HuaXin & HuaWei - China's GFW & Cyber-AI Empire
Abréviation - (CCP: China Communist Party; SOE: State Owned Entreprise; SASAC: State-owned Assets Supervision & Administration Commission of the PRC State Council; MPS: Ministry of Public Security; MSS: Ministry of State Security; MPT: CCP Ministry of Post & Telecommunication; Huaxin : Chine Huaxin Post & Telecommunication economic development center; CAPTC: ChangAn Post & Telecommunication Cleaning Corporation; ALU: Alcatel-Lucent; MoP: Ministry of Propaganda; MIIT : Ministry of Industry and Information Technology, www.miit.gov.cn ; MoST : Ministry of Science and Technology; NMP : National Science and Technology Majoy Project of MoST; NCHB: National Core-High-Base of NMP, NCHB means Core components, High end silicon chip and Base software; SHEITC : Shanghai Municipal Commission of Economy and Informatization ; CAS: China Academy of Sciences; SMI: Shanghai Microsystem Institution of CAS; SKL: State Key Laboratories; BPTU: Beijing Post & Telecommunication University; SJTU: Shanghai JiaoTong University; R&D: Research & Development; CITC: China Information Technology Designing & Consulting Institute Co. Ltd., under China Unicom of MIIT; HITC: Huaxin Information Technology Designing & Consulting Institute Co. Ltd., under Huaxin of MPT/MIIT; CNCERT: National Network & Information Security Center, alternative name as “China National Computer Network Emergency Response Center”; CNNIC: China Internet Network Information Center; CAC: Cyberspace Administration of China; SCIO: State Council Information Office; CLGCA: CCP Central Leading Group for Cyberspace Affairs (replaced “State Council Information office” since 2017) ; CSL: China’s cybersecurity law; CN2: China Telecom Next Carrier Network; DPI: Deep Packet Inspection; SDN: Software Defined Network; NFV: Network Function Virtualization; CDN: Content Delivery Network; )
SOMMAIRE
1) Basic Background of GFW
2) Overview of China Smart Censorship System & GFW
3) ALU’s technology shaping GFW
4) Huaxin’s special position on GFW
5) The special political power relationship of Huaxin and ALU
6) Huawei & ALU as major provider of China IP Backbone
7) The Bridgehead of GFW: Shanghai Pudong
8) Huawei & ALU Human Rights impacts
9) Cyberspace & Cyberwar operated by China
“Without cybersecurity, there is no national security; without digitalization, there is no modernization.” – Chairman Xi
“Only the mistake needs the support of the government. The Truth Can Fend Itself.” - Thomas Jefferson.
1) Basic background of GFW:
At 1998, CCP State Council build China Telecom from MPT, as telecom operator, and Huaxin as telecom vendor, either China Telecom or Huaxin belongs to MPT. At 1998’s first meeting of 9th CCP People’s Congress, under Prime Ministry Zhu Rongji’s reform. China’s National Network & Information Security center build at 1999, the predecessor of CNCERT. After Shanghai center build at 2001, the network & information security center cover every province step by step. All belongs to MIIT administration(previous MPT).
The “ Golden Shield Project ”(GSP) which launched by MPS since 1998), Tian Suoning and Ding Jian build ASIAinfo(Nasdaq), develop GSP, Tian Suoning(CEO) and Zhang Chunjiang(Chairman) operate China NetCom(build by red prince Jiang, merged to UniCom) at 1999, whose IP backbone support by Lucent.
The called “father of GFW” named Fang Binxin who are president of BPTU, the direct institution of MPT.
GFW to be more ambitious strategic system than GSP, Sophisticated, multi-tiered, parallel-universe.
The crimes related to Internet censorship stipulated in China's criminal law mainly include crimes that endanger national security, fabrication, intentional dissemination of false terrorist information, the crime of spreading obscene articles, copying, selling, and spreading pornographic goods for profit.
Chine est aujourd’hui une puissance capitaliste du type monopoliste d’état. plus nationaliste que communiste. Any source of information they can't control is forbidden in China.
China’s latest moves to legalize and bolster its digital barrier bring “Internet sovereignty” a step closer to reality.
The Internet is subject to control because its infrastructure is subject to control.
GFW made all these “risk drivers” across the ICT value chain.
2) Overview of China Smart Censorship System & GFW:
? tro?ka ? du GFW : CCP Ministry, Solution provider, ISP monopoly.
Four level system of GFW for censorship:
1) ICT Provider: Cisco, Huawei, Alcatel-Lucent(ALU)/NOKIA, and Juniper are top 4 on carrier router and switch market(before 2014), ALU and Huawei are top competitors on China backbone. For China Telecom, ChinaNet provided by Cisco, Huawei, Juniper, ALU, and CN2 dominated by Huawei.
