Come on Huawei... Huawei general sales director in Poland gets arrested under charges of spying for China

[Brooksie359]

3 hours ago, Arika S said:

so are they being charged with direct espionage (as in, they as individuals were the ones doing it)? or is it just because they work for Huawei?

Why would they arrest 2 polish citizens along with them if it was just because they work for Huawei?

[suicidalfranco]

Chinese companies boycotting Apple intensifies 

[Taf the Ghost]

9 minutes ago, Brooksie359 said:

Why would they arrest 2 polish citizens along with them if it was just because they work for Huawei?

Because that's how most spy rings work. You have a foreign national running an operation with developed agents in the foreign country.

 

As for the moves against Chinese Telecoms, a few years ago, the USA got a high-level intelligence agent to defect from China to the USA with a massive trove of data. What we've been seeing probably is the result of that. Beyond the Money/Influence that comes from the next infrastructure build out, there's clearly something more behind the scenes that everyone is reacting to and not saying anything about.

 

I'm starting to think an important set of crypto got broken about 2-3 years ago, but no one wants to admit it was compromised because they can keep spying on pretty much everything... oh jeez, did AES get broken?

[Brooksie359]

7 minutes ago, Taf the Ghost said:

Because that's how most spy rings work. You have a foreign national running an operation with developed agents in the foreign country.

 

As for the moves against Chinese Telecoms, a few years ago, the USA got a high-level intelligence agent to defect from China to the USA with a massive trove of data. What we've been seeing probably is the result of that. Beyond the Money/Influence that comes from the next infrastructure build out, there's clearly something more behind the scenes that everyone is reacting to and not saying anything about.

 

I'm starting to think an important set of crypto got broken about 2-3 years ago, but no one wants to admit it was compromised because they can keep spying on pretty much everything... oh jeez, did AES get broken?

My point was that if they are being arrested along with 2 polish citizens then it isn't a simple matter of them working for Huawei. They must have something concrete on them if they wrested the other 2 as well. 

[Taf the Ghost]

8 minutes ago, Brooksie359 said:

My point was that if they are being arrested along with 2 polish citizens then it isn't a simple matter of them working for Huawei. They must have something concrete on them if they wrested the other 2 as well. 

Two technical points. 1) All Major Chinese Companies are parts of the Chinese Government. 2) Every Chinese National is, by Chinese policy, an intelligence agent and can be debriefed upon return to China. (This is why there really should be a ban on Chinese College students.)

 

I bring those up because most Western powers tend to run agents through Defense Contractors. China clearly has decided to run them through other types of companies, which brings their entire product stacks into question. 

[mr moose]

7 hours ago, Delicieuxz said:

 

snip

 

 

 

This thread will be treated like all the others.  The difference is your thread started of as a political rant about a tech company, the other threads became a political rant. If this becomes a political hodge podge it'll get closed too.

[Chett_Manly]

If they are doing it in Poland, they have to be doing it everywhere right? Not to be mean to Poland, but its not a military, economic, or strategically powerful country. So if they are bothering to use Huawei as a front to commit espionage against Poland, it then can be almost taken on faith that every country where Huawei has inroads likely has Chinese agents at work.

[D13H4RD]

The big question on my mind is that whether this is done in relation to privacy concerns related to everything Huawei or is it related to some form of espionage that just happens to involve a Huawei guy? 

[Guest]

15 hours ago, aisle9 said:

inb4 China realizes they don't have a Polish ambassador

China will detain all of Poland.

[D13H4RD]

Just now, RorzNZ said:

China will detain all of Poland.

Inb4 the Chinese do the slav dance

[Maticks]

Huawei hardware is known for spying and sending data back to China.

I don't know why anyone would buy a Huawei phone or device for that matter unless security is the last thing on your mind.

 

Lets hope the world ban's them for every Telco and Retail Store.

