dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
share rss forum feed


El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4
Reviews:
·TekSavvy Cable
·TekSavvy DSL
reply to DSL_Ricer

Re: HUAWEI in Canada. And right beside (900ft!) the USA border.

said by DSL_Ricer:

Re-routed?

"Law-full" access interfaces don't change routes. They just send a copy to whoever requests it.

Bad terminology on my part. Assuming a copies were being sent back to China (or Huawei) the network operator would (should?) notice.

At least that what I meant to say, feel free to add if you think that isn't an accurate assessment.
--
Everything in moderation... Including Moderation --Oscar Wilde


Ott_Cable

@teksavvy.com

Communication systems sold already have capabilities for backdoor law enforcement access as part of the requirement. What if they have a way to use the same back door for spying specific target and recover the data without the customers knowing. Here is a scenario...

What if they were to collect the data silently and encrypted into internal normally unused non-volatile storage. After a few years when the storage is full or external trigger (say exception packets processed by the CPU matches certain CRC & payload signature), the equipment would "crash" and dump out the encrypted log file into the coredump.

The "helpful" support people at the China site would recommending the customer to ftp over their core dump. They would send them a "test load" a couple days later that magically "fixes" the system and to cover the track or "re-target" the system.



El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4
Reviews:
·TekSavvy Cable
·TekSavvy DSL

said by Ott_Cable :

What if they were to collect the data silently and encrypted into internal normally unused non-volatile storage. After a few years when the storage is full or external trigger (say exception packets processed by the CPU matches certain CRC & payload signature), the equipment would "crash" and dump out the encrypted log file into the coredump.

The "helpful" support people at the China site would recommending the customer to ftp over their core dump. They would send them a "test load" a couple days later that magically "fixes" the system and to cover the track or "re-target" the system.

Although I agree with you that this is possible, there are several issues with what you're proposing.

1) Information gets outdated fast.

2) Chances are most ISPs/Telcos would be doing their own support.

2.b) Most shops finding encrypted info on a router would likely be flashing their own firmware and would find it rather quickly.

3) the vector of attack is just too broad... why bother doing this through Huawei when you can outsource this to a cyber-espionage team that can get the targeted information your government needs and provide maximum deny-ability?

I think this whole scam is protectionism masquerading as patriotism.
--
Everything in moderation... Including Moderation --Oscar Wilde


Ott_Cable

@teksavvy.com

>2) Chances are most ISPs/Telcos would be doing their own support.

It is not a CPE I am talking about as the hardware barely have enough resources to do anything nor aggregate enough of data to be useful. I have dismissed that right at the beginning for cable Modem thread.

If it is in a cell phone tower per topic, you certainly won't find any pieces that can be serviced by the provider's own tech.

Network equipments sitting at the providers are the ones that are "banned". They are not for DIY supports. The vendor charge good money for a support contract for exactly this reason.



El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4
Reviews:
·TekSavvy Cable
·TekSavvy DSL

said by Ott_Cable :

If it is in a cell phone tower per topic, you certainly won't find any pieces that can be serviced by the provider's own tech.

Network equipments sitting at the providers are the ones that are "banned". They are not for DIY supports. The vendor charge good money for a support contract for exactly this reason.

You may be correct but that still doesn't make the vector of attack any better.

My real issue with this, is why bother harvesting a bunch of useless crap from a cellphone tower, which is less effective, and much more liable than a directed cyber-attack?

I'm not denying that the Chinese are involved in some serious political and industrial espionage, I'm just saying doing it through a commericial enterprise that depends on goodwill from both its clients and foreign government isn't the way to do it.
--
Everything in moderation... Including Moderation --Oscar Wilde


Ott_Cable

@teksavvy.com

I am just pointing out that the opportunities are there and not necessarily the motives. My scenario is what I can come up within minutes of reading your initial post. The best kind of stealing things are when the security guard even help you out opening the doors when you try to pull out a trolley full of "goodies" out the front door or shipping area with nothing other than a dog tag, a clip board and some cheap vinyl prints on a van. (It can be a few hours of posting delays as I am being an Anon here.) I am sure the ones in the "game" can do a lot better.

My position is not on the side of the actual vendor doing the attack. There are no gains nor needs for the vendor in question doing so. As I have previously pointed out, it is far more easier for China (as a nation) to put backdoor into other vendors' products to shift blame and position them in places China's own product can't. How many times have you heard of a FLASH stick or some hardware products having a virus straight from the factory. Once again the opportunities are there.

As for industrial espionage, why does China even need to do that when US manufacturers offshore their manufacturing and provide full packets of engineering spec including full bill of material, mechanical blue prints, logos, PCB layout files, firmware files, testing procedure and even trouble shooting support to building their products. Some of them even get access to full training and to full source code access when those corporation setup shop in China doing sustaining or even full R&D for new products.

Political influence is easy. Look at Emperor Harper etc and how easily they bend over backwards for corporations.



El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4
Reviews:
·TekSavvy Cable
·TekSavvy DSL

said by Ott_Cable :

I am just pointing out that the opportunities are there and not necessarily the motives. My scenario is what I can come up within minutes of reading your initial post.

That was some serious anon-lag, I been waiting to read your post for hours now.

More on this later, I have a bit of work to catch up on.
--
Everything in moderation... Including Moderation --Oscar Wilde


Ott_Cable

@teksavvy.com

BTW this is an interesting article. Whoever done is very smart in bouncing that data to a 3rd party phone (could be a burner) on the network in real time. The equipment is made by Ericsson and time frame is 2004.

»spectrum.ieee.org/telecom/securi···affair/0
"COVER - The Athens Affair - How some extremely smart hackers pulled off the most audacious cell-network break-in ever"

>To diagnose the failures, which seemed highly unusual but reasonably innocuous at the time, Vodafone contacted the maker of the switches, the Swedish telecommunications equipment manufacturer Ericsson.

>We now know that the illegally implanted software, which was eventually found in a total of four of Vodafone's Greek switches, created parallel streams of digitized voice for the tapped phone calls. One stream was the ordinary one, between the two calling parties. The other stream, an exact copy, was directed to other cellphones, allowing the tappers to listen in on the conversations on the cellphones, and probably also to record them.