Nortel’s Revenge: Operation Shotgiant

Nortel, a Canadian company that was once one of the largest telecommunications companies in the world, went bankrupt. This occurred after a series of events involving Chinese industrial espionage, where Huawei played a significant role.

Here’s a breakdown of what happened to Nortel, based on the sources:

Cyberattack and Espionage: Around 2008, a worker at Nortel discovered that almost the entire fleet of computers at his workplace was infected.
Data Exfiltration: The hackers were imaging entire hard drives and sending these images to their handlers in China. Notably, they did not hide their IP addresses and even discussed their work on Chinese forums.
Huawei’s Copycat Products: Several years later, direct copies of Nortel’s equipment were being manufactured by Huawei.
Inability to Compete and Bankruptcy: Nortel was ultimately unable to compete with Huawei’s cheaper products. As a result, Nortel didn’t have the time to sue anyone before it went bankrupt. This happened before Huawei became the largest telecommunications equipment manufacturer globally.

These events highlight the broader context of Chinese industrial espionage operations at the time, which set the scene for the concerns surrounding Huawei and its alleged ties to the Chinese government.

Based on the sources, Operation Shotgiant was not described as “Nortel’s Revenge” [User Query]. While the incidents involving Nortel’s bankruptcy due to Chinese industrial espionage, including the copying of its equipment by Huawei, are highlighted as part of the broader context that shaped Western attitudes towards Huawei, the sources do not state that Operation Shotgiant was initiated as retribution for Nortel’s downfall.

Instead, the primary goals of Operation Shotgiant, an ambitious espionage effort by the NSA’s Tailored Access Operations (TAO) unit, were focused on intelligence gathering and national security objectives concerning Huawei:

Determining if Huawei engaged in spying on behalf of the Chinese government. This was a foremost objective, driven by concerns about Huawei’s alleged ties to the Chinese military and government.
Gaining more information about Huawei itself, including its organizational structure, internal relationships, and future plans. The NSA aimed to understand how the company truly operates, its management, and its relationship with the Communist Party of China.
Using Huawei’s potential to fill intelligence gaps. This involved “poking around the most sensitive parts of the company,” deciphering encryption protocols, gaining insights into R&D plans, and examining its supply chain.
Leveraging Huawei to reach otherwise unreachable targets, particularly in unfriendly countries. This objective has been interpreted as the NSA potentially attempting to install its own backdoors into Huawei equipment.

The history of Chinese industrial espionage, including the case of Nortel, served as background context that contributed to the “unsettling” view of Huawei and the concerns about its potential use for Chinese intelligence purposes. This concern about Huawei’s role and alleged ties to the Chinese government was the driving force behind the launch of Operation Shotgiant.

Huawei router vulnerabilities were exploited through a specific flaw in their software that allowed for a bypass of regular authentication. This method involved:

Discovery of a “bug” or “mistake” in the code. This vulnerability was described as small and extremely easy to miss if one did not know precisely what to look for.
Use of a “master password” or “simple command”. This command bypassed the normal password requirement.
Gaining administrator privileges. Anyone who knew this command could skip regular authentication and immediately gain administrator privileges on the router.
Installation of monitoring software. Once administrator privileges were obtained, sophisticated monitoring software was installed on the router.
Interception of traffic. After the software was installed, all internet traffic going through the device, including emails and visited websites, was intercepted, documented, and reported to a command and control server.

This specific type of vulnerability affected thousands of users globally who used similar Huawei equipment, leading to privilege escalation and the installation of monitoring software.

The National Security Agency (NSA) conducted Operation Shotgiant, an ambitious espionage effort, which involved penetrating Huawei itself with the goal of gaining access to computers like those of the Iranian politician mentioned. The NSA’s Tailored Access Operations (TAO) unit, known for advanced persistent threats, gained access to the source code of Huawei products through Operation Shotgiant, which enabled them to reverse engineer and dissect products for vulnerabilities. While it’s difficult to definitively say if any discovered vulnerabilities were deliberate backdoors or honest mistakes, the sources indicate that the NSA had “priority seat access” to many Huawei products since 2009 and could have known about and potentially used some of these vulnerabilities for its own advantage, as illustrated by the scenario described.

Operation Shotgiant, a highly ambitious espionage effort by the National Security Agency (NSA) of the United States, had several primary goals, as revealed in top-secret NSA slides made for the Five Eyes intelligence agencies.

