Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Cellphones Communications China EU

Huawei Could Eavesdrop on 6.5 Million Dutch Cellphone Users Without their Knowledge (theconversation.com) 100

"Chinese technology provider Huawei was recently accused of being able to monitor all calls made using Dutch mobile operator KPN," writes the Conversation. Long-time Slashdot reader schwit1 shares their report: The revelations are from a secret 2010 report made by consultancy firm Capgemini, which KPN commissioned to evaluate the risks of working with Huawei infrastructure. While the full report on the issue has not been made public, journalists reporting on the story have outlined specific concerns that Huawei personnel in the Netherlands and China had access to security-essential parts of KPN's network - including the call data of millions of Dutch citizens - and that a lack of records meant KPN couldn't establish how often this happened... KPN essentially granted Huawei "administrator rights" to its mobile network by outsourcing work to the Chinese firm.

Legislation is only now catching up to prevent similar vulnerabilities in telecoms security...

Lower revenues force operators to carefully manage costs. This means that operators have been keen to outsource parts of their businesses to third parties, especially since the late 2000s. Large numbers of highly skilled engineers are an expensive liability to have on the balance sheet, and can often appear underused when things are running smoothly... , outsourcing by mobile operators is widespread. And firms in the UK and across Europe have often turned to Huawei to provide IT services and to help build core networks.

In 2010, Huawei was managing security-critical functions of KPN's core network.

This discussion has been archived. No new comments can be posted.

Huawei Could Eavesdrop on 6.5 Million Dutch Cellphone Users Without their Knowledge

Comments Filter:
  • by Anonymous Coward on Sunday May 16, 2021 @01:49PM (#61390794)
    The title is a little misleading don't you think???
    • I mean, I guess 2010 is "recent" by Slashdot standards.
  • by thegarbz ( 1787294 ) on Sunday May 16, 2021 @01:52PM (#61390802)

    They *will* eavesdrop on you. No two ways about it as the USA's "allies" found out a few years ago.

    The question is how do you weigh up the possibility of Chinese snooping vs the evidence of actual American snooping.

    • by iamhassi ( 659463 ) on Sunday May 16, 2021 @02:00PM (#61390826) Journal
      Both are snooping, so you decide who you would feel safer with your info, the chinese or americans
      • I'll take the Americans, they have a better appreciation for Dutch pornography.

      • Not sure how that got labelled "troll". It's the truth.

      • pretty easy answer, definitely the chinese. They don't have the ability to prosecute me or screw me over "legally" regardless of what they hear.
      • by jamesjw ( 213986 )

        Maybe look into what the Americans did to a Greek citizen when he discovered an Greek-American operative snooping high profile politicians and people of high standing on the Greece mobile network after the 2004 Athens Olympics that the Americans helped with security of during the game and then left their own back doors in the ERICSSON mobile equipment well after the games had finished despite saying they had removed it. The head network engineer was murdered for finding the back door.

        have a read of: https:/

      • Both are snooping, so you decide who you would feel safer with your info, the chinese or americans

        Hence the biggest makers of teleco equipment being European.

    • by NagrothAgain ( 4130865 ) on Sunday May 16, 2021 @02:11PM (#61390850)
      All of the WWII Allied countries have been spying on each other since at least the end of the 1940's. I'm not sure why you think this is a recent or shocking development.
      • by AmiMoJo ( 196126 ) on Sunday May 16, 2021 @03:03PM (#61390946) Homepage Journal

        Because suddenly we are getting all these stories about China doing it. In this case people apparently forgot that years after this GCHQ had even greater access to the Dutch phone system, as well as having stolen the root keys to SIM cards manufactured in The Netherlands.

        The NSA had a similar capability over some Middle Eastern country, thought you the Iraq.

      • All of the WWII Allied countries have been spying on each other since at least the end of the 1940's. I'm not sure why you think this is a recent or shocking development.

        I'm not sure why you think that I think it is either recent or shocking. I certainly made no mention of that in my post. My post was about weighing of risks. It was a good post. You should read it. You certainly didn't before writing your reply.

