[HN Gopher] 5G: The outsourced elephant in the room ___________________________________________________________________ 5G: The outsourced elephant in the room Author : sam_lowry_ Score : 481 points Date : 2021-04-17 10:07 UTC (12 hours ago) (HTM) web link (berthub.eu) (TXT) w3m dump (berthub.eu) | carlosf wrote: | > In a modern telecommunications service provider, new equipment | is deployed, configured, maintained and often financed by the | vendor. Just to let that sink in, Huawei (and their close | partners) already run and directly operate the mobile | telecommunication infrastructure for over 100 million European | subscribers. | | > The host service provider often has no detailed insight in what | is going on, and would have a hard time figuring this out through | their remaining staff. Rampant outsourcing has meant that most | local expertise has also left the company, willingly or | unwillingly. | | 100% reflects my experience working in Huawei BR a few years ago. | Carriers are mostly customer facing companies and very limited | technically. | | Our customer (million + subscribers BR carrier) often hadn't the | slightest idea how their own network was built and worked. | | Banning Huawei is absolutely impossible, at least in Brazil. | krona wrote: | This aligns with my experience working at IBM. I knew Vodafone | was a big customer, but I found the extent of that relationship | peculiar; in presentations given by senior engineers it came | across that IBM seemed to running the core parts of their | network. That can sometimes mean Vodafone engineers are barely | allowed to touch anything without an IBM contractor on site. It | got me thinking; who and what is really running these telecom | networks and are they not much more than a branding exercise. | Spooky23 wrote: | Which is hilarious, as IBM outsources its own network to at | least two entities as well. | | The IBM guy is probably connecting to Vodaphone through some | AT&T managed tunnel. | pram wrote: | If you've worked at an MSP, you realize this is the case with a | lot of companies. I worked on the infra of a pretty major | publisher and their full time staff literally didn't know | anything about their platform. All the websites had been | written by contractors, and then the maintenance was handled by | us. It's actually insane. | kazen44 wrote: | Bert hubert has another great article that is referenced[0] | | [0]https://berthub.eu/articles/posts/how-tech-loses-out/ | | This article hits the nail on its head, and i can see it | happening all around us, not only in the telcom/tech world. | Boeing is a prime example for instance, but also the general | death of manufacturing in the western world has resulted in | this. | wil421 wrote: | I worked with Vodafone and AT&T for projects in Europe. It was | a large company to that did some work with SDNs and were a MSP. | Can confirm the endless chain of subcontractors when dealing | with large Telcos. | | Europe in general has a fetish with subcontracting IT to the | point where only the contractor's can do it. Sometimes it's the | contractors's contractor's contractor who is the only one who | can do anything. | kazen44 wrote: | this fetishization of contracting everything out to | subcontractors has to do with the fact that most business | schools teach one principle and one principle only. risk | taking is a sin that will hurt your bottom line. | subcontracting delegates that risk to someone else while | leaving your company with little to no real staff that can do | the innovation. | | in the short term this does not matter, because the company | stays profitable, but long term this is resulting in a system | in which no one has complete ownership and responsibility of | their systems, which makes doing changes and innovating | nearly impossible. | wil421 wrote: | The US doesn't do it quite as much. I was shocked how much | some of the larger known European telcos and companies | contract out. As in the entirety of their networking and | most of their IT functions were outside. | whimsicalism wrote: | The US does it quite a bit. I think it depends on what | sort of company you're working in. | | For instance, when I worked in US govt, best as I could | tell all the real work was done by contractors and the | govt employees sat around on their asses all day. | mindentropy wrote: | I have seen many European companies love big monopolistic | giants like IBM or Microsoft. There is literally no respect | for smaller innovative companies. | mindentropy wrote: | I was shocked when I saw one of the Big Medical companies in | Europe outsource almost every single thing. | | Headquartered in Switzerland, its German office was mainly | just Product managers writing requirements. Most of them | would do endless paper work and all technical work is | outsourced to multiple contractors. One of the requirements | of the Product managers was to handle all these contractors | so that things run smoothly. Many of the product managers had | PhD degrees or Masters doing this nonsense. Finally the | wonder why the cost of their products are so high. | | I have noticed that it is better in the United States where a | lot of medical companies have a lot of in house technical | experience. | g_p wrote: | This is more common than many think. | | Once a managed provider steps in, they want to "own" the | configuration. You end up with the operator itself actually | having to raise tickets with the MSP to change things on their | own network. | | All this becomes a huge issue if there's a major outage, as the | MSP might not have enough access to actually get in and do | anything. | | Most telecoms networks are run (to some significant extent) by | a managed service provider, in my experience. When O2 UK had a | major core outage due to an Ericsson certificate expiry inside | the core, it wasn't O2 engineers that found and fixed the | issue; it was Ericsson engineers. | | The margins as an operator don't make it easy to keep around | the deep technical skills to be an expert in the network you | own. | johnchristopher wrote: | > You end up with the operator itself actually having to | raise tickets with the MSP to change things on their own | network. | | Once, I found out a contractor was so used to opening and | closing tickets for themselves that they were actually gaming | the system and using it as a way to correct payements for | their services. Each payement went through at least two | accounting services and yet it worked. Interesting | discussions followed :-). They are still there. | taurath wrote: | Operator margins in the US are enough to pay billions for | media companies, at least. But maybe more competition is | allowed in Europe. | g_p wrote: | There's definitely a "side of the pond" aspect to this - US | operators pay for media companies, but they likely do so to | raise their margins, and I presume they're borrowing the | funds from institutional investors to do this, rather than | bootstrapping their acquisitions with profits. | | In Europe you'll likely see far lower per-user pricing due | to competition. You'll typically have 3 or 4 operators with | physical networks, and a number of virtual operators | providing white labelled service over the underlying | networks. | | A standard target ARPU (average revenue per user) would | probably be around 15 GBP per user per month. You'll likely | get to that via contract users who you try to get on 22 GBP | per month or thereabouts, and pay as you go users whose | ARPU is far lower (maybe 8 or 10?) | | Compared with the US, consumer prices paid are incredibly | cheap - expect unlimited calls and SMS, and many gigabytes | of data. If you shop around you'll get even cheaper still. | In the UK you'd be able to get unlimited 4G or 5G data for | 25 GBP per month. | | Clearly the US has a much larger geography to cover, but | there's definitely more competition leading to downward | price pressure in Europe, in my view. | sbarre wrote: | Canada's average ARPU for mobile customers is like 60-70$ | I think. | ixfo wrote: | More than allowed - in the EU at least, telecoms (wireline | at least) is heavily regulated, and monopoly infrastructure | providers (i.e. wire owners) are required to provide | wholesale services and operate on those services for their | own retail arms. Mobile operators have slightly less | regulation in the way of competitition but there are | similar requirements for vMNOS etc. So yeah, overall | margins tend to be smaller and there's healthier | competition overall, but telecoms is still flush with cash | in general. | rcarmo wrote: | IBM won a major outsourcing contract in the early 2000s for | Southern Europe (I know, I was there). I can assure you that | they did not run the network because of a) sheer literal | incompetence (they did not have the skills, in multiple | regards) and b) the deal was solely for IT workloads and on an | exclusive basis, and that did prevent many Vodafone staffers | from actually fixing the messes IBM created. | | (EDS won the northen countries, BTW, and I think things were | marginally better with them, but either way, things soon | reverted back to a more flexible arrangement because product | development was severely hampered and most OpCos ended up | rebuilding their IT systems) | rcarmo wrote: | This is factual information, so why the downvote? | peter_d_sherman wrote: | 5G Vs. Starlink | | Which will win? | | ? | | Or, more likely, does the future hold a _coming broadband | internet connectivity price war?_ | | ? | | And if so... | | ...who will be the "last IP address standing"? | | ? | rijoja wrote: | "Just to let that sink in, Huawei (and their close partners) | already run and directly operate the mobile telecommunication | infrastructure for over 100 million European subscribers". | | Which providers are using and which are not using Huawei? | Foivos wrote: | This is my experience interacting with mobile telcos as well. | | Even to get some simple logs from a base station you need to | either ask an Ericsson engineer or, worse, wait for the Telco | employee with the relevant knowledge to find time to do it. Telco | employees with such knowledge are very few compared to the amount | of workload they have to do, so it is hard to get them to | dedicate time to help you. | g_p wrote: | For background context around telecoms for anyone reading this, | there is an underlying difference in how telecoms networks are | designed and architected - in the Telco world, links between | networks were predicated on trust. Originally, telecoms networks | were run by national level quasi-government operators, one per | country. You interconnected with other "known entities". | | Even now, you likely have 3, 4 or 5 national mobile operators in | any one country. They negotiate their own roaming agreements in | order for you to get roaming access. It's all driven by these | kinds of relationships predicated on trusting other networks. | | In IT, we are rapidly moving towards zero trust (due to the | internet), but circuit switched (legacy) voice is still all | designed to be sent over private circuits between operators who | trust each other. | | The legacy protocols (see SS7), used to route calls between | operators are functional, but also lack access control and | authentication, as it's assumed only trusted parties are on the | network and able to use them. Those assumptions are no longer | valid, and there's a huge challenge in dealing with this - hence | SMS and call interception and rerouting attacks to steal 2FA | tokens etc. | tyingq wrote: | The recently discussed[1][2] method of hijacking SMS with | almost zero effort was an eye opener to me. I had thought it | required social engineering my carrier. Nope, just