Feds Ask IT Execs To Throw Away Cellphones After Visiting China

sholto writes "US intelligence agencies are advising top US IT executives to weigh their laptops before and after visiting China as one of many precautions against corporate espionage. Symantec Chief Technology Officer Mark Bregman said he was also advised to buy a new cellphone for each visit and to throw it away after leaving. Bregman said he kept a separate MacBook Air for use in China, which he re-images on returning, but claimed he didn't subscribe to the strictest policies. 'Bregman said the US was also concerned about its companies employing Chinese coders, particularly in security.'"

huh

[JeanBaptiste]

how much does data weigh? I'm sure the 1's are heavier than the 0's....

Re:huh

[thefear]

Data may be weightless, but how about hardware key logging devices?

Re:huh

[fridaynightsmoke]

how much does data weigh? I'm sure the 1's are heavier than the 0's....

I'd have thought the 0's would be heavier, them being all fat-looking and the 1's all skinny..
Seriously though, I think that the 'weighing' scheme is intended to detect the addition of malicious hardware (however likely or not this may be).

Re:huh

[MyLongNickName]

No, you noob. 0's are fat while 1's are skinny. When formatting a disk, make sure to use a utility to fill it with 1's instead of the 0's.

Re:huh

[fuzzyfuzzyfungus]

The data weight nothing. The hardware keylogger probably weights between 1 and 15 grams.

Re:huh

[gzipped_tar]

It is reported by the uptime command (system "load"). When the CPU is busy its weight increases; when you turn it off it weighs exactly zero. That's why they ask you to turn off your laptop when your airplane is taking off: to save oil by reducing weight ;)

Re:huh

[bheekling]

I'm tempted to make a funny reply about how entropy increases cause a change in mass...

However, I'm pretty sure they're talking about hard-hacks, aka "chips under your keyboard" to listen in to network traffic, keyboard usage, hard disk IO, VGA screen dumping and what not.

Re:huh

[JeanBaptiste]

Yeah, but only the 1's contain data. The 0's are empty.

Re:huh

[thefear]

malicious hardware (however likely or not this may be).

I would argue that it isn't all that unlikely. Keylogging devices can be cheaply purchased for consumers, and we already know of cases where China has broken into hotel rooms, stollen blackberry's, etc.

I actually consider it unlikely that they WOULDN'T be installing keyloggers in the laptops of execs who frequently travel to china.

Re:huh

[Chrisq]

Now they know that we weigh them it wouldn't be that hard to cut the equivalent weight. There are plenty of internal struts that can be drilled, etc to make up for a lightweight hardware device.

Re:huh

[ViViDboarder]

Someone doesn't get the joke...

Re:huh

[Chrisq]

If you two keep arguing about 1s and 0s my monitor will fall through the desk. Type some spaces quick.

Re:huh

[Telecommando]

You young punks are lucky.

In my day we didn't have ones and zeros, we had to use l's and O's and we were damn luck to have them.

Re:huh

Yeah you.

Re:huh

Whooooosh...

Re:huh

[jackharrer]

And how much breadcrumbs in keyboard do? So do they also suggest to hoover the keyboard before?

Re:huh

[gardyloo]

Filter error: Please use less whitespace.

    Sorry, man. You'll just have to buy a stronger desk.

Re:huh

[Rude+Turnip]

While this is a funny and lighthearted question on Slashdot, this is a real question for certain demographics:
http://www.geeksaresexy.net/2009/08/07/how-much-does-data-weigh/

Re:huh

[vlm]

how much does data weigh? I'm sure the 1's are heavier than the 0's....

In the punchcard / papertape era, it was obviously the other way around, 0s are heavier, 1s (punched out) are lighter.

Re:huh

[fridaynightsmoke]

Now they know that we weigh them it wouldn't be that hard to cut the equivalent weight. There are plenty of internal struts that can be drilled, etc to make up for a lightweight hardware device.

If they wanted to be really clever, they could desolder selected chips and replace them with chips having 'additional functionality', so to speak.

Re:huh

[mweather]

Or just add the additional features at the factory and skip the desoldering altogether.

Re:huh

[MadnessASAP]

You had O's? We had to use the Q key.

Re:huh

Both weigh the same, n00bs. McLovin knows it too:
http://social.answers.microsoft.com/Forums/en-US/vistahardware/thread/720108ee-0a9c-4090-b62d-bbd5cb1a7605

Re:huh

Spaces are 00100000...

Re:huh

[fridaynightsmoke]

Or just add the additional features at the factory and skip the desoldering altogether.

Indeed, sir.
http://slashdot.org/comments.pl?sid=1370863&cid=29440227

Re:huh

[PitaBred]

Allow me to be the first to say... "whooooosh"

Re:huh

If you two keep arguing about 1s and 0s my monitor will fall through the desk. Type some spaces quick.

Spaces? It sounds like you're using a serial terminal rather than a monitor.

Re:huh

[Shakrai]

Data may be weightless, but how about hardware key logging devices?

That reminds me of a Cold War story I heard once upon a time. The CIA worked with a Xerox technician to secretly install a camera inside the machine(s) at the Soviet embassy. They got away with it for a long time because those old machines were so complicated that only a handful of people knew how they really worked.

This is just the modern day equivalent. If your hardware is out of your sight even for a few moments it should be treated as though it was compromised. If it's worked on by someone that you don't trust implicitly then it should be treated as though it was compromised.

Re:huh

[MiniMike]

There's also the possibility that they would replace hardware with their own 'special' version, rather than add something completely new. In either case, they could scrape the equivalent weight in crud off of (or under) the keyboard of many laptops I've seen.

Re:huh

[supernova_hq]

Hey cool, the hotel fixed all the scatches in my cellphone while I was having a shower. This calls for a BIG tip to housecleaning!

Re:huh

Are you kidding? Spaces are all 1's in ascii->binary!

Re:huh

[Lumpy]

Exactly, as all them are made in China to begin with.

Nobody can afford a US made laptop. It would make a top of the line Toughbook look like it was cheap.

Re:huh

[Eevee]

They knew the camera was there, but they were too overcome with joy that the copier wasn't constantly broken to care.

Re:huh

[b4dc0d3r]

An airplane builder had its proprietary metal reverse engineered by asian companies. They did a great job with security, so couldn't figure out how the metals got sampled. People can't just go scrape parts off a military airplane, especially when it's not built yet.

They gave tours and you couldn't take pictures, but you could see planes being built.

Turns out asians were using very soft-soled shoes. So while looking up and pointing, they pressed their feet down on metal filings, and when they drove away they had samples in their shoes, to be analyzed later.

Sneaky bastards work in corporate espionage.

Re:huh

[natehoy]

Yes, we had O. To do a "Q", you did an O, then backspaced and typed a comma over it.

Re:huh

[buswolley]

I understand the concern but...all our computers are made in China anyway. How dow e know if the Hardware isn't betraying us already?

Re:huh

[Mister+Whirly]

I don't know, but I hear the software keyloggers weigh much less...

Re:huh

[Mister+Whirly]

If your hardware is out of your sight even for a few moments it should be treated as though it was compromised.

Apparently you have never had the joy of taking apart one of the old iBooks. (It takes about 35 minutes and removing about 17 screws just to get to the hard drive.)

