(Image Credit: iStockPhoto/alexxx1981)
When sensitive NSA documents were leaked to the hacking group Shadow Brokers, it became only a matter of time before the public learned more about the agency’s recent activities. The initial disclosures from those files indicate the NSA developed tools that exploited vulnerabilities in network equipment from major vendors such as Cisco, Huawei, and Juniper to monitor traffic passing through those systems.
Cisco and Juniper have said they investigated the reported flaws and issued fixes where necessary. Huawei has not detailed the specific vulnerabilities but stated the company is making significant investments to strengthen the security of its products.
In an official statement, Huawei said: “Huawei is aware of allegations of past government attempts to exploit commercial networking gear. We know that networks and related ICT products are under regular and widespread attack and we make significant investments in innovative technologies, processes and security assurance procedures to better secure them, as well as the networks and data of our customers.”
“Huawei believes it is important for industry and governments to work together to improve network and data security and to build trust in the digital world by collaborating on agreed standards and best practices for the industry.”
After the files were released, Cisco reported it promptly reviewed the leaked material, identified affected systems, and determined the vulnerabilities impacted Cisco ASA devices. On August 17, the company issued two security advisories and made free software updates and workarounds available where possible.
Juniper said it was analyzing the leaked files and noted this was the first time examples of the alleged tools were available for inspection. In initial analysis, the company identified a vulnerability in NetScreen devices running ScreenOS and said it would provide further information through its blog or a security advisory once more details were confirmed.
The reports that government agencies may have targeted Huawei equipment are notable given the company’s exclusion from some U.S. telecommunications infrastructure projects amid concerns about ties between its founder and the Chinese military. In 2012 the U.S. government cited national security risks, alleging Huawei and ZTE could implement backdoors in equipment to exfiltrate sensitive information—a claim both companies have denied.
Guo Ping, one of Huawei’s rotating chief executives, has argued that U.S. businesses and consumers lose out while the company is excluded from the American market, and he has said Huawei would consider re-entering the U.S. if invited. In the United Kingdom, foreign telecom equipment such as Huawei’s is reviewed by GCHQ before being approved for use.
What are your thoughts on the NSA’s reported exploitation of telecommunications equipment? Share your views in the comments.