This article is more than 1 year old
Huawei could have snooped on the Dutch prime minister's phone calls thanks to KPN network core access
Nobody caught – er, held us responsible, says Chinese firm
Huawei was able to snoop on the Dutch prime minister's phone calls and track down Chinese dissidents because it was included in the core of the Netherlands' mobile networks, an explosive news report has claimed.
Dutch national daily Volkskrant (behind a pay wall) reported over the weekend that mobile operator KPN, which used Huawei-supplied equipment in the core of its network, discovered the full extent of the Chinese company's doings in 2010 after it commissioned Capgemini to write an outsourcing risk analysis report .
Not only could the prime minister be eavesdropped on by Huawei, along with millions of other customers, said KPN as it quoted the report, but it could also identify people being snooped on by the Dutch state as well.
Thanks to Capgemini's analysis, seen by Volkskrant, KPN learned to its horror that Huawei had "unauthorised and uncontrolled access" to the core of KPN's 3G and 4G networks. The report's contents were so explosive that senior execs feared for the company's future if its contents got out at the time.
"Huawei employees could listen to all conversations, even those of then Prime Minister [Jan] Balkenende," reported the newspaper, following up today with sources saying that Huawei still has admin-level access to the core of its 4G network as part of a network management outsourcing deal.
KPN, a former state-owned telco, roughly comparable to Britain's BT, had around 6.5 million subscribers in 2009 according to local reports.
KPN described Volksrant's reporting as "harsh" in comments made to The Register, saying: "The purpose of the analysis was specifically to survey the risks and address these internally, so as to improve the security and integrity of KPN's systems and to facilitate diligent decision making."
It added that it had not detected any data thefts from its network and that its planned outsourcing of network management to Huawei was cancelled as a direct result of the Capgemini report, describing attitudes to mobile network security as "different nowadays from what they used to be in the past."
KPN said it decided "to not pursue further outsourcing of maintenance" of its core mobile network following receipt to the report. "With respect to the systems and proces risks identified in the aforementioned analysis, a remediation and improvement plan was drawn up and implemened in 2010."
A Huawei spokeswoman strenuously denied any wrongdoing, telling The Register it had "no access to lawful interception data" with Gert-Jan van Eck, COO of Huawei Netherlands, saying: "The allegation that the Prime Minister could be overheard by us is completely untrue and an underestimation of the security of the interception environment. It just isn't possible."
"We have never been held liable by the government authorities about unauthorized acts," added Huawei, which makes curious reading after translation from Dutch to English.
Capgemini merely said: "For reasons of client confidentiality we do not comment on past, present or future client engagements."
The Register understands that Huawei's potential level of access was known within British governmental circles and was one of the reasons why the Chinese firm was shut out of the core of 4G networks in the UK.
An NCSC spokesperson told us: "Huawei's presence in the UK is subject to detailed oversight. This form of detailed oversight is the best way to manage risks posed by existing Huawei products in the UK's national telecommunications infrastructure."
Huawei's potential to act as an espionage arm of the Chinese state triggered a lot of wailing and gnashing of teeth in the US, with both political pressure and associated sanctions hitting deployments in other countries.
It has long maintained the stance that it is just like any other Western private company, but this came under fire after China's Faroe Islands ambassador threatened to withdraw a trade deal if the autonomous Danish territory rejected Huawei-supplied 5G equipment. At the time, in late 2019, China's UK and French ambassadors then both weighed in to loudly declare that Huawei was nothing to do with the Chinese state, which fully and vocally supported it. ®