Documents released by former contractor Edward Snowden suggest that the NSA has conducted espionage operations against the Chinese telecommunications firm Huawei. Details of “Operation Shotgiant”, led by the NSA’s Tailored Access Operations unit, were published in the New York Times and Der Spiegel. The NSA reportedly monitored the communications of Huawei executives at the firms’ headquarters in Shenzhen in order to identify any potential connections to the Chinese military. The documents also allege attempts to identify vulnerabilities and potentially introduce backdoors in Huawei’s products during the research and production stages. This was motivated the widespread use of Huawei technology by a variety of nation-states from which the NSA seeks to gather intelligence, but also to determine if the firm’s products were capable of surreptitiously transmitting information back to China.
Huawei had previously featured prominently in the broader cyber espionage discourse between the US and China, although this was largely due to western suspicions of state influence in the firm. These partly stemmed from the founder’s Communist Party membership and previous position as a major in the People’s Liberation Army, and had contributed to the decision to ban the use of Huawei products for US telecommunications infrastructure on grounds of national security. US officials also reportedly
This latest revelation is likely to place further strain on the already fraught bilateral relationship between US and China on the issue of cyber espionage. It coincides with the release of an official Chinese report that suggests up to 30% of attacks on Chinese PCs are launched from the US. Such claims of victimhood have featured consistently in rebuttals to American accusations of official complicity in cyber espionage. However, the disclosure regarding Huawei is likely to lend a degree of credence to such arguments. This is especially true considering the more diffuse nature of Chinese espionage and intellectual property theft, which affords a degree of plausible deniability that Snowden’s leaks have deprived from their US counterparts.
One recent such example involved a group known as admin@338, which was responsible for circulating a spear-phishing scam to government officials across the Asia-Pacific region using the promise of breaking news regarding the disappeared flight MH370 as bait. Admin@338 is believed to be supported– or at the very least wilfully ignored – by the Chinese government, and has previously attempted similar infections of US think tanks with remote access trojans, which can be used to monitor communications, steal documents, and download malware to a victim’s machine. Regardless of the mainstream media coverage of these developments, it tends not to derail existing operations mounted by either side. Accordingly, further such incidents, accusations, and counter-accusations can be expected in the coming period.