2) OPerators: The China ISP monopoly consisting of and controlled under 3 backbone network operators(“3 BIG Operators”: China Telecom, China Mobile, China Unicom) which all are SOE of SASAC under CCP special rule, under political operation of CCP censorship. China Telecom operates the world's largest and most sophisticated Internet censorship infrastructure. OPerators that make decisions around the actual implementation of online censorship, OPerators expected to monitor and filter content on their networks according to state guidelines. OPerators build and operation on GFW network: ChinaNet, CN2, CMNET, CNC, GSP, NGB.
3) Media & Idéologique: madie made ideologic control under CCP censorship strategy; The Propaganda Department of the CPC Central Committee and its subordinate departments at all levels are responsible for the management of social science research, culture and arts, press and publication, religious beliefs, mass media, and the Internet and other sectors and fields in the state machine. The CCP ruled to consolidate the ideology of one-party autocratic legitimacy, and through a powerful and secretive censorship system, the ruler’s “domination” of society in ideology and culture and the control of the people’s information and action capabilities. The MoP Central and its subordinate propaganda departments at all levels are responsible for the management of social science research, culture and art, press and publication, religious beliefs, mass media, and the Internet and other sectors and fields in the state machine. The CCP ruled to consolidate the ideology of one-party autocratic legitimacy, and through a powerful and secretive censorship system, the ruler’s “domination” of society in ideology and culture and the control of the people’s information and action capabilities. . The official discourse, that is, as the "main theme" discourse that aims to safeguard the legitimacy of the one-party dictatorship of the Chinese Communist Party, the effectiveness of its propaganda is based on the highest form of "hearing, seeing, imperceptible". The ruled person's censorship (symbolic violence) exerted on them often does not understand that it is a kind of violence and thus recognizes this kind of violence. Symbolic powers transform the social attributes that govern relations into natural attributes. This means that the rulers have to rely on language strategies to maintain their legitimacy. They often disguise the naked control relationship as a kind of "euphemism expression."(euphemization)
4) CCP Institution & Administration: The MIIT made regulation on internet censorship, CNCERT made administration on GFW. CCP made policy, Internet Law & Cyber war:
Huaxin with special position in the “four level censorship system”, Huaxin either as ICP provider or as Internet Administration.
The freedom of expression and privacy risk drivers faced by internet services companies have been well documented by organizations such as the Global Network Initiative and the OpenNet Initiative. ISP receive demands from governments to remove, block, or filter content, or to release personal information, such as email records and web surfing habits.
ISP receive requests and demands to deactivate user accounts. Online services, such as email, social networking sites, video communities, and blogs, are important tools for citizen journalists, political campaigners, and human rights advocates to express their points of view and to organizing. However, companies can come under pressure—from governments and users who may object to certain content—to deactivate accounts and take down content, especially during key events such as elections or protests.
Policies creating liability for carriers of content sent or created by users can be threats to freedom of expression by incentivizing carriers to restrict the use of their services for any content that could be considered controversial, or to restrict the pseudonymous use of these services. This impetus is particularly strong where definitions of illegal content are vague and overbroad, incentivizing self-censorship and restraints on speech.
3) ALU’s technology shaping GFW
There have tons of research, analyzing,
According to firewall.org, The Firewall works by DNS poisoning its own servers so that blocked website URLs are not directed to the corresponding IP address. The Firewall also blocks IP addresses flat out by identifying destination addresses during deep packet inspection. Deep packet inspection is also used to identify sensitive keywords in destination URLs and packet payloads. Recently, the GFW has gone on the offensive with “the Great Cannon,” which forces foreign users to act as zombies in DDoS attacks. Chinese internet users evade the Firewall by using paid VPNs, which establish a private network for each user, or by using web proxies, which connects a user to a foreign server through the web browser. Other methods discussed were peer-to-peer methods, which rely on foreign volunteers, and using the software Tor, with some tools and bridges to make it usable in China. In 2015, a new system dubbed The Great Cannon was used to perform a Distributed Denial of Service Attack on anti-censorship website GreatFire.org, Github.com and Cloudflare. In a DDoS attack, an attacker infects multiple systems to act as “zombies” that in turn send traffic to the actual target system in order to flood the target system’s network. The Cannon works as an in-path barrier, which means all traffic between the outer world and China must flow through the Cannon.
Why China’s National Firewall(GFW) so powerful? It’s decided by IP backbone deployment and ICP vendors’ technical capabilities and in enforcement in fast pace.
Implementation: how does it block?
Architecture: how is a system added to China’s backbone?
Policy: what kind of protocols does it block?
Effectiveness: what’s the degree of success at discovering Tor bridges?
Discussion of constructing unified DPI system by operators in the background of big data - China Mobile Group Design Institute Co.,Ltd.
https://www.infocomm-journal.com/dxkx/article/2017/1000-0801/1000-0801-33-4-00191.shtml
According Huawei and ALU’s documentation, DPI is technology that able to inspect IP packets at Layer 2 through Layer 7. This includes headers and data protocol structures as well as the actual payload of the message. DPI can be effective against buffer overflow attacks, denial of service (DoS) attacks, sophisticated intrusions, and a small percentage of worms that fit within a single packet. A classified packet can be redirected, marked/tagged (see quality of service), blocked, rate limited, and of course reported to a reporting agent in the network.
