The story claims that Australia's ban on Huawei supplying equipment for the NBN was because of this incident, but offers little genuine evidence to bolster that timeline. The NBN ban was put in place in March 2012.
Filed on 17 December, the story is written by Jordan Robertson and Jamie Tarabay, with assistance from Michael Riley and Christopher Cannon. Those who follow such matters will recognise the names of Robertson and Riley as being behind highly dubious stories about infiltration of tech supply chains to a server manufacturer in the US.
In October 2018, Bloomberg claimed that chips implanted in servers made in China for US server manufacturer Supermicro Computer — and which were also supplied to a company named Elemental which Amazon acquired — were used to spy on Apple and Amazon, and also a number of government agencies.
Bloomberg, which for some reason is deemed a reliable source, has a policy of paying higher annual bonuses to those who write stories that move markets.
An interesting aspect about the 17 December story is that the quotes from named individuals do not offer any specifics to back up the claims. All the specific claims are made by unnamed sources.
If one were to believe what the story claims, then Optus accepted a software update from Huawei directly – without any checks to see what it would do. This update, the story goes, pilfered data and sent it to China, before self-destroying. That sounds like high-level fiction, but is delivered in the guise of a news story.
There have been cases of intelligence agencies slipping in malicious code through equipment, but all those took place before the gear was shipped, not through software updates. The NSA is known to have intercepted Cisco routers and implanted malicious firmware, according to documents made public by whistleblower Edward Snowden.
And then there is the case of global networking products manufacturer Juniper Networks in 2008 incorporating a flawed algorithm from the NSA in its NetScreen devices, even though the company was aware of the flaw that was suspected to provide a backdoor.
But the claim that any company, especially one of Optus' size, would accept an update without first testing it, sits in the same category as Grimms or Andersen's fairy tales. Many sites have run this story without questioning any of its claims, but then media entities are, these days, largely playing the same role as stenographers so one should, perhaps, not be unduly perturbed.
Malcolm Turnbull also figures in the story, with the statement from his memoir that the ban on Huawei was a “hedge against a future threat, not the identification of a smoking gun, but a loaded one" cited. This statement is on page 434 of Turnbull's book A Bigger Picture.
However, Turnbull has denied to Bloomberg that this statement could be taken to indicate that there was no untoward action in Australia by Huawei. Strange, but true.
One of the many risible quotes in the story is from Keith Krach, the former under secretary for economic growth, energy and the environment at the US State Department, who says: “Huawei’s software updates can push whatever code they want into those machines, whenever they want, without anyone knowing.”
Huawei's cyber security chief John Suffolk has pushed back at this, saying it is a fantasy — a serious understatement, if ever there was one — and adding: "There is not a general software update mechanism, patches are not pushed at will and Huawei has no control or say when an operator decides to upgrade or patch their network."
As to why an alleged incident that is nine years old has been leaked by intelligence agencies now, one can only speculate. One reason could be that Australian spooks want to shore up the reasons they have advanced for getting government to pass a new law, in November, so that they can meddle in private cyber incidents in the country without any judicial oversight.
Throwing mud at Huawei at this stage does not serve any particular purpose as the US has done plenty of it over the last three or so years. But Washington is in the middle of trying to sell F-35s to the UAE and the latter country has struck a deal with Huawei which is a sticking point. So this story could, perhaps, be used to raise additional suspicion and scupper the deal.
Or perhaps Robertson and Riley wanted a bigger Christmas bonus. That is the most plausible reason. Last time around, Riley was promoted after the Supermicro yarn.
Another strange thing about this story is that it was published on a Friday in the week before Christmas, surely not the best time if one wants to get some traction for a yarn.