a $15 | service. | | [1] https://news.ycombinator.com/item?id=26469738 | | [2] https://lucky225.medium.com/its-time-to-stop-using-sms- | for-a... | | [3] https://krebsonsecurity.com/2021/03/can-we-stop- | pretending-s... | | Edit...added [3] above. Apparently, it's a $16 service, not | $15: https://sakari.io/pricing/ | g_p wrote: | Indeed! | | And if you have access to SS7, you can do it without the | middle-man $15 service! | | These systems are really designed for use in a world where | only trusted actors have any access to the system! That's | clearly not true with all these third parties exposing | functionality to the general public! | | [1] https://www.ptsecurity.com/upload/ptcom/PT-SS7-AD-Data- | Sheet... | gsich wrote: | And how to get that? | g_p wrote: | It's not a publicly facing service that's on offer, but | some smaller telcos and sketchy VoIP providers with | legacy access often re-sell it. | | There's some good CCC talks on the subject if it's of | interest. | thaumasiotes wrote: | > And if you have access to SS7, you can do it without the | middle-man $15 service! | | This doesn't really seem to make things any worse. Surely | it's easier to have $15 than it is to have access to SS7. | MayeulC wrote: | Right, but $15 a piece makes it only worth it for | targeted attacks. Even if it's harder or more expensive | to get access to SS7, it might become economical to | attempt MITM on a larger target base once you do. | myself248 wrote: | Yeah, but say you want to hijack a million accounts. It's | easier to have access to SS7 than $15 million. | thaumasiotes wrote: | What's the threat model there? | nine_k wrote: | Installing a backdoor to a a piece of equipment that | handles SS7, for instance? | thaumasiotes wrote: | No, what is the threat model for the agent who wants to | hijack text messages to a million random phones? Why are | they doing it? | walrus01 wrote: | The funny part about that is the $15 hijack service was | predicated on the flimsy legal fig leaf of somebody writing | in an ink signature on a piece of paper and scanning it to | port a number (term is an LOA, letter of authorization), same | as I have to do when I port a bunch of DIDs between voip | providers. | | Literally anyone with a printer and a pen can forge any | signature and have a fairly high degree of success in the | porting process. | gumby wrote: | This same approach (assume only trusted parties) is fundamental | to SCADA systems (the industrial control protocols for power | generation, wastewater systems, and other big industrial | machinery). At best you get a firewall in front of it. | walrus01 wrote: | SS7 is not fixable in my opinion. It needs to undergo the | metaphorical equivalent of being burnt to the ground and having | its ashes stomped around on a bit. | | The further you go into the architecture of the "trust based" | PSTN, SS7, traditional Telco stuff... The more you will see the | total lack of modern cryptography, PKIs, zero trust network | modeling, etc. | | I'll admit that my perspective is skewed by working in backbone | IP network engineering for a mid sized ISP. We occasionally | have reason to interact with some pstn related stuff. All of | the real technical innovation, security advances and such have | been taking place in the ISP world for the past 25 years, not | the Telco world. | g_p wrote: | Indeed, SS7 is based on a whole host of assumptions that just | can't be relied upon. Since SS7 doesn't even bother to try to | verify who anyone is (you'd only peer with trustworthy | people, right?!), it's also very hard to hold anyone | accountable too. And since the idea of SS7 signalling is that | it can be forwarded and passed around, it simply needs to be | replaced by authenticated, access-control validated | signalling. Then you can at least have some confidence you're | actually hearing from a network that has a reason to be | communicating. | | Too much of SS7 comes from a world where anyone can do | anything - there's no legitimate reason in 2021 for an | arbitrary network to be able to request a user's network | location and cell ID, but the protocols support it. SS7 | firewalls try to plug the gaps, but ultimately you just | innovate in how you try to get the network to hand over what | you want, and eventually you'll find a way the firewall | doesn't spot. Cat and mouse continues. | | Telco networks are "zero trust", just not in the right way(!) | amaccuish wrote: | > The more you will see the total lack of modern | cryptography, PKIs.. | | Funny you say that as x509 was an ITU standard. But yes, PSTN | is terribly broken, with mobile bolted on. | miohtama wrote: | If the trust issues cannot be fixed on hardware level or on | base layer, it needs to be fixed on higher levels with more | prominent and audited protocols. "IP based calls and everyone | gets a free VPN from their telco" | bradleyjg wrote: | > as it's assumed only trusted parties are on the network and | able to use them. Those assumptions are no longer valid | | Why not refuse to peer with networks that peer/sell to bad | actors? Before we had ML based email filters that kind of "hold | upstreams responsible" strategy worked pretty well. | g_p wrote: | That's one approach, but some operators have SS7 connections | to unknown providers. And turning off connections is a great | way to discover that a whole host of services (think Twilio | etc) suddenly stop working, as they were using some sketchy | forgotten-about route into the network. | | With third party access often "leased" via legitimate-ish | providers though, it's hard to really do this without cutting | countries or territories loose. Small countries often have | operators that give SS7 access, to raise some extra revenue | they can't get from their (small and population limited) | subscriber-base. | bradleyjg wrote: | It may be callous to say but I think most customers would | be okay with the trade-off of losing telephone access to | some small country that decided to monetize access to | global telephony by selling to spammers and scammers, in | exchange for not getting those calls. | rcarmo wrote: | SS7 is dead except in legacy switches. IMS started rolling out | in 2004(ish), and replaced most voice switching with SIP, which | gradually flowed out towards customers. | | Most voice installed for the last 10 years is already over IP. | If it doesn't start in the CPE, then it starts at the curbside | or lot where a DSLAM or equivalent generate dial tones, pack it | onto IP packets and send it over a fiber connection. | est31 wrote: | Isn't the internet in the same situation, with BGP being | assumed to be done between trusted parties? | g_p wrote: | At transit layer to an extent yes, but with every underlying | user of the connectivity considering the connection | compromised, and therefore using their own measures on the | untrusted link. | | Hence IPsec and site to site/road warrior VPN - the | underlying connectivity is regarded as untrusted by any sane | user. | | In telecoms, anyone on the SS7 network can make a request to | find a given number, or say the number is available and can | be reached by routing via their network. | walrus01 wrote: | Any reputable and clueful transit provider these days is | performing automated RPKI validation of the prefixes | announced to them. In addition to whatever prefix lists might | be manually set up on a bgp session. | | That's only a small piece of the puzzle in network security | generally, but is sure better than how SS7 works right now. | rcarmo wrote: | Most carriers already use PKI for their BGP traffic. It's not | the Wild West anymore (although of course you'll always find | some weak link if you backtrack AS announcements far enough) | darkr wrote: | Yes, but increasingly traffic is strongly encrypted, with | users able to exert some level of control over that | encryption | pas wrote: | The first rule of BGP is to filter what you get. Don't just | blindly accept whatever the peer advertises. The second rule | is obvious, but for the third there's also a lot of knobs for | traffic engineering with BGP. And on top of that there's RPKI | [ https://blog.cloudflare.com/rpki/ ] | | I guess all of the big telcos have some homegrown ossified | hacky "solution" that also serve as a minimal kind of | "firewall" for SS7. (Basically I imagine that there's a lot | of hardcoded rules for phone numbers, country codes and | operators. Sure, they probably are an opposite of a problem | for national intelligence services, after all it's easier to | go by unnoticed in the noise, but they at least help with a | total BGP-like hijack of a whole country code by an | operator.) | sneak wrote: | I think RPKI poses a grave danger in terms of censorship. | Anyone who controls the centralized database of public keys | to prefixes can instantly and automatically take anyone | offline, if all other routers refer to them in real-time | for building route tables. | g_p wrote: | Big telcos need to do SS7 filtering and (based on the | interface they receive the message from) limit what can be | done. The trouble is that SS7 lacks proper authentication, | so it's like setting Linux iptables rules only based on the | interface name - eth0, eth1 etc. | | There are product-based SS7 protocol firewalls available | that try to detect the "patterns" of signalling used to do | "bad things", and block and report them. | | Part of the problem with SS7 is that it's complex, and you | can't easily restrict who says what - if you port your | number from Operator A to Operator B, your number prefix | still sits in A's range, and calls are signalled to | Operator A. They can then tell you to try Operator B. B may | then need to tell you the user is roaming and how to reach | them. But yes, current firewlls leave a lot to be desired! | | There's a number of good talks from CCC about SS7 - one is | https://media.ccc.de/v/31c3_-_6249_-_en_- | _saal_1_-_201412271... | amaccuish wrote: | > if you port your number from Operator A to Operator B, | your number prefix still sits in A's range, and calls are | signalled to Operator A. They can then tell you to try | Operator B. B may then need to tell you the user is | roaming and how to reach them. But yes, current firewlls | leave a lot to be desired! | | Not in all networks as far as I'm aware. UK is an | annoying example of not having a central database of | ported numbers (with ACQ), where a redirect is setup in | the old network. I once ported my number in the UK and | had huge issues receiving international calls or 2FA | codes, it took me ages to work out and only got it sorted | by leaving the number entirely and getting a new one. | | Otherwise, like here in Germany, it's done with a proper | database and the call never passes through the old | network. | ng55QPSK wrote: | as far as i understand, there are no operators in Europe | (maybe UK) anymore that don't run filtering on SS7. btw: | SS7 is the legacy system and not part of 4G/5G. | g_p wrote: | They should all be running filtering, although not all | filtering is as effective as each other. | | As you say, this is the legacy system, but it's still a | huge problem for them! | ng55QPSK wrote: | My colleagues who do intrusion testing (for operators | e.g.) tell me: We have not seen SS7 attacks in Europe for | long time. The remaining attack surfaces are in the | middle-east and north america. | [deleted] | g_p wrote: | That's promising! It's now 5 years ago, but Telenor had a | fairly big outage caused by malformed SS7 inbound | signalling. Not sure if there's been anything since, but | it certainly was an issue relatively recently. | | Hopefully with the (slow) move to 4G and IMS calling, we | can turn the page on SS7 attacks soon. | foobarian