Chinese Spies Accused of Using Huawei in Secret Australia Telecom Hack

The U.S. government has warned for years that products from China’s Huawei Technologies Co., the world’s biggest maker of telecommunications equipment, pose a national security risk for any countries that use them. As Washington has waged a global campaign to block the company from supplying state-of-the-art 5G wireless networks, Huawei and its supporters have dismissed the claims as lacking evidence.

Now a Bloomberg News investigation has found a key piece of evidence underpinning the U.S. efforts — a previously unreported breach that occurred halfway around the world nearly a decade ago.

In 2012, Australian intelligence officials informed their U.S. counterparts that they had detected a sophisticated intrusion into the country’s telecommunications systems. It began, they said, with a software update from Huawei that was loaded with malicious code.

The breach and subsequent intelligence sharing was confirmed by nearly two dozen former national security officials who received briefings about the matter from Australian and U.S. agencies from 2012 to 2019. The incident substantiated suspicions in both countries that China used Huawei equipment as a conduit for espionage, and it has remained a core part of a case they’ve built against the Chinese company, even as the breach’s existence has never been made public, the former officials said.https://imasdk.googleapis.com/js/core/bridge3.493.0_en.html#goog_1149147929Chinese Spies Accused of Using Huawei in Secret Telecom HackWATCH: Chinese Spies Accused of Using Huawei in Secret Telecom Hack

The episode helps clarify previously opaque security concerns driving a battle over who will build 5G networks, which promise to bring faster internet connectivity to billions of people around the globe. Shenzhen-based Huawei dominates the more than $90 billion global telecommunications equipment market, where it competes against Sweden’s Ericsson AB and Finland’s Nokia Oyj.  But the U.S., Australia, Sweden and the U.K. have all banned Huawei from their 5G networks, and about 60 countries signed on to a U.S. Department of State program where they’ve committed to avoiding Chinese equipment for their telecommunications systems. Such efforts, which have also included U.S. sanctions against the Chinese company, have slowed Huawei’s growth and heightened tensions with China.Sponsored ContentThe Chinese Energy Company Taking the Lead on DecarbonizationENN Energy

The briefings described to Bloomberg contained varying degrees of detail, and the former officials who received them had different levels of knowledge of — and willingness to discuss — specifics. Seven of them agreed to provide detailed accounts of the evidence uncovered by Australian authorities and included in their briefings.

At the core of the case, those officials said, was a software update from Huawei that was installed on the network of a major Australian telecommunications company. The update appeared legitimate, but it contained malicious code that worked much like a digital wiretap, reprogramming the infected equipment to record all the communications passing through it before sending the data to China, they said. After a few days, that code deleted itself, the result of a clever self-destruct mechanism embedded in the update, they said. Ultimately, Australia’s intelligence agencies determined that China’s spy services were behind the breach, having infiltrated the ranks of Huawei technicians who helped maintain the equipment and pushed the update to the telecom’s systems. 

Guided by Australia’s tip, American intelligence agencies that year confirmed a similar attack from China using Huawei equipment located in the U.S., six of the former officials said, declining to provide further detail.

Mike Rogers, a former Republican congressman from Michigan who was chair of the U.S. House of Representatives intelligence committee from 2011 to 2015, declined to discuss the incidents. But he confirmed that national bans against Huawei have been driven in part by evidence, presented in private to world leaders, that China has manipulated the company’s products through tampered software updates, also known as patches.

“All their intelligence services have pored over the same material,” said Rogers, a former FBI agent who is now a national security commentator on CNN. “This whole body of work has come to the same conclusion: It’s all about administrative access, and the administrative patches that come out of Beijing are not to be trusted.”

Many people familiar with Australia’s intelligence told Bloomberg that they were bound by confidentiality agreements and couldn’t discuss it on the record. But Michèle Flournoy, former under secretary of defense for policy at the Department of Defense under President Barack Obama, said she wasn’t constrained from doing so.

Flournoy, who is co-founder and managing partner of WestExec Advisors LLC, a national security consulting firm closely aligned with the Obama and Biden administrations, confirmed the intrusion and the tampered software update from Huawei. She said she learned about the episode after leaving government in early 2012, emphasizing that the information was shared in unclassified forums.

“The Australians from the get-go have been courageous in sharing the information they had, not only with the intelligence channels but more broadly in government channels,” Flournoy said. “Australia experienced it, but it was also a vicarious wake-up call for Australia’s allies.” 

The Australian Signals Directorate, that country’s leading cybersecurity agency, declined to answer specific questions about the incident. “Whenever ASD discovers a cyber incident affecting an entity, it engages the relevant entity to provide advice and assistance,” the agency said in a statement. “ASD’s assistance is confidential — it is a matter for relevant entities to comment publicly on any cybersecurity incident.”