Huawei provides the Quidway ME60 MSCG (Multi Service Control Gateway) DPI solution since 2001, which classifies the DPI technology application to be three layers: detection of the MSCG internal direct services, internal DPI processing of the MSCG, and external DPI processing of the MSCG. Huawei HiSilicon developed DPI chip named Solar3.0.
Huawei SIG9800 series solution: DPI+DFI(Deep Flow Inspection)
https://www.huawei.com/ucmf/groups/public/documents/attachments/hw_111690.pdf
In 2007 Alcatel-Lucent (ALU) entered into a global reseller agreement with CloudShield Technology acting as the primary network integrator for CloudSheild solutions in large network service providers. ALU subscribes to embedded policy management solutions using DPI technology versus standalone and appliance based DPI solutions to provide service providers with integrated managed end-to-end policy management solution. This is achieved with its new ALU Application Assured VPN Integrated Services Adapter (AA-ISA) and Reporting and Analysis software. The essence of the ALU policy management offering is centralized management and distributed edge enforcement for end-to-end quality service. The edge ISA scale is between 50-70Gbps and are integrated to the central policy management system. ALU aims to grow and develop its business in the policy management space by offering service providers integrated and in-depth management of their network traffic, bandwidth and quality of service.
Alcatel-Lucent's FP3 high end network processor chipset, used within its router platforms, achieves 400Gbit wireline performance. Alcatel-Lucent's server router portfolios split into virtual systems and IP platforms. Virtualized Service Router(VSR) included broadband network gateway to deliver triple play residential services, a carrier Wi-Fi solution and an IP security gateway. Alcatel-Lucent has decided to create a network function virtualisation (NFV) edge product with a carrier grade operating system, it achieves faster performance than competitors' announcements.
NOKIA improved to FP4 DPI processor: https://networks.nokia.com/solutions/fp4-network-processor
https://networks.nokia.com/solutions/7750-srs-ip-edge-router
The controversy over deep packet inspection is not about the technology itself but whether a service provider has the right to examine end-to-end data to look at what the user is doing — a privacy rights issue.
The China Telecom unified DPI system implements website analysis statistics and search keyword crawling to provide online behavior data. The big data center combines powerful data mining technologies and industry knowledge bases to perform user behavior analysis on end users in the DPI network coverage area to establish accurate User portrait.
These function for every user:
? Creation and termination of bearer channels ? Packet inspection and filtering (determination of the appropriate bearer channel based on the type of service/application) ? Policy enforcement (QoS and charging support assigned to each bearer as defined by the user’s individual package) ? Accounting and reporting
The “7750SR configuration guide” described filter policy by simple configuration, China Telecom don’t need any development, just make simple configuration by ALU’s guide, to implement IP filtering, Intrusion detection, SSL blocking, DNS Hijacking and pollution, VPN blockage etc..
https://networks.nokia.com/solutions/ip-edge-routing
Carrier SDN : in building and managing large-scale IP/MPLS and optical networks. Network Services Platform to unify service automation and network optimization across the IP, MPLS, Ethernet, and optical transport layers; integrate and orchestrate network management operations across the IP core, service edge, and optical transport domains
Provider: Broadband Network Gateway (BNG), Provider edge (PE) for VPN, internet access, datacenter interconnect, aggregation router for IP mobile anyhaul, Mobile packet core gateway, Carrier Grade NAT (CGNAT), WLAN gateway, Security gateway and Application Assurance functions
Dans d’autres documents à destinations de personnes plus avisées, les spécifications de la bête laissent à penser que comme pour d’autres modèles de la marque (comme la famille 7750 qui gère déjà du DPI à raison de 100 Gb/s par puce… et il y a jusqu’4 puces en fonction des configuration sur ces modèles), ces équipements sont tout à fait DPI ready… et sur de gros réseaux. Les cartes d’extension de ce genre de routeur de service, au format MDA (Media-Dependant Adapter) apportent également une intelligence en plus de celle du routeur, elles traitent des protocoles physiques, puis les encapsulent dans du MPLS(MultiProtocol Label Switching) et présentent ainsi le gros avantage d’être déployables au coeur de gros réseaux. Et c’est là que la magie du DPI s’opère techniquement : ce sont les IOM, sur lesquelles on trouve 2 MDA, qui servent à l’intelligence du routeur, elles sont connectées au routing complex et la puce “FP2” d’Alcatel s’intercale ici, et c’est à ce niveau que la deep packet inspection s’opère.
Après avoir distribué quelques cyber quiches à Amesys, Bluecoat ou à Qosmos, Reflets hésitait un peu entre Thalès et Alcatel Lucent pour la suite de sa petite saga sur le Deep Packet Inspection, cette technologie bien de chez nous que les dictatures du monde entier nous envient… et que nous leur vendons dans le plus grand mépris des droits de l’homme et de toute déontologie. Nous avons donc opté pour Alcatel Shanghai Bell, la filiale chinoise d’Alcatel Lucent issue de ses actifs belges. Alcatel Shanghai Bell, c’est aussi le bras numérique armé de la junte militaire birmane.
