5G,Cyber Exploitation,Cyber Infiltration,Hacking,Huawei,NATO,NSA

The Indian government has commenced the trials of 5G technology, but the Chinese company Huawei is notably absent from the list of approved vendors. The Indian strategic community is almost unanimously supportive of the decision, concerned about the emerging Chinese hegemony around 5G standards and architecture. Although think tanks and experts have delved into some of the technical intricacies of 5G, the commentary remains largely polemical and rooted in the complicated verbiage of Sino-Indian geopolitics.

It would be worthy to briefly deconstruct the nature of the threat posed by the telco networks, why they are deemed so critical when it comes to Indian national security imperatives, and the kind of exploits and vulnerabilities which cyber adversaries have used to subvert them. It may paint a slightly different picture and offer a more nuanced take on China’s forays into 5G.

In the words of General Michael Hayden, cyber, as a domain of intelligence and military operations, remains “hideously over-classified.” And because of the lack of empirical data points, the  explanations presented here are based on past precedents.

Cyber operations, vulnerability discovery, and exploitation do exhibit a kind of incrementalism as well as evolutionary traits. Specialised exploit engineers and cyber operators work in an epistemic bubble where knowledge is circulated among a select group of peers. And the nature of the threat landscape has remained eerily consistent over the last two decades for us to be able to make some projections and guesswork by relying on that kind of incrementalism.

Hence, the extrapolation of past precedents is consistent enough for us to broadly understand the technical security dynamics underpinning the rhetoric of 5G.  The argument put forth is also inspired by a related exchange of ideas with an officer of the Indian Army who was working on an approach paper on 5G. The fact that he left the discussion by being even more unconvinced than he initially was about the popular narrative on 5G threats could be deemed as a pyrrhic victory.

Past cyber infiltration operations

Telco networks are generally riddled with cyber implants of foreign intelligence services. The malware Regin—discovered in 2014 and attributed to the famed Tailored Access Operations (TAO) team of the US intelligence agency, National Security Agency (NSA)—sat at the base station and master station controllers of Indian mobile operators for years.

Another likely NSA operation backdooring Cisco routers was discovered at the edge network of India’s largest mobile operator in 2015—with the intrusion possibly going undiscovered for years.

A Tailored Access Operations (TAO) counterintelligence operation during the 2004 Summer Olympics at Athens to compromise Vodafone later went rogue and turned into a murder mystery.

SECONDDATE was another of NSA’s brilliant operations to hack into the National Telecommunication Corporation, the government-owned telco of Pakistan. It specifically targeted the backbone switching network running on ZTE and catering to VIP communications (similar to India’s encrypted RAX).

APT 41, a cyber-espionage group linked to the Chinese state, was recently seen loitering around on a Linux network acting as the Short Message Service Centre of a mobile operator. APT 10, another Chinese group backed by the Ministry of State Security, has been linked to global telco intrusions. As per CrowdStrike, Iran and Russia, too, have “heavily targeted the data-rich telecommunications sector.”

Telco security researcher Emmanuel Gadaix once discovered a live cyber intrusion in a mobile network and gave a detailed, nail-biting account at a conference.

The significance of telcos to espionage

But the question arises, why are spies so attracted to telcos? The answer is simple—they provide the most crucial vantage point allowing one to pivot from mass surveillance to targeted operations.

Telephony and data have long converged, so the billing databases, the routing information, the downstream networks and even the lawful interception apparatuses (managed by the telcos on behalf of their host governments) provide mounds of intelligence.

Cyber intrusions at scale are all about balancing the cost-benefits. Large-scale operations are unstable and ephemeral by their very nature—their targeting and reach need to be limited to hide the signal within the noise.

Cyber espionage is also recursive and self-fulfilling in a way. The idea, sometimes, is not to gather topical intelligence but to keep on increasing the “compromise boundary,” thus expanding target selection and coverage in an exponential manner, ad infinitum.

Jason Kichen, a former cyber operator with the US government and a respectable figure within the US Intelligence Community, carries a certain obvious fascination for telco targeting. In Kichen’s words, telco exploitation is “upstream targeting” and “at some point, [upstream telco] targets of immense value will present opportunity to collect the most sensitive [down]streams of intelligence imaginable.”

