Equipment made by the two biggest Chinese telecommunications manufacturers secretly sends data back to China and has flaws that allow hackers to infiltrate computer and phone networks, according to details of a scathing new congressional report issued Monday.
The two companies — Huawei Technologies Ltd. and ZTE Corp. — also breached U.S. law, including sanctions and anti-bribery statutes, states the report, the result of an 11-month investigation by staff of the House Select Committee on Intelligence.
Officials from the two firms once again strongly denied charges they had aided Beijing’s cyberspying efforts, with Huawei Vice President William Plummer telling the Xinhua news agency that the latest accusations were “dangerous political distractions.”
“The report released by the committee today employs many rumors and speculations to prove nonexistent accusations,” the Shenzen-based company said in a statement.
The Chinese Foreign Ministry also weighed into the debate, with spokesman Hong Lei denying the U.S. charges and defending the practices of the country’s telecommunications industry.
“We hope the U.S. Congress can respect the truth and overcome biases so as to boost bilateral economic and trade cooperation, and not the reverse,” he told reporters in Beijing.
The House committee report recommended that government equipment should not include components made by Huawei and ZTE, the administration should use national security powers to block any mergers or takeovers they attempt, and U.S. firms should not do business with them at all.
Rep. Mike Rogers, the committee’s chairman, said using these companies’ equipment and services in U.S. telephone or computer networks “undermines the core U.S. national security interests.”
“As a majority of U.S. networks are run by private companies, we recommend that private network providers find other vendors. Government systems and contractors should also exclude these companies’ products as well,” the Michigan Republican said Monday.
Huawei and ZTE are among the top global suppliers of telecommunications equipment, and high-speed mobile telephone and Internet hardware.
The report, without giving any details, says investigators found examples of “beaconing” — a hidden component inside a network secretly broadcasts to an outside computer.
“It could be a router [that] turns on in the middle of the night and starts sending back large data packs, and it happens to be sent back to China. That’s unusual,” said Mr. Rogers.
A router allows multiple computers or other devices to use the same connection to the Internet. Large routers, such as those made by Huawei, are at the heart of modern telephone and computer networks.
Huawei, a private company founded by a former high-ranking Chinese military engineer, operates in more than 140 countries and has grown with astonishing speed in the past five years to become the world’s second-largest supplier of network hardware.
ZTE is the world’s fourth-largest mobile phone manufacturer, with 90,000 employees worldwide.
Committee members have made the beaconing allegation before, and Mr. Rogers was challenged about the absence of any detail about the charge in his panel’s report. He said the victims of the beaconing were reluctant to come forward.
“So there isn’t this huge outcry, people wanting to line up at press conferences to talk about material that they’ve had beaconed off of their particular routers,” Mr. Rogers said.
Similarly, the report provides few specifics to back up the committee’s allegations that equipment made by the companies has secret “back doors” that allow unauthorized access to the networks in which they are used.
But at a security conference earlier this year, a well-known “white hat” computer hacker who uses the handle FX demonstrated a series of vulnerabilities in Huawei systems.
“The flaws [he demonstrated] are numerous and [include vulnerabilities to] simple attacks known since the 1990s,” said Ira Victor, a computer forensic specialist for Data Clone Labs who attended the presentation. “These are not flaws that are found in competing vendors.”
The committee report states that, since the firms’ products often include thousands of components and millions of lines of code, it is nearly impossible to ensure their security against deliberate efforts to compromise it by the manufacturers.
The report also states that evidence about unrelated illegal activity concerning sanctions busting, bribery, and labor and immigration law violations has been handed over to the FBI.