Former Pentagon Analyst Warns China Has Back Doors To Global Telcos

The Chinese Government has “pervasive access” to 80 percent of the world’s communications even military-grade encryption no longer provides sufficient protection to sensitive data, a former Pentagon analyst warns.

The Chinese Government has “pervasive access” to 80 percent of the world’s communications even military-grade encryption no longer provides sufficient protection to sensitive data, a former Pentagon analyst warns.

Speaking on the Cyber Jungle podcast with host Ira Victor, former Pentagon analyst F. Michael Maloof claims that two mainland Chinese companies: Huawei and ZTE Technologies are providing the Chinese government with the ability to access deployed equipment and services, which are used by 45 of the top 50 telecommunications centers in the world. This, Maloof argues, gives the Chinese government and People’s Liberation Army unbridled, backdoor access into data and proprietary information belonging to some 140 nations. That access could enable widespread spying and sabotage in the event of hostilities, he said. 

Maloof, a former senior security policy analyst in the Office of the Secretary of Defense, isn’t the first to sound alarms about the danger of China using its technology exports as a beachhead for cyber espionage or national defense. Secretary of Commerce John Bryson told a Congressional subcommittee  (PDF) in April that the Commerce Department is “very focused” on Huawei and said the company has “capabilities that we may not fully detect to divert information.” 

Maloof did little to add meat to those opaque warnings. He cited anonymous sources as saying that any information travelling through a network that uses Huawei equipment should be considered compromised unless it uses military encryption, and “even then, here is no doubt that the Chinese are working very hard to decipher anything encrypted that they intercept.”

Maloof said that the equipment produced by Huawei and ZTE Corporation is subsidized by the Chinese government, which decreases the cost of such equipment and makes it difficult for western firms to compete. The companies are also benefiting from generous, government-backed domestic and international development projects. State-backed Chinese banks finance national infrastructure deals that don’t ask for any equipment payment for years, he said.

The deals have helped Huawei and ZTE win their way into a number of big, international telecommunications deals including at Malaysia’s DiGi, the Philippines Globe, Russia’s Megafon, the UAE’s Etisalat, Brazil’s Tele Norte, and Reliance in India. The deals are good business for China’s fledgeling high tech industry, and also good strategy for the PLA, according to Maloof’s report, which can be read here.

Huawei officials have consistently denied that the company uses government subsidies to tip the scales in its favor. In June, Huawei’s global board director, Chen Lifang, told Reuters that the company benefits from the same kind of legal subsidies as its U.S. and European rivals. The company has also denied cooperating with the PLA or the Chinese government in any way. 

Suggested articles

Discussion

  • Anatoly Klepov on

    Many organizations have forgotten that the protection system, in particular, the hardware must be created in compliance with the TEMPEST standard. The largest computer exhibition WMC, CEBIT show that many companies claim that they produce their own protection to military standards, but it's only advertising.

  • Anonymous on

    propaganda
  • Concerned American on

    does this mean the chinese have access to our porn traffic for free?

    that's not right!

  • Chinese Takeaway on

    The West is voluntarily bloodsucked by the Chinese vampire.
  • This is what I do on

    The simple version-The federal government should mandate that its Agency’s only order from a verified hardware list, something we come close to but do not do. What do I mean by verified; both the company, its manufacturing process, sources, and the end product are all investigated and vetted to ensure that the device(s) are safe and compliant. We should have two or more sources for each type of product to be vetted.  While yes, Agencies at their own discretion use their own risk analysis process to determine the risk involved with using a given piece of hardware or software this process is somewhat limited and ultimately redundant as the same product may be reviewed at another Agency. Standards for configuration exist at the NSA, DHS, NIST and a few other places but there needs to be configuration standards for the specifically vetted hardware and software. Also all Federal, State, Local governmental entities should only communicate over the internet an encrypted (FIPS 140-2) VPN (this is not presently the case, even at the Federal level), this requirement should also be placed on any public utility (water, power, residential gas, etc…). And if you can’t go VPN between government resources then go private network (read no internet). None of this is rocket science, and if we start today, tomorrow we will be much better off, rather than flopping about how expensive it will be and how this and how that... this beats the alternative. – PS – I type this is a hurry, in between meeting so my apologies to any grammar or spelling police. 

  • Kemikal on

    There is no patriotism amongst American corporations, it's all about the almighty dollar; they could care less if hardware they acquired at at cheap rate facilitates Chinese access to sensitive data! Simple, cease all electronic imports from China!! It can be done, believe me. We will not learn until something catastrophic happens; at that point it'll be too late. Until then, US companies, go ahead and continue to turn profits at the expense of your security!! FN idiots!!

     

  • Anonymous on

    They use our greed against us and steal our technology. Think about the country that brought us Sun Tzu.

  • Anonymous on

    I buy nuttin from China, not switches, not dog food, nuttin! Oh and I encrypt every ting!

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.