The Chinese telecom manufacturer Huawei had the opportunity to listen to phone calls from KPN customers, according to a ten-year-old secret report in the hands of the press. According to the report, the company was also able to see which numbers KPN had to tap on behalf of the Dutch authorities.
Huawei had “uncontrolled and unauthorized access” to KPN’s mobile network, De Volkskrant quotes from the report. The findings come from consultancy firm Capgemini, which carried out a risk analysis on behalf of KPN.
The Chinese company was able to eavesdrop on conversations of millions of KPN customers. Dutch government leaders, including then Prime Minister Jan Peter Balkenende, also made use of the KPN network.
KPN has taken measures to prevent abuse, but Huawei managed to access it, according to the report. “Uncontrolled and unauthorised access from China actually took place after 28 October 2009,” the 2010 report states.
The Capgemini researchers also discovered another risk. Telecom companies such as KPN have to cooperate with draft requests from Dutch authorities. The database of tapped numbers was on an encrypted Huawei server. Because Huawei also managed the digital keys, the company was able to see which KPN numbers were on tap.
Capgemini at the time could not check whether Huawei was listening to these conversations because it was not registered. Moreover, the program used was in Chinese, notes De Volkskrant from the report.
KPN and Huawei deny the sensitive conclusions
In a response, KPN contradicts Capgemini’s 2010 conclusions: “no supplier of KPN has ‘unauthorized, uncontrolled and unlimited’ access to the networks and systems, or is able to eavesdrop on KPN customers or view wiretap information.”
KPN has also never detected theft of customer data or eavesdropping, writes the telecom provider. Huawei also denies that employees of the company had unauthorized access to KPN’s network and data.
Huawei has been under a magnifying glass in recent years due to allegations that China is using the company to spy on the West. The General Intelligence and security service (AIVD) has been warning of Chinese espionage for years.
Due to the sensitivity of the data, there are fears for the survival of the mobile branch of KPN if “the shortcomings identified by the researchers become public knowledge”, De Volkskrant quotes the report, because customers could abandon trust in the company.