Feeds

back to article US nuke lab drops Chinese networking kit

The Los Alamos National Laboratory, home of some US research into nuclear weapons, has replaced networking kit from Chinese vendor H3C over security concerns, according to Reuters. Reuters says it has read internal correspondence suggesting the removal of the H3C devices was undertaken as part of a wider review of risks posed by …

COMMENTS

This topic is closed for new posts.
Bronze badge

He who looks behind the door hath hid there once himself.

I assume US officials know all about the home countries of telecom companies getting backdoors installed into the stuff exported to foreign countries.

11
0
Silver badge
Meh

The McCarthy Era

The McCarthy Era Witch Hunts all over again.

God Bless America!

11
1
Bronze badge

One could suppose that this is ...

An argument for open source.

I'll let others argue the point ad-infinitium.

3
0
Silver badge
Devil

Re: One could suppose that this is ...

That would be "open VHDL" but even that might not be enough to allay fears.

Chinese are crazy prepared. Twitch wrong and they will transit a packet with a special bitpattern that will make your hardware self-destroy.

1
3
Anonymous Coward

A back door Chinese vendors can access without users' knowledge.

Who needs a backdoor when (as documented by FX Lindner at HitB conference) Huawei routers are so easily exploitable?

2
2
Silver badge
Paris Hilton

Re: A back door Chinese vendors can access without users' knowledge.

Most systems are exploitable, they question is, "can they be secured?"

Or in this case, I suspect, "who gave the largest political donation?"

What's more sensible, subverting the code and putting all sales at risk, or compromising someone at the outsourced management company?

3
0
Bronze badge
Big Brother

Re: A back door Chinese vendors can access without users' knowledge.

You would have thought that with John Suffolk now Global Head of Cyber Security at Huawei that such suspicion would begin to evaporate. Particularly after such an illustrious career:

http://cn.linkedin.com/pub/john-suffolk/0/b72/b21?trk=pub-pbmap

Then again....

0
0

Has someone been reading Freedom by David Suarez and making idol comments over the water cooler.

0
0
Silver badge
Thumb Up

But who is the idol of the moment?

Let me consult page 3...

0
0
Silver badge
WTF?

Why are secret content networks ...

even connected to the InterNet?

Seems kind of dumb. But we are talking about American 'security' (think Manning).

I know some companies that do development work on a cut-out Intranets whose only common "interconnection" is the electrical power source. Another uses floppies for working data which are destroyed each night.

4
0
Anonymous Coward

Re: Why are secret content networks ...

Because secret content networking is usually done with VPNs over the internet, rather than going to the extreme expense of laying one's own cable.

0
0
Silver badge
Pint

Re: Why are secret content networks ...

> floppies for working data which are destroyed each night

I wonder how long that can go on past 2013.

Did they get a container of floppies on e-bay for a few pennies??

3
0

Re: Why are secret content networks ...

I'm rather surprised they don't get destroyed in the drives. I remember floppies...

0
0
Anonymous Coward

Certian companies....

...in the US must be spending more on backhanders than R&D these days.....it's working well for them I see.

3
0
Silver badge
Joke

Cisco of course is immune to Chinese tampering. What, you mean they are made in China as well? Tell me its not so!

<= for the hard of thinking.

3
0
Silver badge
Pirate

It actually amazes me that any government would use kit that wasn't built by a national country. If I wanted to spy on a government then it seems the best way would be to seed their infrastructure with devices that report back.

0
2
Silver badge
WTF?

These aren't the forties.

"Built by nation X" no longer has much meaning.

Except if you are ordering up a vertushka ["a dialless phone made to receive important calls, but unable to make any"] for your office and even then I wouldn't be so sure.

5
0
Silver badge
Big Brother

No matter who you are, do you trust your own government not to be spying on you. Perhaps not so much here in Europe, but the Merkins should be really afraid.

3
0
Silver badge
Big Brother

I don't quite get it.

Surely if you operate a "secure" or "sensitive" operation then you MONITOR all your outgoing traffic and you know what is going where (otherwise known as Data Leakage Prevention). You can see packets that are being routed to unknown or untrusted destinations. That is if your secure element is even connected directly to the outside world.

