Beijing’s Backdoors

Chinese telecoms spy for Beijing through computer equipment, House intelligence committee leaders say

September 14, 2012

Senior members of the House Intelligence Committee said on Thursday that two Chinese telecommunications companies are helping Chinese intelligence by providing access to data moved on computer and network equipment sold to governments and companies around the world.

Rep. Michael Rogers, chairman of the House Permanent Select Committee on Intelligence, said Huawei Technologies Co. and ZTE Corp. could be compelled to assist China’s government if asked for data that passes through the company’s network routers. Furthermore, malicious code could be inserted in the companies’ software and exploited by China’s government, he said during a committee hearing.

"Huawei and ZTE provide a wealth of opportunities for Chinese intelligence agencies to insert malicious hardware or software implants into critical telecommunications components and systems," Rogers said during the hearing Thursday with representatives of the two companies.

"And under Chinese law, ZTE and Huawei would likely be required to cooperate with any request by the Chinese government to use their systems or access for malicious purposes," he said.

Rogers (R., Mich.) warned that computer equipment is vulnerable to "backdoors and malicious" code that can be inserted by foreign countries.

According to U.S. officials, both Huawei and ZTE have close ties to the Chinese government and military.

The U.S. government has blocked several attempts by Huawei to purchase U.S. telecommunications companies since 2008 over concerns about its intelligence ties and fears that the company would use its access to compromise U.S. telecommunications systems.

Rogers said there are reports of "backdoors and unexplained beaconing" from equipment sold by both companies.

In one case, according to other U.S. officials, China several years ago sold counterfeit routers disguised as Cisco Systems routers to the Pentagon. The equipment was found to be transmitting signals as part of an apparent intelligence-gathering effort. The counterfeit routers were eventually traced to China.

Rogers, in an opening statement, said every piece of equipment and all software code from Huawei and ZTE provides China with "a means to act against the United States if we are not properly protected."

"We must trust our systems if we hope to fulfill the government's most basic duty, to maintain a defense against potential foreign aggression," Rogers said.

The intelligence committee in February 2011 asked the U.S. government to conduct an investigation into the companies in hopes of dispelling concerns that they were being used for intelligence-gathering and economic espionage.

"In the course of the investigation, the committee has been disappointed that the companies provided little actual evidence to ameliorate the committee's concerns," Rogers said, noting the failure to provide documents supporting the companies’ claims about relationships and regulatory interaction with Beijing authorities.

"We must get to the truth and see if these companies are tied to or influenced by the Chinese government, whether they provide a means for further economic or foreign espionage by a foreign nation state known to be a major perpetrator of cyber espionage," Rogers said.

Rogers said it was strange that the companies refused to provide documents to the committee, claiming the information was classified as state secrets. "This fact alone gives us reason to question their independence," he said.

Rep. C.A. Dutch Ruppersberger (D., Md.), ranking member of the committee, also said he is concerned by the fact that both companies are based in China, "a country known to aggressively conduct cyber espionage."

Added to the fear are concerns "China, a communist country, could compel these companies to provide information or, worse yet, spy on Americans using this equipment," he said.

Both companies failed to cooperate with the committee probe, Ruppersberger said.

"We already know the Chinese are aggressively hacking into our nation's networks, threatening our critical infrastructure and stealing secrets worth millions of dollars in intellectual property from American companies," he said, noting that the panel’s probe "is not political jousting or trade protectionism masquerading as national security."

"We're doing this for very valid reasons," he said.

Ruppersberger said other nations have taken action against the Chinese telecom companies over fears that the firms are spying on behalf of the Chinese government. Australia blocked Huawei from seeking some telecommunications contracts, and Britain implemented costly security procedures on purchased Huawei equipment, he said.

The European Union also is considering restrictions on Chinese telecommunications companies, he said.

Huawei Vice President Charles Ding testified at the hearing that Huawei is an "independent, private, employee-owned company—neither the Chinese government nor the PLA has any ownership interest in our company or influence our daily operations, investment decisions, profit distributions, or staffing."

Zhu Jinyun, ZTE’s senior vice president for North America and Europe, said allegations regarding his company’s collusion with Chinese intelligence are disturbing.

"Would ZTE grant China's government access to ZTE telecom infrastructure equipment for a cyber-attack? Mr. Chairman, let me answer emphatically no," Zhu said. "China’s government has never made such a request. We expect the Chinese government never to make such a request of ZTE. If such a request were made, ZTE would be bound by U.S. law."

Zhu said there are no backdoors built into Huawei equipment.

Rogers said in response: "There is at least one product that we know did find a backdoor and if—will ask if he could explain the purpose of that particular device and that anomaly in the software."

Zhu then said such problems were the result of a technical "bug."

"Well, one person's bug is yet another's backdoor," Rogers said. "And certainly, analysts would not interpret it as a bug. It clearly was designed into the program."

Both Chinese company officials said their companies are required to have Communist Party committees that oversee operations. But Zhu and Ding said the committees have no influence or decision-making power within the company.

The congressional U.S.-China Economic and Security Review Commission stated in a recent report that both ZTE and Huawei are linked to the Chinese military and "provide certification training and related engineering training to PLA personnel assigned to communications and [information warfare]-related positions."

"Huawei is a well established supplier of specialized telecommunications equipment, training, and related technology to the PLA [People’s Liberation Army] that has, along with others such as Zhongxing, and Datang, received direct funding for R&D on C4ISR systems capabilities," the report said, referring to command, control, communications, computers, intelligence, surveillance, and reconnaissance.

"All of these firms originated as state research institutes and continue to receive preferential funding and support from the PLA," the report said.

In July, senior House Republican leader Rep. Frank R. Wolf (R., Va.) stated in a letter to House members that both Huawei and ZTE pose threats to U.S. security.

ZTE also was faulted after an FBI affidavit revealed that the company illegally exported embargoed U.S. technology to Iran, including a surveillance system that monitors land line, mobile, and Internet communications.

"The reports of ZTE’s alleged criminal activities to supply the Iranian government with illegal equipment in violation of U.S. laws and international trade embargoes—as well as its alleged efforts to destroy evidence of these activities—confirms what I have been warning my colleagues about: Chinese telecom firms like ZTE and Huawei are a serious threat to U.S. security," Wolf said in a statement.

Wolf stated that last May computer security analysts found a "backdoor" in a ZTE mobile phone that could allow the Chinese government to secretly monitor information.

Former Commerce Secretary John Bryson also stated earlier this year, "Huawei has capabilities that we may not fully detect to divert information. … It’s a challenge to our country."

A report by the CIA-based Open Source Center produced last year said Huawei was connected to the Ministry of State Security through Huawei Chairwoman Sun Yafang, a former MSS Communications Department official.

The Obama administration blocked a deal between Huawei and Sprint-Nextel in November 2010. The Pentagon at the time would not address directly its security concerns about Huawei or ZTE. But a Pentagon statement said: "DoD is very concerned about China's emerging cyber capabilities and any potential vulnerability within or threat to DoD networks."