IP Network data centralization, China Telecom build CT uniformed administration platform,
By SDN/NFV technology, implement E2E elastic netwotk with One-stop, customized, quick response; SDN make network more centralization, dynamic routing management independent of lower layer network, service agility
China UniCom IP Bearer Network with SDN, “A Network” coverage since 2017.
China Telecom CTNet2025 since 2016,
How SDN shaping GFW:
The core router and filter device and solution cost ALU thousands engineers and experts effort, when sold network solution to China Telecom, Huawei and ALU would make network planning consultant for China Telecom, China Telecom would optimizing network based on vendor’s consultant,
The SDN made operator more and more easy to control and monitoring, simplified multi-layer control, better network efficiency on optical network visualization: (source: China Telecom)
how companies across the ICT value chain could face particular human rights risks.
ICT companies providing equipment, IT services, data storage and software not only provide simple off-the-shelf hardware and software, They provide consulting advice alongside ICT hardware (such as network equipment, databases, computing equipment, etc.) and guidance on how the hardware and software can be used for maximum value. There is a need therefore to provide consulting advice consistent with the human rights of privacy and freedom of expression, especially to customers in higher-risk jurisdictions.
Provision of services to high-risk customers in high-risk locations – A number of freedom of expression and privacy risk drivers can arise when ICT companies provide enterprise software, data storage, and IT services to high-risk customer segments (such as defense, national security, public safety, justice, law enforcement etc.) in high-risk countries. Without effective due diligence relating to the country/market and the specific customer, such companies run the risk of being associated with human rights violations.
Semiconductor chips of DPI: Companies that design and manufacture semiconductors and chips make choices about product functionality and default settings that have potential implications for human rights. However, these functionalities also take us into an ethical grey zone: For example, the same chip-level functionality that allows remote access to a PC for maintenance and troubleshooting has potentially more negative applications too, such as surveillance. There are two other recent developments that also present human rights risk at this level: the pressure from governments to configure chips in such a way that back-door access to ICT networks is more easily obtained, and the potential trend toward embedding security features usually provided at the software level (see below) into the chip.
Network Equipment :
The increasing pervasiveness of ICT in all countries requires ever more extensive networks capable of carrying larger and larger amounts of data in increasingly sophisticated ways. There are three main risk drivers for companies providing fixed and wireless network equipment, such as switches and routers, and various network management services: ? Providing product functionality that enables censorship and content restrictions – Networking products and technologies (such as switches and routers) have functionality designed to allow network managers restrict certain categories of data, websites, and content. Network management and security capabilities based on filtering are critical to mitigating attacks on the network and are essential to enabling the reliable flow of information—the internet would collapse without these features. There can also be very good reasons to provide functionality that allows the blocking of certain content, such as child exploitation. However, used by certain customers in particular ways —for example, restricting access to a broader range of information, such as political content—could cause network equipment suppliers to be associated with restrictions to the human right of freedom of expression. ? Providing product functionality that enables privacy-invasive activities by law enforcement agencies – Networking products and technologies also contain functionalities (such as “deep packet inspection” and “lawful intercept capabilities”) designed to allow access by third parties to personal information and communications. While the functionality itself can be considered human rights neutral (there can be good reasons to allow access to personal information and communications, such as legitimate law enforcement), usage by certain customers in particular ways could cause
network equipment suppliers to be associated with privacy and securityinvasive activities. It should be noted that network equipment suppliers are often mandated to provide this functionality as a requirement set by the telecommunications operator buying the equipment; in turn the telecommunications operator will have inserted this requirement as a license condition established by the government or regulator. It should also be noted that these requirements exist in all markets, and equipment suppliers find it difficult to take a “double standards approach” by offering that functionality in some markets and not others. ? Providing consulting advice on how ICT hardware and software is used – While the provision of off-the-shelf hardware at the request of customers or governments raises debatable ethical questions over whether or not a company is considered complicit in a human rights violation, these ethical questions are more clear in the case of the consulting advice provided alongside the equipment. If companies advise enterprise or public sector customers on how to use networking products in ways that restrict freedom of expression or invade privacy and security, then the company would be more closely associated with these human rights abuses
4) Huaxin’s special position on GFW:
Huaxin’s alternative name is CAPTC in China, SASAC utilized CAPTC as “financial company” holding ASB, build telecom backbone monitor system, military and special telecom authority(PLA information system). At 2012, CAPTC renamed and retaken as CNCERT, the administration of GFW, Focusing on Internet Security, Control and CENSORSHIP, CNCERT oversees the daily operation of the GFW.
NetCom purchased subsidiary of PCCW, after NetCom merge to UniCom, GFW part of task transfer to Unihub.
Unihub is SOE of Huaxin. Unihub administration and maintenance on China Telecom ChinaNet backbone.
ALU JV Huaxin, Huaxin’s background are MPT, the predecessor of MIIT. The China Ministry of financial fund billions to Huaxin every year by means of MIIT project(of NCHB).
