Slashdot Mirror
Lenovo Under U.S. Probe for Spying
BigControversy writes "The DailyTech has a report indicating that Lenovo, the giant Chinese PC manufacturer, is under a probe by the U.S.-China Economic Security Review Commission (USCC) for possible bugging. Apparently, the government has ordered 16,000 PCs from Lenovo but is now requesting that Lenovo be investigated by intelligence agencies. The fear is of foreign intelligence applying pressure to Lenovo to equip its PCs so that the U.S. can be spied on." From the article: "Despite the probe, Lenovo says that its international business, especially those that deal with the US, follow strictly laid out government regulations and rules. Lenovo also claims that even after purchasing IBM's PC division, its international business has not been affected negatively. Interestingly, in an interview with the BBC, Lenovo mentioned that an open investigation or probe may negatively affect the way that the company deals with future government contracts or bids." There just has to be better uses of our intelligence community's time.
Isn't this the perfect use of our intelligence community? I think this is a very valid threat from a community like China who has been known to have spies in the US at all times. (Not saying we don't spy back, but that's the game!).
A lot of federal agencies have policies about using foreign hardware/software for reasons just like this. Go USA!
We have a crapload of good PC Manufacturers here in the states, and our government instead orders 16,000 PCs from a Chinese manufacturer?
{} ------ When I think of a good sig, I'll put it here
The fear is of foreign intelligence applying pressure to Lenovo to equip its PCs so that the U.S. can be spied on."
Should read:
The fear is of the Chinese Trade Gap widening further
Fixed! (Its a joke for the humour impaired)
My pics.
Better use of intelligence time? This should be taken damned seriously. Have a look at PROMIS and tell me this is a benign subject..
This isn't much different than the Chineese Governments fear of backdoors placed in M.S. Windows by U.S intellegence. The shoe is on the other foot now.
On the one hand, they have a point: it would be very easy for the Chinese government to "encourage" Lenovo to plant things in these machines to allow them to spy on the US. On the other hand, given the profusion of malware, keyloggers, Trojans, and such, the Chinese government could already be spying on the US without having to go to such extraordinary lengths. Frankly, it's too obvious to be credible.
GetOuttaMySpace - The Anti-Social Network
Hmmm, with so many goods coming from China these days, your TV and DVD player may be spying on you too, or in the near future, especially with the growth of home networks. Seriously, trying to buy any kind of electronics that don't come from China is getting harder and harder. Do it yourselfers aren't much safer, afterall, would anyone notice if the network chip on that Chinese made motherboard have some extra functionality? My, isn't paranoia fun?
To the making of books there is no end, so let's get started
They spy on us, and we spy on them. Nothing new.
The only thing is now they're worried that the Chinese gov got a PC supplier to fiddle with their product. Maybe not all, just 1 out of 100 or something.
Do I think China did this? No.
But it's pretty much the job of intelligence agencies to be paranoid.
And you didn't install the OS yourself from something "known good" (or at least believed good, like a generic windows install CD bought at best buy or your other favorite local rip-off shop) you're an idiot.
Beyond that, by talking about it, you've given "the enemy" information on how your IT practices work: you pretty obviously don't use ghost or any similar sort of mass deployment software. (yes, I realize that for laptops with all their custom crap it doesn't work as well. Still, a place I worked as a summer intern used to do it back in the 96-2000 era on IBM thinkpads, so...)
Security by obscurity? Sure. That is all your password is, after all too, it (sec by obs) isn't strictly a bad thing.
Slashdot Patriotism: We Support our Dupes!
Any built-in addition features in the hardware, the bios or
even the preinstalled operating system would be immediately
detected and destroy the entire PC business of Lenovo abroad.
After all, it'd be so easy to find a PC that didn't have any components made in China. Where's the sarcasm tag? :-)
The USCC is an organ of the US Congress. These are the members. If I understand correctly, they are all politicians. Chinese do things cheaper than Americans, American politicians whine so they look like they are against outsourcing, then they buy happily.
Seriously, bugging thousands of PCs to get intelligence? Give me a break. Intelligence is not just about getting information, it is also about not getting caught and leaving no evidence. Thousands of PCs trying to send coded messages to Beijing would ring a bell even at the Department of Homeland Security. It's much simpler and safer to buy or blackmail a politician or an employee to provide information.