[Hobox]

And people defend them in the US, lol. It's almost like US intelligence committees have research and information they don't release to the public when deciding companies like this might be spying! Wow, shocking!!! 

[ScratchCat]

16 hours ago, Taf the Ghost said:

As for the moves against Chinese Telecoms, a few years ago, the USA got a high-level intelligence agent to defect from China to the USA with a massive trove of data. What we've been seeing probably is the result of that. Beyond the Money/Influence that comes from the next infrastructure build out, there's clearly something more behind the scenes that everyone is reacting to and not saying anything about.

 

I'm starting to think an important set of crypto got broken about 2-3 years ago, but no one wants to admit it was compromised because they can keep spying on pretty much everything... oh jeez, did AES get broken?

I would place my bet on IKE, the key exchange of IPsec. There were suggestions from various leaks that the NSA could break a large proportion of VPN connections and with IPsec being used frequently in an enterprise environment it could make it the exploited target.

 

In 2015 the Logjam attack was made public which would explain how the NSA could be decrypting VPNs on a large scale. It is based around the fact that part of the algorithm used to crack the Diffie-Hellman key exchange is based off a constant value which is the same for all implementations of the same key size so an adversary could precompute (and the NSA has a lot of money to spend on equipment) the part of the solution for this constant value and use it later to quickly crack a key exchange later.

Quote

“The parameters” (or group) are some big numbers that are used as base for the DH computations. They can be, and often are, fixed. The security of the final secret depends on the size of these parameters. This research deemed 512 and 768 bits to be weak, 1024 bits to be breakable by really powerful attackers like governments, and 2048 bits to be a safe size.

Quote

For the most common strength of Diffie-Hellman (1024 bits), the researchers estimated it would cost a few hundred million dollars to build a machine, based on special purpose hardware, that would be able to crack one Diffie-Hellman prime every year.

https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/

https://www.theregister.co.uk/2015/10/19/nsa_crypto_breaking_theory/

 

There were counter arguments to the paper but even if it wasn't feasible then remember - the NSA have had 4 more years and can store any interesting traffic it wants for later decryption.

 

I would also argue that AES has not been broken - the NSA still recommend AES, although they did up the recommended key length for certain materials to 256-bits a while ago.

[Taf the Ghost]

9 hours ago, ScratchCat said:

I would place my bet on IKE, the key exchange of IPsec. There were suggestions from various leaks that the NSA could break a large proportion of VPN connections and with IPsec being used frequently in an enterprise environment it could make it the exploited target.

 

In 2015 the Logjam attack was made public which would explain how the NSA could be decrypting VPNs on a large scale. It is based around the fact that part of the algorithm used to crack the Diffie-Hellman key exchange is based off a constant value which is the same for all implementations of the same key size so an adversary could precompute (and the NSA has a lot of money to spend on equipment) the part of the solution for this constant value and use it later to quickly crack a key exchange later.

https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/

https://www.theregister.co.uk/2015/10/19/nsa_crypto_breaking_theory/

 

There were counter arguments to the paper but even if it wasn't feasible then remember - the NSA have had 4 more years and can store any interesting traffic it wants for later decryption.

 

I would also argue that AES has not been broken - the NSA still recommend AES, although they did up the recommended key length for certain materials to 256-bits a while ago.

IKE or some part of the HTTPS system would make sense. Chinese backdoors at the Edge would let them scoop up all of the active data transmission for later decrypt. AES is probably crackable, for the NSA, in the "we really, really don't want to, but if it's the absolute last resort...". I just threw it out there because it's the only thing most might have heard about and it really would be extremely bad if it was broken.

[Blademaster91]

On 1/12/2019 at 2:01 PM, Nicnac said:

-snip-

There isn't anything but allegations of spying, none of those countries backed it up with any proof. Topics like this are hardly tech news and usually end up being a political argument.

[spartaman64]

if you have proof they are spying why would you continue to let them sell products in the country? 

[Eaglerino]

Why isn't this company universally banned yet