Hard News by Russell Brown

Read Post

Hard News: The Huawei Question

159 Responses

First ←Older Page 1 3 4 5 6 7 Newer→ Last

  • Matthew Poole, in reply to Paul G. Buchanan,

    Paul, without repeating what I just wrote, I think that what’s being expressed by the various members of the alphabet soup shows a significant cultural ignorance of how things work in, dare I say it, the real world. In real network operations centres for ISPs, the unexplained appearance of large-volume data flows would trigger all kinds of investigations. You cannot hide real-time network tapping, especially when it originates within the customer “edge” network (an ISP network is divided into the customer-facing “edge:, the ISP “core”, and the internet-facing “border”) and must traverse the core in order to get across the internet to its destination.

    Either the packets get billed to the customer, who will probably notice when they start getting stung for about double the data usage they expect, or they just appear as they transit the core and the ISP suddenly has a massive outflow of data with no apparent source. In both cases there will be investigation to figure out why there is a discrepancy, and for a major customer like a government department or the likes of Tait or Rakon (or large volumes of un-sourced data) there will be a lot of effort put into establishing the cause. Eventually someone will notice that for various routers and switches packets out > packets in, and then all hell will break loose. This is not fanciful rumination, this is how things actually work.

    Auckland • Since Mar 2007 • 4097 posts Report

  • nzlemming,

    Just posted to Matthew on FB "You mean they're going to install ghost chips???"

    </hat_coat style="running">

    Waikanae • Since Nov 2006 • 2937 posts Report

  • James George, in reply to Simon Grigg,

    Simon I suggest you do some more recent research on Lang. The worm has turned is one way to describe it. Prolly more correctly that the leopard never changes his spots. Lang may not have been a major proponent of the invasion of Iraq, but once it happened and the US found itself in the quagmire of 04 and 05, Lang stepped in with his strategy to drive a wedge between the Sunni and Shia populations. Sure it already existed in some parts of outlying Iraq, but in the major metro areas, where the worst slaughter eventuated, people had learned to live with each other.

    I'm wary of many false flag claims (the ones that get publicised are too often not false flag, just the other side trying to de-emphasise a tactical defeat. e.g. The claims by redneck americans that 'those people couldn't have destroyed the world trade centre from their 'caves') but there was considerable speculation about the way that the bombing of the Golden Mosque in Samarra, the event which triggered Iraq's civil war, went down, because not only was the US agenda the only one that was served, there were eyewitness accounts of the area being cleared by US special forces before the explosion and the extent of the demolition was more than a couple of car bombs could have achieved.

    There is even a piece in that blog run by the dem party half of the american imperialist party that you linked to. It is here.

    Maybe Lang is a dem party supporter, I neither know nor care. I do know he is a supporter of the US imperialism that kills millions around this planet every year.
    Spend some time reading his poison on Sic Semper Tyrannis if yer stomach can stand it. His latest offence was to campaign Zimmerman’s innocence of the murder of Trayvon Martin.
    Last year it was to call for the intervention in Libya which resulted in the destruction of most of that nation's infrastructure and the replacement of a stable society with an on-going anarchy that prohibits darker skinned Libyans from walking the streets lest they be murdered on sight by the european armed racist militias who are hell bent on the ethnic cleansing of Libya.

    But the 1955 Libyan Petroleum Law, the legislation which kept Libya free of transnational energy corporate dominance from long before the arrival of Col Gadhafi, has now been subverted & ignored and will soon be repealed, allowing the major US & European energy corps free hand in the anarchic failed state Libya has become. Thanks to Lang and his ilk - aforesaid spook scum.

    This is what intelligence agencies do. They further their nation's economic agenda at the expense of others. e.g. NZ. The only reason we don't have more trouble from em, e.g. deposed Prime Ministers and the like, is that unlike Oz, we don't have much anyone else wants.

    Huawei are grabbing a swathe of business off the US Cisco; so the american intelligence communities' corporate masters have told them to go in hard.
    One issue overwhelms network dominance; the IP, no not internet protocol, intellectual property. The motive for so much US interference in other nation's domestic affairs.
    cont.

    Since Sep 2007 • 96 posts Report

  • James George, in reply to James George,

    Continued from above
    There may be a number of hardware makers snapping at Cisco's heels, but the last time I looked, Cisco still controlled the bulk of IT networking & communications software. OpenFlow the open source tilt at Cisco & is probably more of a long term threat than any single corporate entity. Still there is no doubt Huawei does have Cisco concerned. I apologise if someone has already posted this article on the Huawei challenge to Cisco.

