Huawei had access to companies' personal data through a hidden access path. Through a KPN server room, the Chinese technology company was able to view, modify or delete customer data for years. KPN and Huawei deny there was any spying.
So writes Volkskrant-journalist Huib Modderkolk in his new book 'This you really don't want to know. About the unimaginable world behind your screen', reports NU.nl (1).
For the beginning of this case, we have to go back to March 2021. Modderkolk then published a high-profile article in which he wrote that Huawei had undetected access to a database containing customer and billing data of Telfort customers for years (2). A confidential report from KPN reported that Huawei had installed a script to move files to a production environment.
HP, which developed a new customer and billing environment for KPN, allegedly asked Huawei several times to close access to customer data. However, the Chinese tech company did nothing about this. KPN's investigators wrote that this situation created "insecurity, instability and/or the risk of data breaches." The telecom company kept the report secret, fearing that its survival would be at stake if the findings were made public (3).
Huawei defended itself against these allegations by saying that KPN had authorized access (4) to the company's customer and billing environment. "It is common practice in the industry that when ICT companies manage such a system on behalf of telecom providers, access to customer data can only be obtained after authorization from the telecom provider. Without authorization, Huawei Netherlands does not process or share data," the company said in a statement.
For years, no one wanted to confirm Modderkolk's story. In his new book "This You Really Don't Want to Know," the journalist says he managed to get confirmation. Last year he spoke to two employees of the General Intelligence and Security Service (AIVD) who were involved in the case. They told him that the security service took the case extremely seriously.
"The AIVD found data at a Chinese hacker group and found out that Huawei had access to exactly that data. That Huawei had such an access path was also never told to KPN, while this kind of information is normally described neatly," Modderkolk said. One of his sources describes the case as "the most demonstrable case of espionage by Huawei at the time.
KPN and Huawei deny to NU.nl that there was spying. A spokesperson for the telecom company says that an investigation was conducted in response to "certain signals regarding security. This would not have shown that confidential data had been removed from the systems.
"There was no evidence of unnoticed and/or unauthorized access to customer files at any KPN location. No unauthorized access path was found. The relevant government agencies, including the security services and regulator, were informed of our findings at the time and were therefore fully informed. If a breach had been found, we would have reported it and informed customers," a KPN spokesperson said.
Huawei also denies the allegations of spying. "The provision of communication systems and software does not mean direct access to data. Huawei cannot have access to customer data without the data owner's explicit consent and monitoring. Huawei does not have unauthorized access to customers' network and data. Therefore, the claims made in the book and the conclusions drawn from them are incorrect," the company said in a response.
KPN and Huawei say they were not approached by Modderkolk for comment before the publication of his book.
Huawei and several Western countries have been at odds for years. The Chinese tech company has been accused of spying for years. At the behest of President Xi Jinping, Huawei allegedly collects and shares personal and confidential data from Western companies and politicians and technological know-how with the government and the People's Liberation Army.
The General and Military Intelligence and Security Services (AIVD and MIVD) have been warning for years about these espionage practices by countries pursuing an offensive cyber strategy. As a precautionary measure, Huawei has not been allowed to supply 5G core equipment to our country since 2021 (5).
In the US, former President Trump ordered the blacklisting of Huawei and dozens of related Chinese companies and subsidiaries (6). American companies were not allowed to do business with the companies listed on this so-called Entity List unless they were licensed to do so. One concrete consequence was that Huawei was no longer allowed to install Google's Android operating system on its smartphones.
"The measure violates the principles of the market economy and the rules of international trade and finance, damages the international community's confidence in the U.S. business environment and is a blatant technological hegemony," a spokesman for China's Foreign Ministry said in a comment.
https://www.nu.nl/tech/6304027/huawei-had-naar-verluidt-toegang-tot-persoonsgegevens-via-serverruimte-kpn.html
https://www.vpngids.nl/nieuws/huawei-had-jarenlang-toegang-tot-gegevens-telfort-klanten/
https://www.vpngids.nl/nieuws/huawei-kon-alle-gesprekken-van-kpn-klanten-afluisteren/
https://www.vpngids.nl/nieuws/huawei-kpn-gaf-toestemming-voor-toegang-tot-klantgegevens-telfort/
https://www.vpngids.nl/nieuws/huawei-niet-langer-in-hart-nederlandse-telecomnetwerken/
https://www.vpngids.nl/nieuws/fcc-huawei-en-zte-vormen-gevaar-voor-nationale-veiligheid-vs/
