Friday, April 29, 2011

Huawei CEO's Nepotism Strategy May Prove Fatal

There's been some discussion by Huawei watchers that the patriarch / CEO of the company, Ren Zhengei, has been pressuring Chairwoman Sun Yafang (whom I wrote about last week) to resign (his latest offer is YUAN$1Billion) so that his son Meng Ping, also called "Ren" Ping (see photo) can replace Sun as Chairman of the board. Unfortunately for the company, Sun Yafang is highly regarded both inside Huawei and in the industry in general while Ren's son hasn't been able to gain the respect of the company's employees. In fact, according to my sources, some Huawei employees call him "A dou"; a historical reference to a king's son who's an idiot.

Currently, Huawei's board includes three family members – CEO Ren Zhengfei, CFO Meng Wanzhou (Ren Zhengfei's daughter), and Xu Wenwei (Ren Zhengfei's son-in-law and spouse of Meng Wanzhou).  Ren Shulu (Ren Zhengfei's younger brother) sits on the Board of Supervisors of Huawei. In addition to his brother and his children by Meng, Ren Zhengfei also has three sisters in Huawei.  His son-in-law Xu Wenwei divorced his wife to marry the CEO's daughter Meng Wanzhou. This was a strategic move by Xu to fortify his position in the company and enter Ren Zhengfei’s inner circle.  Xu is someone to watch because he's responsible for Huawei’s research and has a reputation for being quite competent.

Ren Zhengfei's preference for installing family members in high level company positions regardless of merit is understandable considering that he got his start by marrying Meng Jun, the daughter of the Deputy Governor of Sichuan Province Meng Dongbuo.  Besides being ambitious, he’s said to be a womanizer, especially favoring company secretaries.  His wife divorced him, and he married one of the secretaries, with whom he has a daughter.  Then he divorced again and married another company secretary.

Professor Chen Shengjun said, “If you put Mr. Ren Zhengfei and Mrs. Sun Yafang together, all Huawei employees think Mr. Ren Zhengfei is the Number one boss despite Mrs. Sun Yafang’s position as Chairman. Mr. Ren Zhengfei tried a lot to choose his successor from professional managers but failed. From Mr. Ren Zhengfei’s aspect, he probably has to leave Huawei to his children in consideration of the backwardness of China professional manager market especially lack of loyalty. Huawei probably has to become a family enterprise although this is a danger for Huawei.”

Thursday, April 21, 2011

Huawei's Chairwoman Worked For China's Ministry of Public Security

Huawei's 2010 annual report included, for the first time, information about its Board of Directors in an apparent bid to demonstrate increased transparency into its operations. The bio for its Chairwoman Sun Yafang failed to mention that she once worked for the Ministry of Public Security, which is the national law enforcement agency for the Peoples Republic of China. Part of its remit is Information Security which in China means information monitoring - precisely the area that Huawei is working hard to change U.S. perceptions about. According to this article, Huawei had no comment on why this very relevant part of Sun Yafang's resume had been omitted.

Two other important facts emerged from the company's annual report:

1. Huawei appears to be a family-run business and there's every indication that it will continue as such (source).

2. The company's strategy of under-pricing its competition by 10-15% is working. It's net profit in 2010 rose 30% from the previous year and it is closing in on Ericsson as the world's market leader in telecommunications. (source)

UPDATE: I incorrectly identified Sun Yafang as Ren Zhengfei's daughter in my original post. It's been fixed with this update (26 April 2011).

Wednesday, April 20, 2011

How To Determine Your Company's Cyber Risk Profile

Two months ago, I approached the BENS organization with an idea for a exclusive seminar for senior level executives which would provide them with some tools to help them manage their cyber security costs. I've written before about the brewing anger in the C-suite that I've encountered when discussing the high cost and lack of effectiveness of many information security products with Fortune 500 executives. Thanks to the support of the BENS organization, the seminar that I envisioned two months ago will become a reality next Monday, the 25th. This is primarily being offered to BENS members however I'm able to to extend an invitation to interested C-level or senior executives until we reach capacity. Contact me directly if you'd like more information.

