The U.S. is invoking Cold War-era national-security powers to force telecommunication companies including AT&T Inc. and Verizon Communications Inc. to divulge confidential information about their networks in a hunt for Chinese cyber-spying.
In a survey distributed in April, the U.S. Commerce Department asked for a detailed accounting of foreign-made hardware and software on the companies’ networks. It also asked about security-related incidents such as the discovery of “unauthorized electronic hardware” or suspicious equipment that can duplicate or redirect data, according to a copy of the survey reviewed by Bloomberg News.
The survey represents “very high-level” concern that China and other countries may be using their growing export sectors to develop built-in spying capabilities in U.S. networks, said a senior U.S. intelligence official who asked not to be named because he wasn’t authorized to speak on the matter.
“This is beyond vague suspicions,” said Richard Falkenrath, a senior fellow in the Council on Foreign Relations Cyberconflict and Cybersecurity Initiative. “Congress is now looking at this as well, and they’re doing so based on very specific material provided them in a classified setting” by the National Security Agency, he said.
The survey went to dozens of telecommunications companies, software makers and information-security companies, including some foreign firms, according to James Lewis, a cyber-security expert at the Center for Strategic and International Studies, or CSIS, in Washington. Lewis said AT&T and Verizon Communications were among the companies that received it.
Several of the companies were hesitant to cooperate because they had learned the Commerce Department unit handling the survey had itself been hacked by the Chinese in 2006, creating the possibility that company data provided might become known to the Chinese, according to a former government official familiar with the discussions.
The Commerce Department refused a request by the companies for specific protocols to protect the data, according to the former official, who declined to be identified because the discussions were confidential.
In July, Greg Schaffer of the Department of Homeland Security testified before the House Oversight and Government Reform Committee that the department knew of instances of foreign-made components seeded with cyber-spying technology. He declined to provide further details.
The Commerce Department survey also reflected U.S. intelligence community concerns over discounting and loan packages offered by foreign manufacturers.
It asks companies to list makers of telecommunications equipment that offer the steepest discounts. Other questions ask what information or other conditions manufacturers require in exchange for sales or leasing, including knowledge of physical access procedures for entering buildings.
Lewis of the CSIS said U.S. officials suspect the Chinese government is subsidizing the discounts to give U.S. companies incentives to buy Chinese-made network equipment.
“Huawei says they’re doing this and it’s completely legitimate, and it’s just us competing in the market,” Lewis said. “The other possibility is that they are doing it because they have an intelligence motive.”
--Editors: Andrew Dunn, Mary Romano
To contact the reporter on this story: Michael Riley in Washington at firstname.lastname@example.org.
To contact the editor responsible for this story: Michael Hytha at email@example.com