wrote: | Reminds me of how NIS used to work on LANs. Oh what fun was had | in college with NFS mounted home directories... | tguvot wrote: | I worked for a bunch of years in biggest Israeli company that is | selling OSS/BSS and related outsourcing services to telecoms | (those who can afford it's solutions), and had some first hand | experience with them | | >Since the early 2000s at least, most billing has been | outsourced. This works by sending all Call Detail Records (CDRs) | to a third party, often from Israel or China. A CDR stores who | called whom and for how long. More data might be attached, for | example the location of the customer, or where the customer was | roaming abroad etc. | | Don't know about software from China, but the one that we sold | doesn't send anything back to Israel. There are a lot of rules | and restrictions upon CDRs and we had a bunch of training with | regards to it. Everything is running on client site, usually on | hardware deployed by us at their data centers and managed by | dedicated team of people who relocate to live next to the client | in order to provide 24/7 support of the systems on site | | >Typical service providers have hundreds of thousands of network | elements. Surprisingly perhaps, many of these are actually | maintained manually (!). Thousands of networking engineers labour | to keep all this infrastructure operating well. | | This is a mix of half-truths and lies. | | None of the operators have thousands of people to manually | configure day-to-day network stuff. Operators have rather | sophisticated automation systems (aka OSS) that deal with | provision and configuration of everything in their networks. Or | almost everything. Any given operator whose life span is a decade | or two today has a boatload of equipment (thousands of different | types of hardware from same amount of vendors). In many cases | this equipment was bought and deployed 10 or 20+ years ago. | Companies that made it do not exist for many years. This hardware | can't be replaced with anything, because nobody does this type of | systems anyway. Those systems tend to have proprietary interfaces | and in many cases can be managed only through Element Manager | which can be managed only manually through some ancient windows | or java application. | | >Meanwhile, modern large scale internet companies (like Google, | Netflix, Facebook) have automated all such maintenance. | Automation in this context means that no configuration states are | edited manually but instead, entire networks get provisioned and | configured from central templates. | | >With such automation, small teams of engineers can control and | operate vast networks with relative ease - especially if good use | is made of continuous integration and real life testing. | | I also worked for a while in one of FAANGS. They have it easy: | all the hardware with modern with nice interfaces. You can | actually automate it. Also their networks are much-much smaller | compared to mid-sized telecom, much simpler and much more | homogeneous. Automation that FAANG I worked for was a joke | compared to automation systems that run telecom networks. My job | was near network engineering team and during conversations they | admitted that what they have is crap. I believe that at one point | of time they considered to buy telecom level OSS system but | bailed out because they couldn't get a source code . | SSLy wrote: | I work in one of the companies in the business (a competitor on | some Amdocs' markets), and this person seems to know what | they're saying. | not1ofU wrote: | Related: This white paper was published within the last 2 weeks | relating to "5G Network Slicing" | | Quote from the author: "Currently, the impact on real-world | applications of this network slicing attack is only limited by | the number of slices live in 5G networks globally. The risks, if | this fundamental vulnerability in the design of 5G standards had | gone undiscovered, are significant. Having brought this to the | industry's attention through the appropriate forums and | processes, we are glad to be working with the operator and | standards communities to highlight this issue and promote best | practice going forward." | | PDF can be downloaded from here: | https://info.adaptivemobile.com/5g-network-slicing-security | ksec wrote: | Probably Off Topic, but may be a chance if anyone within the | industry might know. | | What are the current / purposed patent licensing terms of NR-U; | finalised and related with 3GPP Rel 16 are going to be? Specific | to standalone NR-U ( As in MultiFire in 4G. ) which could compete | with WiFi 6e. | kanisae wrote: | In the past I worked at a mid level 4G provider in the US who had | to deal with the larger providers on a regular basis. I was | always astounded at how little they knew about their own | networks. | | Regarding the articles statement of providers wanting an "all-in- | one" solution, I have seen that in person, where management | forced it, found it was horrible and then gave in and let us | build the mixed vendor solution that worked well. I've personally | mixed enode-b's from 2 different vendors to 3 different vendors | SGW's and a different vendors PGW with no issues. | | The "One Throat To Choke" idea doesn't work if your business | depends on that throat to operate so you end up with the vendor | calling the shots instead of the business. | g_p wrote: | The bigger they are, the harder they fall... | | On the whole, the technical standards should allow the kind of | interoperability you described. That's the kind of fun real- | world engineering that techies love. The bean-counters don't, | because it's more devices needing support packages, it's more | suppliers on the books, and ultimately it's probably (slightly) | less profit than buying a single box. | | I've seen big household name operators in Europe stop even | pretending they're doing the work, and straight up pass on | contact details and a mobile number for the person at their | tier-1 vendor partner, so you can liaise directly with them. | | It seems in these "5G" days even more than before, operators | are retreating into the business of connectivity service, and | leaving more and more for their vendor partners to do. When | you're not even hiding the fact to a client that they may as | well speak directly to the vendor, that says it all(!) | sgt101 wrote: | >>The "One Throat To Choke" idea | | but it sounds soooooo good in meetings ! | varispeed wrote: | Isn't outsourcing essentially a tax avoidance? Companies look for | cheap labour overseas because they don't want to pay local rates, | which typically include higher tax and cost of adhering to any | regulations. If a person tried to do this - for example | outsourced their bank account to tax haven and asked their salary | to be paid there, the authorities would be all over it. So now | the fact that companies are not only not hiding the fact they are | trying to bypass the system, they also are lobbying governments | to make it easier! I for a second don't believe that there is no | money under the table involved. Why otherwise politicians would | choose to funk up the local population to appease a big | corporation? | | Bottom line is that outsourcing should only be possible if it was | not possible to create a product locally or companies should pay | any difference in tax locally, so that people who got put out of | jobs because of this can at least get benefits. | | And finally I don't understand why even discussing doing any | deals with China does not amount to farting in a room. | cptskippy wrote: | Outsourcing is done for many reasons. Sometimes companies have | more projects than staff and outsourcing offers them flexible | bandwidth. The downside to this approach is that it puts stress | on staff who have to train or maintain the outsourcer. | varispeed wrote: | I would understand outsourcing to countries that value human | rights, have workers' protections in place and so on. But | simply going for the cheapest possible option, where you get | forced labour and children making your product simply wrong | and indefensible. We at least should lobby online and offline | shops to show country of origin on the labels. I wish if I | could go on Amazon and have ability to filter out anything | that comes from China. If you want to buy something | responsibly it is very time consuming and some manufacturers | go to great length to hide where their products are really | made. Those people who exploited labour in Asia now got | filthy rich and they are in position to shush any politician | looking to put a stop to this or make sure such filters would | not be implemented. | baq wrote: | > We recently asked a large European service provider why only | part of their customers get IPv6 service, and how they pick which | parts do or do not get such service. They could not tell us, and | informed us they too would like to know | | woah. as a EU citizen, i'm terrified. i wanted to say surprised, | but after a moment's thought, turns out it's only a moderate | misalignment of expectations. | JPLeRouzic wrote: | I retired in 2012, but at that time my employer had completely | subcontracted the operation and maintenance of its mobile | network to Ericsson, Huawei and Nokia. It was in France. | | Once I asked for a one day snapshot of all mobile data for a | cooperative R&D project. The saga went on for months with | repeated requests at various hierarchical levels, but to no | avail. | | It's not that they refused, but I guess that the guys in charge | simply were unable to get the requested information from the | subcontractors. | iagovar wrote: | I work for a large EU Telco and I can tell you the inside | battles to get stuff done are absolutely ridiculous. | | Of course I work for a subcontractor too. | dd_roger wrote: | I work in OT security in an industry completely unrelated to | Telecoms but which is also a matter of national security and | everything in this blog post doesn't really sound believable from | my experience dealing with sensitive infrastructures. Different | industries, different countries, etc. I get that things can | differ a bit, but going from "the infrastructure is airgapped" | (in my industry) to "the infrastructure is managed remotely by a | foreign entity" (as claimed by the author) seems too big to be | true. Not gonna lie, I'm a bit sceptical about the veracity of | some of these claims. | Clewza313 wrote: | > _Since the early 2000s at least, most billing has been | outsourced. This works by sending all Call Detail Records (CDRs) | to a third party, often from Israel or China._ | | This is quite misleadingly written: telcos are not shipping reams | of CDRs to some cubicle farm in Haifa or Chongqing. | | Yes, almost every telco outsources its billing _software_ to | other companies, notably Amdocs (founded in Israel, now HQ 's in | the US). However, billing info is some of the most sensitive data | a telco has for both privacy and commercial reasons, so that | software _always_ runs in a closed environment from where it | cannot dial home. Historically that 's been on-prem, it's slowly | moving to the Cloud but even there it's going to be firewalled | off very carefully. | waheoo wrote: | Oh yea, super secure, their outsourced security team is all | over it. | sgt101 wrote: | There's a big gap between what happens in the larger telcos | that run infrastructure, and the white label operators. | tguvot wrote: | White label operators can't usually afford Amdocs solution | from one side. From the other side, Amdocs doesn't have a | server farm in Israel to do CDR processing :) Everything | happens either on client premises (and Amdocs can deliver | end-to-end