Keynote: The Honorable Michael Chertoff

Panel 1: "Evaluating Your Company's Cyber Risk"
Moderator: Jody Westby (CEO, Global Cyber Risk)
Panelists: Richard Marshall (Director, Global Security Management, DHS); Anyck Turgeon (CEO, CISO, CoreClean Group)

Panel 2: "Measuring Your Cyber Return-On-Investment"
Moderator: Jeffrey Carr (CEO, Taia Global, Inc.)
Panelists: Dan Geer (CISO, In-Q-Tel), Steve Boutelle (VP, Business Development, Global Government Solutions; CEO, Cisco IRIS Government)

Monday, April 18, 2011

Reason #6 Why China May Have Sponsored The Stuxnet Attack

In spite of the fact that I'm probably the only person who still doesn't believe that Israel or the U.S. was behind the development of the Stuxnet worm, I just discovered another reason why I believe the PRC is the most likely state-sponsor. According to this article in iStock Analyst "China Focus: Foreign Firms Seek Expansion Into China Even As Super-National Treatment Ends", Siemens has 16 R&D centers in China which employ over 2,300 engineers who are working on over 1,000 patents each year.

Assuming that Stuxnet was a Chinese operation, they didn't need access to Idaho National Labs or Dimona as the New York Times reported on January 17, 2011. In fact, everything needed was already in the PRC.

1. Windows source code :
"The review is an extension of an agreement signed in 2006 which enables China immediate access to the source code for Windows 7, Vista, XP, Server 2008 R2, Server 2003, and 2000, and the embedded software CE 6.0, 5.0, and 4.2. Also included is the source code for Microsoft Office 2003 Professional Edition and most other Microsoft products."

2. The Vacon Frequency Converter Drives targeted by Stuxnet are manufactured in Souzhou.

3. RealTek,  one of two Taiwanese companies who's digital certificates were stolen has a subsidiary office (RealSil) in Souzhou.

4. The P1 centrifuges which were sold to Iran by Pakistan's AQ Khan were originally of Chinese design.

5. Chinese anti-virus company Rising International announced an unheard of 1 million infections in China three months after the virus was discovered. No infections had been reported in China before then.  Rising International became notorious for creating and distributing software viruses, then selling the anti-virus with the help of a Chinese government official in Beijing's Public Security Bureau.

And now (6), 2300 Siemens engineers working in 16 R&D centers in China would have access to a limitless supply of inside information about Siemens software and hardware.

I'm not suggesting that this represents incontrovertible evidence that China was the state sponsor of Stuxnet, but there is more fact-based evidence supporting China than I've seen presented for any other state. And now with Iran threatening legal retaliation against Siemens and apparently convinced that it was the U.S. and Israel with no evidence to support it, I think its important to present some alternative analysis to the conventional wisdom one more time.

UPDATE (1 JUN 2012): David Sanger spilled the beans today in a lengthy NY Times article that Stuxnet was a U.S. operation which started during the Bush Administration. The world's first cyber weapon didn't come from China after all. 

Thursday, April 14, 2011

The Cyprus-Vienna Connection In Huawei Bribery Case

This post is a follow-up to last week's article on Austrian government's investigation into Huawei paying bribes for Telekom Austria business. FORMAT broke the story with its own investigation which was available only in the Austrian language. I've had it translated into English and have reproduced it below. At last report, the Vienna prosecutor's office is investigating.

Thursday, April 7, 2011

The Kremlin's Online Hit Squad - The Nashi - Attacks

The popular Russian blogging site has been under heavy DDoS attacks from at least two different botnets over the last couple of weeks targeting high profile political dissident and anti-corruption blogger Alexey Navalny as well as other controversial sites. Maria Gamaeva of Kaspersky Labs provides a list of the targets that they were able to pull from one of the botnets used in the attack (the Optima/Darkness botnet).

This apparently all began when Navalny began attacking the current ruling political party (United Russia) by calling them the party of swindlers and thieves. Retaliation followed in the form of spamming Navalny's blogs with derogatory comments. At least one advertisement was found online which offered $14,000 rubles per month for individuals to continue the campaign against Navalny, according to Maria Antonova writing for the AFP news agency. Antonova wrote that many bloggers suspected the Nashi to be responsible for the attacks against Navalny and LiveJournal.