      • by e3m4n ( 947977 )
        But since its just the Netherlands, how intriguing the conversations must have been when the most common topics were either Hashish, or sheep.
    • by tlhIngan ( 30335 )

      The question is how do you weigh up the possibility of Chinese snooping vs the evidence of actual American snooping.

      The problem is the Chinese are rather lax with respect to privacy and security. It simply doesn't exist in Chinese culture.

      So Chinese snooping really means your information is being sold or passed around freely because who really cares?

      Western nations generally only share their information among friends and try to keep it secret among them.

      If you have no problem with China spying on you, then

    • Yeah but if you buy American they *will* eavesdrop on you.

      do we really need this comment every time there's a story on china-related snooping?
      who's the comment for? people who're new to the site? alzheimers?

      No two ways about it as the USA's "allies" found out a few years ago.

      ayyy. suppose its alzheimers.

  • Not just Huawei (Score:4, Insightful)

    by rsilvergun ( 571051 ) on Sunday May 16, 2021 @02:04PM (#61390838)
    I'm not clear why the US Gov't is going after Huawei. My theory is they just picked them out of a hat to attack so they could use the attacks for trade negotiations.

    Regardless none of this matters. Yes, having a foreign power in control of so much critical infrastructure is a problem. But we're also ignoring the fact that they're buying up huge amounts of property (in particular single family homes). It's business. And as long as the profits are higher we're not going to do anything about it. There's no political will.
    • They've bought up lots of real estate in the US, but also in Africa, mostly with an eye toward food production. I recall reading something like half the arable land in Madagascar is now under Chinese ownership. They're also making sure a good chunk of the near east and middle east is in debt to them, through the Belt & Road Initiative. (So much for communism, these are all huge bets on capitalism.)

      • I recall reading something like half the arable land in Madagascar is now under Chinese ownership.

        I'm far from a China apologist; but "half the arable land in Madagascar" sounds like a sentence someone crafted to sound scary after they couldn't come up with anything actually significant. Madagascar is known for - among other things - not having much useable land. Their arable land is only 5.2% of their entire total land mass.

        https://knoema.com/atlas/Madag... [knoema.com]

        • by Bodie1 ( 1347679 )

          So half of a scarce resource then? That doesn't make it sounds any better...

          • You're (deliberately?) ignoring a whole lot of context.

            The gp post talked about China buying up "lots of real estate in Africa". Then, for supporting evidence, they trotted out an "I recall reading something" anecdote about China owning half the arable land in Madagascar - an island nation, without much arable land, which comprises maybe 2% of Africa's population.

            That's not exactly evidence of a broad scheme to control a "scarce resource", to use your term.

      • Re:Not just Huawei (Score:4, Interesting)

        by willy_me ( 212994 ) on Sunday May 16, 2021 @04:16PM (#61391076)

        Western Canada was getting bought up pretty fast. Generally the northern part that is still inexpensive. They were using the farmland to grow hay and alfalfa for export to China for dairy production. The locals were upset because all the farm purchases were shipped in and they did not engage with the local communities.

        But more recently, all the farms have gone bust. Guess they were losing money. The locals are laughing and saying that it is because they contracted the farm management to unqualified people who really did not care much if the farm succeeded. People tend to work harder and smarter when it is their own land and future they are working for.

        I do not know what has been happening in the past year but I will probably get updated the next time I visit my folks.

    • Re: (Score:2, Interesting)

      by Anonymous Coward
      One well informed birdie once upon a time told me a tale.

      It was during the Bush years. Snowden was nowhere to be seen yet and the program which he revealed was still top secret (though some of us have started to hear rumours - f.e. I knew long before Snowden). At that point only one vendor (who shall not be named to protect the guilty) was capable of providing the features required. All other usual suspects did not and had them on the roadmap years ahead.

      At that point one of the top-3 USA telecoms provid

    • by AmiMoJo ( 196126 )

      Because Huawei is an R&D powerhouse.

      For example, hey developed a lot of the key tech for 5G and have many of the essential parents, as well as their 5G products being a few years ahead of Western ones.