solution, including buildout of complete | datacenter if it required by client) or "in the cloud" | afarviral wrote: | Wow ... I read this whole thing thinking it was a human. On a re- | read I'm wondering what I was thinking. One thing that stands out | on the account's previous posts is the paragraph lengths are | quite consistent. | | I'm going to have to train my bot senses. I got conned. Any tips? | Mindlessly reading me is not prepared... | afarviral wrote: | Oh dang.. Was trying to reply to ttty comment that got flagged | as likely not hijacked account. Off topic but interesting. | monkey_monkey wrote: | Ah ok, I got terribly confused, because the sam_lowry account | seemed quite legit! | afarviral wrote: | Apologies... But also: question everything. He he. | commandlinefan wrote: | Wait, what? Are you suggesting this post is GPT-3 or something? | Did we read the same article? | | Edit: ok, I think you meant to reply to another comment which | is currently flagged/dead. It looked like you were referring to | the linked article itself. | g_p wrote: | One tell-tale sign I've noticed is sentences that don't go | anywhere - the last sentence of the first paragraph starts | going somewhere, then suddenly stops. If we assume people | communicate for the reason of conveying some meaning, always | dig for the meaning. If it's not there, it's likely some kind | of vapid content-less babble... | | If you read critically with a view of "what are they actually | saying?", you tend to spot this fairly quickly. The ending with | some irrelevant babble gave the game away a bit though. | afarviral wrote: | That's an excellent tip. Form an idea of what "they" are | trying to convey... If it evaporates unexpectedly it might | not be trying to convey anything...cause it's just an ML | algo. The trouble is having clarity of thought myself, I | barely know what point I'm trying to make let alone following | the precise points of others half the time. These things | really nail verisimilitude of chatter about an unfamiliar | topic or of a smarter person, for instance, where you can't | detect the BS because you assume lack of knowledge. | g_p wrote: | There's actually a really interesting field of (serious) | academic and scientific endeavour into the study of "pseudo | profound bullshit" - a search for that will find you some | of the papers available freely online. | | It seems that these text generation bots are pretty good, | as you say, at generating some basic level chatter about a | topic in a manner that can sound convincing. Somewhat like | a "talk-show style TV news pundit" can - I'm reminded of | the various times they're tricked into giving their | commentary on things that haven't happened yet, and they | happily (blindly) oblige, because they're more interested | in being seen to be an expert than in actually having | something to say. | | I think the more confident and critical you are in reading, | the raider it is to detect the nonsense through internal | inconsistencies - many of these text generation systems | really struggle to produce an internally consistent | argument. | commandlinefan wrote: | > Driven by balance-sheet mechanics and consultants | | It's not just telcos... | ng55QPSK wrote: | No only by balance-sheet mechanics, there is some politics | attached. In my work place we're currently discussing moving | in-house data centers to a cloud-provider. At the first glance | it looks like at a higher cost (in-house cheaper). Now some | balance-sheet-makeup sets in. | [deleted] | quelsolaar wrote: | My assumption is that all intelligence services in all countries | would love to have access to fully compromised networks. They | spend all their time thinking about how to access information, so | they would be fairly incompetent not to consider this. | | Does that mean that all systems are compromised? No, because | there are risks associated with tapping in to these systems. | Partly it depends on if they have access to the systems, but | mostly on the possible blow-back if they get caught. | | Example: Swedens FRA (NSA equivalent) could in theory ask | Ericsson (a Swedish company), to install a backdoor. But, Sweden | has a fairly free press, and there are good chances that someone | would leak this information. If it got leaked it would be a major | scandal that could go as far as toppling the government and | destroy one of Swedens most important export companies. Its very | risky, and its a risk no one wants to take, so the parts made in | sweden are probably not compromised. | | China, on the other hand has almost no risks associated with | adding backdoor. No free press, hard suppression of whistle | blowers, and since most foreign intelligence services already | assume the equipment is compromised, there is no real | reputational damage either. I assume they are all compromised, | why wouldn't they be? | | The US is somewhere in between. | | Sometimes companies are compromised by intelligence services, but | much more often I think its employees. Why try to change Tim | Cooks stance on privacy, when all you need to do is find one | Apple employee, willing to take a sack of money to "do their | country a great service"? | sneak wrote: | > _The US is somewhere in between._ | | Bart Gellman's book says that Snowden warned him not to be the | only person in possession of the leaked data prior to | publication, as the US intelligence community would kill him | (Gellman) instantly to prevent the publication of the | information contained therein. | | This was the biggest takeaway from the book, for me: the US | military will assassinate US citizens (journalists!) in the | middle of New York City without due process or a trial to | prevent them from carrying out journalism. | | We expect this kind of cloak and dagger shit from the CIA, but | it pays to think about it in clear terms: the US military can | and will assassinate US citizens engaging in constitutionally | protected activity in the middle of Manhattan _with no | consequences whatsoever_. | afrodc_ wrote: | Is there proof of this or is this conjecture? | sneak wrote: | Two examples we know of of the CIA assassinating Americans | without trial or consequences: | | https://en.wikipedia.org/wiki/Anwar_al-Awlaki | | https://en.wikipedia.org/wiki/Abdulrahman_al-Awlaki | | The potential murder of Gellman was stated by Snowden, who | was trained by the CIA, and was stated on more than one | occasion. | seppin wrote: | Killing self-identified enemies in a literal war zone is | not the constitutional crisis you are implying. And as | said, a "potential murder" isn't actually anything. | Unless something happens, it's not something to cite. | opnitro wrote: | Also this, which wasn't directly the CIA but by CIA | backed groups: | https://en.wikipedia.org/wiki/Orlando_Letelier, a | political assassination on US soil. (Although not a US | citizen) | selectodude wrote: | That's one heck of a leap to blame on the CIA. | jayd16 wrote: | The assertion was "the US military can and will | assassinate US citizens engaging in constitutionally | protected activity in the middle of Manhattan." | | It really diminishes your point when that is compared to | an airstrike on foreign soil. | sneak wrote: | I don't really think the territorial claim on the land | where the extrajudicial assassination happens is very | relevant to the legal fact of the matter. | | We don't say that the FSB attempting to execute Skripal | in a UK shopping mall doesn't count because it was in the | UK. Murder is murder. | | The claim that the IC would assassinate Gellman in New | York was made by someone who used to be an actual CIA | operative and went through their training. | seppin wrote: | > the US military | | You already messed up a few times. The Military has a strict | chain of command and legal liabilities, such an action would | be an intelligence operation. Oh, and the US doesn't have a | domestic spy agency, so that make it even more difficult of a | theory. | | > Snowden warned him | | > the US military can and will assassinate US citizens | engaging in constitutionally protected activity in the middle | of Manhattan with no consequences whatsoever. | | Yeah not only do I see no precedent, it seems like you are | basing everything on something one person "said" to another. | smogcutter wrote: | Snowden was an IT contractor, how does he know what the "US | intelligence community" would and wouldn't do? | | Not that he's necessarily wrong, but it seems like a leap to | go from Snowden saying something _he_ believes, to a | certainty that "the US military can and will assassinate US | citizens in the middle of manhattan". | sneak wrote: | Snowden was trained and directly employed by the CIA in | 2006 before he changed jobs to working at IC contractor | companies. | | After CIA training, he worked in Geneva under diplomatic | cover, in 2007 to 2009. | DyslexicAtheist wrote: | indeed he was a real prodigy Sharepoint administrator. I | don't want to diminish the value of what he leaked but | it's easy to claim he was aware of all the potential | butthurt before others pointed it out as things unfolded. | | It is much more realistic that what happened was a true | "Burn after reading moment" | https://www.youtube.com/watch?v=pabA320p9B0 | sneak wrote: | I am fairly confident that CIA training for those who are | going to be living and working under diplomatic cover in | a foreign country extends well beyond how to wrangle | Exchange and Sharepoint. | | He wrote about some of the things that happened in | Geneva, I encourage you to read them. Even sysadmins for | the CIA need to know some stuff about how the game works. | DyslexicAtheist wrote: | he was how old when he was in Geneve? 23? Doubt that any | kind of training made him an experienced operative. He | was still a kid and hardly the Jason Bourne people make | him out to be. I'm not saying his leaks didn't provide | huge value but it is more plausible that he wasn't fully | aware of all the impact that he claims he had knowledge | of back then today (or what people attribute him with). | sneak wrote: | I don't think someone needs to be Jason Bourne to have | come to the conclusion in the 73 years of the CIA's | operational history that they assassinate people who risk | their large-scale projects' secrecy. | | This feels like a strawman to cling to the idea that | being a US citizen means that the CIA won't assassinate | you for being inconvenient, which has been literally and | directly claimed, at least twice, _by someone from the | actual CIA_. | | Indeed, the reason you even know the name Jason Bourne, | or the reason those movies work, is because of the | generation-long history and reputation of the US military | intelligence services to break the law flagrantly in many | countries with no meaningful consequences. We don't have | to suspend disbelief to engage with the idea that there | is a section of government with staff who can kill anyone | they deem needs killing. | secondcoming wrote: | If the Dutch would get Philips to weaken crypto devices [0], | [1] then it wouldn't surprise me if the Swedes would ask the | same of Ericsson [2] | | [0] | https://www.vpro.nl/argos/lees/onderwerpen/cryptoleaks/2020/... | | [1] https://www.ceesjansen.nl/en/cryptography/ | | [2] | https://www.tandfonline.com/doi/full/10.1080/02684527.2020.1... | rcarmo wrote: | Nobody needs backdoors when there are quite complete legal | interception features regulated into core systems. Plus | everything is IP these days, so tapping a call is trivial. It | just can't really be done towards outside the telco network | without anyone noticing, the world isn't a hacker movie... | marsven_422 wrote: | "Sweden has a fairly free press" | | That's so wrong it