Even the lawful interception infrastructure—maintained by the telcos as a prerequisite to obtain an operating license—can provide an invaluable insight into the intelligence imperatives of the host government. It is exactly why the NSA held a roundtable on “Exploiting Foreign Lawful Intercept.”

To borrow from spymaster James Jesus Angleton, telco networks are a veritable wilderness of mirrors. They are a hodgepodge of TCP/IP networks, flavours of Unix-based operating systems, commercial database and traffic analytics software, and specific signalling and switching equipment for 2G, 3G, 4G, and 5G. Their heterogeneity and backward compatibility become the most potent attack surfaces.

At this juncture, it becomes crucial to demolish a prevalent notion that 5G is some kind of technological monolith. 5G, too, is a mishmash of the old and the new.

At this juncture, it becomes crucial to demolish a prevalent notion that 5G is some kind of technological monolith. 5G, too, is a mishmash of the old and the new.

In a timely coincidence, the US government has just released a report, “Potential Threat Vectors to 5G Infrastructure”. Almost all the systemic risks cited by the report like the subversion of standards, supply chain and architecture squarely comply with the prevalent threat perceptions related to telco networks. The vulnerabilities have been well known.

It is a truism that vulnerabilities are a product of complexity, and complexity alone. They are the unexpected outcomes of operating a complex, heterogenous network wherein billions of layers of abstraction at the hardware and software levels toss data around. As a result, the behaviour of the complex system acquires an ‘emergent property’—,i.e.,, complexity itself becomes the driver of the architecture. In his keynote at NATO Cycon 2018, celebrated Malware Reverse Engineer, Thomas Dullien, goes at lengths to explain the nature of such complexity.

To the outside world, software and hardware seem to operate with mathematical precision; in reality, they are mostly a statistical approximation of the expected or states. It is almost impossible to predict how the data may end up as it passes through billions of layers of abstraction and the interfaces between them. A hacker or an exploit engineer experiments with this ambiguity to throw the system into states never even intended by its designer of programmer, thus becoming “weird machines” in hacking parlance.

Resultingly, the line between vulnerability and expected behaviour becomes so thin that the evaluation of the security of a computing system—or understanding whether it is compromised in the first place—becomes mathematically impossible.

Chikermane writes, “New Delhi has made it mandatory that 5G telecom equipment should be tested and certified by the Telecom Engineering Centre.” It becomes amply clear that testing an isolated piece of equipment in a lab would never reproduce the complex networked state, which becomes the wellspring of vulnerabilities.

Dullien also makes a pivotal, extremely crucial observation that the emergent property seeds the starkest dichotomy: Ownership and control of assets in cyberspace do not necessarily overlap. Proving that the concept of “one  controls what one owns” becomes a fundamental computer science problem, as the data gets manipulated by layers upon layers. In that sense, absence of the Chinese government or Huawei from the network may not mean that it has relinquished control.

There are only two possible home-field advantages when, say, a government is able to exercise hegemony on a technology like 5G; the first being access. Access is a crucial enabler for intelligence. The last two decades of US cyber dominance—nostalgically dubbed as “the golden age of surveillance”—were singularly catalysed by the access-based advantages offered by American IT vendors dominating the global networking standards and business.

But access-based advantages are somewhat rudimentary and are subject to the volatility of geopolitics. They, certainly, are not treated as the mainstay for surveillance. In fact, it would be safe to assume that reliance on access-based operations leveraging standards, vendors, and equipment under ones control becomes an undesirable risk or dependence for the cyber operator.

It is exactly why the playing field for cyber espionage gets levelled by expeditionary operations, which are meant to compensate for dwindling or no access. It is exactly why NSA’s TAO existed in the first place—despite the US boasting of global dragnets of passive collection; or how China, Russia, Iran, and North Korea, lacking any access-based advantage, still managed to meet their regimes’ imperatives with spectacular success.

Barring Huawei for another vendor offers little respite as far as the rapidly evolving and aggressive scene of expeditionary cyber operations goes. It becomes mere picket-fencing as vendor bans may not even minimise attack surfaces or threat perceptions in a complex, internetworked environment. China has developed a critical mass of exploit engineers and is globally respected for breaking into all kinds of systems.