Re:huh

[joocemann]

China, a country, broke into a hotel room and stole blackberrys?

please reword...

Re:huh

Man your worried about 1's and 0's a space is like x20 times bigger.

Re:huh

[Tony+Hoyle]

Power supplies, computers, phones, etc. All stamped with 'made in china'.

Everything down to the component level is produced there. If they wanted to bug them they could do it at any point during manufacture.

Re:huh

[Tony+Hoyle]

Perhaps he's talking about a secret band of mafia cutlery?

Re:huh

cant they donate them to a organization that would drive them insane with their wonderful typing commentary. green peace / peta

Re:huh

[Reece400]

I wonder how many kids will think you're completely making that up?

Re:huh

[Darth+Cider]

No, the Soviets did that. Here's an old George Will column relating the tale. The subject of the column is Soviet industrial espionage.

Re:huh

[MiniMike]

If you can remove 15 g of crud from your cellphone, the bugs you should be worrying about are not the ones the Chinese put in your cellphone.

Re:huh

Don't worry about weighing it, the chinese key loggers were built in when the device was first manufactured, not when you visited.

Re:huh

[GodfatherofSoul]

It is. There was a story a few months ago about the Department of Defense using router hardware sent to them with onboard hacks.

Re:huh

[appleprophet]

Hold on, I couldn't quite hear you underneath through your suit of tinfoil armor.

Let me get this straight, you're asking how do we know that Chinese manufacturers haven't secretly bugged enough computers in the US so that when signs on, there is a non-trivial chance that he is running industrially sabotaged hardware?

This is absolutely ridiculous, but given that it's a +5, insightful question, here are just a few issues:

- It would require a massive conspiracy, like none we have ever seen.
- Apple, Dell, etc. are not so incompetent in their QA that they would not know that the hardware is somehow phoning home.
- The sum of the worlds nerds are not so dumb that they would not notice all hardware phoning home.
- It is too expensive to bug every machine, natural competition would favor companies who do not install this extra stuff.
- China would face political ruin by trying to pull a stunt like this if it was discovered that they were spying on the world.

Re:huh

[LanMan04]

Yes, bugged/compromised hardware coming out of China is most definitely a concern.

TRUST ME, people in high places in the Fed Gov look into this stuff on a regular basis.

Re:huh

I guess it's only fair the hardware is trojaned to report back to east when software (winders) is trojaned to report to west and redmond...

Re:huh

Actually, this incident happened not with Asians, but with Russians.
In the late forties/early fifties fifties, when they tried to replicate Rolls-Royce aircraft engines, the Russian engineers were unable to figure out which alloy the British turbine blades were made of. One of the Russian engineers, S. T. Kishkin, used special shoes to pick up some filings during a friendly visit to one of the Rolls-Royce factories.
Source (in Russian): Nauka i Zhizn'

Re:huh

[JAlexoi]

US had to import and inspect bricks to USSR, just because they were once provided with bricks each containing a microphone! Can you imagine a building made of those bricks!

Re:huh

[Mikkeles]

'I'm sure the 1's are heavier than the 0's....'

Nonsense, surely the diameter is shorter than the circumference?

Re:huh

[Stradivarius]

It would require a massive conspiracy, like none we have ever seen.

Not really, all it would require is a few people in the right places in a couple of high-market-share manufacturers. If you built something into the tools used by those manufacturers, it could be transparent.

Also, you don't need to own every device. You could choose to target critical infrastructure devices - say a router, switch, DPI equipment or whatever. Something that handles lots of traffic and thus is well-positioned for either intelligence collection or denial/disruption of service.

Apple, Dell, etc. are not so incompetent in their QA that they would not know that the hardware is somehow phoning home.

Maybe it only phones home after receiving some sort of signal (such as a predetermined sequence of packets, packets with certain formatting, etc). QA testing is unlikely to uncover something like that, and even if they do may have a hard time reproducing it (which may make them less likely to pursue it).

The sum of the worlds nerds are not so dumb that they would not notice all hardware phoning home.

As above, it doesn't have to be all hardware, nor so stupid as to phone home regularly, or even without receiving an activation signal. That would attract unnecessary attention.

Also, if you're targeting infrastructure devices, they handle so much traffic that it seems possible one could slip in some extra transmissions out without notice.

It is too expensive to bug every machine, natural competition would favor companies who do not install this extra stuff.

Competition favors those with the most capability for the lowest price. An intelligently designed surveillance or disruption module would not degrade capability during normal operation. It would be a sleeper agent until triggered.

The marginal cost of another copy of software is zero. And the initial development cost would likely be picked up by the intelligence agency, not the company that was infiltrated. So the presence of such equipment would have no effect on competition.

And if the company management was aware of the operation, they could even be given secret subsidies by the government to make them more competitive in the marketplace by artificially lowering the cost of their products. This would help ensure success of the trojan.

China would face political ruin by trying to pull a stunt like this if it was discovered that they were spying on the world.

How would anyone know the software was government-created, and not just one of the many unfortunate cases of malware infections we've seen at OEMs in the past?

I'm not saying China or anyone else is necessarily doing any of this stuff. But it wouldn't surprise me. Nations do a lot worse in the world of espionage.

Re:huh

[hackingbear]

Or more likely, they acted as if they didn't know, but just passed fake document over the machines to fool the enemy.

Re:huh

[dave562]

I submitted a story here about a year or so ago about Maxtor hard drives with compromised firmware that were made in China. It never got picked up. Go figure.

Re:huh

[nazsco]

1. install phoning home hardware on all devices
2. disable them by default
3. enable them with some radiation or other mean (just like erasing an EPROM with utraviolet light)
4. wait for key people to arrive under your control so you know their devices. turn on homming components.
5. ???
6. profit!

Re:huh

No! YOU!

Re:huh

Except for Asus, Acer, and Gigabyte computers.

Re:huh

[Ihmhi]

Presumably this kind of stuff is checked before parts are approved for governmental purchase.

Re:huh

[Ihmhi]

Holy shit, I had no idea that you could look up old newspapers on Google. Thanks a bunch man.

Also, George Will is one badass motherfucker. Almost as badass as Paul Mulshine.

Re:huh

[buswolley]

Thank you.

Re:huh

[jonadab]

> Everything down to the component level is produced there. If they
> wanted to bug them they could do it at any point during manufacture.

It wouldn't be cost effective to bug all of the computers made, and then who would analyze all of the data? It's a self-defeating proposition.

On the other hand, a chance to plant a bug in one particular device that is known to belong to a strategically *important* person, that's different.

Re:huh

This was done by in Desert Storm as well. Large copiers were sold to governments with devices that transmitted data to US forces.

Re:huh

[jimmydevice]

Never presume anything. I've lost a few jobs doing exactly that.

Re:huh

[bmomjian]

I know the Soviet's did this to the UK:

    http://www.absoluteastronomy.com/topics/Klimov_VK-1

Are you sure it was an Asian company?

Re:huh

[Imrik]

You don't have to analyze all the data, you just need to find out which bugs are on the computers that may have the data you want. (not that I think they're actually doing this)

Re:huh

They're just trying to make things even -- would you trust a device that had been "retained" out of your sight when passing through US Customs?

