A US investigation into China's largest networking company, Huawei Technologies, has left Chinese officials livid. The investigation reportedly was instigated by ongoing rumors that the company is a tool of the country's intelligence apparatus.
Even more troubling to officials is how the NSA allegedly turned the company into a tool of American intelligence instead.
During the course of a project code-named "Shotgiant," the NSA penetrated the corporate networks of Huawei so completely that US officials were able to read email from the company's CEO, download sensitive documents on more than 1,400 large Huawei customers, as well as technical data on current products and those still in development, according to documents released by former NSA contractor Edward Snowden to Der Spiegel and The New York Times.
"We currently have good access and so much data that we don't know what to do with it," according to one NSA report from 2010 quoted in Der Spiegel.
Rather than stop at simply collecting more information than it could process, however, a NSA special-operations unit bored into the company's technical data, eventually compromising servers holding source code for the firmware that runs the routers and switches Huawei builds for large corporations and telecommunications companies.
The goal was to build secret backdoors or security flaws into the source code, which Huawei would then build into its own products and distribute to a customer base so large that Huawei boasts that its products connect a third of the world's population.
NSA headquarters in Fort Meade, Maryland
"Many of our targets communicate over Huawei-produced products," according to one of those reports. "We want to make sure that we know how to exploit these products," in order to "gain access to networks of interest," according to the document.
An ongoing operation
Rather than being an anomaly, the plan to bug Huawei firmware fit neatly into an apparently ongoing NSA effort to magnify the impact of its efforts by installing bugs and backdoors into the firmware of commercial technology products to be distributed by oblivious technology vendors and sold to potential targets with no indication the NSA had ever been involved. Previously released documents report similar efforts to compromise products from Western Digital, Seagate, Maxtor, Samsung, and other, mostly US-based companies.
The NSA unit involved -- the Office of Tailored Access Operations (TAO), which is based in Ft. Meade, Md. -- is a cadre of encryption and penetration specialists who can be called into action like a special-forces strike team to penetrate high-value targets with unusually tough security, according to Der Spiegel. A TAO sub-group known as ANT builds circuit boards disguised as USB devices or other, more subtle camouflage, which can be implanted in targeted servers and secretly broadcast everything they do to nearby NSA relay stations.