Lenovo Under U.S. Probe for Spying

BigControversy writes "The DailyTech has a report indicating that Lenovo, the giant Chinese PC manufacturer, is under a probe by the U.S.-China Economic Security Review Commission (USCC) for possible bugging. Apparently, the government has ordered 16,000 PCs from Lenovo but is now requesting that Lenovo be investigated by intelligence agencies. The fear is of foreign intelligence applying pressure to Lenovo to equip its PCs so that the U.S. can be spied on." From the article: "Despite the probe, Lenovo says that its international business, especially those that deal with the US, follow strictly laid out government regulations and rules. Lenovo also claims that even after purchasing IBM's PC division, its international business has not been affected negatively. Interestingly, in an interview with the BBC, Lenovo mentioned that an open investigation or probe may negatively affect the way that the company deals with future government contracts or bids." There just has to be better uses of our intelligence community's time.

Disagree on the last comment

[JMUChrisF]

Isn't this the perfect use of our intelligence community? I think this is a very valid threat from a community like China who has been known to have spies in the US at all times. (Not saying we don't spy back, but that's the game!).

A lot of federal agencies have policies about using foreign hardware/software for reasons just like this. Go USA!

Re:Disagree on the last comment

[Mattcelt]

Absolutely! This is what the counterintelligence agencies DO!

Seriously, who would be surprised if a Chinese company (remember the Chinese? They're still Communists!!) was encouraged to spy on U.S. Government agencies? To think otherwise is, IMO, incredibly naïve.

Personally, I think Lenovo ought to be barred from selling hardware to the U.S. Government altogether. It's simply not worth the security risk.

Re:Disagree on the last comment

[Confused]

A lot of federal agencies have policies about using foreign hardware/software for reasons just like this. Go USA!

Oh yes, while the notebooks carried the IBM lable, they were good american products, while now they're evil chinese. Very interesting approach, considering that the computers were built all the time in the same factory in China.

I guess, if you'd have to buy american-only computers, you won't be able to purchase from Dell, IBM, HP, Toshiba, Sun and most other brands.

Re:Disagree on the last comment

[Stargoat]

The Chinese communist government with nuclear missiles pointed at Japan, Taiwan, and the US do not have %10 share ownership of Dell. The Chinese communist government that is routinely caught spying on Japan, Taiwan, and the US does not have %10 share ownership of HP. The Chinese communist government that frequently trades with Iran, Libya and has been responsible for the dissemination of nuclear plans to Pakistan and North Korea does not have 10% share ownership of Toshiba.

China is a problem. It is a problem in terms of human rights, and in terms of foreign policy. It is right and natural that the PCs the US government is purchasing from a company owned by a semi-hostile foreign government. (And if you think that the PRC is not hostile to the US and is actively promoting anti-Americanism for the purpose of pan-Chinese nationalism, spend some time over there.)

Re:Disagree on the last comment

[MosesJones]

Seriously, who would be surprised if a Chinese company (remember the Chinese? They're still Communists!!) was encouraged to spy on U.S. Government agencies? To think otherwise is, IMO, incredibly naïve.

Seriously, who would be suprised if a US Company (remember the US, they invaded Cuba, supported the Contras and recently invaded two countries and have taken part in illegal renditions and torture) was encouraged to spy on Foreign Goverment agencies, like the French, Russians, Chinese or Germans who opposed the 2nd UN resolution? To think otherwise is, IMO, incredibly naive.

Equally you could say the same about the Brits, French, German, Russian etc etc etc Goverments who have ALL at sometime or another (like the US) used companies abroad to "help" with intelligence or the enforcement of policy (like the recent Cubans in the Hotel debacle).

The reason for picking on China is xenophobia, plain, old and simple, dressed up in McCarthy era justifications around communism.

So let me get this straight..

[trazom28]

We have a crapload of good PC Manufacturers here in the states, and our government instead orders 16,000 PCs from a Chinese manufacturer?

I think not.

[biggyfred]

Better use of intelligence time? This should be taken damned seriously. Have a look at PROMIS and tell me this is a benign subject..

MicroSoft

[bombadillo]

This isn't much different than the Chineese Governments fear of backdoors placed in M.S. Windows by U.S intellegence. The shoe is on the other foot now.

Not Surprised

[kannibal_klown]

They spy on us, and we spy on them. Nothing new.

The only thing is now they're worried that the Chinese gov got a PC supplier to fiddle with their product. Maybe not all, just 1 out of 100 or something.

Do I think China did this? No.

But it's pretty much the job of intelligence agencies to be paranoid.

Re:Not Surprised

If anyone has attended a presentation by Lenovo, they are VERY big into the Trusted Platform Module (TPM). The chip they use is supposedly unerasable, at least outside the factory anyway. So no flashes are possible. The only way they say they can change the config is by replacing the actual chip.