Interesting side note -- I just found that a friend who works for Customs is being transferred, with his family, to Toronto for two to five years. He'll be stationed at a "pre-processing facility" so Customs can get a crack at many people before they even get to the US. Kinda like the Customs version of Guantanamo, where they can say, even more forcefully than they do in New York, "You are between countries -- neither in the US nor in another country. YOU HAVE NO RIGHTS HERE!"

Re:huh

The CIA worked with a Xerox technician to secretly install a camera [editinternational.com] inside the machine(s) at the Soviet embassy.

Maybe an even exchange for the idiots who let the Soviets build the US embassy in Moscow with local labor. There were so many microphones in the walls that it was amazing the walls didn't fall apart.

Side note: During the Reagan arms shenanigans, what was the second poorest country (just ahead of Haiti) in the western hemisphere? Ans. -- Honduras. Where was the second largest US embassy in the world (just behind Russia)? Ans. -- Honduras. Why? Ans. -- yours to figure out.

Re:huh

I'd love to visit China to get a free key logger.

Re:huh

[FreakstaXIII]

There was also a story about them using lenovo computers on CIA networks to get data (it was all unclassified) thats what started the fear about the routers and what not, so they started looking and thats what they found

Re:huh

[forgotten_my_nick]

TBH just focusing on China is laughable. Some years back the EU did a report on ECHELON and what they got up to on what you consider is your allies.

http://www.europarl.europa.eu/sides/getDoc.do;jsessionid=7B9ED0C4A4792505626B9FE5464FFC33.node1?language=EN&pubRef=-//EP//TEXT+REPORT+A5-2001-0264+0+NOT+XML+V0//EN

Well worth the read.

There was also another report on Israels spying on the USA. Some months back, but I don't have the URL handy.

Re:huh

What? You want to boink an easy Chinese lumberjack?! Oh wait.. did you say "tree logger" or "key logger"..

Re:huh

[minstrelmike]

how much does data weigh? I'm sure the 1's are heavier than the 0's....

Wrong. 0's are heavier than 1's. They're fatter.

Chinese Coders?

[nschubach]

How would one know if the coder is working for the Chinese? (Or are they using racial profiling to fit that bill?)

Re:Chinese Coders?

[bheekling]

It's not racial profiling, it's (current or previous) nationality profiling, you know, the information that's visible on your passport?

Re:Chinese Coders?

[icebrain]

I believe they mean either coders physically located in China (through outsourcing/remote offices), or Chinese nationals working in the US (who would be identified by the immigration/work authorization paperwork they should have filled out). I really doubt they mean "if he looks Asian, don't put him on security projects".

Re:Chinese Coders?

[Philip+K+Dickhead]

"The meek may inherit the earth, but the strong shall take the stars."

Where ya' takin' 'em? Your mama know about that? Ya' gonna' put 'em back where ya' got 'em from, when your done with 'em?

Re:Chinese Coders?

"Thing is, the Chinese have this whole "for the mother country" thing going on, so it's a sensible precaution."

And Americans don't? Americans practically invented RSI with all that damn flag waving they do, you sir are a racist.

Re:Chinese Coders?

[ViViDboarder]

... Thing is, the Chinese have this whole "for the mother country" thing going on, so it's a sensible precaution.

Well... THAT's racist.

Re:Chinese Coders?

No - you, sir, have no clue about Americans. Americans are in it for themselves, bar none. Any social interest arising from an American economic activity is merely an unintended side-effect of a self interest the executor couldn't turn into profit.

Re:Chinese Coders?

[thisnamestoolong]

Yes racial profiling. Thing is, the Chinese have this whole "for the mother country" thing going on, so it's a sensible precaution.

You say "sensible precaution", I say "blatant xenophobia/racism". The only reason people are worried about any of this to begin with is that America has that same childish and ignorant "for mother country" thing going on as well. It really disturbs me that in 2009 such hatred and bigotry is still the norm and is spouted, not only without consequence but to rave reviews and record ratings, on Fox News and right-wing pseudo-fascist radio programs. We need to realize that all of these boundaries we have set up are simply arbitrary, artificial constructs that have NOTHING to do with reality. To quote the great poet Bill Hicks, "I hate patriotism! It's a round world the last time I checked."

Re:Chinese Coders?

[nschubach]

What if China hired "coders" from Russia to complete their objectives? Their passports wouldn't be Chinese.

Re:Chinese Coders?

[nschubach]

Be fair... this type of thing happens on both sides of the political divide. The far right might blame immigration, but the far left blames CEOs in their own country. I definitely wouldn't call the far right Fascist either. The Left is doing it's fair share of that by taking over companies and setting policy.

From Wikipedia: "Fascist governments forbid and suppress criticism and opposition to the government and the fascist movement. [flag@whitehouse.gov] Fascism opposes class conflict, blames capitalist liberal democracies for its creation [Those damn corporations and their liberal capitalist spending causing all that economic turbulence! We must get this under control!] and communists for exploiting the concept."

Re:Chinese Coders?

[mrdoogee]

And they could have them based in of Brazil! BRILLIANT!

Re:Chinese Coders?

[Sancho]

America has that same childish and ignorant "for mother country" thing going on as well

If we had international laws, policies, standards of living, etc. I'd agree with you. As we don't, I don't see a problem with wanting to take care of our own. International espionagers aren't going to share information--they only want to take it.

It's similar to the prisoner's dilemma. We'd probably all do better overall if we all worked together. China's not going to work with us, though, which means that if we just give them the technology, we're the suckers.

Re:Chinese Coders?

[nomadic]

You say "sensible precaution", I say "blatant xenophobia/racism". The only reason people are worried about any of this to begin with is that America has that same childish and ignorant "for mother country" thing going on as well.

Plus the fact that China uses its technical workers for both industrial and political espionage quite frequently, and has been caught doing it several times.

It really disturbs me that in 2009 such hatred and bigotry is still the norm and is spouted, not only without consequence but to rave reviews and record ratings, on Fox News and right-wing pseudo-fascist radio programs. We need to realize that all of these boundaries we have set up are simply arbitrary, artificial constructs that have NOTHING to do with reality.

To quote the great poet Bill Hicks, "I hate patriotism! It's a round world the last time I checked."

The reason I distrust China is precisely BECAUSE they are too "patriotic"/nationalistic; they're even worse than the US I think in this regards, hell they're still mad over the OPIUM WARS. It has bred a very "us vs. them" mentality (obviously, some of it is understandable because of the country's history) that I think is a hell of a lot more dangerous to us and the world than the communism was.

Just as a side note, Hicks was kind of overrated.

Re:Chinese Coders?

[countvlad]

And that's the way it should be. "Society" shouldn't be the religion of the 21st century, punishing us for our success and demonizing us for our humanity, all the while demanding we tithe to a new God.

Self interest is why we're alive. It's why we have kids, it's why we fall in love, and it's why we go to work. Why isn't it good enough for a law-abiding, hard working citizen to live his or her life without the new original sin that is a "debt to society" for thier success? Maybe if everyone was more concerned about how they live *their* lives and less concerned with how their neighbors are living their's the world would be a better place.

Re:Chinese Coders?