      The competition is unpalatable so they decided to try to destroy Huawei. It's lucky that they didn't succeed or China would have been forced to respond in kind.

    • Comment removed based on user account deletion
    • Chinese law forces all Chinese companies to spy, or do what ever is asked, by the CCP. China has routinely used it's tax system to steal corporate information about foriegn companies operating in China. Use the power of the state to steal information and steal and extort IP from foreign companies operating in China. It has abuses its power driven foreign businesses bankrupt so that Chinese state owned companies can take them over cheaply. Overseas China has infiltrated and hacked our universities and par

      • by Gonoff ( 88518 )

        Chinese law forces all Chinese companies to spy, or do what ever is asked

        Do you think that your government doesn't do this? I bet mine does.

  • by BAReFO0t ( 6240524 ) on Sunday May 16, 2021 @02:14PM (#61390856)

    Yeah, real protip here: Whoever provides your firmware or OS software, has full access to everything on your device.

    Are you like those people who post their private stuff on the Internet and then complain when it gets around? "OMG Facebook wasn't private??"

    • When I posted this on the fire hose, you didn't find it necessary to read the (translated) story, and it seems you still don't. This is also about being able to listen in to all mobile calls on the KPN network, used by plenty of politicians, for instance. It's perhaps not surprising or unusual, but it's a fully confirmed fact.
      • by AK Marc ( 707885 )
        Nope. It's not the equipment inherently inappropriately spying on anyone. This is an outsourcing issue. Odd, when most F500 outsource, the only complaint is when someone outsources to the Chinese.

        The real issue is handing admin to any contractor. Huawei is irrelevant, and only useful to trigger the racists to bash China

        it's a fully confirmed fact.

        It's a fully confirmed fact that "admin" outsourcers can do it, not that Huawei did anything to make themselves special, or that Huawei is doing it. If the Dutch company switched to a D

        • Thank you for being rational.

        • by Bert64 ( 520050 )

          Outsourcing is also entirely normal in the telco space. The equipment is highly specialised, and the networks don't have in house staff who can manage it so they outsource to the vendor of the equipment - be that huawei, nokia, ericsson etc.
          All of these companies will have that capability, as will various individual employees of said companies. If a foreign government wants to monitor comms they just need to plant employees at the right levels within these companies, and i wouldn't be surprised if there wer

        • Sorry, I apparently didn't express myself clearly. I was reacting to the implication that Google/Facebook/etc typically can listen in to people's calls, which would be news to me.
    • "OMG Facebook wasn't private??"

      Goddammit, have I been using that site wrong?

  • by Ecuador ( 740021 ) on Sunday May 16, 2021 @02:17PM (#61390864) Homepage

    So, about 15 years ago, a big scandal broke out in Greece when it was realized that the Americans, most likely with the help of someone at Ericsson, had installed special software on Ericsson gear to eavesdrop on anyone's cell phone (basically using the system's regular wiretapping capability) - and they had been tapping the entire Greek government, military and more. The US link was not proven "specifically", but the data went to a region triangulated to an area that was pretty much the US Embassy, so it was either from within the embassy or someone hanging out outside of it. That last bit was a joke, I once stopped near the embassy to wait for my girlfriend and an armed guard immediately was sent to see what I was up to, but in any case, that was sort of the excuse of the Greek government to not make a big stink, as they could not really make a big stink out of the whole affair given they did not want to upset the Americans. There was no other trail linking a specific party to the hack, as the network operator (Vodafone) deleted all logs and software when they found out, for reasons that were not attributed to malice, so no one was really punished.

    So whenever the Chinese are accused of these things, I feel that it's a welcome addition. I don't want just the Americans (with the help of the Brits or the Swedish or whomever) or the Israelis to overhear my conversations, I'd like some other powers in on the action as well. In fact, I am less inclined to think that the Chinese have an interest in my affairs, as I am neither an Uigur, or a Tibetan, or Taiwanese, Hongkongese etc, it's the western powers that seem to be more interesting in meddling with affairs far from their home, the Chinese so far have been keeping it close...

  • I doubt that the chinese would bother eavesdropping on your average dutch person. Almost everyone in every country leads a mundane life that is of no special interest to foreign powers.

