, that of China. And American telecoms-equipment companies have a degree of cosiness with America’s national-security apparatus; the former head of the National Security Agency, America’s GCHQ, sits on the board of Motorola Solutions, a telecoms-equipment provider. But such symmetry hardly means there is no need to worry about Huawei. American fears may be based on the fact that its leaders know from experience that telecoms companies can be helpful espionage assets. American officials themselves have in the past demanded the installation of “back doors” in some exports, through which the devices can be accessed on the quiet.

Huawei clearly might do such things; the question is whether it does. Evidence was presented at DefCon, a big hackers’ convention held in July, of security vulnerabilities in a couple of Huawei’s smaller routers. But such flaws are common. Several years ago, the American government gave warning of similar vulnerabilities found in kit made by Cisco and other Western firms. Years of intense scrutiny by experts have not produced conclusive public evidence of deliberate skulduggery, as opposed to mistakes, in Huawei’s wares. BT, a British telecoms company that buys products vetted in Banbury, says it has not had any security issues with them (though it rechecks everything itself, just to be sure).

The other reason for not banning Huawei is the dirty little secret that its foreign rivals strangely neglect to mention: just about everybody makes telecoms equipment in China these days. Chinese manufacturers and designers have become an integral part of the global telecoms supply chain. Blocking Huawei (or its rival Chinese telecoms giant, ZTE) while allowing gear from, say, Alcatel-Lucent or Ericsson on a network may make politicians feel good. But it is no guarantee of security. Huawei’s competitors have a vested interest in hyping concerns about it, while disguising their own reliance on Chinese subcontractors and on subsidies.

Ross Anderson, a professor of security engineering at Cambridge University, points out that banning equipment from Chinese firms would give a false sense of security: equipment from everyone else has Chinese components anyway. Bryan Wang of Forrester, a consultancy, notes that Alcatel-Lucent makes nearly its full range of products in China, except for some high-end routers, and that Nokia Siemens Networks makes its mobile base stations and its switches there.

The answer is to insist on greater scrutiny all round, not just of Chinese firms. Governments should be crystal-clear about what conditions telecoms firms need to meet to win business—something India’s and even America’s secretive security-review process for that matter does not do today. They should also do more to ensure that equipment is secure, no matter who makes it. That means demanding to know where hardware components and software come from, and requiring intrusive random inspections of code and equipment. India has no effective system of supply-chain checks. In Britain, by contrast, where BT is a big customer, Huawei has established a unit (run in close co-operation with GCHQ, Britain’s signals-intelligence agency) with security-cleared personnel, including former employees of GCHQ, who vet gear from China before it is installed. Such scrutiny will drive up costs, but these pale in comparison with those imposed by bans on Chinese firms, which diminish competition and push up prices.

In a paper published last year two Microsoft executives, Scott Charney and Eric Werner, called for governments and companies to come up with much better standards for supply chains, to mitigate all sorts of risks including some that pertain to security.

Mr Charney acknowledges that governments will not find it easy to trust stuff designed and deployed by firms from countries considered adversaries. But knee-jerk nationalism could have dire consequences. Simply banning stuff on the basis of a firm’s nationality “could blow global trade away and balkanise the world of IT,” he says.

The threat posed to India’s National-Security interests by vulnerabilities in the telecommunications supply chain is an increasing priority given the country’s reliance on interdependent critical infrastructure systems including the range of threats these systems face; the rise in cyber espionage; and the growing dependence all consumers have on a small group of equipment providers.

In the next part of this article we’ll discuss more on the serious questions the particular scenario raises in regards to India’s National Security and put it in a historical perspective digging the roots of Industrial Espionage. Another important question that also needs to be addressed is why target Rajahmundry of all places ?

Most Popular

To Top