[Runaway1956]

Assassin's Mace, anyone?

While few people recognize it as such, China is waging war against the west. And, they are claiming victories every day, because we have trouble just spelling "asymmetric warfare". I wonder if that recto-cranial insertion so common in Washington and on Wall Street have anything to do with it?

Re:Chinese Coders?

[Shakrai]

You say "sensible precaution", I say "blatant xenophobia/racism". The only reason people are worried about any of this to begin with is that America has that same childish and ignorant "for mother country" thing going on as well

I think China's neo-colonialist actions in Tibet, Xinjiang and Mongolia are another reason that people are worried about her ambitions on the World stage.

We need to realize that all of these boundaries we have set up are simply arbitrary, artificial constructs that have NOTHING to do with reality

You need to realize that such a statement is woefully naive. Reality says there's a huge difference between those boundaries. Standard of living, human rights, privileges and immunities all vary when you cross one of those "artificial constructs". If you think they are just artificial constructs then why don't you try living in North Korea for awhile?

Re:Chinese Coders?

[moeinvt]

"We need to realize that all of these boundaries we have set up are simply arbitrary, artificial constructs that have NOTHING to do with reality."

The human race has drawn lines on the earth, and those lines are typically guarded by people with weapons. Furthermore, when you step across one of those boundaries, the people there might have an entirely different world view, and will use varying degrees of force to impose certain standards of behavior. That's the REALITY, and from an end user perspective, there's nothing "artificial" or "arbitrary" about it. Bill Hicks was taking hallucinogenic drugs when he came up with a lot of his theories.

Re:Chinese Coders?

[thisnamestoolong]

Plus the fact that China uses its technical workers for both industrial and political espionage quite frequently, and has been caught doing it several times.

I never said that China was not using tech workers for industrial espionage -- all I am saying is that it is racist to avoid hiring Chinese people because of this. By this sort of reasoning, cops ought to pull over every black man they see operating a motor vehicle, and Arabs should not be allowed to utilize air travel. Both of these have come into the courts and both have been shot down. Repeatedly. They are shot down because they go against EVERYTHING that a free society stands for -- you can't judge a whole group of people by a select few individuals. It is unconstitutional, unjust, and it does not even make practical sense from a probability standpoint.

Re:Chinese Coders?

[ArhcAngel]

I believe you are referring to citizens of the People's Republic of China which are not all of the same race. So to call it racial profiling is inaccurate. It would be more accurate to call it nationalism profiling. It is clear from the replies you have received so far that racist/nationalist bashing is en vogue so here goes my karma. There is no way to guarantee safety 100% of the time but to ignore the fact that a foreign government that, while not openly hostile, is known for its intense dislike of your countries policies would be derelict. So basically I agree with what I think you were trying to say but not what you said.

Re:Chinese Coders?

You are dealing with semantic ambiguity. "Chinese" is a word with multiple meanings. It can refer to: language, a culture, nationality, ethnicity (and probably a few more things.)

e.g. A Chinese baby, adopted by a Swedish family would be ethnically Chinese, but Swedish in nationality and culture.

A Chinese person who emigrates to Canada and become a citizen, but chooses to retain his/her customs would be ethnically and culturally Chinese, but Canadian in nationality.

Re:Chinese Coders?

[thisnamestoolong]

Assassin's Mace, anyone?

While few people recognize it as such, China is waging war against the west. And, they are claiming victories every day, because we have trouble just spelling "asymmetric warfare". I wonder if that recto-cranial insertion so common in Washington and on Wall Street have anything to do with it?

I recognize that the Chinese government is "waging war" on the west in order to become the next century's superpower. This does not mean that we ought to resort to xenophobia and racism to "beat" them. That is completely back-asswards and will only serve to give them more ammunition against us.

Re:Chinese Coders?

The Opium wars were fairly recent, I hear yanks on here going on all the time about the revolutionary war....

Re:Chinese Coders?

Just because its constitutional and just doesn't make it a smart move though.

Re:Chinese Coders?

[thisnamestoolong]

If you think they are just artificial constructs then why don't you try living in North Korea for awhile?

These artificial constructs create places like North Korea. We would not tolerate part of our own nation becoming like North Korea, now would we? There would be massive amounts of effort and capital thrown into improving that part of our country so as to bring it up to at least an acceptable standard of living. When we create an artificial construct such as national boundaries, however, it becomes very easy to ignore such horrors and pit them on somebody else. This sort of territoriality is deeply ingrained in the human psyche but is every bit as primitive as when your dog pisses on your sofa to claim it as his.

Re:Chinese Coders?

Honestly, I'm a fan of both when it comes to national security.

I'm sorry if you are stopped in the airport frequently, but if you look like someone who might blow up a plane, I damn well hope someone checks you out. Last time I checked, an elderly woman did not sneak onto a plane and fly it into a building. And if that day comes, I expect security professionals will treat elderly women with higher priority. Stop all this whining, I seriously don't care if you were inconvenienced.

If you look like Britney Spears, expect people to assume you are her, and learn to deal with it, it will pass, much like her fame.

Re:Chinese Coders?

[Shakrai]

We would not tolerate part of our own nation becoming like North Korea, now would we?

We would if the only way to prevent it would have been to fight World War III in the nuclear age. You think Lincoln would have fought the American Civil War if the South had allies like the PRC and Soviet Union?

When we create an artificial construct such as national boundaries, however, it becomes very easy to ignore such horrors and pit them on somebody else.

And when we don't have those artificial constructs our rights and liberties will be eroded to the lowest common denominator. Which model do you purpose to use for your great society without national borders? The American one? The European one? The Chinese one? The African one?

This sort of territoriality is deeply ingrained in the human psyche but is every bit as primitive as when your dog pisses on your sofa to claim it as his.

It has nothing to do with territoriality. It has everything to do with the fact that our country is free enough that you can spout this nonsense while many others are not. Take away that "arbitrary" border and watch your freedoms go with it.

Re:Chinese Coders?

[thisnamestoolong]

Thank you for proving my point fully. You admit yourself that people made these lines. Did it occur to you that these wildly differing world views and the resulting violence are not just the cause of these borders, but also an effect? That keeping the world cut up into little nationalistic pieces only serves to further divide us and creates a nasty feedback loop?

I can clearly tell by the end of your statement that you know nothing about hallucinogens. Please do a little bit of research into the subject and you will find that these substances can have extremely profound, positive effects on the human mind. Just because they make you see funny colors does not make the experience less valid.

Re:Chinese Coders?

[thisnamestoolong]

Just because its constitutional and just doesn't make it a smart move though.

So are you saying that it would be a smarter move to re-institutionalize racism?

Re:Chinese Coders?

[mabhatter654]

To be fair China is still a Command economy that let's "Capitalism" play because it's a useful way to get people to work harder.. they are a long way from the idea of "Free Markets". This is where it's not a "round" world.. The Chinese government has their eye on the 50 year game and is more than willing to tie up all of a natural resource... and throw people in jail when the "free market" price goes up.