The second home-field advantage is the ability to introduce backdoors in the equipment. As is evident from the SolarWinds hack, that is definitely not limited to the host government. And backdoors are a double-edged sword. Dumb or simple backdoors (the likes of which the Chinese government is often accused of) are easy to detect. Making the backdooring process complex also does not alleviate the risk of discovery or, worse, exploitation by a third-party.

The Dual EC DRBG backdoor introduced by the NSA in the equipment of Juniper Networks is a case in point. It was later discovered that a foreign intelligence service (possibly Chinese) had gotten a whiff and actively exploited it to target American corporations; Ben Buchanan offers a riveting account in The Hacker and the State. Nonetheless, carefully engineered, harder-to-detect hardware or software Trojan horses may certainly be advantageous for blended or close access operations—but their instantiation needs to be severely curtailed to avoid exposure.

Backdoors simply may not work when you desperately want them to. It is exactly why they are assigned the highest security classification NOBUS (Nobody but Us) in the US government, considering their fragility and how crucial they are for its signals intelligence missions.

The conclusions of this brief detour into the esoteric world of exploitation are simple: The Indian security establishment must create an equities process to calculate and weigh telco vulnerabilities against its national security risks and foreign policy estimations. It may then realise that the solutions may not be as simple as banning Huawei—that just makes the job of Chinese hackers a bit harder.

Solutions may not be as simple as banning Huawei—that just makes the job of Chinese hackers a bit harder.

In fact, crucial emphasis must be laid on systemic, whole-of-government capacity building initiatives on extremely vital technological areas like cryptanalysis (deemed as the ultimate tier of strategic capability at par with nuclear), activities and exploit engineering.

The views expressed above belong to the author(s).

ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.

People

Pukhraj Singh

Publication

Covid-19: What US, China data tell us about children’s risk profile

Covid-19: Impact on Africa

Covid-19 pandemic-pandemonium: Need for a more holistic idea of disaster management

Nigeria must not forget its poor in the Covid-19 world

No, China isn’t winning the virus propaganda battle

Mauritius: Old and new challenges in a post-pandemic world

A global comparison of COVID-19 deaths: How is India doing in counting its sick and dead?

How China overcame the Covid-19 pandemic

Amid Covid-19 crisis, its politics as usual in Slovenia

Redefining the development narrative during Covid-19: The private sector perspective

A global pandemic and globalisation

Technology and business order post COVID-19

France facing Covid-19: growing pressure on the public health system

COVID19: What we’ve learnt from New York’s deadliest week

The circuit breaker: Singapore’s next move in its fight against COVID-19

American bioweapon or the ‘China Virus’? The war of words over COVID-19

Coexisting with #Covid19: Saving lives and the economy

The wrong diagnosis

Covid-19: China’s donation diplomacy towards Africa turns into a public relations disaster

COVID19: The Chinese military is busy exploiting the pandemic

Mitigating risks and adjusting to isolation: How Argentina is dealing With Covid19

Covid-19: The perfect storm for deep reform

#Covid19: For now, lives over livelihoods

How a changing global order will emerge in the post-Covid world

The Caribbean region must come together to fight Covid19

Politics of pandemic: Public health can no longer wait

Georgia goes all out in fight against Covid19

COVID19: A boost for Indian labour in the global market

Armed Forces and the Covid19 pandemic

Bhutan’s preparedness and response to COVID19

Economic recovery and recurring lockdown in China after Covid19 crisis

Public transit in post COVID19 India: where do we go from here

Critiquing Amartya Sen’s contention of post-lockdown society

Post pandemic city planning

Could third world countries seek a new world order in Covid19 aftermath?

Economic vulnerabilities and power shifts in a post-Covid19 world

Opportunity in Crisis: Will a pandemic lead to peace with the Taliban in Afghanistan? 

Health Policy belongs to the national security domain and different stakeholders must engage

Can the global economy survive COVID19 shocks?

The COVID19 reality of Afghanistan

Changing the script

Leadership in the time of Corona

PM’s India shutdown is an unprecedented gamble

COVID19: Tamil Nadu’s demand for fiscal grant can put centre in a fix

COVID19 brings Australia to the crossroads

The battle to set oil prices

Luxembourg faces the same dilemma as the EU: become a bridge or a fortress

Peace during a pandemic: The US fumbles on in Afghanistan

Crisis communication and the Coronavirus contagion

COVID-19 and maritime operations

How PM Modi scored with COVIDiplomacy

Covid-19: The crisis will strengthen anti-globalisation voices

An old scourge in a new, uncertain age

To what extent will coronavirus outbreak rewire global trade dynamics?