Yun Xiaocun standing on CAPTC : (Yun is dean of CNCERT, also dean of CAPTC)
The ASB Board Directors Yuan Xin, Guan Jinzhi, Ma Jie also the Board Directors of Huaxin. Huaxin also holding “ZhongYing”(Unihub China Information Technology) Joint Venture with PCCW since Yr2003. “ZhongYing” and “Xinhui”(Sincere Technology), which make role on China national security. Huaxin in benefits of prince Wen Yunsong(Winston Wen”)’s power to cooperate with PCCW(Richard Li), build Unihub, invested by Richard Li and controlled by Huaxin, Wen Yunsong’s CCP political family utilizing Unihub to control internet, hold the task of China’s IP network management, which made Unihub as the secret agent to CCP censorship. Unihub’s main partners are China Telecom and Cisco, the company utilized inherent technology of ALU, the Cloud solution, big data, SDN, NFV etc., IP network management and monitor, also provide DNS defence and DDoS solution to enhance GFW.
Whose solution mainly from ALU(NOKIA) and Huawei. (NO FDI operation on ISPs)
Huaxin is ghost of MPT(/MIIT), Huawei is ghost of MSS.
China Telecom and China Mobile is ghost of MPT(/MIIT).
China State Council administration on State Information & Industry political, Huaxin as SOE are under 100% control by SASAC of State Council. “Rule of Security Protection of Computer Information System” issued by State Council.
At 1994, “Digital Stored Program Control Switching”(DSPC) made by “Huge Dragon limited”, called C-04, instructed under MPT Wu Jichuan, copied sample based on Alcatel S12 (MPT JV with Alcatel since 1984), “Huge”’s Wu Jiangxin so called “father of DSPC” is leader of PLA, transferred to Huawei who made as C-08 DSPC since 1998. Wu is core of “863”, handle NMP of “3TNet” and “NGB” under special national strategy.
Huawei Ren Zhengfei’s background is PLA and under MSS’s special political. CCP initiated “Huge-Big-Center-Hua” four special company for telecom industry, “Huge and Hua” merged as “Huawei”(“wei” means do ambition, “Huawei” means “In China, people must do”, implied “Huge”), “Big” developed as “Datang Group”(“Da” means “Big”, “tang” means “tang dynasty”), “Center” developed as ZTE(“Z” is “Zhong”, means “Center” by Chinese). And another ? belongs JV of MPT and Alcatel, called ASB(of Huaxin), as most important one due to need “introduce technology strategically”. “Huaxin” means “In China, people must trust”.
5) The special political power relationship of Huaxin and ALU
ALU(NOKIA) do business with 3 BIG gang via ASB(NSB) political power relationship.
At Year 2011, ALU provide Genesys system and platform solution for China PingAn Assurance, PingAn is red prince financial empire who supported by red family Wen. Huaxin own special relationship with PingAn empire. After UniHub, who build the China’s top-tier PE - NewHorizon Capital, Wen position at China Aerospace Science & Technology Corporation and chairman of China SatCom since 2012.
The Telecom Backbone could be build all over the world, while China Telecom, China Mobile, ChinaUnicom all 100% controlled by CCP SOE, they insert filter for political censorship, and the filter are high efficiency and smart based on ALU’s infrastructure and software technology, and ALU provide long term technical support for these SOE. ASB’s political background are MPT, the same organ under political alien with “3 BIG Operators”.
And China Railway Telecom and China SatCom also 100% controlled by CCP SOE, “ASB Labor Union” 100% controlled “Fu Xin Telecom” based on ALU and Thales’ technology transformation, serviced for Railway Telecom, the ASB’s relationship with “Institute of Microsystem”’s Satelite and Space hi-tech plan(setup by CCP prince Jiang) help on microwave technology.
They hired software engineers to development and maintance system, while in contrast, CCP arrest software engineers who helped people over GFW as crime, the software engineer and journalists are high risk on censorship.
6) Huawei & ALU as major provider of China IP Backbone :
The bandwidth capability are strategic important for CCP censorship to 1.4Billion Chinese people. ALU are NO.1 on this capability improvement and agility. ALU assisted China Telecom(main ISP) build GFW and improve performance, in broadband IP router, ALU hold 46% market share, as first vendor improve to 100Gbps and 400Gbps rate. Provided PON technology, OTN, 1830 PSS, HLN(High Efficiency Level Network) CBT(Converged Backbone Transformation), 7750-SR router, 7950XRS router, 9900 WNG, and 5620 service sensor etc. high technology to service China Telecom to enable CCP government sharp tool of repression by high efficiency censorship Chinese people and abuse on human rights. ALU’s solution enable CCP to monitor mobile service flow, more efficiency and more smart to monitor user, able to digging out user relationship.
IP Network backbone of “3 BIG Operators”: (source: ieee802.org 400GSG Huawei)
https://wenku.baidu.com/view/8e94440f4a7302768e993963.html
(Huawei internal training ppt on “IP Backbone planning” at 2006)
400G platform router deployment : ( )
China Telecom global POP Nodes :
https://www.chinatelecomglobal.com/product/detail.html?cate_id=900003&lang=zh
Chinatelecom Next Carrier Network(CNCN), called as ? CN2 ? in China.