Or do they think the Chinese have pioneered the subspace ether used in Star Trek that allowed transmission beyond the speed of light?

3
0
Bronze badge
Black Helicopters

Good idea...

Now, who do you buy network monitoring gear from? qui custodit custodes

But, overall I think they'll have a hard time finding a supplier that isn't owned by and doesn't employ citizens from all countries they might have a bit of a disagreement with during the lifetime of the kit.

If they are going to be properly paranoid, they should keep quiet about their suspicions, buy the kit, reverse engineer it, find the backdoors and use them for feeding disinformation.

1
0
Anonymous Coward

I think I get it...

They couldn't simply be trying to (mis)lead other companies and governments into buying overpriced Chinese made crap that's passed through a good ol' Merkin middleman? Perhaps in a last-gasp attempt to protect their economy from the cataclysm of having to mint that TREEEEELION dollar coin they're getting all excited about ATM!

Bless.

1
0
Silver badge

Yes you monitor all traffic, but on a certain date the malware bomb explodes then you compromise the traffic. Don't take my word for it though, the Iranians will tell you all you need to know.

0
0
C-N
Boffin

Don't call me Shirley

And, surely if you're installing back doors on networking gear, you're not having it call home hourly to super-sekrit.chinese.spy.server.cn

0
0
Bronze badge

RE: ...you're not having it call home hourly...

NO, more likely, it has a listener in its firmware that just waits for a specifically crafted packet to arrive, and then BAM, the shit hits the fan.

That day could take many years to arrive.

0
0
Anonymous Coward

Protectionism via paranoia?

I wonder if any US vendors have been seeing returns on their lobbying investments?

1
0
Anonymous Coward

Re: Protectionism via paranoia?

Australia?

Although one has to wonder what inducements were offered at those "high level" meetings to persuade the Aussies to prop up the FUD

0
0
Anonymous Coward

could it be

The Risky Business podcast makes the point that the main problems with networking kit from PRC are:

1) the code quality is *awful* (think IOS in the 1990s) along with all services turned on by default, 12 bit authentication cookies for web interfaces &c

2) all the debug commands only produce output in mandarin making it necessary to have Chinese technicians that may spend a lot of time hanging around in their embassy.

0
0
Anonymous Coward

So... where have they gone to find hardware not made in China?

0
0

It's not about China, It's about the Lobby

This is just a move to get "donor supported" gear into gov locations.

I am sure if IBM was to buy Huawei that they would turn around and quickly deem it all to be safe.

0
0
Bronze badge
Coffee/keyboard

For those that think the Americans are crazy...

I wonder if any have actually looked at the circut patterns in many of the chips coming out of the Pacific Rim countries? - Not just China. Anyone with an eye for schematics and design, can obviously see chip doping going on. Apple was a victim of this once from a vendor, that put doped chips in the keyboard circuit for Mac Air Laptops. This is a regular repeating news item folks; it doesn't take a rocket scientist to see the brazen obvious.

0
1
Anonymous Coward

from sea to shining sea?

refers to Canada. CANADA!

0
0
EJ
Big Brother

Outsourcing

It makes as much sense to rely on foreign-made equipment for the critical infrastructure of your nation's defenses as it does to outsource your spy network. If you want it done in a way you trust, you do it yourself.

No one should have raised an eyebrow when China announced the Red Flag Linux initiative. Nor should people be surprised by other nations' objections to RIM being in charge of their communication, or the US dictating their Internet access.

It all boils down to: who do you trust? Anyone who is trusting the Chinese these days are fools.

1
0
Bronze badge

Re: Outsourcing...If you want it done in a way you trust, you do it yourself.

And I keep trying to get THAT past the stupid beancounters every time there is a discussion of how IT outsourcing can save money.

Once the discussion has degraded into a free-for-all, and lots of name calling; usually this question stops the beancounter dead in his (or her) tracks: "Are you willing to be your entire pension on the outcome of this outsourcing proposal?" The answer to date has always been the same: "No".

0
0
This topic is closed for new posts.