A secret report from 2010 – now in the hands of Dutch newspaper de Volkskrant – shows that Chinese supplier Huawei had free access to telephone numbers and calls on the network of Netherlands telecom provider KPN.
The company also had unlimited access to millions of customer details of KPN’s subsidiary, Telfort. The Dutch Parliament has asked questions and the telecom agency has launched an investigation.
Dutch intelligence service AIVD has long been concerned about Chinese espionage. As early as 2008, the organisation noticed an increase in the number of cyber attacks from China on the Dutch government and businesses. Ministries and high-tech companies in particular have been favourite targets.
Nevertheless, Dutch telecom companies are investing heavily in equipment from Huawei because the supplier’s equipment is much cheaper than that of its Western competitors, Nokia and Ericsson. In fact, when KPN subsidiary Telfort’s customer and invoicing system needed replacing and various quotes were on the table, Huawei was found to be asking only 25% of the price of the other providers, according to confidential documents seen by de Volkskrant.
The newspaper also has in its possession a secret report that was drawn up by Capgemini in 2010 after KPN asked the consultancy firm, in 2009, to conduct a risk analysis in preparation for the complete outsourcing to Huawei of the management of Chinese network equipment in KPN’s mobile network.
The final report stated: “Huawei personnel are able to eavesdrop on unauthorised, uncontrolled and unlimited KPN mobile numbers, both within KPN buildings and from China. Huawei knows which numbers are being tapped and the company gains unauthorised access to the heart of the mobile network from China. In doing so, the company is in breach of its agreements with KPN.”
At the time, KPN’s mobile network had 6.5 million subscribers, and it is also used by the Dutch government.
Uncontrolled and unauthorised access
Capgemini’s research shows that in 2009, six Chinese Huawei technicians at KPN headquarters were managing the equipment at the core of the mobile network. They were easily able to look into the heart of the network and access unencrypted data flows. The agreements with KPN regarding access to this part of the network are strict, but the report shows that Huawei did not adhere to these procedures and had uncontrolled and unauthorised access.
The Capgemini researchers also discovered that the six Chinese employees did not only have access to the call content of intercepted telephone numbers, but also worked with a programme that enabled them to listen in on every telephone call via KPN. Because no records were kept of when Huawei listened in and the software used was entirely in Chinese, the investigators could find out whether and how often calls were tapped.
A source told de Volkskrant: “They could tap numbers, they could listen in anywhere in the world, KPN had no idea what Huawei was doing on their network.”
A confidential KPN report from 2011, which is also in the hands of de Volkskrant, shows that Huawei had unlimited access to the customer data of millions of subscribers of Telfort, having installed various technology in that company’s customer and invoicing system to obtain the data.
According to Bart Jacobs, professor of computer security at Radboud University in Nijmegen, this shows how Chinese companies work. “That is apparently how they deliver their software,” he told de Volkskrant. “And that is where we still have an important lesson to learn now – Huawei itself appears to have a deep presence in the systems it delivers.”
Sico van der Meer, cyber security researcher at the Netherlands’ Clingendael Institute for International Relations, also sees this as proof of how the Chinese can operate. “For years, intelligence agencies have been saying that Huawei and other Chinese telecom companies are engaging in espionage, but concrete evidence has always been lacking,” he told news service NOS. But the ordinary Dutch KPN customer does not have anything to fear, he added.
“The Chinese are after business secrets, military secrets, state secrets,” Van der Meer told NOS. “The conversations of ordinary customers are not relevant to them.”
The fact that Chinese companies offer their products and services at rock-bottom prices makes them economically attractive to Dutch organisations, he added. “China offers products at rock-bottom prices. That is their strategy – to push competitors out of the market. In addition, the technology works well, but with a backdoor.”
Because of the risk of espionage, the Dutch cabinet decided at the end of 2019 to exclude Huawei from the core of the Netherlands’ new 5G network. The Chinese company may only supply components for the radio and antenna network – which is no luxury, according to cyber security specialist Ronald Prins of Hunt & Hackett.
He told the NOS: “Soon there will be no Western party left to supply telecom equipment. After 5G comes 6G, and you see that China is already thinking this through. We are becoming so technologically dependent on that country that we are also relinquishing the operational side because of the low costs. It is precisely these reports that show you shouldn’t want that.”
Prins also thinks the Dutch intelligence services should do more, because the telecom sector is no exception in this respect. “Even in the sectors where we excel in the Netherlands, such as the agricultural or maritime sector, people are spying to steal our ideas,” he said.
As it is only a few days since the first article appeared in de Volkskrant, Huawei is still managing equipment in the core of the Netherlands’ mobile network – a fact that various KPN sources confirmed to the newspaper. According to one source, Huawei equipment works in such a way that part of its management must always be handled by the Chinese company.
The Dutch government reacted to this with shock. “First Telfort, now KPN. The fear of eavesdropping by Huawei proves well-founded once again,” MP Lisa van Ginneken told de Volkskrant. Fellow MP Kathelijne Buitenweg put parliamentary questions to outgoing Christian Democratic Alliance state secretary of economic affairs Mona Keijzer, whose portfolio includes telecoms, and outgoing justice and security minister Ferd Grapperhaus.
KPN said in a statement: “No supplier has unauthorised, uncontrolled and unlimited access to the networks and systems, or is able to eavesdrop on KPN customers or view tap information.”
The Capgemini report was precisely the reason why KPN decided against complete outsourcing of network and systems management to Huawei, according to the organisation.
Huawei itself has always denied being involved in espionage. In an interview with Dutch newspaper Algemeen Dagblad early this year, Michael Yang, the new Dutch managing director of Huawei, said: “Let me make one thing clear: there has never been a shred of evidence that Huawei is involved in any kind of security breach through our equipment and network technology. Spying is something we never do and never will do in the future.”