Network structure:Dense mesh network structure. Most provincial city has more than 3 physical outgoing directions. Some province has built two backbone nodes to enhance network resilience. Technology:SDH,WDM, partially ASON and OTN. 100/400 Gb/s DWDM systems were deployed. Services:soft switch network, Internet, high quality IP carrying network, leased line. IP over WDM with & without protection.
Cisco:
Cisco had been NO.1 before 2012, share China Telecom 163 backbone 70% and China Unicom 169 backbone 80%(according China media, actually maybe not this percentage, anyway we know Cisco “dominated”). Since 2012, China changed Cisco according “national security accusation”, replaced by Huawei and ALU.
Cisco History on GFW :
https://www.cisco.com/c/zh_cn/about/company-overview/profile/milestone.html
Huawei:
Since 2004, Quidway NetEngine 5000E, 2008 40G, 2009 100G, 2011 200G, 2012 400G, 2013 400G cluster; Huawei NP Solar 3.0 R&D by Huawei HiSilicon.
At 2009, China163 XiAn NE5000E; At 2012, China169 ChengDu, XiAn, ChongQin, WuHan Node, NE5000E “2+2” cluster router in 2.56T capacity ; 2015, China169 TaiYuan, NE5000E 400G “2+4” cluster; LuoYang 400G “2+8”, QinDao 100G&400G “2+8”, TangShan 400G “2+7”;
2017 : Huawei CloudBackbone, NE5000E SDN+400G Cluster router.
Huawei dominated Military Integrated Information Network, alleged hold long term secret contract with PLA General Staff Communication Department.
ALU/NOKIA:
ALU was NO.1 for China Unicom national wide backbone solution.
At 2010, ALU provided and maintain China Telecom IP/MPLS backbone across 10 provinces, Deployment 7750-SR and 7450-ESS; At 2011, ALU 100G backbone solution with 7750SR and 1830PSSOTN, support CCP government “Broadband China” strategy; At 2012, ALU provide 100G DWDM backbone solution for China Mobile; At 2013, OTN contract got 40% market share, for NBN solution; At 2015, 7950 XRS IP Core Router occupy 25% share of China Telecom.
ALU is first on 400G technology improvement for ChinaNet backbone.
And 7950 XRS IP Core Router for China Mobile National backbone CMET.
At 2014, ALU provide China Telecom 400G router, Shanghai, Jiangsu, 7950XRS, win bid as major supply for China Telecom, China Unicom and China Mobile IP backbone solution, by special cooperation relationship with Huaxin; https://www.thefastmode.com/technology-solutions/2892-alcatel-lucent-wins-major-ip-core-deals-in-china-selected-by-china-telecom-china-unicom-and-china-mobile ; phys.org/pdf256989148.pdf 2012-05-alcatel-lucent-world-powerful-internet-core.pdf
Alcatel-Lucent High Leverage Network(HLN) Converged Backbone Transformation (CBT) Solution, in which the next-generation Optical Transport Network (OTN) infrastructure plays a key role.
At 2015, China Telecom, Aggregation switch 1800 sets, DCI switch 110 sets, multi service engine gateway 250 sets, Core Router 15 sets, Service Router 35 sets, shared by ALU and Huawei, no Cisco. Beijing 169 node throughput reach 4.4T, estimated 50% increasing per year.
2015, China Telecom IDC, SDN Backbone, 6 core DC and 15 core city, ALU and Huawei.
Nokia Aims to Dominate CSP Infrastructure, Buys Alcatel-Lucent April 15, 2015 - IDC Link
https://www.idc.com/downloads/lcUS25563215.pdf
Since 2017, China Telecom core router shared by Huawei, NOKIA and ZTE.
The Central Cyber Security and Informatization administration has stressed that to build China into a powerful network country. Huawei instead of Cisco, as well as Baidu instead of Google, political driven, China Telecom “3 BIG” strive to build a future-oriented “efficient, intelligent "Backbone Networks, Realizing the "Chinese Dream" of Internet Powers”, by this ground, push Huawei.
ALU’s solution is more advanced and more stable than Huawei, but ALU couldn’t say they are NO.1, due to political sphere, ALU sold solution by agency of ASB(the body of Huaxin). That’s say, the NO.1 must be Huawei, ALU do NO.1 behind the game, either are NO.1.
The GFW is using a method called DPI (Deep Packet Inspection) to analyze all inbound and outbound traffic in real-time. The ALU 7750-SR is famous on DPI based gateway which are widely deployed for 3 backbone operators, as well as SDN technology deployment. ALU had been top vendor of DPI technology, another vendors for “3 BIG Operators” are Huawei, Cisco and Juniper.