hurts! All our press are dependent on | government "presstod" aka handouts. | pa7ch wrote: | Independent and free are not the same thing. You could say | sweden's press is free despite its dependance. However, maybe | the sweden gov values free press and the press is free via | this relationship. | Swenrekcah wrote: | The press can be free regardless. If the allocations are | according to some objective metrics then I don't see a | problem. | fallingknife wrote: | If the government has the power to grant money and set | metrics, it also has the power to take it away, and change | the metrics. So if you are getting a grant based on | "objective metrics," it might be a good idea to not piss of | the people defining them. | Swenrekcah wrote: | Of course but that is a move that costs the government | something in political capital. There are always dangers | in criticising the powers that be, but I can not see that | these kinds of press grants are a big problem. | | If the country is a democratic one to begin with, the | grants do more good by insulating the press from | commercial powers than they do bad in this way, in my | opinion. | fallingknife wrote: | It may well be a good trade off. I'm just pointing out | that there is never a way to be completely free from | whoever is paying the bills. | whatshisface wrote: | Objective metrics can be as biased as subjective metrics. | Swenrekcah wrote: | I disagree. | | The complaint was that a grant from the government makes | the press less free to criticise the government. | | If the grant is clearly and legally bound to be | determined according to a set of objective and publicly | available metrics I do not see that it would be such a | big problem. | | Of course a vindictive government could do what they can | to negatively affect the press outlet in question but | similarly could a supporting public affect them. | | In any case it can all be accounted and prepared for as | long as the process is objective and transparent. | quelsolaar wrote: | According to Reporters without borders, Sweden ranks 4th in | the world, in press freedom. I think that would qualify as | "fairly free". | | https://rsf.org/en/ranking_table | ng55QPSK wrote: | Google Ericsson Vodafone Greece. | | And for US, google Cloud Act. | NKosmatos wrote: | The wiretapping scandal you are referring to is known as "The | Athens Affair" and has to do with infiltration of Ericsson | software exchanges by experts on how the software is working. | Vodafone is/was the one to blame here and it wasn't a fault | of the software provided by Ericsson. More info here: | https://spectrum.ieee.org/telecom/security/the-athens-affair | ChrisKnott wrote: | The CLOUD Act is a mechanism for legal authorities to compel | companies to produce data they hold, even if it is stored on | servers outside the US. I don't think it's fair to | characterise that as a backdoor. | the-dude wrote: | _Airbus to sue over US-German spying row_ [0] | | [0] https://www.bbc.com/news/world-europe-32542140 | riazrizvi wrote: | > Does that mean that all systems are compromised? No, because | there are risks associated with tapping in to these systems. | Partly it depends on if they have access to the systems, but | mostly on the possible blow-back if they get caught. | | Isn't it common knowledge that the US and China is spying on | everyone? The main difference is that China is not a military | ally, and its government spying, which is unfettered, supports | its private enterprise that is government financed and owned. | US govt spying is unfettered. US corporate spying far more | restricted because US businesses are bound by Federal and State | laws, and it's not centrally coordinated, instead US businesses | are autonomous entities. And though US corporate spying on | customers is rampant, it is also transparently written into | usage contracts. US corporate spying is obviously for profit, | and since the US and Europe are strategically tied through | NATO, it's not on the same threat level. China and its axis | ally Russia, clearly bump up against the West because our | political systems are fundamentally opposite, democratic vs | autocratic. | | What this translates to is Chinese investors are agressively | running around buying into key strategic businesses, advised by | data gathering in coordination with its government, with a view | to maintaining control, which reflects how the country is | managed itself. | | American investors are running around buying/competing against | business in coordination with data rich parent company | entities, with a view to making money. But because it's a | democratic country where laws preserve autonomy even against | the government, it's a free for all and anyone can play, even | Chinese owned American companies. Which is a reflection of how | the US is managed itself. | | This is also how Europe is managed, so I do believe Chinese | control of telcos is a bigger threat to Europe's way of life. | eunos wrote: | >China and its axis ally Russia, clearly bump up against the | West because our political systems are fundamentally | opposite, democratic vs autocratic. | | Laughable considering cordial relationship between US and | Vietnam. The latter political system is basically a clone of | China. | mensetmanusman wrote: | It's complicated: | https://www.rand.org/blog/2020/05/reviewing-vietnams- | struggl... | whatshisface wrote: | > _China and its axis ally Russia, clearly bump up against | the West because our political systems are fundamentally | opposite, democratic vs autocratic._ | | This is a speck of misapprehension that slipped in to your | otherwise great writeup. Governments don't naturally conflict | because they have different forms and they don't make | automatic friends when they are similar. The US is presently | allied with many autocracies. Middle-aged Europe was | uniformly feudal, and constantly at war. Pre-WWII America was | strictly isolationist and despite being a democracy had a | fairly sized pro-Hitler element. Governments conflict when | they have something to conflict over. | buran77 wrote: | The real reason superpowers clash is that they all want to | be the dominant but there's only room for one at the top. | The political or economic systems are absolutely irrelevant | here. All that matters is what needs to be done to stay the | dominant superpower. The closer the race, the lower they're | all going to sink. | | US leadership fundamentally doesn't care about human rights | abuses in China more than Chinese leadership cares about | abuses against black people in the US. They don't care | about bringing democracy in a country when their next move | is to make sure "the right" leader is appointed. They don't | care about freedom of speech when they can block it as | needed under any pretense. And they don't care about any of | the principles they advocate if those principles get in | their way, they will all happily ally with someone | embodying the exact thing they're fighting against if it | server their interest of maintaining or growing their | power. | | And getting to the point addressed above, they care about | the image of the company they forced to introduce backdoors | only as far as they can be punished by the bigger power, or | if they can't sell it as fighting the terrorists (or scare | word of the day). Case in point, Sweden and Ericsson | wouldn't get away with it because their sphere of influence | is a stone's throw away and the US would crucify them. | China and Russia can mostly get away with it because their | influence extends far enough that they have enough of a | "friendly audience" for which they can sell a story. The US | can get away with it everywhere else because even if Cisco | is backdoored through and through, the US is the dominant | superpower and is able to pressure allies to "see things" | their way, and they can also sell everything as "the fight | against ...". | | Superpowers see advancing their interests by any means as a | matter of survival and this takes precedence over anything | else. They'll do what needs to be done and deal with the | fallout after. And if you live long enough to move through | these different regimes you start seeing the pattern | immediately, only thing that changes is the "feel good" | story the people are served with. | anchpop wrote: | That is definitely true, but I think there's an effect | where citizens of a democracy are less likely to be willing | to go to war against another democracy. It would be easy | for americans to justify war against china, because | americans value democracy and can say "we're liberating | them from their oppressive government". (And some segments | of the chinese population are very oppressed, so it | wouldn't be wrong.) But it seems less likely that a | democratic government would oppress a majority of its | population than an autocracy world, so that justification | is harder to make | buran77 wrote: | > because americans value democracy and can say "we're | liberating them from their oppressive government" | | Most democracies are in general against war for practical | reasons, wars are a drain away from stuff at home that's | important for them as people. US citizens may be "less | likely" to want that but only because recent history has | saturated them with the justification that the war is | against regimes with "different values". It's an easy | sell for people who are never to keen on going beyond | that. So it would mostly be a matter of repackaging the | justification. Some democracies can afford both the wars | and the "moral repackaging" for their citizens. | | But people also misunderstand democracy and what it | means. The fact that the interests of the majority are | respected might also mean that the minority is suffering | a great deal. How well are black people's interests | represented in the US? | | One the other hand in democracy you are allowed to give a | tiny endorsement to a person or party for a leadership | position in the hope that they will represent your | interest while others are buying "priority" over you for | this representation with far more than a vote. You're not | seeing this as less of a democracy so people are not | judging political systems based on their actual | implementation but rather by picking and choosing on | particular values. | | Russia is ostensibly a democracy, albeit one where the | leadership is somewhat predetermined a very small | minority. USA is a democracy albeit one where the | leadership is somewhat representing the interests of a | very small minority. I'm sure a war between these two is | not seen as such a remote possibility in terms of | people's preference. | concordDance wrote: | > How well are black people's interests represented in | the US? | | Reasonably well it would seem from the outside. 