    True, the US intelligence community have a special interest in this case; Cisco et al have been at Homeland security's beck and call since 911.

    In return for which they have grabbed a mob of new business. Spies spying on spies spying on spies. None of em use much HumInt nowadays; it's nearly all electronic, and very expensive.

    There is much about the $1 Billion taxpayer subsidy of Telecom's fibre to the door rollout that is worthy of trenchant criticism, but the Huawei purchase is not one of those instances.

    Since Sep 2007 • 96 posts Report

  • Jonathan Hunt, in reply to Russell Brown,

    I think it’s a given that the NSA has gone over the source code in Huawei hardware with a fine-toothed comb, but there doesn’t seem to be anything there.

    I'd be impressed if the NSA had access to the source code of Huawei's products. Is there any evidence of this? More likely, they can probe the chips and seek to determine patterns of behaviour, and possibly try and reverse engineer code but not from source.

    Since Apr 2012 • 4 posts Report

  • Rich of Observationz,

    Continued from above

    I think the post size limit is there to encourage brevity. Just sayin.

    Back in Wellington • Since Nov 2006 • 5550 posts Report

  • Jonathan Hunt, in reply to Matthew Poole,

    Obviously a network-wide monitor would be easily detectable traffic wise. But a dormant trojan that can be awakened as necessary by sending a specific command sequence would be straight forward to hide and might only return small amounts of data so be essentially undetectable under most conditions.

    Since Apr 2012 • 4 posts Report

  • Matthew Poole, in reply to Jonathan Hunt,

    a dormant trojan that can be awakened as necessary by sending a specific command sequence would be straight forward to hide and might only return small amounts of data so be essentially undetectable under most conditions.

    It’s not anything like that simple.
    1) Any “magic packet” to wake up said trojan must be able to be routed through the wider internet. That is, it must be valid under the rules that govern packet structure and layout for IP networks. And on any network connected to the internet, there is always the possibility that such a packet could be generated through ordinary use. That’s why I’m leery about the idea that a kill switch could exist, because if a device suddenly went tits-up for no obvious reason and with no discernible hardware fault people would start with the wondering and the question-asking.

    2) This is not customer premises equipment (CPE) that we’re discussing, it’s equipment within the distribution and aggregation networks that CPE connects to. Which means that the best a tap might achieve is to monitor a whole neighbourhood, and that’s a lot of data. You cannot surreptitiously monitor a network at the level that the Huawei kit is being deployed, because it’s serving tens or dozens of customers. Even if the supposed Chinese intelligence services controllers of Huawei knew precisely which neighbourhood a given device was in they would still have to monitor all the traffic through the device in order to get the interesting bits (I’ll get my coat.)

    ETA: Putting something into hardware, which would be the level something like this would have to be done in order to avoid code-review detection, also places significant limits on how sophisticated it can be. You can make silicon do some pretty amazing things, but those amazing things mostly rely on software. If you cannot do things in software, tapping a network as a sub-function of a wider network device is subject to quite drastic limits on just how fancy you can get.

    Auckland • Since Mar 2007 • 4097 posts Report

  • Rich of Observationz, in reply to Matthew Poole,

    If I was asked to build a backdoor into a router, I'd look at a few options:

    - create an overlooked buffer overrun vulnerability, buried in some complex protocol parsing code. Inadvertent buffer overruns have been found (including by me) in code that's been repeatedly tested and audited in the past.

    - implement some kind of broken higher level protocol

    - play around with the encryption math

    Having got access, it wouldn't be hard to gather selective data, such as connections to servers in a certain country, login packets, etc. It also wouldn't be hard to mount a denial-of-service attack - though this would have an obvious reputational impact on the equipment manufacturer.

    (Login packets would only be useful if the agency collecting the data had SSL decryption abilities. That gets increasingly possible as time goes on).

    Back in Wellington • Since Nov 2006 • 5550 posts Report

  • Matthew Poole, in reply to Rich of Observationz,

    Having got access, it wouldn’t be hard to gather selective data, such as connections to servers in a certain country, login packets, etc

    You still have to get that data back to you, though, and in sufficient volumes to allow gathering of useful quantities of interesting data you’re going to rise above the noise thresholds for network operators.