ALU assisted China “Tri-Network Integration” and NGB framework, provide total solution to help “China Radio & TV Broadcasting”(100% CCP SOE) to complete network architecture and fusion service, help CCP censorship on Chinese people in more efficiency way, which highly impact on human rights. The “ASB Labor Union” owns special relationship with “China Radio & TV Broadcasting Jiangsu” and “China Mobile Jiangsu”, where Gu Hande and Zhou Yi assigned by CCP Jiangsu(who are main player on Nanjing CNinfo), appointed NGB framework as tool to propaganda and censorship for Chinese people.
The OpenNet Initiative, calls China's filtering system "pervasive, sophisticated, and effective."
ALU also provide CDN solution for core router. “3 BIG Operators” enhance penetration by CDN management and expanding nodes(node sinking) of coverage.
Lucent used be main solution provider for ASIAinfo.
ALU Supply Chain :
ALU’s manufacture contracts with EMS Celestia and Flextronix China factory(one of factory of Flextronix operates by inherent from Huaxin), the factory have local supply chain, it’s easy to modify parameters or implant what they want to, after products assembly, ALU sold products by packaged contracts with Telecom or Network operator worldwide, China government already owns technology to control factory value chain, which could enable them to expanding network security concern over western country.
Inside Alcatel-Lucent by Douglas Coupland
https://visual-editions.com/kitten-clone-inside-alcatel-lucent-by-douglas-coupland
Nokia company profile reveals: workers’ rights systematically disregarded
https://goodelectronics.org/nokia-company-profile-reveals-workers-rights-systematically-disregarded/
https://goodelectronics.org/nokia-disconnected/
7) The Bridgehead of GFW: Shanghai Pudong
ASB Board member hold seat on Pudong People’s Congress and with special relationship with Pudong government, especially on improve ICT industry development strategy in political, “ASB Labor Union Holding” series company hold 863 plan and make role on information security. They “863 Information Security Industrialization base” in Zhangjiang hi-tech park, is a special body(in name of “incubator”) for integrate network security technology and agency, involved National Information Security Engineering Technology Research Center, anti-intrusion research center, high performance ASIC center, SJTU Information Technology Institute, ICT ecosystem and special information security hi-tech incubation, where it build DDoS Army. CCP take Shanghai as most important base of censorship, Huaxin series company and “ASB Labor Union Holding”’s Fuxin series company make important role.
Shanghai Pudong is most important WWW gateway of China, over 60% International Submarine fiber optic cable line Gateway by Shanghai.
Juniper network hold the Shanghai telecom(core routers and bandwidth upgrade) and internet security cooperation with Shanghai government, where Hua Duyu(pre ASB) to be VP of Juniper network. Juniper network used acquired Netscreen Co. Ltd. On 4.5billions dollar, which funder by Deng Feng who are very famous CCP pushed figure of Chinese VC, favored by COD 1000plan Li Yuancao. This M&A made juniper network do hidden business for CCP GFW development.
ASB have marketing team on ALU’s SDN and NFV solution, one of utilization comes Unihub, and it’s mystery about prince relationship on Huaxin, while China Telecom’s counterpart cooperators confirmed it’s true. The “Shanghai Institute of Microsystem and Information Technology”(SIM) showed example of “advanced small satellite project”, it’s tighten with “China SatCom” where prince Wen being Board Director.
ASB push SDN/NFV:
Unihub also hold IT solution for Shanghai stock market, CITIC Securities, PinAn Securities.
As Financial Times reported at 2010, “China: To the money born”, given point of view of China CCP red prince play game on PE to get money from fake financial market. “ASB Labor Union” utilized prince Jiang, prince Wen’s relationship to make “FuXin Investment” to take money from financial market.
The State Council utilize power to scheduling and integrate SOE resource, use power to conquer people, use power to rob people, it’s totally abuse on market economics. All Alcatel related investment integrated by SASAC and distributed to another SOE.
8) ALU Human Rights impact in China:
In order to provide a local service, ALU established close relationships with local state entities. By joint venture with special SOE Huaxin. ALU collaborates too closely with law enforcement agencies. This presents human rights abuse compliance with the government, made specific government actions, associated with human rights violations.
As SOE in business of telecom, ASB have special authority to surf blocked site by proxy, while all monitored by IT and setup internal censorship. ASB directors also recruit “50cents”(CCP internet public opinion monitor and control, called as “50cent party”) inside company to work for CCP censorship, training by “ASB Labor Union”, all ASB’s “50cents” hold master or PHD degree with software skills.
“50cents” able to “prison break” and “50cents” team are powerful to control censorship under CCP propaganda special training.
Based on ALU global R&D platform, ASB own the capability to setup different project base on, they used made solution on radio interception to monitor wireless data. “ASB Labor Union”’s correlation company mainly based on ASB, whose operation on behave of government officers’ power and able to integrate advanced technology for control Chinese people or aggressive to world, whose activity also impact on ASB engineers’ labor rights.
ALU’s 3G and 4G E2E solution enable CCP government via “3 BIG Operators” to monitoring everything about user information of message, voice and video, and positioning.