11% of | congress is "black", which is roughly in line with | population and there seem to be hundreds of laws and | programs aimed at helping them. And there's also lots of | media attention to their problems and struggles. | buran77 wrote: | > And there's also lots of media attention to their | problems and struggles. | | People treated well don't need lots of media attention to | remind those treating them well that black lives matter, | in 2021. I'd say that for a democracy that's a pretty bad | track record that isn't improving fast enough. Democratic | majority decisions sometimes leave the minority far | behind. | riazrizvi wrote: | Democracies are less likely to fight because during | diplomatic talks they can draw on their domestic values | that are rules on 'how to collaborate without giving up | autonomy'. Autocratic cultures most fundamental rule is | 'who is charge' and then establishing the hierarchy of | where everyone else fits. So you are always more likely | to end up in stalemate or conflict when an autocracy is | one of the negotiating parties because of a higher | likelihood they might want to force the issue that they | are in charge. | whatshisface wrote: | > _I think there's an effect where citizens of a | democracy are less likely to be willing to go to war | against another democracy._ | | It's difficult to disentangle that from the unpopularity | of war. Since democratic regimes are harder to get to do | things, because you have to convince more than one | person, the null hypothesis would be that autocratic | regimes have a higher propensity for belligerence, | especially in societies predating the invention of | propaganda. | inglor_cz wrote: | From what I read about Nazi Germany, going into all-out | war with other powers was very unpopular in 1939. | Ordinary Germans supported Anschluss of Austria or | Sudetenland, but did not want to risk another big war for | Poland of all things. | | But in a totalitarian regime, consent of the governed did | not matter much. Expressions of pacifism would land you | in a concentration camp really quick. | | Democracies care a little more about what the average Joe | thinks, even though they are far from perfect in this | regard and consent can be sorta-kinda manufactured. | riazrizvi wrote: | Well thank you. Yes I should learn to tighten up my | comments, too many points. It's a whole new discussion here | that we could get into. | cratermoon wrote: | > there are risks associated with tapping in to these systems | | Which is why the intelligence services never do the hacking | themselves. Instead, they buy the data off the "dark web", from | the hackers whole stole and the information brokers who trade | in it. If they have to do that, that is. In the US at least, | agencies can just buy data on the open market. Supposedly | "anonymized", but I'm pretty sure everyone reading this knows | that protection is flimsy. | goodpoint wrote: | Plenty of evidence proves that intelligent services: | | - Buy exploits on the market, with the US govt being the | biggest buyer. | | - Buy data off legitimate advertising and intelligence | companies | | - Hire people to find bugdoors | | - Hire people to infiltrate all sorts of companies and | extract information or plant bugdoors | | - Convince or coerce companies to plant bugdoors in their own | products | | - Do the hacking themselves, plant hardware backdoors and so | on | | Unsurprisingly, they use all available methods. | cratermoon wrote: | OK, I should not have said _never_ , but when the option is | between "we could hack this but if we get caught it would | be an international diplomatic incident" and "hey there's a | broker over here with the data for sale", the _do_ buy it. | DyslexicAtheist wrote: | this isn't how any of this works. we're talking about ISP's & | Telco networks not some data-center at FAANG. | | - no need for backdoors since Huawei, Ericsson & Nokia are full | to the brim with bugdoors (Huawei tops the chart here since | many years already and as anyone involved in Inter-Operability- | Testing (IOT) at the NEV will confirm). | | - no need for "compromising networks" when you have the actual | vendor (Huawei, Nokia, Ericsson often their subcontractors) | sitting totally legally in your ISP's network and being paid | for responding to the alarms raised and escalated by O&M. | | - even the attacks against 3/4/5G become academic in the | discussion of nation state threat actors when they can operate | and exploit simply as an insider of the system. These | weaknesses (as outrageous as they are) are useful but it's a | different threat model | quelsolaar wrote: | I don't have any non-public insight as to how intelligence | agencies operate, so this is pure conjecture on my part: | | If I was I was a intelligence agency in a country where there | is a risk of blow-back, like in Europe or the US, I might | prefer to use exploits. That way you haven't compromised your | own country infrastructure (as much) and the risk of leaks is | much lower since you dont have to work with an outside | entity. A government agency forcing a domestic company to add | backdoors, looks much worse if it gets out, then an agency | using existing bugs. | | If I'm a Intelligence agency in a country that doesn't care | about blow-back like China or Russia, why bother finding and | using an exploit, when you can call up the vendor and have | them design the system with your use-case in mind? You dont | have to worry about someone fixing the bug you have spent man | years making exploitable, and you can make sure the backdoor | can only be used by you. Its way more convenient and cost | effective. | rocqua wrote: | > why bother finding and using an exploit, when you can | call up the vendor and have them design the system with | your use-case in mind? | | China is now suffering fron Huawei blowback in quite a few | western countries. | quelsolaar wrote: | True. But not anywhere near as bad as in a western | country. You don't see Xi Jinping being eviscerated in | Chinese media, or being forced to testify in front of | congress. Also telcos dont really care, and will continue | to buy Huawei equipment if prices are low enough, unless | governments outright ban them from doing so. | | I think Huawei, would have experienced almost the same | blowback even if they didn't have any backdoor. Western | intelligence experts, would have advised against using | Huawei without any evidence of backdoors, simply because | they know they would have put in backdoors if they where | in the position of china, and they assume the Chinese | aren't incompetent. | | The blow back also serves a political purposes for | everyone around. Western politicians/military gets to say | "We need to protect ourselves against scary China!". And | China's propaganda machine gets to say "Look at the | terrible racist west treating us unfairly, by accusing us | of bad things without evidence!". | adammenges wrote: | There's a clear bias in your thinking against the US and for | Sweden. Any of the points you bring up could equally apply to | both places, but you come out bring the negative against one | and the positive against the other. | 1cvmask wrote: | Ericsson has sold equipment with backdoors (as has other | historical Western vendors like Philips telecommuncations) for | the NSA and CIA. | | "There is a root backdoor in the telnetd of Ericssons AXE | backdoor" | | https://www.schneier.com/blog/archives/2006/03/more_on_greek... | | https://www.schneier.com/blog/archives/2020/04/another_story... | | The article in Dutch on Philips Telecommuncations (which became | Lucent later on): | | https://www.volkskrant.nl/nieuws-achtergrond/nederland-luist... | | https://www.schneier.com/blog/archives/2007/07/story_of_the_... | | https://www.schneier.com/blog/archives/2006/02/phone_tapping... | | https://theintercept.com/2015/09/28/death-athens-rogue-nsa-o... | | https://www.theguardian.com/commentisfree/2015/sep/30/athens... | | and all time favorite: | | https://en.wikipedia.org/wiki/Crypto_AG | quelsolaar wrote: | I'm aware of a number of backdoor that have been inserted by | western governments. Linus claims at one point the NSA asked | him to put in a backdoor in to Linux. The difference is that | in a free society Linus can go public and that makes it much | more risky for a intelligence service to try it. It doesn't | mean it doesn't happen. | | The "Back doors" in AXE are a slightly different thing. Many | countries have laws that says that law enforcement have the | right to wiretap phone calls under some circumstances. This | means that telcos want and ask for this feature so that they | can comply with the law. The telcos are aware of the systems | capability because they need it to be there. Anyone who reads | the law can see that the telcos has to facilitate | wiretapping, but they obviously dont want to advertise it, so | its an open secret. | | Its quite different if you deliver a solution, with a hidden | back door that the customer dont know about or have asked | for, for the benefit of the intelligence service in the | country of manufacturing. Enabling a nation to wiretap | illegally in countries where they do not have jurisdiction. | ttty wrote: | In short, the discussion now is whether European | telecommunication companies should source equipment from Huawei. | The worry is that since Chinese companies are heavily influenced | and often owned (indirectly) by their government (or ruling | political party), picking Huawei equipment for 5G might be bad | for us. In the 5G discussion, the assumption is that national, | large scale telecommunication service providers are currently in | good (or even full) control of their networks. The idea is that | these providers (think Vodafone, Deutsche Telekom, Proximus, | Orange, Telefonica, KPN etc) procure equipment. | | Most billing has been outsourced since the early 2000s at least. | One large Dutch mobile provider has handed over most of their | technical staff to Huawei. At one major mobile provider the chain | is now that the company has outsourced IT to Tech Mahindra. In | turn, the company in turn talks to Ericsson, who then finally | operate the network. | | The idea that telecommunication service providers can guarantee | the privacy of their subscribers is highly questionable. All | service providers have a security department, and I know many of | these people well, and feel their pain. Sadly in all providers I | know, security departments struggle to get their recommendations | implemented. | | Ericsson software components appear to be developed in China, | which may bring worries of its own. European service providers | have reasons beyond balance-sheet gymnastics to outsource. All | large scale outsourcing companies have been thoroughly | compromised. In the end, outsourcing is now almost the only | possibility to survive. One European 15-million subscriber | network now relies on a core team of 4 people (one of whom is | their manager) Technical expertise is the first line of defense | against malicious vendors attempting to spy and destabilise. | Having strong local knowledge of telecommunications helps assure | the future autonomy of vital capabilities. European service | providers are by and large currently not in good control of their | networks, writes Picking Huawei is not specifically a sea change | but simply a continuation of existing policy for most providers. | If we really care about our privacy and the stability of our | communication networks, we should be able to build such networks | autonomously. The Galmon GNSS Monitoring Project monitors the RNA | levels of humans in the human genome. | wellx wrote: | " European service providers are by and large currently not in | good control of their networks, writes Picking Huawei is not | specifically a sea change but simply a continuation of existing | policy for most providers. If we really care about our privacy | and the stability of our communication networks, we should be | able to build such networks autonomously. The Galmon GNSS | Monitoring Project monitors the RNA levels of humans in the | human genome." | | Can you just get lost? Thank you! | layoutIfNeeded wrote: | Are you GPT-3? | TylerLives wrote: | This is amazing. I wonder what % of people would recognize | that it wasn't written by a human. I thought that some parts | were confusing but the idea that it was written by something | like GPT never occurred to me. | BlueTemplar wrote: | Meh, you don't need GPT-3 for this, I've used web Markov | chain tools for quickly generating this kind of text from a | sample like 15 years ago... | indeedmug wrote: | I got