A secret report from 2010 – now in the hands of Dutch newspaper de Volkskrant – shows that Chinese supplier Huawei had free access to telephone numbers and calls on the Netherlands telecom provider KPN.
The company also had unlimited access to millions of customer details of KPN’s subsidiary, Telfort. The Dutch Parliament has asked questions, and the telecom agency has launched an investigation.
Dutch intelligence service AIVD has long been concerned about Chinese espionage. As early as 2008, the organization noticed an increase in the number of cyberattacks from China on the Dutch government and businesses. Ministries and high-tech companies, in particular, have been favorite targets.
Nevertheless, Dutch telecom companies are investing heavily in equipment from Huawei because the supplier’s equipment is much cheaper than that of its Western competitors, Nokia and Ericsson. When KPN subsidiary Telfort’s customer and the invoicing system needed replacing and various quotes were on the table, Huawei was found to be asking only 25% of the price of the other providers, according to confidential documents seen by de Volkskrant.
The newspaper also has in its possession a secret report that Capgemini drew up in 2010 after KPN asked the consultancy firm, in 2009, to conduct a risk analysis in preparation for the complete outsourcing to Huawei of the management of Chinese network equipment in KPN’s mobile network. The final report stated: “Huawei personnel can eavesdrop on unauthorized, uncontrolled and unlimited KPN mobile numbers, both within KPN buildings and from China. Huawei knows which numbers are being tapped, and the company gains unauthorized access to the heart of the mobile network from China. In doing so, the company is in breach of its agreements with KPN.” At the time, KPN’s mobile network had 6.5 million subscribers, and the Dutch government also used it.
Capgemini’s research shows that in 2009, six Chinese Huawei technicians at KPN headquarters were managing the equipment at the core of the mobile network. They were quickly able to look into the heart of the web, and unencrypted access data flows. The agreements with KPN regarding access to this part of the network are strict, but the report shows that Huawei did not adhere to these procedures and had uncontrolled and unauthorized access.
The Capgemini researchers also discovered that the six Chinese employees had access to the call content of intercepted telephone numbers and worked with a program that enabled them to listen in on every telephone call via KPN. Because no records were kept when Huawei listened in and the software used was entirely in Chinese, the investigators could determine whether and how often calls were tapped.
A source told de Volkskrant: “They could tap numbers, they could listen in anywhere in the world, KPN had no idea what Huawei was doing on their network.” A confidential KPN report from 2011, which is also in the hands of de Volkskrant, shows that Huawei had unlimited access to the customer data of millions of subscribers of Telfort, having installed various technology in that company’s customer invoicing system to obtain the data.
According to Bart Jacobs, a computer security professor at Radboud University in Nijmegen, Chinese companies work. “That is apparently how they deliver their software,” he told de Volkskrant. “And that is where we still have an important lesson to learn now – Huawei itself appears to have a deep presence in the systems it delivers.”
Sico van der Meer, the cyber security researcher at the Netherlands’ Clingendael Institute for International Relations, also sees this as proof of how the Chinese can operate. “For years, intelligence agencies have been saying that Huawei and other Chinese telecom companies are engaging in espionage, but concrete evidence has always been lacking,” he told news service NOS. But the ordinary Dutch KPN customer does not have anything to fear, he added. The Chinese are after business secrets, military secrets, state secrets,” Van der Meer told NOS. “The conversations of ordinary customers are not relevant to them.