    Yes, SSL decryption will probably become widely* possible within the next few years. However, the juicy nation-state stuff (ETA: which is not going over UFB, unless McCully goes back to his old tricks with classified diplomatic cables) is not encrypted with SSL and as much disdain as I have for the culture of the NSA I have no doubt that their cryptographers are outstanding. Devices that they have approved for use in securing their own government’s communications are going to be using much more complex encryption systems than anything available for free over the tubes. Even at the corporate level the interesting stuff is going over VPNs if it leaves the company network, based on what I’ve seen looking at the network security of some of our household names. It’s possible the Chinese can break those systems, but I think the word would have got out if there was believed to be a systemic weakness in any of the products. After all, a lot of those things are protecting networks used by US government contractors.

    * widely at the level of well-resourced nation-state operator.

    Auckland • Since Mar 2007 • 4097 posts Report

  • Jonathan Hunt, in reply to Rich of Observationz,

    there is always the possibility that such a packet could be generated through ordinary use.

    The awake sequence can be small but sufficiently complex as to not likely occur in regular traffic; and it has to be sent to a specific device and port to do its thing (not necessarily port 80). If an awake sequence was encountered at random it might enable the monitoring but if no further commands are received it may simply do nothing. Even if it locked up a device, the standard response would be to restart or replace, not undertake an investigation.

    I was talking CPE. Aren't many of the ADSL modems, 3G modems distributed by Vodafone by Huawei? But in any case, a network router can still be directed to hunt for specific patterns of interest, or monitor a specific IP or port, without having to take the whole stream.

    It would be quite feasible to have a backdoor in silicon that can have the monitoring software delivered over the wire to run in local memory then be deleted. That way you can deliver precise code to do just want you want with very little detectable surface in silicon.

    Since Apr 2012 • 4 posts Report

  • Russell Brown, in reply to Jonathan Hunt,

    I’d be impressed if the NSA had access to the source code of Huawei’s products. Is there any evidence of this?

    British Telecom says it gained such access and I gather MI6 and everyone else got to go through Huawei's security evaluation centre.

    Auckland • Since Nov 2006 • 22850 posts Report

  • Simon Grigg, in reply to James George,

    Simon I suggest you do some more recent research on Lang. The worm has turned is one way to describe it.

    I've been reading his blog since about 2006 thanks James. I think I have a fair handle on what he says and has done.

    Just another klong... • Since Nov 2006 • 3284 posts Report

  • Matthew Poole, in reply to Jonathan Hunt,

    I was talking CPE

    Maybe so, but the hardware of concern with UFB/NBN is not the CPE. So we're back to discussing aggregation and distribution systems that handle dozens of customers at a minimum. Suddenly it's a whole hell of a lot harder to discriminately monitor flows. Doing it at the CPE level is absolutely feasible, and I hope I haven't given the impression that I think it's not, but unless I've misunderstood horribly the ASIO decision relates to Huawei supplying kit for the "in the street" parts of the deployment.

    Auckland • Since Mar 2007 • 4097 posts Report

  • Russell Brown, in reply to Matthew Poole,

    but unless I’ve misunderstood horribly the ASIO decision relates to Huawei supplying kit for the “in the street” parts of the deployment.

    And as I noted in the original post, no government, agency or company has ever actually suggested banning Huawei CPE -- and I'm pretty confident no one's going to.

    Auckland • Since Nov 2006 • 22850 posts Report

  • Rich of Observationz,

    You still have to get that data back to you, though

    Send apparently legitimate traffic through the target network and "corrupt" it with the gathered info (which would not be large - a million login packets is only a gigabyte).

    I doubt any state would actually do it (and certainly Huawei would be very unlikely to do it knowingly).

    SSL decryption will probably become widely* possible within the next few years

    I'm waiting in hope for the first government operative to realise quite how much money they can steal.

    Back in Wellington • Since Nov 2006 • 5550 posts Report

  • nzlemming, in reply to Jonathan Hunt,

    I'd be impressed if the NSA had access to the source code of Huawei's products. Is there any evidence of this?

    I thought I read recently that GCHQ say they've seen the source and it's okay.

    ETA Snap Russ

    Waikanae • Since Nov 2006 • 2937 posts Report

  • Steve Barnes, in reply to nzlemming,

    “You mean they’re going to install ghost chips???”