fooled. But reading the original article I noticed | that the generated comment just picks out some sentences | from the original one and pastes them together. It's not | generating the sentences themselves but string sentences | together that fit a context. | comboy wrote: | Pretty good karma for a bot. | [deleted] | raverbashing wrote: | Definitely looks like an account that was possibly hijacked | (due to age of account) to reach a higher karma | | Or just a GPT-3 experiment, that's possible as well | misnome wrote: | It does seem to be some sort of automated spam - a mix of the | article, the same chunks of disconnected factlets and some | random sprinkling of nonsense. Is it possible to flag a whole | account? @mods? | wffurr wrote: | The "random nonsense" in this particular example are the | next/previous article links from the bottom of the page. | mkl wrote: | I believe the whole account is flagged if enough comments | are flagged by multiple people. I've already emailed dang. | misnome wrote: | Right it looks like 10 months ago it was an actual | account, and either got hacked to karma-farm(?) or author | decided to use as a throwaway test. | ChrisMarshallNY wrote: | Check out the submission history. | afturkrull wrote: | Where did your comment go ? | | https://news.ycombinator.com/reply?id=26843586&goto=item% | 3Fi... | ChrisMarshallNY wrote: | Oh, it was getting a bunch of downvotes, and it didn't | really add much to the conversation, so I nuked it. | | I'll do that. It's not the downvotes that bother me; it's | that I am not really adding to the conversation. | | I feel that it's important to add to the conversation; | not just participate. | | That post was mostly whining about outsourced software | and CS. Not my proudest moment. | afturkrull wrote: | I found it interesting. Instead of down-voting a comment | the down-voters should post a refutal. That would add to | the conversation. I'm always prepared to change my mind. | Instead of getting down-voted into oblivion. | Reventlov wrote: | Yes it is. | defenestration wrote: | Yes, it's spamming at a lot of posts at the moment. See the | other comments it has made. | swiley wrote: | We really need more open spectrum. There seems to be no end to | the privacy problems caused by cellular equipment. | ng55QPSK wrote: | How should open spectrum help? Do you think you can run | infrastructure on scale better than the current operators? | Semaphor wrote: | Cynical me certainly can believe all this. But on the other hand, | I'm wary of just reinforcing what I believe anyway. | | How trustworthy is this? There seems to be a lot of inside | information, where did they get it from? Does anyone have | corroborating links? All article links are either general, or US | specific. | tguvot wrote: | It's not inside information, it's common knowledge if you work | in telecom area. | | How trustworthy ? It depends. Operators in developing countries | those day might completely outsource buildout and management of | their network to Huawei because they frankly have best end to | end portfolio I think. | | With operators in rest of the world, especially those that are | "well established" reality is more complicated. Telecom | networks having a lot of moving parts and require a lot of | domain specific knowledge or proficiency with hundreds or | thousands types of hardware and multitude of heavily customized | per telecom needs software systems. For some of those things | work might indeed be outsourced but in many cases outsourced | work performed by people who function as company employees in | day to day: i.e. they work in telecom office building, have | employee badges, pass background checks, etc. Essentially this | type of outsourcing is deeply embedded within telecom itself | for a most part | topranks wrote: | The author is widely respected in the internet, open source and | technical world. He founded the PowerDNS project and worked | with many operators as a result. | | Not that that's everything but I would tend to trust Bert. | Certainly, based on his tracks record, I don't think he'd | deliberately mislead. | mrweasel wrote: | It's public knowledge that most telcos don't actually run their | own network. That also make the whole fear regarding back door | in Huawei equipment at little strange, it seems mostly | political. | | I've pointed it out in previous discussion that China doesn't | need back doors to western 4G/5G infrastructure, because it's | their people operating it. | | But as with much other technologi our politicians are ignorant | and forgetful. | AlphaSite wrote: | I mean if that's true, doesn't that make the fear a much more | practical concern? | | It's much worse to have a potentially hostile foreign state | running core infrastructure than potentially have them | install a back door. | g_p wrote: | Much of this is fairly widely known in the telecoms sector, and | is "open secrets". | | The sector is a pretty "closed shop" though, full of trade | secrets and "proprietary" things. Underneath it all though, | actually it's fairly simple once you get your head around it. | | If you work closely with an operator, even as a client, you'll | see examples of this - the number of people brought to meetings | from the vendor, versus from the operator. Who answers the | questions. | | For a public example, see the Telefonica O2 outage in the UK | (and Japan, I believe) due to an Ericsson certificate outage, | and how much of a role Ericsson played in this. (https://www.th | eregister.com/2018/12/06/ericsson_o2_telefonic...) | | Press releases also give bits and pieces away: | | https://www.ericsson.com/en/press-releases/2019/11/orange-op... | | https://www.mobileeurope.co.uk/press-wire/9588-three-uk-join... | | Although they might not give the level of detail you're looking | for, it should hopefully corroborate things. | Semaphor wrote: | No exactly what I was looking for, but a good start. Thank | you! | throwaway-8c93 wrote: | The reality is even worse. The article depicts the operators as | middle-men piggybacking on the tech expertise of vendors like | Ericsson or Nokia. Unfortunately, the vendors are subject to | exactly the same pressures. | | The whole industry is in a deepening downward spiral. | Outsourcing and subcontracting is rampant, layoffs left, right | and center. The combination of non-functional requirements that | would make even senior FAANG fellows dizzy - left to be done by | stressed out graying veterans or naive greenhorns, who leave | the industry after 2-3 years for 50-100% raises elsewhere for | the same skillset. Due to the monopsony power of the large | operators, the vendors barely break even on their deliveries. | There's no institutional knowledge buildup, nobody to take up | the baton after the veterans retire, the vendors gave up | pretending they care about being a nice place to work. If | you're a techie, stay away from the telecom industry. | ahubert wrote: | Hi - author here. By all means ask around. I can only tell you | that I've received may corroborating anecdotes over the past | year. Many telcos even assumed I was writing about them | specifically, when I wasn't! I also have a second post that has | some more logos and names where I based this article on -> | https://berthub.eu/articles/posts/how-tech-loses-out/ | erikerikson wrote: | The author would find Pivotal Commware[0] interesting. Not only | stateside but offering advances in hardware efficiency and | durability. | | Full disclosure: employee, soon investor | | [edit: also, they are hiring] | | [0] https://pivotalcommware.com/ | lifeisstillgood wrote: | >>> what remains in the other half are IT Architects who do not | get closer to actual operations than an Excel sheet or a Visio | diagram. | | the only light point in an otherwise depressing read | mmaunder wrote: | Steel production capability is considered strategically important | in case we go to war, and it has been so since World War II. | Steps have been taken to retain domestic production capacity for | this reason. Until we have a planet of one people and one nation, | we're stuck thinking this way about things that are critically | important, should we find ourselves at war with a former partner. | | Tech sovereignty has become such a thing. And the bad news is | that we have lost. I'll leave others to debate why, but we can't | manufacture our own chips, we cant make our own telco networks, | and the cloud systems that provide back end services are almost | lost. | | The state of play here is dire for the US and it's strategic | partners. I'd say that surveillance is less worrying than the | simple fact that a potential future adversary has an off switch | for these things that they can toggle at will: no more chips, no | more telco products and no more cloud services - now, let's have | that South China Sea conversation one more time... | [deleted] | one2three4 wrote: | This is gold. | | >> In reality, most service providers have not been operating on | this model for decades. Driven by balance-sheet mechanics and | consultants, service providers have been highly incentivised to | outsource anything that could possibly be outsourced, and then | some. | | >> In a modern telecommunications service provider, new equipment | is deployed, configured, maintained and often financed by the | vendor. Just to let that sink in, Huawei (and their close | partners) already run and directly operate the mobile | telecommunication infrastructure for over 100 million European | subscribers. | | I think it's quite a safe bet that no operator in China went that | way by buying and outsourcing from/to Western companies. | dragonelite wrote: | Ericsson threaten to leave Sweden, if actions by Swedish | government meant that they lose access to the Chinese markets | and running/future contracts. | tguvot wrote: | It's nearly impossible for telecom to deploy/configure/maintain | their networks by themselves due to the scale. For example, I | just googled, AT&T seems to have 67000 towers/macro cell sites. | Let's say they want to update all of them to install modern 5G | equipment. In many cases this equipment may come from different | vendors and to deploy it might be multi-day job. Of the top of | my head, about 20% of site visits fail due to various reasons | (with good percent of them failing even before starting due to | scheduling issues, sickness, not delivered at time equipment, | etc) . | | How much time and people it will take to AT&T to do all the | work on it sown ? | [deleted] | tgv wrote: | They did it before, even had to wire everything together, | coast to coast. | tguvot wrote: | "Before" it was simple. Now it's very complex. It's very | complex exercise in large scale planning, logistics and | coordination. If company tries to do it by itself, it | something that will take years of work of hundreds to | thousands of dedicated to this task people to accomplish. | | Market and customers require faster pace. | benlivengood wrote: | > How much time and people it will take to AT&T to do all the | work on it sown ? | | About as many people as are currently working on it, | probably. The work does, in fact, get done by real live | humans. That they work for a contractor only adds humans in | the middle. Also the money to pay them is present; it just | flows through a few extra contractor accounts first. | tguvot wrote: | And who will support existing network: fixing things, | dealing with day to day operations, etc ? If it's same | people, deployment timelines will be extended by years. | | If it's not and you hire extra people in order to work on | this deployment, than when job is done, you end up with | extra few thousands of employees that have nothing to do | and you need to fire them. In