The company has tangled with the security establishment in a number of countries, including the U.S., U.K., India and Australia. In 2008, Huawei dropped its bid to acquire American networking device manufacturer 3Com when regulators made it clear they would block the deal on national security grounds due to the governments extensive use of 3Coms security software.
Later, in 2010, it withdrew a bid to buy the assets of American company 3Leaf Systems following an unfavorable review by the U.S. Committee on Foreign Investment. U.K. security experts took their government to task in 2009 for awarding Huawei a contract in 2005 to replace the core of BTs telecommunications network. Huawei has also been blocked from supplying equipment for Indias cellular phone network and Australias national broadband network.
Huawei has attempted to allay these fears. In 2011, following the failed 3Leaf bid, the company issued an open letter to the U.S. government, inviting a formal investigation that would prove it was a normal commercial institution.
"Unfortunately, over the past 10 years, as we have been investing in the United States, we have encountered a number of misperceptions that some hold about Huawei," wrote Ken Hu, deputy chairman of Huawei Technologies and chairman of Huawei USA. "These include unfounded and unproven claims of "close connections with the Chinese military, disputes over intellectual property rights, allegations of financial support from the Chinese government, and threats to the national security of the United States. "
"These falsehoods have had a significant and negative impact on our business activity and, as such, they must be addressed as part of our effort to correct the record. "
He noted that in 2010, Huawei paid western companies $222 million in licensing fees for intellectual property.
Exploit Frameworks Have Changed the Game
Attacks believed to be sponsored by nation-states have been on the rise over the past 10 to 15 years, and the nature of the tools for penetration testing and hacking have also changed dramatically over the same period with the rise of exploit frameworks. Exploit frameworks, which are available in both basic free versions and more sophisticated commercial versions, provide a consistent environment within which both hostile attackers and penetration testers can create and run exploit code against targets. They utilize code reuse and modularization to streamline and simplify the process of creating and running exploit code.
"Fifteen years ago, if you wanted to do a buffer overflow attack, you needed to know how to code a buffer overflow attack in machine code for the target system," Lloyd says. "That's all gone." These days, exploit frameworks make sophisticated hacking into child's play.