    Ha ha ha h.....
    Well, I thought it was funny.
    Meanwhile in other China Hating News...
    Shoebox shops 'the ruin of Queen St'
    Yellow Peril indeed, I am more fearful of fat rich white middle class greedheads. Look at the damage they have engendered.

    Peria • Since Dec 2006 • 5521 posts Report

  • Kumara Republic, in reply to Steve Barnes,

    Shoebox shops ‘the ruin of Queen St’

    If Cr Brewer had his way, Queen St would probably look like just another cut-and-paste shopping mall minus the roofing. I’d have Cuba Street over that any day.

    The southernmost capital … • Since Nov 2006 • 5446 posts Report

  • Sacha, in reply to Kumara Republic,

    everywhere should look like Newmarket :)

    Ak • Since May 2008 • 19745 posts Report

  • Matthew Poole, in reply to Kumara Republic,

    No, I think his vision is more like the premier shopping streets in Australian state capitals and major European shopping cities: lots of medium-to-large shops (instead of lots and lots of little shops) that sell high-value goods.

    The discussion has become about some imagined racist vision that wants no small Asian retailers, which wasn't, as far as I could tell, Brewer's real issue. His issue is that the street has lost its position as the premier shopping street and is, instead, becoming more like the shopping strips in the likes of Otahuhu. We already have a bunch of strips like Otahuhu, all over the city, but we only have one Queen Street.

    Auckland • Since Mar 2007 • 4097 posts Report

  • Steve Barnes, in reply to Matthew Poole,

    We already have a bunch of strips like Otahuhu, all over the city, but we only have one Queen Street.

    I may be a bit out of touch with current retail therapy theory and the main protagonists in that field but I can't think of many of our own established Big Name Stores that could possibly satisfy Mr Brewer and that means attracting big offshore retailers to suck even more out of the economy. So, we have some migrants coming over here and setting up shops, eking a living and offering the consumer unlimited variety. What would we rather have, "People coming over here and going on the dole" and an EazyBuy or a Costco every 100 mtrs along Queen Street?
    Like I've said before, I fear the corporate white guy more than the "Yellow Peril"

    Peria • Since Dec 2006 • 5521 posts Report

  • Sacha, in reply to Matthew Poole,

    the street has lost its position as the premier shopping street

    Happened years ago, spurred on by woeful transport/urban planning that encouraged shoddy chicken-coop apartments for predominantly Asian tertiary/language school students and made free parking at suburban malls more attractive.

    Swing in the other direction in last few years with intensive development, but mainly at the bottom of town. Some high-end global brands there too, not catering much for locals day-to-day. New CBD supermarkets might help, and gradual change in composition of residents but available apartment stock now not matching that well.

    Ak • Since May 2008 • 19745 posts Report

  • Chris Waugh, in reply to Matthew Poole,

    His issue is that the street has lost its position as the premier shopping street and is, instead, becoming more like the shopping strips in the likes of Otahuhu.

    The article linked above specifically mentioned allegations that some of those shops were opened for visa/immigration/residency purposes at least twice, although without naming any particular ethnic or national group. That suggests that there is more to the issue than any councillor's desire for Queen St to be high-end retail.

    I don't know Auckland well enough to know what "in the likes of Otahuhu" means. Clarification?

    I do know I really enjoyed being in the Queen St area last time we were in NZ and seeing signs in Korean, Japanese, simplified and traditional Chinese, and whatever other languages and scripts there may have been. That had me thinking, "Now here's a place I could bring my family to live in." But then again, I probably have a very different world view from anybody on the Auckland City Council.

    Wellington • Since Jan 2007 • 2401 posts Report

  • Simon Grigg, in reply to Sacha,

    Happened years ago, spurred on by woeful transport/urban planning that encouraged shoddy chicken-coop apartments for predominantly Asian tertiary/language school students and made free parking at suburban malls more attractive.

    And at least there are people back in the street. A decade back you could roll a runaway steam engine down the footpath from top to bottom on a weekday afternoon without causing human harm.

    Now it bustles along quite well.

    that means attracting big offshore retailers to suck even more out of the economy

    We don't have the population to attract most, and even if we did bring in the global chains like Armani Exchange, Zara or proper Top Shop they'd head straight to the malls.

    Just another klong... • Since Nov 2006 • 3284 posts Report

First ←Older Page 1 3 4 5 6 7 Newer→ Last

Post your response…

This topic is closed.