While Warning Of Chinese Cyberthreat, U.S. Launches Its Own Attack

Enlarge this image toggle caption Kin Cheung/AP Kin Cheung/AP

The U.S. government has long complained about Chinese hacking and cyberattacks, but new documents show that the National Security Agency managed to penetrate the networks of Huawei, a large Chinese telecommunications firm, gathering information about its operations and potentially using equipment it sells to other countries to monitor their computer and telephone networks as well.

"... even as the United States made a public case about the dangers of buying from Huawei, classified documents show that the National Security Agency was creating its own back doors — directly into Huawei's networks," national security correspondent David Sanger wrote recently in The New York Times.

Sanger, the author of Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power has reported, in part, based on material released by former NSA contractor Edward Snowden. Sanger's earlier reporting revealed the origins of the Stuxnet cyber worm that temporarily disabled Iran's nuclear centrifuges.

Sanger tells Fresh Air's Dave Davies that he sees cyber-espionage as a whole new "field of conflict" on the global stage — and that the U.S. isn't having an open discussion about it.

Interview Highlights

On the scale of Huawei Technologies

It's now the third-largest provider of smartphones in the world after Samsung and Apple, but is better known in the industry for the large servers that they build that compete with companies like Cisco Systems here in the United States, that make up the backbone of the Internet. ... [This is] the equipment that a company would put in place, or a government would put in place to run their Internet connectivity.

The one place where they've really had a difficult time is the United States because U.S. authorities have blocked their efforts to purchase companies in the U.S. over nearly a decade now. As a result, they have been able to develop very little major business in the U.S., largely out of the American concern that their equipment would be filled with what is called "backdoors" that would enable the Chinese government or other Chinese firms to go into that equipment and burrow their way into American networks.

On how the NSA worked to gain access to "high-priority targets" via Huawei

The NSA document makes it clear that they saw one more opportunity: That as Huawei invested in this technology, as it laid its underground cables for what's now a $40 billion company, that they hoped that the NSA would gain access to what the document called "key Chinese customers and targets," including "high-priority targets — Iran, Afghanistan, Pakistan, Kenya, and Cuba." And if you go into Huawei's annual reports and their press releases, you'll see that all five of those countries are Huawei's customers. ...

If those countries actually buy the Huawei equipment and put them onto their most sensitive networks, you'd get all their communications. You'd get what government leaders are emailing to each other, you might get military plans.

On the Obama administration's distinction between cyber-espionage for national security purposes and cyber-espionage for commercial advantage

They say the United States only spies for national security purposes. It does not go in and steal trade secrets the way they accuse the Chinese of doing, so that they can then give those trade secrets to American companies.

So they charge that what makes the Chinese activities in the U.S. illegitimate is that the Chinese go into American corporations, or into government sites, try to steal information, and then give it to state-owned or state-affiliated companies. The U.S. says, if it goes into a foreign site, it goes into them with the intention of gaining national security information for the United States, but not with the intention of commercial advantage.

This is a big deal to the U.S. and it's a very American way of thinking about this. It somewhat puzzles the Chinese and many other countries for whom their state-owned industries are part of their national security structure. They sort of look, and don't really understand what it is the United States is trying to accomplish by making this distinction.

This is an entirely new field of conflict. I wouldn't say warfare, but conflict between nation-states, and it's one that we have barely debated as a country.

On how cyber-espionage is a whole new "field of conflict"

We're not just writing about these stories because they're cool technological stories — although they are — or because they give you some insight into the American competition with Iran or with China — although they do — but we write them in part because this is an entirely new field of conflict. I wouldn't say warfare, but conflict between nation-states, and it's one that we have barely debated as a country. ...

If the U.S. doesn't lay out some very strict rules about how we would use cyberweapons, you can hardly expect that anyone else would. But the difficulty here is that the U.S. barely acknowledges even possessing cyberweapons. It has never acknowledged its role in the Iran attacks. It has never acknowledged "Olympic Games," which was the code word for the U.S. program that the NSA ran against Iran.

On how the Obama administration's crackdown on leaks is affecting reporters

The Obama administration has pressed more leak investigations, conducted more leak investigations, launched formal inquiries, or in some cases, criminal cases, than all previous [administrations] combined. And these investigations all have a chilling effect on later stories that you do even if the later stories are on completely different subjects.

I think there's a lot more concern inside the U.S. government right now about being found to be talking to reporters, even if you're talking about something that is unclassified. ... It's understandably difficult to get American officials to talk about their plans for potential cyberattacks of cyberdefenses. I understand that, but it's also very difficult to get officials to talk about our policy about using these cyberweapons as a tool of American power. And that's what worries me, because in a healthy democracy, I think the American citizens have to be at least informed of — and maybe participate in the debate about — how we want to use these weapons since we are vulnerable to them ourselves.