    As for the (maybe) thousand or so people in Holland who it would be valuable for any other country to have intelligence on, I reckon that every other country's spying operations already collect that as a matter of course. No matter who built their mobile phone (or will build their 5G) networks.

  • by klipclop ( 6724090 ) on Sunday May 16, 2021 @02:39PM (#61390906)
    Large numbers of highly skilled engineers are an expensive liability to have on the balance sheet, and can often appear underused when things are running smoothly. This is why cyber security will never happen in the private sector. They will just hire a bunch of non technical cyber security experts to write a bunch of documents, then outsource to China? Talk about policies built on a lie.
  • "Large numbers of highly skilled engineers are an expensive liability"

    WTF?!
    They just throw in that statement with no evidence to support it?
    And no-one questions it?

    • We bought some huawei 100G routers and they were more than happy to help however they could and send technical resources to assist setting things up. 300k and 2years later, they are sitting in storage and I'm not even allowed to set up the routers in our lab (some above my pay grade is paranoid it's backdoored and compromised beyond any way to verify it isn't)
      • The fact you got them for nearly free and they happily send engineers from mainland China to the US whenever something goes wrong may be a sign that theyâ(TM)re not really interested in your cash.

        They gave me a quote back in the day for $40k to wire an entire building with 10/25/40G, the fact it cost more than $40k in labor and the switches were only a few thousand each was a sign something was up.

        • by williamyf ( 227051 ) on Sunday May 16, 2021 @04:22PM (#61391092)

          Actually, they ARE interested in your money.

          TL;DR They are playing a long game.

          About 14 years ago I was in Huawei's payroll in my country, and I know how they operate.

          They believe in something called "extending the footprint".

          Since at the time they were considered "inferior" to western brands (which they were not) like Cisco, Alcatel or Juniper, and now, they are considered a top notch player that "spies" ( which they do not, or at least they do the same amount of spying that the other brands do), they will heavily subsidize the initial deployment of the gear, in order to "eventually" hook your company up as a customer.

          The rationale being that once they become an integral part of your organization, and the organization realizes that they are top notch, and get used to the low prices, it will be really hard and costly to rip and replace their gear. And then they can begin to charge list prices (which are still lower than the list prices of the competition) for goods and services.

          It helps them out too that they have a cost advantage over western rivals, so that, even if they are selling below cost, they are not getting as big as a blow as you may think.

           

          • Mod up. If only I could get paid to write reports that tell the consequences of loose admin rights, and you can't be bothered to audit those accesses. Flat out negligent deployment and outsourcing to other countries earns a five star idiot award to that braindead Dutch company. And now new gear, outsourced to another Chinese based set of admins with all the admin password? And as Cisco boxes had not one, two but 5 undeclared admin accounts going back donkeys. Your security is only as good as the weakest
        • You're an idiot if you think companies don't sell things at below cost. I bet you're a Tesla customer and, if so, I laugh at you.

        • companies sell at below cost or even free and provide free resources all the time, it is how they get a foothold in the market, this isn't something exclusive to chinese firms. We have had Microsoft, IBM, Amazon, Cisco and many more doing similar. They aren't doing it for good will, they expect it will lead to future support and sales.
      • by AK Marc ( 707885 )
        They prefer Cisco, where it is verified the NSA has a backdoor, so no question is required.
  • "Could" is not "has" (Score:2, Interesting)

    by Vapula ( 14703 )

    The article points that Huawei **COULD** have eavedropped on Dutch communications.

    On the other hand, USA **HAD BEEN CAUGHT** eavedropping on Angela Merkel communications...

    Basically, I'm trusting Huawei more than the USA on that point...

  • Nokia/Lucent can do it, Ericsson can do it, Huawei and ZTE can do it, Samsung can do it, NEC can do it... You get the drift...

    The feature is called "Lawfull Inception", and is a legal requirement in many conutries. This can be used and abused by the equipment provider, telecom operator, or goverment.

    Just for one example, of the beaten path, the Colombian Govt' did it (Google "Chuzasos", and then use google translate on the results) to spy on oposition politicians...