this case it's easier, faster | and cheaper to outsource the work than doing hiring of | thousands of people, training them and then firing them | when job is done... | benlivengood wrote: | > If it's not and you hire extra people in order to work | on this deployment, than when job is done, you end up | with extra few thousands of employees that have nothing | to do and you need to fire them. In this case it's | easier, faster and cheaper to outsource the work than | doing hiring of thousands of people, training them and | then firing them when job is done... | | Are there enough carriers that the contractors stay busy | 100% of the time or do they just hire and fire people as | needed? | | I get why contract gigs can be mutually beneficial but it | seems like either the demand is there for full-time | trained technicians to do a particular job, or there | isn't. If there isn't, then it does it really matter who | does the hiring/firing? | | I think what I always figured was that most deployments | are rolling and there will always be new tech to train on | and then deploy every few years, which sounds fairly | sustainable as a full time labor force. I haven't ran a | telco before obviously. | Spooky23 wrote: | It's a project based business model and isn't | particularly challenging to staff. For the field service | portion of my business, I can tell you how many man hours | at each title I need for the next 2-3 years. You know | what you maintenance demand is and can project capital | projects, because the business knows what capital money | it's borrowing. | | End of the day, it's more to do with accounting stuff | like fixed asset inventory, risk management and keeping | salaries and benefits low. It's easier to fire a | contractor or hire a shittier/cheaper one than deal with | a bunch of employees. IMO, saving hard dollars isn't a | driver. | SSLy wrote: | And those Western companies that sold to China telecos had | their IP stolen and appear in Huawei/ZTE products few years | later. | magwa101 wrote: | Interesting insights on who operates these networks. However | author equates US eavesdropping to Chinese eavesdropping. That is | simply not serious. The "ship has left the harbor" view of | existing infrastructure is not sensible, ownership matters. | walrus01 wrote: | >> In a modern telecommunications service provider, new equipment | is deployed, configured, maintained and often financed by the | vendor | | If you think this is bad in some place like the UK, you should | see how ISPs and mobile network operators are set up in some | countries in the developing world, where the vendor has fully | captured the Telco as basically a hostage to its technical | services. | | This is what happens when you have a mixture of institutional | corruption, kickbacks and bribes, lack of local technical | resources to develop a domestic network engineering talent pool, | and a vendor that knows how weak the client entity's negotiating | position is. | kazen44 wrote: | What also does not help is that becoming good at networking | engineering at scale is something that is hard, if not | impossible to learn on your own. Software Engineering is | something one can teach themselves on a laptop, learning to | design, build and operate networks at a large scale across | geographies is simply not possible without being part of the | industry. | | Network engineering talent is incredibly hard to come by in | most regions of the world, especially if you consider that ISP | networking deals with arcane technologies not really used in | most "enterprise" networks. (BGP in various ways, MPLS is a big | one, and arcane transports like SONET or DWDM solutions). | | Sure, one might be able to learn how to configure BGP, how ip | works etc from their laptop using GNS3 or a couple of second | hand routers/switches, but learning how to design networks at | scale is completely different beast. | | Most people seem to enter the field by getting hired as tech | support at a NOC and working their way up from there, which is | kind of a grind compared to some more lucrative positions | available to people who posses the technical talent. | walrus01 wrote: | I agree with 100% of that - a much harder problem to solve | when learning real network engineering is much more capital | intensive and requires real financial resources that may be | beyond the reach of many. | kazen44 wrote: | Also, it is a really difficult problem to solve. Most | curriculums of universities and polytechnical schools only | focus on the technical, theoretical aspects of network | engineering, but getting hand-ons experience in actually | running an ISP network is very, very difficult. The market | for people who want to get into this line of work is also | very small compared to software engineers, programmers and | system administrators. The work is usually high risk, | technically very complex and it can be very stressful. (It | being vital infrastructure, and breaking something can | result in catastrophe for your customers in some cases) | | I sometimes wonder what will happen if we have no one left | to maintain the systems so many layers of software and | systems depend upon. | philjohn wrote: | My concern wouldn't be with data being exfiltrated, seeing as so | much is E2E encrypted these days. | | But what if there is a remote kill switch - taking down a | cellular network could cause a whole heap of problems in the 21st | century. | rcarmo wrote: | There is an amazing amount of FUD in this article. I have worked | in the telco industry for the better part of 30 years, and am | back on it now after a 5-year hiatus in cloud computing. | | Before I "left" there was certainly a trend towards outsourcing | and large "swaps" of radio gear (Nortel-Ericsson in my case, and | Motorola-Huwawei at a direct competitor, to quote only two | examples), but there was no way in $UNDERWORLD that we would let | a vendor have direct access to our gear unsupervised (be it | Cisco, Ericsson, whatever). Remote troubleshooting was possible, | but usually via jump boxes and VNC (only very seldom we would let | anyone VPN in, and even then it was only to sub-sections of the | network). Nothing left our O&M network. Nothing came in, either, | because upgrades were rolled out from internal servers. | | And it is still very much the same thing today. Although there | are outsourcers and vendors who work alongside core staff in my | telco customers (like myself now), we don't have access to | anything but lab or dev environments, and even then mostly with | MFA and very stringent limitations. | | Outsourced staff _does_ do field service of various kinds, and | they do have access to base stations, DSLAMs and various other | physical infrastructure, but that's usually done with (usually | much cheaper) local technicians and not vendor staff. There are | certifications for those. | | The reality is that most telco services are being "automated out" | and moved to virtualized stacks that are easier to manage. And | yes, VoIP on the core (no more SS7 if anyone can help it) and | Kubernetes everywhere... | | But what I found to be really weird was the notion of outsourcing | billing. Besides being a GDPR nightmare (and I'm in Europe, like | the author, so I find it doubly unsettling), that was only done | "off-prem" when all companies involved were in the same group | (which was customary when fixed and mobile operators were | separate). These days billing is, comparatively, greatly | simplified (thanks to flat fees, real-time billing systems for | prepaid and streamlined bundles), so the only data that actually | leaves the BSS core goes to the (smaller and smaller) printing | facilities. | | So I would take it all with a massive dollop of salt. | BenoitP wrote: | > One even went so far as to state during an all-hands meeting | with technical staff that 'running a communication network' was | by no means a core competence for them. | | This is an outraging but very widely spread phenomenon. No | industry is spared from the MBA hawks. Everything now is rent- | seeking and moat building. Innovation has been packaged away and | can only happen when the market makers say it can. | | What can an engineer do about that? | phreeza wrote: | What I don't get in this entire conversation is how is 5G | different from any other transport layer? Can't secure | communication be achieved by encrypting the communications at a | higher level? | mensetmanusman wrote: | Metadata still exists in that framework. | elzbardico wrote: | Just another instance of how Harvard Business School completely | f*ing up things. Future historians will have trouble | understanding how we let MBAs destroy our civilization. | ng55QPSK wrote: | Ehm. You all are aware that 5G was created with the expectation | that in the future all networks (and core functions) will be | cloud-based? The last remaining HW will be the physical antenna | and some PA/LNA and some local signal processing. You connect | fiber to that and everything else is a operator-as-a-service | model - running on AWS/Azure/GCP. | walrus01 wrote: | You're aware that telcos have massive amounts of physical stuff | needed to make that happen first? You can't "cloud" hand wave | away things like massive metro scale dark fiber networks for | backhaul. Or things like inter city long haul DWDM networks. I | assure you there's a lot more going on hidden behind the scenes | of a modern ISP or 4G/5G carrier than just some antennas and | software in a VM somewhere. | ng55QPSK wrote: | This will not happen this year. But in the long run you don't | need much own HW to be an operator. And fiber connectivity is | (as the startpoint of this comments) outsourced in large | scale. | walrus01 wrote: | "in the long run you don't need that much HW to be an | operator" - have you ever worked for a facilities based ISP | or Telco and visited the interiors of dozens of different | POPs? Please do so and then come tell us all about how | telecom infrastructure on a national and global scale isn't | composed of massive amounts of hardware all over the place. | ng55QPSK wrote: | I work in a team that created 5G. And around ~2014 it was | clear: operators want to go away from own HW. | walrus01 wrote: | Just because you've outsourced some function to another | contractor or telecom doesn't make the physical stuff go | away. It just abstracts it away to someone else's | responsibility. | kazen44 wrote: | how? the hardware needs to be there because you actually | need to run the physical infrastructure to locations, no | matter the technology, you still need geographical coverage | to actually build connectivity. | tguvot wrote: | well, around ~2011 network operators discovered that it's | possible to virtualize network&compute, i.e. run routers, | switches and computers in VMs. As result of this they | came up with a grand plan where they will stick | everything to virtual machines on top of cheapest | hardware (preferably). A bunch of conferenced happened in | order to define standards for all this happy future. Only | most of it crashed and burned for multiple reasons. But | it was back then. | | Now, in theory, it's pretty much possible to run operator | based on leased lines (many operators actually run over | leased lines anyway, in many countries and they don't own | physical fiber networks due to regulations or other | reasons), and interfaces with antennas/enodebs that are | "virtualized" (to support multiple operators at once) or | even using cloud-ran while deploying rest of software | stack "in cloud". | signa11 wrote: | checkout how rakuten and altiostar are doing just that. ___________________________________________________________________ (page generated 2021-04-17 23:00 UTC)