The NSA's global spy operation may seem unstoppable, but there's at least one target that has proven to be a formidable obstacle: the Chinese communications technology firm Huawei, whose growth could threaten the agency's much-publicized digital spying powers.
An unfamiliar name to American consumers, Huawei produces products that are swiftly being installed in the internet backbone in many regions of the world, displacing some of the western-built equipment that the NSA knows -- and presumably knows how to exploit -- so well.
That obstacle is growing bigger each year as routers and other networking equipment made by Huawei Technologies and its offshoot, Huawei Marine Networks, become more ubiquitous. The NSA and other U.S. agencies have long been concerned that the Chinese government or military -- Huawei's founder is a former officer in the People's Liberation Army -- may have installed backdoors in Huawei equipment, enabling it for surveillance. But an even bigger concern is that with the growing ubiquity of Huawei products, the NSA's own surveillance network could grow dark in areas where the equipment is used.
For that reason, as the latest Snowden revelations showed last week, the spy agency reportedly hacked Huawei as part of an operation launched in 2007. The plan involved stealing source code for some of Huawei's products in the hope of finding vulnerabilities. Such security holes could allow the NSA to exploit the products and spy on traffic in countries where Huawei equipment is used -- such as Iran, Afghanistan, Pakistan, Kenya, and Cuba.
“Many of our targets communicate over Huawei-produced products,” an internal NSA document obtained by Snowden noted in 2010, according to the New York Times. “We want to make sure that we know how to exploit these products ... to gain access to networks of interest” around the world.
The spies might also have been seeking access to Huawei routers through management consoles operated by Huawei support staff, giving them privileged access to customer systems.
Just how widely used are Huawei products?
The concerns about Chinese government influence over Huawei have kept the company's products out of the North American market for the most part, as well as some other western markets. But because of price-cutting, Huawei has become popular in parts of Latin America and the Middle East and is currently the leader in the world's $13-billion-a-year market for fiber optical networking equipment, having surpassed Alcatel-Lucent and other companies.
The optical market includes all networking equipment, minus the cables, used for communicating over land-based optic and ethernet networks -- this includes switches, repeaters that amplify the signal strength on long-haul transmissions, and landing-station equipment installed where undersea cables come ashore.
The company pulled in about $3 billion last year in that market, primarily in Asia-Pacific, Latin America, the Middle East and Africa, according to technology research firm IDC.
Even more important, Huawei is also the fourth-largest provider of backbone routers, according to IDC, after Cisco, Alcatel-Lucent, and Juniper Networks.
Huawei produces a variety of routers for home and small businesses and for connecting cell phone sites on mobile networks. The overall router market in 2013 was about $14 billion. Cisco grabbed about 60 percent of that market share, while Huawei had $1.3 billion last year. That's just 10 percent of the total market, but the company's growth in this area has been steady. In 2011, the company sold about 35,000 routers worldwide. That increased to 49,000 in 2012 and 54,000 last year.
The biggest growth in router revenue, however, has come primarily from its sale of 400G routers used for the internet backbone.
"They're making inroads into what Cisco and Juniper had, [which was] 97 percent of that market up until three years ago," says Nav Chander, research manager for telecom business services and associated carrier network infrastructure for IDC's Worldwide Telecom Division. "Huawei is displacing Cisco and Juniper in other regions outside of the U.S."
Customers that signed router contracts with Huawei last year for packages that contained 400G routers include top telecoms in a number of countries, including Swisscom in Switzerland and DNA in Finland, Saudi Telecom Company and MTN Group's operations in Africa and the Middle East, Telkom in South Africa, America Movil in Ecuador and Brazil, Telefonica's operations in Brazil, and Entel in Chile.
Huawei entered the core backbone router market only about six years ago with its 100G routers, but has aggressively undercut competitors' prices to gain a swift foothold. Backbone routers can run anywhere between $50,000 to several million dollars for core units, Chander says.
"Some of the big routers, when you add all the pieces, these are very powerful routers handling tens of millions of phone calls and billions of transactions. They're probably 1,000 or more times the capacity than even existed five years ago," he says.
But Huawei cut its prices by 25 to 50 percent in some cases, working its way into the market by appealing to service providers who are struggling financially to compete. Advanced 400G routers have only been available from Huawei and other companies for a couple of years, but IDC estimates that Huawei has sold over $500 million worth of 400G and previous-generation 100G backbone routers in the past three years. The company announced 53 contracts in the last half of 2013 for its 400G routers, including one in Spain.
"I think the pricing helped Huawei get in the door in many of these markets like Latin America, where Huawei was nowhere seven or eight years ago," Chander says. "[Service providers] said, 'We have no choice, it’s so cheap, we can’t afford not to look at it.' They’ve created beachheads in many of these markets."
One of the company's biggest coups in the west occurred in 2005 when British Telecom signed a £10 billion multi-year deal with Huawei for optical equipment and routers, a purchase that shocked parliamentarians when they learned about the done-deal.
Chander says that British Telecom didn't buy Huawei core backbone routers but did use the Chinese company's other equipment on the broadband network used by residential and some government customers. But this doesn't preclude the equipment from also being used on the private networks that corporate clients lease for their traffic.
"You can use the same [equipment] to switch internet and private traffic," he notes. "Years ago you’d have separate, dedicated hardware and software for the private part. But with cloud services and regulation, and because it’s so expensive to maintain this equipment, [some companies] decide to consolidate these networks."
It's unclear how much of an inroad the NSA has made into exploiting Huawei routers and networking equipment, but the agency may have bigger problems in a few years as the market for networking equipment shifts to software-based techniques.
Chander says the NSA contacted him about five months ago to have him brief some of its employees by phone about the move to so-called software-defined networks. The concept was developed at Stanford University and UC Berkeley. At its core is the idea that the systems that decide where traffic should go can be separated from the systems that actually transmit it to its destination, removing some of the functionality from hardware that does the latter job by replacing it with software applications that can communicate across platforms regardless of which company made the hardware.
Software-defined networks will open the development of software networking solutions to hundreds of other companies and independent developers to build applications and services that communicate with hardware made by Cisco, Juniper and other companies, much the way thousands of app developers currently create differing programs to run on Apple devices today.
Chander says this move will be good for innovation but bad for spying because, he says, "the NSA will have less control over it."
"The traditional way of getting into networks has been somewhat easy, because with Cisco, Juniper, Alcatel-Lucent and Huawei, those are defined equipment and tech, and those are only four companies to worry about," he says. "Now you will have millions of developers over the next few years, as you open up the networking world to [development]. There could be literally thousands of products [the NSA will] have to manage and figure out how to break into."
Chander was never told who was on the call for his phone briefing with the NSA last year but says "they were very interested in what I saw [happening] in the market. You read between the lines."