And of course, what's available from that chip varies depending on the features you buy. They could make i

At any rate, it's entirely plausible that they could put a backdoor into the TPM chip could have a backdoor in it that the Chinese could use to spy on the government and even US companies. Very likely could be undetectable. Or if it was detected, not much could be done about it short of junking the laptop.

Sure, leakage of this could cause Lenovo to lose business. The whole point is that it's kept on the downlow, because is a source is exposed, it'll dry up.

Not only does it make business sense to keep it quiet, it'll also lose the Chinese gov't a potentially lucrative source of intelligence.

I doubt it

[e**(i+pi)-1]

Any built-in addition features in the hardware, the bios or
even the preinstalled operating system would be immediately
detected and destroy the entire PC business of Lenovo abroad.

Re:I doubt it

[Beryllium+Sphere(tm)]

Immediately detected?

Some counterexamples include the Sony rootkit, which was shipping for most of a year before being caught and wasn't even that cleverly coded, and Interbase, which went six or seven years before anyone noticed the back door login. Or of course the brilliant Ken Thompson backdoor in /bin/login.

The problem with this investigation is that PCs shouldn't be trusted anyway. Does anyone think that an intelligence agency couldn't develop, or spend a thousand dollars to buy, a zero-day Windows vulnerability?

Just a stunt

[orzetto]

The USCC is an organ of the US Congress. These are the members. If I understand correctly, they are all politicians. Chinese do things cheaper than Americans, American politicians whine so they look like they are against outsourcing, then they buy happily.

Seriously, bugging thousands of PCs to get intelligence? Give me a break. Intelligence is not just about getting information, it is also about not getting caught and leaving no evidence. Thousands of PCs trying to send coded messages to Beijing would ring a bell even at the Department of Homeland Security. It's much simpler and safer to buy or blackmail a politician or an employee to provide information.

Try and find a computer not made in China

[OS24Ever]

Dell, HP, IBM, Apple, and many, many others are most of the time built right next to each other in China. I'd be willing to bet there isn't a single computer where every piece in it is made in the USA, or a US Friendly country (friendly by my definition = NATO)

Hilarious

After basically ignoring the fact that Hughes transferred critical missile technology to China, NOW the government is worried about a few PC's used to spy on us?

All the Chinese have to do is pony up a few bucks to any greedy US corporation and they can get the data much easier!

Everyone has spies here.

[C10H14N2]

Hell, no doubt even Canada has a few.

There is a very good word for this phenomena:

[A+beautiful+mind]

Xenophobia.

I have nothing further to add, because that word sums it all up. While there are valid threats against the USA and in the intelligence community there are measures to tap into restricted data, they are NOT going to mess with PCs for fuck's sake! If someone has high security requirements that entity is not going to buy from a consumer level shop ANYWAY.

Geez.

Re:There is a very good word for this phenomena:

[nmos]

they are NOT going to mess with PCs for fuck's sake! If someone has high security requirements that entity is not going to buy from a consumer level shop ANYWAY.

So you're saying that the sensitive departments of the US government custom builds their own desktops and laptops? Have a reference?

Re:There is a very good word for this phenomena:

[finnif]

Ya know, you say that like it's a bad thing, but maybe we need to be a little more xenophobic.

Our steel industry is completely decimated now. We barely make any heavy machinery in the United States. God forbid we actually ever get into a real war against the countries we've outsourced these things to.

Besides that, xenophobia is good for business. Look at the Japanese.... no one can sell electronics to them except Japanese. It's a guaranteed lock that the new Nintendo and Playstation boxes will do well in Japan even if the Xbox 360 is #1 everywhere else in the world. Yet we talk about xenophobia like it's a bad thing? Maybe the US would do better if we actually stopped buying everything at Wal-Mart, your discount Chinese offshored manufacturing headquarters.

Re:There is a very good word for this phenomena:

The U.S. supremacy lies mostly in "blow shit up." When you move from "blow shit up" to "occupy foreign lands" you need a constant stream of supplies for ground troops. If the U.S. were ever to go to war with China not only would its military capacity become an issue, but the entire domestic economy would have to go with "WTF?" as the prices of most goods skyrocketed. China is quickly becoming the production center of all first-world powers, including all of the allies you expect to be there to supply the U.S. with all of the equipment it requires. The U.S. doesn't have the facilities or the workforce to simply adjust its economy to producing consumer electronics and machinery. You don't just go, "Welp, time to start producing RAM because Taiwan and Singapore are smoking craters." You betray an impressive display of ignorance of industrial engineering.

That is one interesting article summary by OP

[gorbachev]

Levono is NOT being investigated for spying or bugging the computers sold to the US Government.

The US Government is basically doing a security check on the computers they ordered to make sure there's nothing extra on those computers.