Victims of 9/11: <3000. Traffic in the US: >30,000/y
Dell, HP, IBM, Apple, and many, many others are most of the time built right next to each other in China. I'd be willing to bet there isn't a single computer where every piece in it is made in the USA, or a US Friendly country (friendly by my definition = NATO)
As a rock-in-roll Physicist once said, No matter where you go, there you are.
Hell, no doubt even Canada has a few.
Xenophobia.
I have nothing further to add, because that word sums it all up. While there are valid threats against the USA and in the intelligence community there are measures to tap into restricted data, they are NOT going to mess with PCs for fuck's sake! If someone has high security requirements that entity is not going to buy from a consumer level shop ANYWAY.
Geez.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
Levono is NOT being investigated for spying or bugging the computers sold to the US Government.
The US Government is basically doing a security check on the computers they ordered to make sure there's nothing extra on those computers.
Someone got their panties all in a wad is trying to score some polipoints by being patriotic.
There really is smoke without a fire. This proves it.
In Soviet Russia, I ruled you
...why did they order the PCs from China in the first place? Didn't they know that their attempt to save a buck might end up in future unforeseen costs?
So that they can start planting the seeds of war with China. What better way to recoup all the money that we owe them but to go to war w/them for years so we don't have to pay it back?!
Though Windows/IE takes less than an hour on average to become infected with spyware after connecting to the Net, Lenevo saves you the trouble by pre-loading it.
(A joke, not a troll)
First off, they aren't under a "probe" for possible spying, despite what the article says. A "probe" would imply that somebody has reason to believe there is actually spying going on. Instead, this is a stupid "investigation" to ensure that there isn't, despite a complete lack of evidence saying there is. This is simple xenophobia, nothing more.
Do the geniuses that ordered this "probe" realize that the vast majority of components in a modern computer come from the orient? That it is VERY difficult to find a keyboard, mouse, case, or power supply that is NOT made in China? Do they know that many laptops (not Lenovo) are manufactured by Chinese-owned companies, and/or made directly in China itself?
The only thing that could be worrisome is if they had Lenovo handle the builds on the hard drives, but NO classified shop should be relying on "outside" builds anyway.
Do these folks ALSO realize that by law, no computer containing classified data may be connected to a public network of any kind? How is any "bugged" machine supposed to export the data? Osmosis? Telepathy?
SirWired
Like it or not, we totally depend on other countries. I used to work on a military system that used tubes (valves for you brits). The tubes were no longer made in the west. The only source of the tubes was the USSR (with whom we would have been at war, if there was a war). If the third world war had lasted more than a month, we would have had to order spare parts from the Russians.
Mil Spec used to require second source suppliers for everything. That means every chip, resistor and capacitor. To do that now would require that several companies have the complete design of everything down to the last square mm of silicon. Such a policy would effectively prevent spying devices because many people would be able to examine the design. The same reason that open source is safer than Windows is the same reason that hardware designs should be open sourced (or at least second sourced).
BTW. You are absolutely right. Even friendly countries spy on each other. There was a story going around a while ago about an embassy had to be totally torn down because the local workers who built it had planted many microphones in it.
This is exactly the kind of thing our intelligence communities should be getting involved in. First off, this kind of stunt would be the first thing our own intelligence agencies would try to do if the Chinese government were buying computers built by an American company on American soil. Some arm of the US intelligence community planted bugs in wine bottles and other amusing places near the UN ambassadors on the Security Council during the buildup to the Iraq War.
The Chinese practically wrote the book on espionage. For some interesting reading on the subject take a look at The Tao of Spycraft". Interesting, if extremely dry, reading if you're interested in the intelligence community. A very good look at the LONG history of intelligence practice that the Chinese government has to draw on. I got interested working in computer security when everyone else in my office was ex-mil intelligence.
And not being particularly antagonistic toward us doesn't mean anything. Back in 1999/2000, the general opinion by most of my co-workers who knew something about it was that France and Israel were the countries that were spying on us the most, with China coming in third. The only reason Britain wasn't number 1 on the list was "we already give them everything we know."
I wouldn't put it past us to try it on them, so it would be ridiculous to trust that they wouldn't try it to us too.
Probably they should ship the laptops to Jerry Taylor in Tuttle, Oklahoma for inspection.
Big ones, small ones, some as big as yer 'ead!
Give 'em a twist, a flick o' the wrist...
China:1,306,313,813
United States: 298,290,000
Get back to me when China doesn't outnumber the United States 4 to 1.
But seriously, what effect does declining population have on either China's stability or beligerence.
Also, what does it say when successive generations are viewed not as hope for the future but a threat to it?