The 1000plan experts and oversea returners could get special allowance over GFW by application to CCP Front Union. CCP Front Union made strategic expanding on global level censorship, utilizing Chinese scientist and hi-tech company and oversea M&A etc..
The WALL for prison freedom of thought, not only in GFW, the censorship focus on political and ideological control, under power of dictatorship propaganda.
According to Human Rights Watch, "Internet control has reached new heights since President Xi Jinping assumed power in March 2013.". "If online speech and privacy are a bellwether of Beijing's attitude toward peaceful criticism, everyone – including netizens in China and major international corporations – is now at risk," Human Rights Watch China director Sophie Richardson said.
The Chinese vision of the Internet limiting freedom of speech, China does not embrace a vision of the Internet as a borderless and free space for creativity and connectivity where individuals can engage in free.
Reference to the report of Amnesty: Undermining freedom of expression in China - The role of Yahoo!, Microsoft and Google
9) Cyberwar operate by CCP
On October 30, 2017, the Cyberspace Administration of China (CAC) — China’s top internet censor — released two regulations: one on managing online media employees and the other on new internet technology for news websites. Cybersecurity Law effective from 1 June 2017.
Operators of critical information infrastructure purchasing network products and services that might impact national security are required to undergo a national security review organised by the Ministry of Industry and Information Technology (MIIT) and the Cyberspace Administration of China.
“cyber sovereignty” in China.
state-sponsored hacking.
China's cyber operations are an active threat to Chinese people and human being.
In February 2014, President Xi Jinping took personal control of cyber policies by creating the Central Cyberspace Affairs Leading Group. The Chinese government views cybersecurity and national security as equals. State, social, infrastructure and personal security are all deeply affected by events in the cyber domain. .
Accelate information infrastructure construction:
CCNB 46305Km 100G OTN, 6 core, 31 bone, 3 international channel, investment 100Billions.
According to “13-5” plan on “Heavy & Big” Information Infrastructure: 3-BIG gang investment 34.72Billions for inter-province IP Backbone; 14.78Billions for intra-province IP Backbone; 127.1Billions for inter-city backbone; 188.4Billions for Broadband access network; 390.2Billions for mobile broadband access network; 25.6Billions for international infrastructure; 45.3Billions for Data Center; 10.14Billions for CDN; 56.97Billions for APP service platform and IT support system. In summary 993.21Billions.
China national top contributor on cyberspace(Incomplete statistics):
According to China science statics, China have 2Millions programmer(called “MaNong”: coding farmers), over 1Million work for ICT infrastructure(3-BIG, MPT series group, CEC, Huawei, ZTE, and JVs etc.)
They are going to build cyber communism.
Cisco’s Latest Attempt to Dodge Responsibility for Facilitating Human Rights Abuses: Export Rules
VPNs & Internet in China: Everything you need to know
https://vpnreviewer.com/internet-vpn-china
The Great Fire Wall of China
https://www.opendemocracy.net/china-correspondent/great-firewall-of-china
Beyond the Great Firewall: How China Became a Global Information Power
https://www.cima.ned.org/publication/beyond-great-firewall-china-became-global-information-power/
Betting on Bandwidth / Edward Tian, Wired
https://davidsheff.com/article/betting-bandwidth-w-edward-tian-wired-magazine/
China’s Internet Censorship and Controls: The Context of Google’s Approach in China
https://www.hrichina.org/en/content/3248
Internet connection map of China
https://cnnic.com.cn/IDR/GlobalInternetNews/201209/P020120904346790476519.jpg
Timeline: China’s net censorship
https://www.bbc.com/news/10449139
https://is.muni.cz/th/383918/ff_b/thesis-censorship-perception-final-final.pdf
CISCO LEAK: 'GREAT FIREWALL' OF CHINA WAS A CHANCE TO SELL MORE ROUTERS https://www.wired.com/2008/05/leaked-cisco-do/
中国电信ChinaNet骨干网大区片区和省级节点
https://blog.csdn.net/gsls200808/article/details/75137261
RED Family WEN :
Princeling firm New Horizon Capital is a top-tier private equity fund focused on investing in China. https://www.nytimes.com/interactive/2012/10/25/business/the-wen-family-empire.html?mtrref=www.google.fr&gwh=751C8A2AB9C9AC1DA6D92E5563DF1816&gwt=pay
Green dam :
https://opennet.net/chinas-green-dam-the-implications-government-control-encroaching-home-pc
CAC ? publish ? ? Internet key device and network security catalog”:
https://www.cac.gov.cn/2017-06/09/c_1121113591.htm
https://www.cac.gov.cn/2018-03/05/c_1122489671.htm
In China you now have to provide your real identity if you want to comment online
https://www.lawfareblog.com/shrinking-anonymity-chinese-cyberspace
Boss of Chinese Cyberspace Administration gets purged
https://www.wired.com/beyond-the-beyond/2018/02/boss-chinese-cyberspace-administration-gets-purged/
China’s New Cybersecurity Law - What International companies should know
https://www.policyforum.net/the-need-for-clarity-in-international-cyber-law/