Someone got their panties all in a wad is trying to score some polipoints by being patriotic.

There really is smoke without a fire. This proves it.

This crap pisses me off...

[sirwired]

First off, they aren't under a "probe" for possible spying, despite what the article says. A "probe" would imply that somebody has reason to believe there is actually spying going on. Instead, this is a stupid "investigation" to ensure that there isn't, despite a complete lack of evidence saying there is. This is simple xenophobia, nothing more.

Do the geniuses that ordered this "probe" realize that the vast majority of components in a modern computer come from the orient? That it is VERY difficult to find a keyboard, mouse, case, or power supply that is NOT made in China? Do they know that many laptops (not Lenovo) are manufactured by Chinese-owned companies, and/or made directly in China itself?

The only thing that could be worrisome is if they had Lenovo handle the builds on the hard drives, but NO classified shop should be relying on "outside" builds anyway.

Do these folks ALSO realize that by law, no computer containing classified data may be connected to a public network of any kind? How is any "bugged" machine supposed to export the data? Osmosis? Telepathy?

SirWired

uummm

[arrgster]

First of all I think anything installed would quickly be found and be the end of lanovo. secondly If they are going to have this kind of view then they will have to look at all brands of computers like Dell or Gateway because I bet you at least some of the parts (if not all) came from a foreign source. Personally this sounds like a bad press move by a competitor to ruin Lanovo because they make such a good product....

Re:Only on slashdot...

[A+beautiful+mind]

"1) criticize the United States for using it's intelligence resources to protect itself from a corporation operating out of Communist China."

Except that China is not communist. It is MORE capitalist than the USA. It is also not a democracy.

"2) criticize the US for not using intelligence resources "_enough_" to protect its ports/borders/etc."

Actually, every sane government would and does protect it's borders. You don't generally see the security service outsourced to a foreign country for the same reason borders either shouldn't exist or they should be effective at what they are doing. A port is part of the border system.

"3) criticize the US for using intelligence resource "_too_much_" by wire-tapping potential terrorists."

Except, that now a "potential terrorist" description fits 90%+ of the total population of the USA.

You fail to realize most espionage is industrial

[AHumbleOpinion]

Xenophobia. I have nothing further to add, because that word sums it all up. While there are valid threats against the USA and in the intelligence community there are measures to tap into restricted data, they are NOT going to mess with PCs for fuck's sake! If someone has high security requirements that entity is not going to buy from a consumer level shop ANYWAY.

That's terribly naive. You fail to realize that most espionage is industrial. Billions of dollars are lost due to industrial espionage, foreign countries acquire R&D info that saves them time and money, their military tech is advanced by years, ...

Also naive is to think that people with high security are the only target. In the real world espionage often goes for indirect info. What companies are supplying the goods and services, are their changes in orders, their production, etc. You don't have to get the general's plan for an invasion, you may only need to identify his preparations.

Speaking about those Chinese

[Enrique1218]

Did you know that there are other "American" computer manufacturers have their computers manufacture in Shanghai. I know Apple does. What of HP and Dell? Let's face it, the Chinese make our clothes, trash cans, and anything else that can be brought in an office building. To phrase a popular /. quote, "I for one welcome our Chinese overlords" and "me colloborate long time"

Likewise

[einhverfr]

who would be really surprised if the US Gov't was putting pressure on Microsoft to allow backdoors in WIndows to be used to spy on foreign gov'ts....

National Security != Waste Of Time

[cmholm]

Virtually all laptop manufacturing is already off-shore. If you're worried about foreign spying, you've already lost the war. This "investigation" is a complete waste of time.

Better late than never. If there's no problem, no problem, which would be nice to know. If there is a problem, the US needs to react to it. Consider it an unintentional consequence of the wholesale offshoring of US (or for that matter, all of the OECD's) manufacturing to cheap labor markets. It's an uncontrolled economics experiment for a major economic power to suddenly switch to having someone else make all of their shit for them. Who knew that not only would the "market" sell the rope that hung them, they would outsource rope making to the hangman.

Looks like Clancy needs to update one of his opus', in which an agent slips the Chinese Politboro an 0wn3d laptop.

Re:US Corps can verify ROMs and installed software

[theLOUDroom]

However US corporations can inspect the goods returned from manufacturing, verifying that the ROMs and the installed software matches what they provided.

Harder said than done. I could have a chip made that looks just like a ROM, but contains an extra code version that it switches to after say, 100 hours of use.

You could run checksums all you want, but the only way you could catch that is if you either depackage the chips and inspect it, or happen to inspect your computer after it's alreay been in service for 100 hours.

I could even make the chip smart enough to detect when a typical checksum is being done, and revert back to the original code.

People trust computer chips a LOT more than they should.