    Also, the /. headline is missleading, as t

  • Negative cannot be proven. You can always say someone might be doing the wrong thing, exploiting the fact that no one can prove the opposite. This makes YOU look bad.

    • The point is, they had access they shouldn't have had.
      • by AK Marc ( 707885 )
        Not worthy of a story. I've never worked at a compampy where someone didn't have access they shouldn't have.

        "Dutch company gives root to contractors" would be an acceptable shaming. "Chinese company accused of spying on all Dutch people" is racist clickbait.
        • all part of the new cold war narrative vs China.

        • by Bert64 ( 520050 )

          This is normal at every telco...
          This equipment is quite niche, being that only telcos will operate such equipment, and staff who know the equipment well enough to manage it are in short supply. Typically they will contract the vendor to manage the equipment for them, and the vendors require privileged access to the equipment in question in order to actually do their jobs.

          But to put it into perspective, even if the provider managed their own equipment it's still running code supplied by the vendor which prob

        • If you read the Dutch newspaper, you would find that it indicates KPN was wrong, and the interesting part of Huawei being the party with too much access was that they knew but didn't inform. It didn't say they spied on all Dutch, but that they had the capability to do so on the major Dutch telco network. And that the list of people would include several ministers and other high politicians. You just painted reporting racist, by turning "could eavesdrop" into "spied on". I only read that in your comment. And
  • What a stupid narrative.

    There really should be some legal requirement preventing this sort of FUD reporting.

    • And we know the Dutch as the largest threat China faces are massed at the Chinese border and ready to invade. The Chinese better listen to each and every person in the Netherlands to uncover their scheming and conniving. Also, they may be manipulating the price of tulip bulbs again.

  • the Dutch news (Score:4, Informative)

    by aRTeeNLCH ( 6256058 ) on Monday May 17, 2021 @12:36AM (#61391972)
    The news here is also that this story was kept a secret for 10 years because it was thought to have the potential of severely dropping the share value of KPN. That in itself is not a problem, but it would make a take over easier, and the Dutch wouldn't want that.

    As for anti Chinese sentiment, many Chinese in the Netherlands have spoken out anonymously to say they can't speak freely out of fear for their families in China or Hong Kong. Please also keep in mind that the Dutch parliament is the first in the EU to call the Chinese actions against the Uighurs genocide.

    There's also a story recently unfolding of a university in Groningen that's sponsored with Chinese funds, with the requirement not to be critical of anything related to the Chinese government.

    BTW the first link I read (use online translation services if you don't read Dutch): https://nos.nl/artikel/2377038... [nos.nl]

    • There is a standard to be met when something is classified. Commercial in confidence is the most it should have got. Embarrassment alone does not get a secret rating, usually reserved for national security matters. In this case outsourcing was reversable(insource), and there was plenty of time for remediation (say nothing, but secretly install traffic analysis - so you have a chance to catch them red handed). In this case it looks like ;Meet budgets trumped 'Get security' do it right first time - not over.
  • How many can have their phone records by such criminal groups as the NSA and the CIA?

    If Chinese spooks or US ones read my, or anyone else's. stuff and conclude that I an no threat to them, what happens to my records?

    I suspect that the Chinese ones will just store them somewhere. The US ones, however, will probably pass them on to someone else. This will either be to some corporation somewhere or to other crooks. They will be hacked or sold.

  • You don't think YOUR government doesn't eavesdrop on you?
  • Yeah they could have, but apparently there was an investigation into it but they could not find it was ever misused. But hee, Cisco just built proven backdoors into their hardware to give US agencies access. Huawei has only been accused, by the US, of doing that, but the US hasn't shown any proof yet, the real reason is probably just that the Huawei hardware is too secure for the US to hack, and that's why they don't want their allies to use Huawei hardware, because the US likes to spy on even it's allies.
  • Huawei is giving out great deals for upgrading cellphone infrastructure. What they don't tell anyone is that spyware is part of the deal.

"The following is not for the weak of heart or Fundamentalists." -- Dave Barry

Working...