The Nashi was the brainchild of Vladislav Surkov, Chief Ideologue and First Deputy Chief of Staff of the President of the Russian Federation Dmitry Medvedev. Shortly after the Russia Georgia War of 2008, Surkov reportedly told a roomful of Russian spin doctors that "August, 2008 was the starting point of the virtual reality of conflicts and the moment of recognition of the need to wage war in the information field too."("Information Warfare Chronicles" (Yevropa, 2009)).

As I wrote in my book "Inside Cyber Warfare", Surkov intends to use Nashi to enforce the Kremlin’s will regarding RUNET communications, i.e., “Ensure the domination of pro-Kremlin views on the Internet” (published by The New Times Online in Russian, 16 Feb 09). In March, 2009, Surkov
organized a conference with about 20 key people in the Russian blogging community, as well as leaders of the aforementioned youth organizations, some of whom include:
• Maksim Abrakhimov, the Voronezh commissar of the Nashi movement and blogger
• Mariya Drokova, Nashi commissar and recipient of the Order for Services to the Fatherland Second Class medal for her “energetic” work in the area of youth policy
• Mariya Sergeyeva, leader of the United Russia youth wing Young Guard
• Samson Sholademi, popular Russian blogger
• Darya Mitina, former state duma deputy and Russian Communist Youth Union leader

Other attendees included Russian spin doctors who specialize in controlling the messages communicated via the blogosphere. The objective was to work out a strategy for information campaigns on the Internet. It is formulated like this: “To every challenge there should be a response, or better still, two responses simultaneously.” A source who is familiar with the process of preparations for the meeting explained:

  • If the opposition launches an Internet publication, the Kremlin should respond by launching two projects.
  • If a user turns up on LiveJournal talking about protests in Vladivostok, 10 Kremlin spin doctors should access his blog and try to persuade the audience that everything that was written is lies.

The Nashi is run by the office of the Federal Agency of Youth Affairs' chairman Vasily Yakemenko, who is also the co-founder of the group. Yakemenko's office provides partial funding and is an activist himself. In fact, he's not able to travel in the EU after being declared "persona non grata" by Estonia after organizing a blockade of the Estonian embassy in Moscow in 2007.

The Nashi's other powerful financial supporter is none other than Alisher Usmanov, the largest single shareholder of Facebook investor DST-Global, Inc. who's chairman is Silicon Valley's favorite Russian venture capitalist Yuri Milner. Nashi members have been involved in numerous organized cyber attacks against both external and internal targets which oppose the interests of Russia's leadership. A Nashi commissar claimed responsibility for the Estonia 2007 attacks and numerous cyber attacks as well as physical demonstrations have been mounted against Georgia and Georgian activists in 2008 and 2009.

I expect to see an increase in Nashi attacks as the RF Parlimentary elections in December draw closer. In the meantime, a support rally is scheduled for tomorrow April 8th at the SUP offices to encourage bloggers to find other ways to communicate in spite of the LJ outages.

UPDATE #1 (7 APR 2011): AFP reports that President Medvedev posted a condemnation of the attacks against Live Journal today.

UPDATE #2 (8 APR 2011): Novaya Gazeta reports a massive DDoS attack today. The paper often publishes articles critical of the United Russia party. In November 2008 it fired Russian Security Services writer Andrei Soldatov of for unknown reasons although political pressure is suspected.

Wednesday, April 6, 2011

Huawei Investigated For Bribery in Obtaining Telekom Austria Contracts

Huawei's meteoric rise to one of the top three Information and Communication Technology (ICT) companies in the world is due in large part to its ability to undercut bids by other companies thanks to its status with the Chinese government as a "National Champion" firm. However, in the case of its sales to Telekom Austria (A1TA) between 2007 and 2009, it may also be due to bribery. An investigative report by reveals that Huawei Austria's CEO signed an agreement to pay a ten percent "marketing fee" to Peter Hochegger, a former Austrian government lobbyist and PR consultant for all the A1TA business that he could deliver. Hochegger's influence and Huawei's money resulted in sales of over 130 million euros for the Chinese company, beating out regular Telecom Austria suppliers like Ericsson and Nokia Siemens Networks. According to an investigative report by, once A1TA paid Huawei, Huawei Austria's CEO transferred 10% to a bank account (No: 155-40451-87448) at the Bank of Cyprus. The account belonged to Astropolis, a company owned by Hochegger and his associates. 