While the US punishes "intervention" by state banks in places like Japan and Korea for making sure their chip makers don't go under, China is stacking the deck on a NATIONAL level for resources... setting prices that corporations are allowed to SELL to China for.. and nobody is really stopping them. Just last week China "decided" they weren't going to be exporting any more rare earth metals (needed for high power magnets in electronics) They just issued a directive it wasn't allowed to be exported anymore....for any price. Back in 2007 one of the things that knocked US auto makers on their butts was China using scrap US steel instead of imported ore. It nearly doubled the price of scrap here (ironically bought with trade surplus dollars no less!) and made it even harder to complete with Asian companies... it was the straw that caused a good deal of the auto maker meltdown earlier this year. China manipulates their currency by not allowing dollars to be converted into Chinese money except for specific state-sponsored investments, and they don't allow US companies to take their Chinese profits OUT of the country either. It sets up a situation where they pile up money in US banks to buy US resources... but US companies can't pull their capital profits OUT of China...

China is playing the long game, highly protectionist and stacking the deck with our own money and resources against us. It's economic "war" played at the highest level and the US government has no grasp that the "invisible hand' won't save them.

Re:Chinese Coders?

[Sylver+Dragon]

One question, who gets to pick the rules?
One advantage of having decentralized government is that if you don't like it in one area, you can move to another. Yes, this has its faults, again we can use North Korea. However, with a single, unified entity making the rules, if you don't like it, tough. At the very least, the folks in North Korea currently have the possibility of getting somewhere else. I'll agree that it's not a great option, and the risks are very high, but it exists. In a unified, one world government, no one has that option. If I disagree with the way the government is run, I don't have the option of leaving. It's just eat whatever shit they hand out or die. And with the UN as the closest proxy to what a world government might look like, no thank you.

Re:Chinese Coders?

[TeXMaster]

America has that same childish and ignorant "for mother country" thing going on as well

If we had international laws, policies, standards of living, etc. I'd agree with you. As we don't, I don't see a problem with wanting to take care of our own.

I assume that's the reason why you blasted trillions in a war but got bitching crazy about the proposal of universal healthcare.

Re:Chinese Coders?

[Sancho]

Well I didn't. I don't even have trillions to blast.

But yeah. The war, a thinly veiled attack on terrorism, was pretty much exactly there to protect US interests, keep the dollar afloat, and maintain regimes that will be friendly enough to supply us with oil. It's fundamentally in line with what I said--we're protecting our own (not from being attacked, but protecting the status quo.)

I'm not making a moral judgment about the war, incidentally. The war is in line with protecting our own, but in that case, I think it's going too far.

The universal healthcare issue is really broken, but no society is perfect.

Re:Chinese Coders?

[SBrach]

So you think a country should experiment with LSD and try to take over the world? Sorry, that didn't work out to well for the last guy.

Re:Chinese Coders?

[DJRumpy]

It's common knowledge that the Chinese, whether sponsored by the government or not, have concerted attacks against US computer systems. They have succeeded quite a few times in gaining access to technological data from high security sources. It's simply common sense. If you visit a bad neighborhood, you take precautions.

You would rather they ignore a known security risk all in the name of being 'PC'?

Here's a few more:
http://www.washingtonpost.com/wp-dyn/content/article/2005/08/24/AR2005082402318.html
http://online.wsj.com/article/SB123834671171466791.html
http://www.securitywatch.co.uk/2009/09/02/new-wave-of-sql-attacks-from-china/

Re:Chinese Coders?

[element-o.p.]

I can't speak for everyone, but my opposition to universal healthcare is that I have yet to see a proposal that satisfies all of my concerns. Socialist policies -- although all warm and fuzzy and humanitarian in theory -- fail to address one major flaw: if people don't have to work to take care of themselves because the government will do it for them, then who is going to pay the bills when everyone is staying at home expecting a government handout? TANSTAAFL, and all that.

Re:Chinese Coders?

[element-o.p.]

"It is better that a hundred unjust men should go free than that a single just man should be punished unjustly." --Plato

Re:Chinese Coders?

[hazah]

Long Live Bill

He maybe resting in peace, but what he said will live forever in the hearts of those that have one.

Re:Chinese Coders?

How would one know if the coder is working for the Chinese? (Or are they using racial profiling to fit that bill?)

Support for one's nation, or a specific ideology, is often characteristic of persons involved in espionage.

As history demonstrates, it is likely for a Chinese born person to conduct espionage on behalf of China -- a Russian for Russia.

There are many other factors that lead people to spy; this is just one of them.

We sit here talking about this like we're not doing the same thing. Sometimes we hear about it in the news but we see it differently. Is there any difference between them on us or us on them? What makes our wrongs right and their wrongs wrong?

China pollutes a lot, too. I've seen many Americans stand on high-horse and denounce it. Yet, in actuality, we pollute MORE. Somehow we validate our own nation's actions with excuses like 'efficiency'. If we're both in the hot tub and you and I both poop in it, it doesn't matter whose turds were more urgent or efficient --- we both just shit in the tub and there is hardly a reasonable excuse.

Re:Chinese Coders?

[nschubach]

That's partially my point. How do you define what he's talking about? At what point is the coder Chinese? When they work for China? How are the people working for him supposed to understand what is meant?

(And how was my original post trollish? It's an honest question.)

Re:Chinese Coders?

[PixetaledPikachu]

No - you, sir, have no clue about Americans. Americans are in it for themselves, bar none. Any social interest arising from an American economic activity is merely an unintended side-effect of a self interest the executor couldn't turn into profit.

aptly said by those who renamed "french fries" to "freedom fries"

Re:Chinese Coders?

[nomadic]

The Opium wars were fairly recent, I hear yanks on here going on all the time about the revolutionary war....

To prove a point, or make a historical statement, or to be funny, but not out of anger or resentment.

Re:Chinese Coders?

[drsmithy]

Socialist policies -- although all warm and fuzzy and humanitarian in theory -- fail to address one major flaw: if people don't have to work to take care of themselves because the government will do it for them, then who is going to pay the bills when everyone is staying at home expecting a government handout?

This is called Begging the Question.

Re:Chinese Coders?

It's an extremely relevant question, though. Europe and Japan are in a long downward spiral because of their huge welfare systems and aging demographics. Fewer children are being born, meaning fewer entries into the workplace and thus, less monetary input into the system. The aging populations are retiring, but still getting their benefits. Japan and all of Europe's native birth rates are well below the death rates, and Europe's population is only being propped up by immigrants. Japan is slightly worse off since they have essentially no immigration.

Re:Chinese Coders?

[bertoelcon]

This whole discussion is making me think of Avenue Q. Everyone's a little bit racist.

Re:Chinese Coders?

Ahhh, you've never worked with the Chinese. They are a very very bigoted group.
They are much smarter about it than the KKK. From what I've seen they have very little concern for our laws.
If you haven't worked with them or for them, you ought to listen to some who have.

Re:Chinese Coders?

[rohan972]

To be fair China is still a Command economy that let's "Capitalism" play because it's a useful way to get people to work harder.. they are a long way from the idea of "Free Markets".

Making them different from the US (or any other country) in what way?

The US has:
A fiat currency produced by government edict. The price, interest, is centrally determined by the fed.
Price controls on labor.
A labor force conditioned in a centrally controlled compulsory school system (As proposed in the Communist Manifesto).

