China says that the US has spied on Chinese companies, research institutes and mobile phone users, and has also highlighted the role of high-tech companies like Cisco and Microsoft in supporting US intelligence, in a government report published on 26 May and in its news media.
An article in China's state-run China Youth Daily newspaper says Cisco “carries on intimately with the US government and military, exploiting its market advantage in the Chinese information networks, playing a disgraceful role and becoming an important weapon in the US exploiting its power over the Internet,” according to a 27 May report in The New York Times.
Meanwhile, the Chinese government agency report says US secret surveillance activities include collecting nearly five billion mobile phone call records worldwide every day, spying on German Chancellor Angela Merkel's mobile phone for more than ten years, and plugging into Yahoo and Google's main communication networks to steal data on hundreds of millions of customers.
The report adds: “Targets of US surveillance include the Chinese government and Chinese leaders, Chinese companies, scientific research institutes, ordinary netizens, and a large number of cell phone users. America must explain its surveillance activities, cease spying operations that seriously infringe upon human rights and stop creating tension and hostility in global cyber space.”
The tit-for-tat attack follows America's decision to charge five officers from China's People's Liberation Army with cyber espionage crimes against private companies and put them on the FBI's Most Wanted list.
The Chinese report singles out Microsoft and other US tech firms. It says: “The major US software and hardware providers offer core technology support to US intelligence. Microsoft, the earliest to work with the NSA, opened its Outlook and Hotmail systems to the agency.
“Skype offered a ‘backdoor' to the NSA after being bought by Microsoft. Microsoft also worked with US intelligence to help crack the security systems of major companies in order to keep a watch on their customers. It also informed intelligence agencies before publishing details of bugs, so as to give them the opportunity to launch remote attacks.”
The report says the NSA-led PRISM programme worked with nine companies - Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL and Apple – to get direct access to their servers and databases.
“The companies normally delivered data to the government electronically,” it says. “Some companies established independent security access to make it easier for government agencies to extract intelligence. The agents would collect emails, instant messages, videos, photos, stored data, voice chat, file transfers, video conferences, login times and social network profiles. They were even able to monitor users' Internet searches.”
The report also claims the NSA has planted backdoor software in around 100,000 computers worldwide since 2008.
Microsoft was unable to provide a response at time of writing but Cisco hit back at the claims, saying in a statement to journalists: “Cisco does not work with any government to weaken our products for exploitation. Additionally, Cisco does not monitor communications of private citizens or government organisations in China or anywhere in the world.”
But Brian Honan, a cyber security consultant and founder of BH Consulting, says the impact of the continuing claims and counter-claims has been to undermine people's trust in technology.
He told SCMagazineUK.com: “We're at the point where all these revelations and accusations are undermining the fundamental trust that we as ordinary individuals and organisations can place in the hardware and systems that we use.”
Honan added: “What's interesting to me about all these accusations about different manufacturers is that it's only now that these companies have been coming out and reassuring us that their customer interests are number one - but why haven't we been hearing that beforehand?”
Honan said that on the positive side, Microsoft recently successfully challenged a US Government decision to allow the FBI to access the emailbox of a user based in Ireland, because Microsoft was an American company.
Earlier this month Cisco CEO John Chambers wrote an open letter to President Obama asking him to curtail the NSA's surveillance activities because they were undermining public confidence in its products.
Honan told us: “It's good to see actions like that. The revelations have produced a positive reaction from these companies and hopefully they will continue to be proactive rather than reactive in how they ensure that the privacy and the rights of their users are protected against Government mass surveillance.”
As to what organisations can do to protect themselves, he said: “It comes down to your risk profile. Are you working with data that is of such high value that it would be of interest to foreign states? If so, you need to look at what additional controls you can put in place – do you isolate core systems away for business networks, do you enhance the monitoring of your network and other systems for any unusual traffic? You have the human element as well - your staff will need to be properly vetted and properly trained and secured.”
In related news, the Chinese Government is reviewing whether its domestic banks' reliance on IBM servers compromises the nation's financial security, according to a 27 May Bloomberg report.
But an IBM spokesperson told SCMagazineUK.com via email: "IBM is not aware of any Chinese government policy recommending against the use of IBM servers within the country's banking industry. In fact, news reports now state that China's National Development and Reform Commission has not heard of any alleged directive to that effect.”