Flashpoints

China’s Silent Cyber Takeover?

Recent Features

Flashpoints

China’s Silent Cyber Takeover?

Are China and Russia using ties to US firms to secure a potentially decisive edge in cyber space?

According to the Go proverb ‘Play on the Point of Symmetry,’ when right and left have the same shape, there’s play in the centre. The ancient Chinese game of Go provides an apt metaphor for how China and Russia are leveraging US multinational corporations’ economic requirements to accomplish strategic goals that could quite plausibly include covert technology transfer of intellectual property, access to source code for use in malware creation and backdoor access to critical infrastructure.

Take the case of Chinese entity Huawei Symantec. Although Huawei has reportedly been blocked by the Committee on Foreign Investment in the United States (CFIUS) in its effort to acquire 3Leaf, and AT&T was said to be officially discouraged from purchasing equipment from Huawei by the National Security Agency (both due to national security concerns), Huawei successfully formed a joint venture with Symantec in 2007 called Huawei Symantec Technologies Co. Ltd. (HS). Huawei is the majority partner with 51 percent ownership, with the entity being headquartered in Chengdu, China.

According to the Huawei Symantec website:

‘Huawei Symantec Technologies Co. Ltd. (Huawei Symantec) is a leading provider of network security and storage appliance solutions to enterprise customers worldwide. Our solutions are developed to keep pace with evolving risks and demanding availability requirements facing enterprises. As a joint venture, Huawei Symantec combines Huawei’s expertise in telecom network infrastructure and Symantec’s leadership in security and storage software to provide world-class solutions that address the ever-changing needs in network security and storage for enterprises.’

However, a 2008 corporate briefing describes the history, capabilities, and business goals of HS, one of which is to ‘build China’s first laboratory of attack and defense for networks and applications.’

Following all this to its logical conclusion, this essentially means that Symantec, a major US information security company, is ‘assisting’ China’s cyber security research in computer network attack and defence — research that has high potential for abuse by state and non-state actors in China.

In the last few months, HS has formed two new joint ventures with US companies — SYNNEX and Force10 Networks. Why? In the case of SYNNEX, the goal is apparently to ‘distribute Huawei Symantec’s storage and security products to its resellers throughout North America.’

For Force10 Networks, Huawei Symantec said the firm ‘is pleased to establish this strategic partnership with Force10 Networks, and expects the relationship to further drive strong results for our existing North American customer base as well as tap into new business opportunities.’

Both SYNNEX and Force10 Networks currently sell to the US government. Force10 Networks’ website says that they sell their products to ‘defense, intelligence and civilian agencies to advance the bandwidth needs and reliability demands of government IT infrastructure while ensuring the economics and performance of mission critical networks.’ Since Huawei’s growth strategy includes financial support from Chinese banks that enable it to offer very low cost bids on key contracts, and since many governments (including India and the United States) have legal provisions that require them to go with the lowest bidder, these partnerships provide an apparently winning strategy for SYNNEX and Force10 Networks to secure government sales thanks to Huawei Symantec’s low manufacturing costs – all without HS’s name likely ever having to appear on the contract.

This means that Huawei, while being publicly blocked by US lawmakers from selling directly to the US government, has played on the ‘point of symmetry’ and has quietly secured access to US Defence Department and intelligence community customers through collaborative partnerships that no one has so far contested.

It’s not just China that seems to be placing itself in an advantageous strategic position.

Intel’s work in the Russian Federation dates back to 2002 with its sponsorship of a laboratory on wireless technology at Nizhny Novgorod State University (NNGU). The laboratory, located in the Department of Radiophysics, benefits from NNGU’s decades-long experience with Russia’s defence industry, especially the radar and air defence sector. According to an August 2004 Businessweek article, the lab was working on security software for high-speed wireless applications.

The laboratory’s activity is overseen by a guidance board that includes Leonid Yurevich Rotkov, the head of the Center for Security of Information Systems and Telecommunications Facilities also located in NNGU’s Department of Radiophysics. Leonid Rotkov is a noted expert on IT security. Conference agendas show he works as a security consultant for the Federal Security Service (FSB).

Until around 2008, the Center’s website stated that it was sponsored by the Federal Security Service (FSB). This statement has since been removed. However, the faculty listing for the Center includes one individual who is also an employee of the Nizhny Novgorod Branch of Scientific Technical Center (STC) Atlas. STC Atlas was previously directly subordinate to the FSB, however, it’s now a Federal State Unitary Enterprise (government owned) research institute that still works on IT security. The Nizhny Novgorod branch is one of four major STC Atlas research facilities. STC Atlas is currently certified by FSB for work on security issues including cryptology and ‘special studies.’

The physical location of Intel’s lab in a building that seems to be controlled by the FSB; performing research in a key area of interest to the FSB; and if the web evidence is to be believed is overseen by a person who worked as a security consultant for the FSB, could all potentially pose a significant security conflict for Intel’s US government customers, one that has been made even more complex by Intel’s recent acquisition of McAfee and its announced interest in acquiring database security firm Sentrigo. This is especially so as cloud services are one of Russia’s top R&D investment priorities according to the Russian Academy of Sciences.

Additional leverage is afforded to the Russian government through article 15 of Federal law N 40-FZ ‘On the Federal Security Service.’

This is a substantial threat vector because it seems to legally enable the FSB to view or ask for modifications in whatever proprietary data it wants from Intel Russia. In the past, this type of information access would have to be done through espionage. Now it can be done with a simple request. Considering Intel’s recent announcement that it’s working on a chip-based solution to end the zero-day malware problem, the FSB’s access to Intel’s technology could make any present or future solution by the company questionable, at best.

So, should US firms shun Russia and China? The economics of continued growth for many US multi-national corporations means that they can’t afford to turn away from conducting business in Russia or China. This necessity, when combined with the inherent security weaknesses of a networked world, could be leveraged by the governments of Russia and China to advance their political goals against the United States and other nation states without having to resort to traditional warfare.

This strategy is perfectly legal and can be implemented with complete plausible deniability. Yet almost no one outside of the US national security community appears ready to offer a counter-strategy.

Jeffrey Carr is an IT security analyst and the author of 'Inside Cyber Warfare: Mapping the Cyber Underworld' (O'Reilly Media, 2009). His blog can be found here.