A1TA is now investigating all of its transactions with Huawei for possible criminal prosecution against the company. Not surprisingly, no one at Huawei is talking. The former head of Huawei Austria, Lu Hongwei has moved to the top position at Huawei Serbia and is "unavailable". Sun Zhengyang, his successor, has no comment. 

Heise online 5 Apr 2011: 31 Mar 2011: 04 Apr 2011:

Monday, April 4, 2011

What the RSA and NASDAQ Directors Desk Attacks Have In Common

When I first wrote about the NASDAQ Directors Desk attack on Feb 6 and Feb 8, I pointed out the core problem with an electronic boardroom application:
Your company’s critical data along with identifying information for your key executives joins hundreds of other companies’ critical data in a private “Cloud” that is no better secured than your own home network. In fact, you’re now worse off than before because your company is part of a larger, more target rich environment that gives an adversary the efficiency of scale. Instead of just one company’s “crown jewels”, he can have access to hundreds without increasing his risk. 
There are a growing number of "electronic boardroom" service providers besides Directors Desk. A 2008 article at the National Association of Corporate Directors mentions Boardbooks by Diligent, Directors Desk by NASDAQ, BoardLink by Thompson, BoardVantage, Leaders4 Board Information Management by 80-20, as well as smaller players like BoardWorks, BoardEffect, IntraLinks, Info-Street, and Endexxhas.

There are always pros and cons to making the details of an attack public. The NASDAQ Directors Desk attack has been in the news since early February and has just had a resurgence of interest with the announcement that the NSA has joined the FBI in their investigation. Personally, I had never known about the existence of an electronic boardroom prior to writing about this attack. Now that I do, I've been advising client companies to either not use them or to drastically reduce the amount of exploitable data that they contain before another attack takes place.

After the RSA attack was announced on March 17th, and with EMC's (RSA's parent company) poor job of providing information about it publicly (not to mention their disgraceful job of not sharing details with their own customer base privately), I wondered how many electronic boardroom services use RSA technology as part of their security. After a little bit of searching, I found four:

BoardBooks by Diligent
BoardLink by Thompson

I highly recommend that above companies either contact EMC and demand answers regarding the extent of the RSA breach so that they can determine their own exposure or drop EMC as a security provider altogether. EMC's conduct in disclosing details about their attack has been pathetic. Their SEC filing was word-for-word identical to their press release and the latest blog post "Anatomy of an Attack", written by a marketing executive and not an engineer (which is telling in and of itself), only made matters worse by indulging in folksy descriptors and mixed metaphors as a substitute for providing hard facts on the state of the breach and offering specific guidance to its customers. I wouldn't be surprised if a class action lawsuit was filed against EMC's Board of Directors by their corporate customers for negligence. EMC, like many InfoSec companies, are charging small fortunes for products and services while assuming no responsibility for keeping their customers' data safe. A backlash is sure to follow. 

Friday, April 1, 2011

Why Yuri Milner Doesn't Want You To Know About His Business

On February 11, 2011, I wrote an article for my former blog "Facebook Investor Leads New Russian Internet Police". It was based in part upon an article published by reputable Russian news portal entitled"Yuri Milner Will Clean Up The Internet" (a translated version can be found at the end of this post). The fact that Yuriy Milner personally called Forbes San Francisco Bureau Chief Eric Savitz to complain about my article and had his lawyer send a letter to Lewis Dvorkin and Tom Post threatening to sue if Forbes didn't kill it (which Eric did post-haste) underscored for me that Milner didn't want anyone outside of Russia to know of  his work for the Russian government.