Tag Archives: Chinese hacking

Chinese Hacking of our Networks

It seems like there is more disturbing news every day about Chinese infiltration of our telecommunications networks. A recent headline said that nine large ISPs have now been infiltrated.

Tom Wheeler, a previous Chairman of the FCC, recently wrote an article for the Brookings Institute that speculates that the ability of the Chinese to infiltrate our networks stems back to decisions made decades ago that have never been updated for the modern world of sophisticated hacking.

Wheeler points to the 30-year-old Communications Assistance for Law Enforcement Act (CALEA) that created a backdoor into telecommunications networks so that the FBI and others could wiretap suspected terrorist activity. This is not necessarily how Chinese hackers are gaining access to our networks, but having this backdoor it is an example of the neglect that has been paid to our networks over the years.

Wheeler describes how he participated in the negotiations between law enforcement and the industry while he was the head of CTIA – the Cellular Telecommunications and Internet  Association. At the time, law enforcement was concerned about the rapid evolution of the analog public switched telephone network (PSTN) to digital and wanted to make sure that it had a way to track bad actors regardless of the technology being used.

Over the ensuring decades, the FCC started the process several times of talking about dismantling the old PSTN, but there was never enough enthusiasm or interest among carriers to make it happen. The PSTN is still very much alive and provides an entry point into every telecom company network.

There was also not much emphasis over the years of demanding strong security measures for the newer digital technologies like VoIP. Nobody envisioned a world where foreign governments would devote significant efforts to infiltrate each other’s networks.

Wheeler also pointed to the new Open Radio Access Network (O-RAN) technology being put into place inside cellular networks. O-RAN is a new technical standard that seeks to make it possible for multiple vendors and technologies to provide equipment for the cellular industry instead of the small monopoly of vendors in this space worldwide. O-RAN is based on open-source code that will allow for cheap hardware. Wheeler points out that, while this is great for the worldwide cellular industry, it’s hard to enforce security with open-source software. A recent report from the European Union warns that O-RAN will increase the number of security risks for 5G networks.

Wheeler notes that U.S. carriers and law-enforcement seems to have been blindsided by the ability of Chinese hackers to exploit our networks. He says that his FCC started the process of creating cybersecurity standards for telecom networks, but that carriers resisted the cost of tackling the issue. The Ajit Pai FCC went so far as to cancel the effort create cybersecurity rules.

The Department of Homeland Security established the Cybersecurity and Infrastructure Security Agency (CISA) to tackle the issue, but that agency has no regulatory authority to force carriers to comply with its efforts.

The FCC and other parts of the government are now rushing to try to find a solution for the Chinese hacking, and we can expect new requirements soon from the FCC or elsewhere in the federal government. And maybe we will finally dismantle the TDM-based PSTN.

Is Your Router Spying on You?

If you’ve followed the telecom industry at all you’ve heard of the effort to rip-and-replace Chinese network gear used mostly in cellular networks and in some fiber networks. The U.S. government ordered that such equipment be replaced, although it has funded the replacement in dribs and drabs.

There is heightened scrutiny of Chinese electronics since the recently discovered Beijing-sponsored cyberattacks that that are reported to have infiltrated the networks of major U.S. ISPs and carriers. U.S. officials recently said that they have been unable to expel the Chinese hacking presence that was instigated by the Salt Typhoon Group from China.

In something that is scary news to a lot of folks, an announcement was recently made that the Justice, Defense, and Commerce Departments have all been scrutinizing WiFi and other routers made by TP-Link. The announcement say this is the most commonly used routers in the U.S. and is marketed under a number if brand names including TP-link, Tapo, Kasa, Omada, VIGI, Aginet, HomeShield, and Tapo Care.

The scrutiny of TP-Link routers started in October when Microsoft reported that the routers have been targeted by Chinese hacking groups. Security experts say the company has a history of not responding quickly when security flaws are identified in its gear. The U.S. government hasn’t announced a specific link between TP-Link and the Chinese hackers, but the recent warning of concerns means there must be strong suspicions.

It’s hard to know what the U.S. government might do if it is established that TP-Link routers are a security risk. They could ban the routers, sending millions of homes and businesses in search of new devices. They might take a softer approach and suggest that people replace them. It’s hard to imagine the government funding the replacement of home and business routers in the same way it is doing for carriers.

Perhaps the government will push for more U.S manufacture of routers. Luckily, unlike many kinds of electronics, there are alternatives to Chinese routers. Netgear routers are manufactured primarily in Vietnam, Thailand, Indonesia, and Taiwan. Linksys is Manufactured in Taiwan and Vietnam. There are smaller brands manufactured around the world – but not many routers are made in the U.S.

What’s probably the most interesting aspect of the sudden focus on WiFi routers is that security experts have been complaining for years that most routers on the market have shoddy security measures and are easy to hack. Perhaps one outcome of the sudden focus on routers will be new government rules demanding better security for all devices.

It’s always a little hard to distinguish politics from reality. Politicians are suddenly lining up to dump on the Chinese, which is easy to do for an issue with no domestic political backlash. Everybody from the incoming FCC Chairman Brandon Carr to many in Congress are suddenly saying that something needs to be done. Only time will tell if this is rhetoric or a real threat.