The first months of 2019 concluded in much the same manner as the past 120 months, with China having its collective hand inside the glove of their competitors. While some instances are nation state driven acts of espionage and others are simply a matter of greed, the provenance or motivation is less important to the victim than what has been stolen: the life’s blood of companies, their intellectual property.

It is within this context that the recent indictments and allegations levied against Huawei, one of the world’s most successful enterprises in China, with a global footprint within the national infrastructure of many nations and conglomerates captures our interest.

Huawei’s modus operandi

When reviewing the allegations against Huawei, one notices a pattern evolving, a modus operandi. The first step is to engage the targeted company. This is the assessment period: looking, probing, questioning and exploring. During this period Huawei is looking for a commercial hook to partner or obtain temporary access.

Once a partnership or agreement to assess has been reached, then, like the proverbial camel and his nose under the lip of the tent, they are inside. And inside, they are more than an insider threat, they are an insider threat realized. Huawei employees quickly hone in on what is of interest.

And when successful, the Huawei employee who brings home the stolen information is handsomely rewarded.

Huawei theft of T-Mobile technology

T-Mobile is a successful cellular service provider. The company’s offerings are used by many conglomerates in the U.S., to include defense contractors. The Grand Jury indictment levied on January 16 tells us how T-Mobile entered into an agreement to have Huawei phones available to T-Mobile’s customers. T-Mobile tests before an item will be offered to customers. T-Mobile created a robotic phone testing system which they called, “Tappy.” T-Mobile goes to great lengths to protect proprietary Tappy by restricting access and maintaining it in a secured environment.

Over the course of two years, Huawei employees were on campus at T-Mobile’s testing lab as Huawei’s smartphones were being evaluated for use within the T-Mobile network by consumers.

This access required Huawei to sign NDAs and agree that their employees would not have access to Tappy, would not attempt to photograph Tappy, would not attempt to discover Tappy’s software, and would not attempt to circumvent the security measures designed to protect Tappy.

As the shoplifter revels in their five-fingered discount, so does T-Mobile’s partner, Huawei. Realizing they were falling further behind other cell phone manufacturers, Huawei began tasking their colleagues who were engaged with T-Mobile with specific tasks in hopes of gathering technical details about Tappy, so they could build their own testing robot.

They tried elicitation and were rebuffed by T-Mobile engineers.  Huawei China was informed that their engineer’s inquiries were meeting the information security wall. T-Mobile personnel were trained and prepared for these types of inquiries.

Huawei regrouped, tightened their sails and tried a new tact to acquire Tappy.

A Huawei engineer succeeds in surreptitiously photographing Tappy. Huawei China is delighted and overwhelms their U.S. engineer with requirements. He responds, “Once again we CAN’T ask TMO any questions about the robot. TMO is VERY angry the questions that we asked. Sorry we can’t deliver any more information to you.”  And then goes on to suggest that perhaps Huawei China would like to send their own engineer to Seattle.

Infighting at its best.

The back and forth from the U.S. engineers to their China counterparts pushing back on China’s insistence that the Tappy data be purloined reaches a crescendo in May 2013.

It is then that the U.S. Huawei engineers accessed the Tappy lab. One employee “improperly abused his badged access” to allow others into the restricted spaces. One badge, multiple people through the door. While in the lab, prior to discovery, they took photos and lifted technical data. The engineer who provided access was admonished, and Huawei was told they were no longer permitted in the testing lab. But the fallout was just beginning.

Not to be deterred, Huawei realized their window of opportunity was closing rapidly. They directed their U.S. personnel to take greater risks and to acquire more specific data. One Huawei engineer took the robotic arm of Tappy, which T-Mobile discovered within hours. But prior to returning the robotic arm, a detailed engineering-level inspection occurred by the Huawei engineers.

Huawei attempted to cover up their hand in the theft by issuing an “investigative report” of their own, in which they threw their engineers under the bus as they spun a tall tale about what had transpired, and how Huawei was most apologetic.

T-Mobile called, BS, and demanded Huawei return all information, and demanded monetary damages.

But by this point, Huawei had what they wanted, and no doubt their U.S. engineers were candidates for the Huawei internal bonus program where employees “who provided the most valuable stolen information” were rewarded.

Whose technology is next?

Related News

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008).