The Chinese model is under stress

A sneeze, a global cold and testing times for China

Corona: The case for taking China to ICJ

Covid-19, India and crisis communication

How Is COVID-19 reshaping China-India relations?

France must confront the grim realities of its war against COVID 19

Covid19: G20 leaders reclaim power from bureaucrats – and China

The United Nations Security Council and securitization of COVID-19

Mexico can teach us COVID 19 management

Covid-19 and European solidarity: The fight for who we are

Dr WHO and Mr Hyde

Certified Corona-Immunity as a resource and a way back to normality

Coronavirus derails Glasgow

Food security and the Corona Virus

The Polish example: Defending the castle in the European East

COVID19: Americans brace for brutal week against grim backdrop of chaotic policymaking

SOS for the road transport sector at the time of CoVid19 pandemic

Despite Coronavirus outbreak, India-Israel friendship continue to shine

COVID-19 and international collaboration in a leaderless world

Covid-19: A report from Nigeria

As Dubai EXPO 2020 is postponed, a tough time for NRIs

The virtual space uptick during Covid-19

OECD, BRICS Countries must mitigate Covid-19 fallout through targeted measures

A new human being will emerge in the post-Covid-19 world

Ravaged by war, Cameroon’s Southwests region turns attention to Covid-19 fight

What India needs on 14 April

Covid-19 crisis and a probable role for the Indian Military

COVID-19 and the gameplay of West Asia’s geopolitics

Covid19 has sharpened great power politics

Liechtenstein’s national and international response to COVID19

Why China and Pakistan need each other in the Covid19 crisis

Diplomacy is another victim of the virus

Gated globalisation and fragmented supply chains

West Asia is staring at an economic crisis. India has to be prepared

Fishing in troubled waters during a pandemic

Xi’s moves seem to be backfiring

Iran’s grim fight against coronavirus

Why is the Covid 19 situation so grim in MP?

Hacking the pandemic : Lessons from the Silicon valley of India

Between firmness and hesitation: How Russia is responding to the COVID19 challenge

World after Covid19 pandemic

Israel must bring its diverse communities together in Covid19 fight

China tightens grip over the South China Sea – should India worry?

Nod, Nudge, (K)nock out: Ways for RBI to prompt banks to lend

Will Covid19 crisis hasten the end of PM Abe’s regime?

Covid19: China-Russia make strategic geopolitical moves in Italy

Leadership accountability for Covid19 and the reasons for WHO’s apathy

Maldives: Amidst worsening Covid19 crisis, ISIS ‘claims maiden attack’

The impact COVID19 pandemic is exerting on e-commerce

COVID19 and competition for influence in South Asia

Examining India’s employment landscape amidst the COVID19 disruptions

Will COVID19 crisis rejuvenate the coalition of SAARC nations

The future of international cooperation in times of existentialist crises

Rebooting Ramadan for COVID19 times: With tech but without Iftar parties

COVID19’s impact on India’s solar industry

Reset in EU-China relations tougher in a post Covid19 world

India fires a salvo at China

Bend it like Kerala: How an Indian state is holding its own against COVID19

Post covid stimulus for clean energy: Govt must focus on developing an EV ecosystem

Women leaders and alpha males up against Covid19

East Africa and Kenya under the COVID19 emergency

Can ‘Advance manufacturing’ change the game in India-Australia relationship

International trade and environment sustainability: The two must tango

Fiscal prudence still matters

Maldives: Evacuation, yet another-milestone in bilateral ties

2020 could be to Narendra Modi what 1991 was to P.V. Narasimha Rao: a lasting legacy

China’s salami slicing overdrive

Rolling up the welcome mat for Chinese investors

China’s assertive behavior in the South China Sea and the implications for India

Xi Jinping: A matter of state security

How growth and equity get a boost in Finance Minister’s economic stimulus package

Why is China building its nuclear arsenal as world fights COVID?