The main objectives of Operation Shotgiant were:

Determining if Huawei engaged in spying on behalf of the Chinese government. This was the foremost objective, reflecting concerns about Huawei’s alleged ties to the Chinese military and government, and the potential for the Communist Party to demand data or intelligence from the company.
Gaining more information about Huawei itself. This included deciphering Huawei’s mysterious organizational structure, understanding internal relationships, and even learning about the company’s future plans. The NSA aimed to understand how Huawei truly works, its management structure, the motivations of its executives, and their relations with the Communist Party of China.
Using Huawei’s potential to fill intelligence gaps. With access to one of the largest tech companies in the world, the NSA intended to “poke around the most sensitive parts of the company,” decipher its encryption protocols, gain insights into its research and development plans, and examine its supply chain.
Leveraging Huawei to reach otherwise unreachable targets, particularly in unfriendly countries. This objective has been interpreted by many as the NSA attempting to install its own backdoors into Huawei’s equipment. The operation specifically aimed to penetrate Huawei to gain access to computers like those of a prominent Iranian politician whose internet traffic was routed through new Huawei equipment.

The NSA’s Tailored Access Operations (TAO) unit, an elite cyber espionage arm, conducted Operation Shotgiant. Through this operation, TAO managed to gain access to the source code of Huawei products, which allowed them to reverse-engineer and dissect them for vulnerabilities. This deep access potentially allowed the NSA to know about and use existing vulnerabilities in Huawei equipment for their own advantage, as illustrated by the scenario where a “master password” or “simple command” could bypass authentication and grant administrator privileges, leading to the installation of monitoring software.

Foxacid was a tool of choice for breaching confidential communications, specifically developed and used by the National Security Agency’s (NSA) Tailored Access Operations (TAO) unit.

Here’s what the sources indicate about Foxacid:

Initial Purpose: It was initially developed specifically for infiltrating Al Qaeda.
Evolution into a Toolkit: Over time, it branched out into a full-on toolkit that leveraged bugs in popular browsers.
Deployment Method: The deployment of Foxacid would typically begin with a phishing message. This message would convince the target to click on a link.
Installation of Backdoor: The link would lead to a custom malicious page, which then installed a backdoor in the browser.
Further Operations: Depending on the target system and the mission, the NSA could then use a variety of specialized tools to intercept, monitor, and even modify the traffic that the target sent and received.

Regarding its connection to Operation Shotgiant, while the sources state that TAO might have deployed something else, it is suggested that Foxacid may have been used to breach the executives at Huawei. This sophisticated tool aligns with TAO‘s expertise as an elite cyber espionage arm, specializing in advanced persistent threats.

Nortel, formerly known as Northern Telecom, was a Canadian multinational telecommunications and data networking equipment manufacturer. It was once a dominant force in the industry, but ultimately filed for bankruptcy in 2009. [1, 2, 3]

Here’s a more detailed look at Nortel’s history:

Early Years and Growth:

Founded in Montreal in 1895 as the Northern Electric and Manufacturing Company. [2, 3]
Became a major supplier of telecommunications equipment, particularly for telephone companies and businesses. [4]
Renamed Northern Telecom in 1976 and later Nortel Networks. [4, 5, 6, 7]
During the late 1990s, Nortel expanded rapidly, acquiring numerous technology companies, particularly during the dot-com boom. [3]
At its peak, Nortel represented a significant portion of the Toronto Stock Exchange’s value and employed over 90,000 people worldwide. [2, 3]

Downfall and Bankruptcy:

Nortel’s fortunes reversed with the dot-com bubble burst and increased competition. [2, 3]
The company faced accusations of accounting fraud and was embroiled in legal battles. [2, 8, 9]
In 2009, Nortel filed for bankruptcy protection, marking the largest corporate failure in Canadian history. [2, 3]
The company’s assets were eventually sold off, including its valuable patent portfolio. [3, 10]

Key Aspects of Nortel’s History:

Innovation: Nortel was a pioneer in digital telecommunications, developing technologies like the DMS-100 central office switch and the Meridian PBX. [11, 12]
Acquisitions: Nortel’s aggressive acquisition strategy, while initially successful, ultimately contributed to its downfall. [3, 13]
Culture: Some analysts attribute Nortel’s failure to a “culture of arrogance and hubris”. [14]
Lessons Learned: Nortel’s story serves as a cautionary tale about the risks of rapid expansion, financial mismanagement, and the competitive pressures of the technology industry. [13, 15]