Seriously, how many people in the US operate independently of the centrally controlled banking system? As far as I can tell, the difference between the US system and the Chinese system is one of degree, not principle. Both capital and labor in the US are to a large degree centrally controlled.

Re:Chinese Coders?

Hah, the jokes on them! We're just going to default on our currency soon anyway. Fools!

Re:Chinese Coders?

[TeXMaster]

I can't speak for everyone, but my opposition to universal healthcare is that I have yet to see a proposal that satisfies all of my concerns. Socialist policies -- although all warm and fuzzy and humanitarian in theory -- fail to address one major flaw: if people don't have to work to take care of themselves because the government will do it for them, then who is going to pay the bills when everyone is staying at home expecting a government handout?

Nations where this happens go bankrupt, nations where this doesn't happen thrive

Your concern arises from the misconception that just because the government is providing for the most essential needs people will stay at home rather than go looking for (and finding) a job. In fact, at least as far as Europe is concernted, the employment rates tend to be higher in the countries with a better welfare system (Norway, Denmark) than in those with a worse one (Italy, Spain).

Re:Chinese Coders?

You are really funny.

While the US punishes "intervention" by state banks in places like Japan and Korea for making sure their chip makers don't go under, [...]

You mean, like our billionaire bailout? Pot-kettle-black

Back in 2007 one of the things that knocked US auto makers on their butts was China using scrap US steel instead of imported ore.

Because scrap metal underpins the manufacture of new automobiles!

Just last week China "decided" they weren't going to be exporting any more rare earth metals

Which if you weren't a nationalist/protectionist wanker you might have noticed has no impact on the US. We shutdown our own production to buy cheaper from overseas. Now we have a reason to re-open our production. Hmm... buying cheap from someone else's resources while hoarding ones own? That sounds like a good plan to me, and one that China finally figured out as they realized they weren't going to be able to provide for domestic demand if they kept shipping it out of country.

Funny how in your little world instead of this being the end of a ploy by the US to beat China at the resource game it is China as a villain. You can't even acknowledge when the US does good.

It sets up a situation where they pile up money in US banks to buy US resources... but US companies can't pull their capital profits OUT of China...

Wait, which way is it again? Maybe you don't think very clearly, but if they are piling up US dollars in US banks to buy up US resources... then the reciprocal of that would be US companies piling up chinese currency in chinese banks to buy up chinese resources. Which sounds kinda/sorta similar to "[not] pull[ing] their capital profits OUT of China.

I think if China were pulling their profits back into China instead of financing the US you would be whining about them siphoning off our wealth.

China is playing the long game, highly protectionist.

You mean like the US plays a highly protectionist game? Okay, we only do it in the short term, but it doesn't make it any less nationalist/protectionist.

Idiots, they make they world go round.

One word...

Paranoia.

Re:One word...

[PhilHibbs]

It's not paranoia if they really are out to get you. And we have plenty of evidence that the Chinese really are. Actually, the intelligence agencies probably just forgot to say "because we're doing all this stuff to their top executives when they visit us".

Re:One word...

Paranoia.

Weigh the Computer. The Computer is Your Friend!

Re:One word...

[ryanov]

Don't they have a right to know how their money is spent? ;)

Re:One word...

[bickerdyke]

Oh.. the chinese.. Ahh.. yes.. of course.... riiiight.....

http://wissen.spiegel.de/wissen/dokument/dokument.html?id=13501796&top=SPIEGEL

Re:One word...

[mdm-adph]

Zing!

Re:One word...

[jonadab]

Paranoia is a basic job requirement for security people.

Industrial espionage?

[jmpeax]

Symantec Chief Technology Officer Mark Bregman [...] was advised to buy a new cellphone for each visit

Yes, heaven forbid China learns the secret of bloated antivirus software that ignores state-sponsored keyloggers.

Re:Industrial espionage?

Bregman said he kept a separate MacBook Air for use in China, which he re-images on returning, but claimed he didn't subscribe to the strictest policies.

Moron, they are worried about someone stealing the device, and then installing a hardware keylogger or other electronic tampering. Chances are that weighing your laptop is not going to show anything, especially if all they do is replace your BIOS chip with a modified one. On the phones, they are worried about custom eavesdropping circuitry and/or someone cloning the card itself.

Personally, when I travel overseas I use an old laptop that I don't really care much about anyhow. All my data that I need to bring gets stored on one of my hosted servers not the device itself. I do it more because I don't feel like dealing with a huge headache if it gets stolen, not because I'm concerned that Da Spize iz gunna Tap meh Kompooterz.

Re:Industrial espionage?

[mrdoogee]

What a coincidence! I advise people to buy new software after every Symantec install!

Re:Industrial espionage?

[polle404]

News at 11,
Symantec launches new product to detect and remove/disable Industrial espionage soft/hardware...

Re:Industrial espionage?

[demachina]

I'm wondering if Symantec will be closing down their China Development Center in Bejing since Symantec has been developing security software in China for a few years now. Don't know how you reconcile these draconian security concerns with having a major development center in said country... developing security software for use in the west.

It is interesting how the Obama administration seems to be much less accommodating to the Chinese than the Bush administration was. The Bush administration bent over backwards for China and all the multinationals that wanted to move all their operations, R&D, jobs, capital and IP in to the hands of the Chinese though the Chinese government is still basically the same one which was an bitter adversary 30-40 years ago and against whom the U.S. and U.N. waged a never concluded war in Korea.

Its amazing how all the Chinese had to do was create a free economic zone on their southern coast, declare profit and capitalism OK there, and use the flashing dollar signs as a snare to get the west to unilaterally capitulate economically and politically without a shot being fired.

Re:Industrial espionage?

[syousef]

What a coincidence! I advise people to buy new software after every Symantec install!

Don't you mean hardware? It's damn near impossible to uninstall that stuff.

Manufacture

[fridaynightsmoke]

I'm sure glad that the laptops and cellphones in question weren't MADE in China in the first place...
Oh, wait..

Re:Manufacture

[bheekling]

Do you think it would go undetected for long if thousands of cellphones and laptops made in China, Korea or wherever had a hardware sneak-chip installed?

Do you think it would be worth the effort to seed just a few of those thousands for some possible marginal gain? (Also keep in mind that specialized changes wreak havoc on an assembly line's schedule)

Much easier to just target the fish directly.

Re:Manufacture

[fridaynightsmoke]

Do you think it would go undetected for long if thousands of cellphones and laptops made in China, Korea or wherever had a hardware sneak-chip installed?

For the sake of argument, yes. It would be entirely feasible for EVERY unit of a certain (or any) product to have a 'sneak chip' installed, it could very easily be 'baked in' to the IC designs used.
I believe (meaning I don't have a link to evidence :( ) that an attack has been demonstrated using this exact method, whereby a certain bit pattern on a certain bus triggered malicious behaviour.
There was also a real case in the UK whereby chip-and-pin credit card readers (used in retailer's POS setup) had a 'sneak chip' built in at the factory by unscrupulous agents. (I am aware that this both supports the 'it could happen' and the 'it would be detected quickly' arguments.)
Just to be clear, I'm not expressing any Anti or Pro Chinese sentiment here, but it seems somewhat ironic to be concerned about what "The Chinese" might do to compromise one's hardware, when that same hardware was designed and manufactured by "The Chinese" in the first place!

