Three years before Australia banned Huawei from bidding for the National Broadband Network (NBN), the US National Security Agency (NSA) burrowed into the company’s networks to steal email and product source code, according to reports published on Saturday.
The networking giant was hacked by the NSA as part of “Shotgiant”, an operation that by 2009 had given the agency more information on the company than it knew what to do with, according to a report by Der Spiegel that's based on documents from former NSA contractor Edward Snowden.
The hack gave the agency a list of 1,400 customers, internal Huawei training documents, source code for its routers and switches and, from January 2009, wide access to the company’s email messages including those from Huawei’s CEO Ren Zhenfei and chairwoman, Sun Yafang.
According to the <i>New York Times</i>, which also published a story based on the documents, the operation began in 2007 and was aimed at establishing whether Huawei had links to Zhenfei’s former employer, the People’s Liberation Army. The campaign was also looking for ways to exploit products used in networks which fall into its scope of targets.
The attack on Huawei was part of Shotgiant’s larger ambition to target China’s top brass in politics, finance and technology industries.
Neither report suggest the NSA was able to plant its own backdoors in Huawei's equipment, however they do not include evidence that the Chinese government did it either.
“The irony is that exactly what they are doing to us is what they have always charged that the Chinese are doing through us,” Huawei spokesperson William Plummer told NYT.
Huawei was excluded from bidding for work on Australia’s NBN in March 2012, which the Attorney’s General Department said at the time was to preserve the integrity of the network.
At the time, Huawei hoped it could emulate the model it had established with the UK’s intelligence agency, GCHQ, which cleared its path for inclusion into British Telecom’s role in the nation’s fibre expansion plans. The arrangement allowed the agency to vet Huawei equipment via the Cyber Security Evaluation Centre (HCSEC), which staffed by Huawei employees.
The Australian ban preceded a US House intelligence-committee report released in October that concluded products from Huawei and fellow Chinese mobile company ZTE should be viewed with suspicion.
Following that report, Huawei Australia said it was willing to cough up its source code to Australian regulators — so long as its rivals such as Ericsson and Alcatel Lucent did the same — to assuage local concerns its equipment in the NBN posed a national security threat.
Neither report claims the documents confirm any evidence of a link between Huawei and China’s government.
This article is brought to you by Enex TestLab, content directors for CSO Australia.
Follow @CSO_Australia and sign up to the CSO Australia newsletter.