...are you going to find a collection of article summaries that:
1) criticize the United States for using it's intelligence resources to protect itself from a corporation operating out of Communist China.
2) criticize the US for not using intelligence resources "_enough_" to protect its ports/borders/etc.
3) criticize the US for using intelligence resource "_too_much_" by wire-tapping potential terrorists.
Go figure.
I read
There is. You just don't hear about it.
First of all I think anything installed would quickly be found and be the end of lanovo. secondly If they are going to have this kind of view then they will have to look at all brands of computers like Dell or Gateway because I bet you at least some of the parts (if not all) came from a foreign source. Personally this sounds like a bad press move by a competitor to ruin Lanovo because they make such a good product....
US Intelligence: "If there is any spying to do on Americans, WE'RE the ones that are going to do it!".
read this. it's about backdoors being put in the routers. this was in 2004. given modern virtualiztion technology and large chip real-estates, the idea of hiding a hardware backdoor into a cpu is not as difficult to imagine as it once was. But of course there's plenty of other places to put stuff that would be damaging. In the bios roms, in the wi-fi, in the grpahics cards and the USB controller chips. just imagine putting a key logger in every usb handler chip. Not to hard ot imagine is it.
Xenophobia. I have nothing further to add, because that word sums it all up. While there are valid threats against the USA and in the intelligence community there are measures to tap into restricted data, they are NOT going to mess with PCs for fuck's sake! If someone has high security requirements that entity is not going to buy from a consumer level shop ANYWAY.
...
That's terribly naive. You fail to realize that most espionage is industrial. Billions of dollars are lost due to industrial espionage, foreign countries acquire R&D info that saves them time and money, their military tech is advanced by years,
Also naive is to think that people with high security are the only target. In the real world espionage often goes for indirect info. What companies are supplying the goods and services, are their changes in orders, their production, etc. You don't have to get the general's plan for an invasion, you may only need to identify his preparations.
Did you know that there are other "American" computer manufacturers have their computers manufacture in Shanghai. I know Apple does. What of HP and Dell? Let's face it, the Chinese make our clothes, trash cans, and anything else that can be brought in an office building. To phrase a popular /. quote, "I for one welcome our Chinese overlords" and "me colloborate long time"
You don't have to be smart to use a Mac, you just have to be smart enough to buy one
Anti immigrant, anti foreigners(Lenovo, CNOOC 18.b billion USD bid for US oil company, Dubai ports deal, Israeli attempt to by US security firm,etc etc). We're like this precisely when reports come out saying there is little savings by Americans. Foreigners are flush with cash, they are sitting on piles and piles of dollars, and they're finding dollars are harder to use.
I still maintain that as this continues this will increase inflation, USD will be the new monopoly money.
2 years and no mod points. Join reddit. Because openness is good.
who would be really surprised if the US Gov't was putting pressure on Microsoft to allow backdoors in WIndows to be used to spy on foreign gov'ts....
LedgerSMB: Open source Accounting/ERP
Better late than never. If there's no problem, no problem, which would be nice to know. If there is a problem, the US needs to react to it. Consider it an unintentional consequence of the wholesale offshoring of US (or for that matter, all of the OECD's) manufacturing to cheap labor markets. It's an uncontrolled economics experiment for a major economic power to suddenly switch to having someone else make all of their shit for them. Who knew that not only would the "market" sell the rope that hung them, they would outsource rope making to the hangman.
Looks like Clancy needs to update one of his opus', in which an agent slips the Chinese Politboro an 0wn3d laptop.
Luke, help me take this mask off
Such a policy would effectively prevent spying devices because many people would be able to examine the design.
Spying devices are not documented! When things like this are done, a select few people from a supplier are dragged aside to make a modified version of the product. Having access to the drawings for the original, unmodified product does nothing to prevent this.
The ONLY way to tell is to tear the actual product apart, having two vendors and lots of documentation does nothing to help with this.
Life is too short to proofread.
However US corporations can inspect the goods returned from manufacturing, verifying that the ROMs and the installed software matches what they provided.
Harder said than done. I could have a chip made that looks just like a ROM, but contains an extra code version that it switches to after say, 100 hours of use.
You could run checksums all you want, but the only way you could catch that is if you either depackage the chips and inspect it, or happen to inspect your computer after it's alreay been in service for 100 hours.
I could even make the chip smart enough to detect when a typical checksum is being done, and revert back to the original code.
People trust computer chips a LOT more than they should.
Life is too short to proofread.