Re:Manufacture

[WinterSolstice]

In a word? YES.
It would require actual competence to detect a piece of hardware that essentially did nothing until activated and simply sat on a motherboard. Do you know if there are extremely detailed inspections done on every piece of circuitry brought into country X from country Y? I know for a fact that in a certain very large defense company I worked for lots of "surprises" were found on a regular basis. Typically things like parts that were different from the specs, insects, and on occasion completely incorrect assemblies.

The funny part was these nearly all made it past QA and into the finished products, only to be discovered when something failed.

So based on that, I'd say that *if* someone were choosing to do something like this, it would be fairly easy to sneak it past the level of moron that would typically be doing these inspections.

Tinfoil hats aside - the real trick is getting the data back off again. It's trivial to convince a cell phone (for example) to record conversations while appearing off. The trick is to get to the data without anyone noticing, while you're in a foreign (possibly hostile) nation. I'd think someone would notice if a cell phone was constantly 'phoning home'.

Doing this with a laptop would also be trivial, but I would hope that the firewall filter would catch outbound connections to unusual sites?

Re:Manufacture

[supernova_hq]

Or this could be a diversion...

Re:Manufacture

[mpe]

the real trick is getting the data back off again. It's trivial to convince a cell phone (for example) to record conversations while appearing off. The trick is to get to the data without anyone noticing, while you're in a foreign (possibly hostile) nation. I'd think someone would notice if a cell phone was constantly 'phoning home'.

Thing is that "phoning home" or at frequently trying to contact it's home network is exactly the sort of behaviour you can expect from a roaming phone.

Re:Manufacture

[mpe]

It would require actual competence to detect a piece of hardware that essentially did nothing until activated and simply sat on a motherboard.

In the case of a phone the activation might require you to connect to a specific network.
It's not as if you actually need anything special in the phone. Having the telephone network automatically "tap" all foreign phones and international calls is perfectly possible. Not just to the Chinese either...

Re:Manufacture

[Tony+Hoyle]

Screw the phone.. the cell towers are all made by the chinese anyway (Round here Huewei make most of them).

And the DSL connections, and the routers connecting them to the internet..

Re:Manufacture

[greyhueofdoubt]

If they were making my iPhone transmit anything- anything at all- I'd know because every speaker and loose wire within 15 feet would start buzzing and ticking.

I am aware that other phones do that, but the iPhone was my first 3G* phone. It has led to several embarrassing moments, such as standing before the Major's desk at attention while he tried to troubleshoot his buzzing speakers, or accidentally setting the phone on my home sound system's amp only to crap my pants in the middle of a movie when waves of digital transmission harmonics are blasted through the PRE-amplified audio circuit...

So- I don't worry too much about it.

*or whatever hellish technology makes radio waves think they should make themselves audible.

Re:Manufacture

[WinterSolstice]

That's GSM, IIRC - and Blackberry phones do that so badly it's common to hear it on conference calls. Even being *close* to electronics they will cause that.

I haven't noticed it so bad with some models of phones, I guess it depends. My Blackberry would blast right over my car stereo, but my HTC Magic (same carrier) hasn't done it yet.

Re:Manufacture

[dave562]

Tinfoil hats aside - the real trick is getting the data back off again. It's trivial to convince a cell phone (for example) to record conversations while appearing off. The trick is to get to the data without anyone noticing, while you're in a foreign (possibly hostile) nation. I'd think someone would notice if a cell phone was constantly 'phoning home'.

You might be making things too complicated. Once the conversation has been recorded it's pretty simple to do things the old fashion way. Just steal the device.

Re:Manufacture

[WinterSolstice]

True enough - can't beat that for simplicity

Re:Manufacture

[syousef]

I know for a fact that in a certain very large defense company I worked for lots of "surprises" were found on a regular basis. Typically things like parts that were different from the specs, insects, and on occasion completely incorrect assemblies.

You guys get your laptops from Dell too huh?

Re:Manufacture

[SL+Baur]

The trick is to get to the data without anyone noticing, while you're in a foreign (possibly hostile) nation. I'd think someone would notice if a cell phone was constantly 'phoning home'.

My (Japanese) CDMA phone didn't pick up any signal in China, so yeah, I guess it was always trying to connect to a cell tower.

Re:Manufacture

[SomeStupidNickName12]

Yes GSM, but only when connecting with a 2G quality signal - with a 3G quality signal that doesn't happen

Horse, close the barn door!

[Neil+Watson]

The laptops and cell phones were probably manufactured there. In fact most US businesses outsource there manufacturing overseas.

Re:Horse, close the barn door!

[LurkerXXX]

Here's the thing...

If EVERY laptop and cell phone phoned home to China to give away secrets, somebody is gonna notice. REAL quick.

They need to more selectively target folks if they want to actually be able to get away with hacking a machine to send them secret data.

Re:Horse, close the barn door!

[gad_zuki!]

Sure, but it looks like they are concerned over the ol' switcheroo and hardware keyloggers. You cant put that in every device, but if you can separate the exec from his phone or laptop for 15-25 mins then youre golden.

Re:Horse, close the barn door!

Nah,

You just do the 'Microsoft trick' of defining your way as the new standard (eg: everything phones home) and then expect everyone to follow.

Now your kit looks suspicious if it DOESN'T call home.

Re:Horse, close the barn door!

[Moryath]

15-25? Try 5. On many laptops you could get to a good access point right under the easily-removable keyboard.

Re:Horse, close the barn door!

[Neil+Watson]

Agreed. I was alluding to the fact that since execs outsource to China then China would already know many corporate secrets. Grey market goods often come from the same plants that make authentic goods.

Re:Horse, close the barn door!

Umm, just leave a backdoor instead of phoning home then? After you figure out which phone to target, you have an easy way in.

Re:Horse, close the barn door!

[Lord+Ender]

This is why the bugs are only activated when they detect an integer overflow error in any document called "personal finances.xls". With this method, they can be sure they're on an American executive's computer.

Re:Horse, close the barn door!

[ColdWetDog]

15-25? Try 5. On many laptops you could get to a good access point right under the easily-removable keyboard.

This, friends, is the real reason behind the famed Apple design of no user serviceable parts. Not to save weight, not to give Apple a few measly bucks for battery replacements but to prevent FOREIGN ESPIONAGE. Think about that that when you drop your Dell and 12 little plastic panels pop off.

You Windows folks aught to be shot as spies.

Re:Horse, close the barn door!

[networkconsultant]

Next time you find a covert channell you let the public know that your latest gadget that's going to make you and your stockholders rich was made in china and has 3 covert channells!

Re:Horse, close the barn door!

[LurkerXXX]

I'm sure folks who share certain secrets with a partner in China who is doing their outsourced work already know that their is already a laptop in china 'all the time' with those secrets on them. No need to wait for a US exec to come over.

The point of this policy is to keep other secrets that haven't been shared, out of China and away from danger.

Re:Horse, close the barn door!

You're falling into the same trap that got the electronic voting people. It is not at all obvious if an electronic device has a backdoor function. You can change the software to react to a complicated trigger sequence, or worse, you can change the hardware to do it. Unless you deconstruct the device to the point of rendering it unusable, there is no way to reliably detect "sleeper" functions. This is especially dangerous if the bug is in all devices and not just a few "interesting" ones, so that comparisons between devices don't show any deviation.