Keep Hobbes at bay whilst Covid is at play

Nepal: Challenges of reviving economy, post-Covid

The pandemic and China are strengthening US-India relations, for now

The trends shaping the post-COVID19 world

How the pandemic is an opportunity to create a ‘more equal’ world

COVID19 and the middle power moment in global politics

Coronavirus is straining the concept of federalism

Infections, Islamophobia, and intensifying societal polarization

Government is being cautious, and that’s sensible

Covid19 and implications on global health governance

Community model from rural Maharashtra to combat Covid19

Covid19: The birth of a new power

Biological Weapons and Biosecurity – Lessons from the COVID19 war

What can we learn from the genomes of the novel coronavirus?

What India’s digital divide means for migrant workers in a COVID19 world and beyond

COVID19 has hit Africa’s amateur athletes

Exiting the ‘COVID chakravyuh’ through a bioethics prism

Guiding democracy through Covid19: Poland shows us what not to do

Rethink, Revive, Rescue: From the Pandemic to Multilateralism 2.0

Return of the migrants

Covid19 is reshaping Brazil’s politics

Vietnam emerges victorious in fight against Covid19

How Georgia tackled Covid19 bit by bit

The potential fallouts of EU’s collective response to COVID19

Covid19 has forced us to think about building a remote working culture

How Bangladesh is addressing the Covid19 pandemic

Covid reality: Cost of human lives and how to fund healthcare

Walled city dilemmas in the fight against COVID19: The case of Ahmedabad

Viral load matters: Frontline healthcare workers 11% of US COVID19 cases

Sustained shift to virtual classrooms may not be a good idea for India

Cooperation of consequence: Lessons from the 2004 tsunami response in the era of COVID19

COVID, oil collapse and economic contraction: Can the low carbon transition be salvaged?

Antibody tests not useful for back-to-work policy decisions: Expert

Risks of putting all eggs in China basket

Mumbai in numbers

Every policy change does not a reform make

Reviving the Indian economy- revisiting Mr. Keynes

India needs to win back the third world’s trust

Epidemic in China and the world: Public health, earth science and geopolitics

COVID-19: China’s ‘Health Silk Road’ diplomacy in Iran and Turkey

China’s footprint is growing within the United Nations

Russian response to Covid-19: The challenges ahead

Inter-species spillover of viruses: Understanding zoonosis and India’s future concern

Nature, politics and Covid-19

The real journey of Hydroxychloroquine

The economic cost of COVID19 is bigger than the great depression

To die hungry or die sick

US-India cooperation against COVID19

Towards a quad-plus arrangement

Will the coming monsoons result in a spike in COVID19 cases in India?

Covid19 and Conflict in Myanmar: No Truce for the Rohingya

Perspectives on SARS-CoV-2 strains

COVID19 and the acceleration of digital transformations in maritime logistics

  • May 22 2020

How the Visegrád group countries have managed the Corona crisis

Lockdown: uncertain gains, rising losses

Covid Corrections: How the Pandemic Reveals the Failures of India’s Growth Model

COVID19: Public health is a question of national security

Understanding the coming challenges to India’s pharma sector

Lockdowns, curfews and prayer: Exploring East African countries’ COVID19 response

WHO, the battleground for cold war 2.0

Covid-19 and emerging economies: What to expect in the short- and medium-term

The Good, the Bad, and the Ugly: Germany’s response to the COVID-19 Pandemic

Covid19-Indian political class needs to band, not to bicker

Understanding the risks posed by COVID-19: A Public Health perspective

No, India doesn’t need a bigger stimulus

Russia in the post-coronavirus world: New ideas for foreign policy

Building a new India after Covid19 amidst the fear

Global contest for medical equipment amidst the COVID19 pandemic

State of the States: Two months of the pandemic

Need to revisit Anganwadi workers

From SMART to sustainable cities: Is COVID19 an opportunity?

50 days of lockdown: Measuring India’s success in arresting COVID-19

Driving self-reliance while combating a pandemic

Post-Covid, nations will look inwards; India should look at neighbourhood: Ex-NSA

The migrant as economic hero and saviour

Atmanirbhar Bharat package concludes with a Rs 21 lakh crore climax

What does COVID19 tell us about democracy vs authoritarianism?