Huawei stole our tech and created a 'backdoor' to spy on Pakistan, claims IT biz
A California-based IT consultancy has sued Huawei and its subsidiary in Pakistan alleging the Chinese telecom firm stole its trade secrets and failed to honor a contract to develop technology for Pakistani authorities.
The complaint, filed on Wednesday in the US District
Court in Santa Ana, California, describes how Business Efficiency Solutions,
LLC, (BES) began working with Huawei Technologies in 2016 to overhaul the IT
systems available to the Punjab Police Integrated Command, Control and
Communication Center (PPIC3) of Lahore, capital of the Punjab province of
Pakistan.
The legal filing claims, among other things, that Huawei has
used BES’s Data Exchange System "to create a backdoor and obtain data
important to Pakistan’s national security and to spy on Pakistani
citizens."
The PPIC3 project, as described in the legal filing, was
part of an initiative formulated by the Punjab Safe Cities Authority (PSCA), a
provincial government body. Its goal was to modernize the technology available
to local police.
The request for proposal (RFP) called for proposals
describing the design of eight software systems:
Data Exchange System (DES), for storing data from national
identity cards, excise and customs, cellular providers, land and tax records,
immigration and passport records, and the like.
Building Management System (BMS), for managing building
security, environmental systems, and access.
Resource Management System (RMS), for managing police
resources, like vehicles and equipment.
Digital Media Forensics Center (DFC), for managing captured
video and still imagery from the police network.
Learning Management System (LMS), for workforce training and
support.
Media Monitoring Center (MMC), for monitoring the internet
(social media), print, and broadcast.
Field Assets, including Mobile Emergency Command and Control
Vehicles (ECV), for keeping track of command vehicles, handheld and laptops for
field use, body cameras, and covert miniature cameras.
Unmanned Aerial Vehicles (UAV), for managing industrial-level
drones for real-time surveillance.
According to the complaint, authorities in Pakistan invited
various companies to submit proposals, including Motorola, Nokia, and Huawei.
Huawei, it's alleged, lacked the technical capability to
provide the systems called for by the RFP and so, in March 2016, it partnered
with BES to develop the eight software systems. BES's work on the project is
said to have been instrumental in PSCA's decision to award the project to
Huawei for $150m.
Huawei is said to have obtained BES's low-level designs for
these systems and then resisted paying BES while seeking similar police
modernization contracts – without involving or paying BES – in several other
cities in Pakistan, and in Qatar, Dubai, the United Arab Emirates, and Saudi
Arabia.
"After Huawei had BES’s valuable trade secrets and
other intellectual property in its possession, Huawei used its knowledge of
BES’s technology to begin secretly procuring certain portions of BES’s software
systems from other sources – including from vendors BES identified to Huawei,"
the complaint says.
"Huawei also began to use one of BES’s software systems
to establish a 'backdoor' from China into Pakistan that allowed Huawei to
collect and view data important to Pakistan’s national security and other
private, personal data on Pakistani citizens."
"Backdoor" may not be the right term, though it's
difficult to be certain without knowing the details of the system's technical
architecture. In the complaint, the term is used to describe a duplicate of the
PSCA's DES running on servers based in a Huawei facility in Suzhou, China.
Whether that copy arises from a covert remote access capability or an overt
replication option under indifferent or permissive security policy isn't clear.
Pattern of behavior claimed
Among the exhibits entered into evidence with the complaint
is a March 28, 2017 email from BES CEO and founder Javed Nawaz asking a contact
at Huawei to obtain written approval from the Punjab police (PPIC3) that
they're willing to store their sensitive data in China.
"In regards to setting up the environment in Suzhou in
China, we want to insure [sic] that PPIC3 has no objection in transfer of this
technology outside of PPIC3 for security reasons," the message from Nawaz
says. "Please get an approval from PPIC3, in writing, prior to us
performing this function. Our staff is on way [sic] to PPIC3 and will await
instructions before updating DES on to servers in China."
The reply received the following day said that no approval
is necessary. The complaint indicates that Huawei subsequently said it had
received approval from the Pakistani government, but provides no documentation
to that effect.
"Huawei threatened to terminate the agreements between
the parties and withhold all payments owed to BES unless BES installed the
duplicate DES system in China," the complaint says. "In light of
Huawei’s affirmative representations that they had the approval of the
Pakistani government, the duplicate DES system was installed in China.
"On information and belief, Huawei-China uses the
proprietary DES system as a backdoor from China into Lahore to gain access,
manipulate, and extract sensitive data important to Pakistan’s national
security."
Comments
Post a Comment