Re:Horse, close the barn door!

Here's the thing...

If EVERY laptop and cell phone phoned home to China to give away secrets, somebody is gonna notice. REAL quick.

They need to more selectively target folks if they want to actually be able to get away with hacking a machine to send them secret data.

Newbies... Here's how you do it: you put a latent backdoor on all computers. Then activate it only on few select subjects as needed. Can't be detected, but is everywhere.

Re:Horse, close the barn door!

I really don't know why they would need to bug, keylog executives laptops. If they want to know what is going on in a company all they have to do is ask one of the Chinese nationals working there.
I'm serious.
And as far as DOD research, I see a lot of research work marked classified or higher going through Chinese nationals hands.
So I think this is just a crock, the Feds making some big security show, when actually the barn door is open and has been open for some time.
I have talked with other contractors and they say they see the same thing going on.
Security audits are a joke when you look at this aspect of it. 'Do you have all the file servers locked down so that only employees can access it?' 'Yes'. But did you happen to notice that there are a number of Chinese working here and did you check/trace the logs to see where the documents were going. As long as you don't check any of this, you aren't going to find out what is going on, which is good for you because it will create a lot of paperwork.
And anyway we made a large contribution to our congressman so we could get these research contracts. We wouldn't want to piss off a Senator by embarrassing him.
But then again maybe the Feds are watching them, but I really really doubt it.

Re:Horse, close the barn door!

It isn't about just reporting home. There can be damage done if data is destroyed or tampered with as much as is if revealed.

Say someone bought a number of notebooks that are compromised from the factory and started using them on an airgapped network. At random times, the machines would get something running on the OS level that silently encrypts files. The backup program wouldn't know, and the hidden driver would decrypt them silently to the rest of the apps... for a certain time. Then comes a certain date and time, when the compromised code forgets the encryption key, and all the files which were appearing perfectly usable are now corrupted. A restore from the backups doesn't help.

Then there is the old fashioned thing of having just a plain old dd if=/dev/zero of=/dev/sda at some random time after a date.

Re:Horse, close the barn door!

[supernova_hq]

Knowing the math issues and stability in excel 2007, almost anyone could activate that...

Re:Horse, close the barn door!

[Idiomatick]

Laptops are generally ordered by people, why not bug them then? I know my laptop from lenovo could have easily been bugged had they decided i was worthy.

Re:Horse, close the barn door!

[Torontoman]

In that light - I once read a funny thing that I use to this day.

If you want to hide things in a folder on your computer - label that folder "Instruction Manuals".

Re:Horse, close the barn door!

[StikyPad]

That word, aught... I do not think it means what you think it means.

Re:Horse, close the barn door!

[ColdWetDog]

I ought to read my posts a bit more carefully. It's awfully easy just to look for squiggly lines.

Re:Horse, close the barn door!

This is why the bugs are only activated when they detect an integer overflow error in any document called "personal finances.xls". With this method, they can be sure they're on an American executive's computer.

Just this last year they had to release a new version of the bug to work on negative overflow too!

Re:Horse, close the barn door!

[JustOK]

Or to PREVENT detection of already ready installed nasty stuff.

Worthless

[afidel]

The same outsources plants that produce the goods just do a second run at night to produce grey market versions. Microsoft found this out after finding perfect counterfeit copies of their software that were only distinguished by having serial numbers that were never activated in their database, the plants that were producing packaging and holograms for their official packing were making exact duplicates for the counterfeiters.

Re:Worthless

[Bert64]

Same thing happens with dvds, clothes, and all manner of other things... And yet they still try to claim counterfeit copies are inferior?

PCs and phones *are* made in China

[pmontra]

How about using phones and notebooks manufactured in China? Is that ok or do we have to assume they are bugged-at-factory? Are the US starting to move their production lines back to home?

Re:PCs and phones *are* made in China

Oh no, that would cost money.

Re:PCs and phones *are* made in China

[Yvanhoe]

I read the article, and I stopped when it became clear that this information comes from Symantec. Your favorite over-paranoid, FUD-spreading company.

Re:PCs and phones *are* made in China

[TheRaven64]

The NSA has already expressed concerns over this. I don't know if this ever got turned into policy, but there are still chip fabs in the USA and Europe and I think Dell still makes PCs in Texas, so it is possible that government contracts require US-made computers containing US-made components. Of course, it only takes one compromised component to compromise the whole system...

Re:PCs and phones *are* made in China

So, you think no one will notice if every phone and notebook starts phoning home to China?

Assuming they are bugged at the factory is silly. If you want to be paranoid, worry about them hiring someone working at UPS to modify it somewhere during delivery. Of course, if they can hire the UPS guy, they have a guy who regularly goes in and out of your building, so now you have to worry about just about everything else in your building...

Buy stock in tin foil.

Re:PCs and phones *are* made in China

[T+Murphy]

But I'm sure there's a Symantec product I can buy to protect myself from this "paranoia" and "FUD-spreading"?

Re:PCs and phones *are* made in China

[Cro+Magnon]

I'm sure it IS a good idea to throw away any cellphone or laptop that has any Symantec product installed.

Re:PCs and phones *are* made in China

You have no idea. We recently completed a quote for a non-profit through a grant provided by the FBI. At first we were going to provide Lenovo notebooks but that was shutdown really quick as we found out government $$$ cannot be spent on technology from China (spying purposes.) BTW this "isn't common knowledge - keep it quiet."

Re:PCs and phones *are* made in China

[mrdoogee]

Symantec "Mass Detector" 2010*! In stores November 1st!
The Patented Device is guaranteed to weigh any PC, or non-Apple smartphone! Introductory deal: $300 for the device, with a 6 week subscription to the activation system for only $80!

Act today!

*device not compatible with Symantec Mass Detector 2009 mass definitions, or Mass detector 2009 subscriptions.

Re:PCs and phones *are* made in China

[mlts]

On the higher end of the paranoia scale, if the chip fabbing equipment is from offshore, it can introduce its own items. There is always the exercise for the reader about having hidden code in a compiler introducing compromised code into anything it compiles, the ultimate rootkit (in theory) scenario.

Re:PCs and phones *are* made in China

[TheRaven64]

This is orders of magnitude harder to do; in fact it's not feasible with current technology. A fab gets a mask as input, which contains pictures of where all of the traces should go. To compromise this, you'd need some software that could understand how the chip worked and modify it in an undetectable way. The technology needed to do this is much more complex than the technology needed to design the chips in the first place. Basically, if you could do this, you wouldn't; you'd just make chips that cost a couple of orders of magnitude less to design than the competition and then buy them out in a few years time and put the compromises in the original design.

Re:PCs and phones *are* made in China

[superyooser]

I smell a meta-conspiracy. The TRUTH is that the Chinese are ginning up this fear so that Americans will buy more (China-made) electronics.

Re:PCs and phones *are* made in China

i don't know if that's true, but i work for a company that is mainly a US government and military supplier and we are required to use Dells.

Re:PCs and phones *are* made in China

[StikyPad]

it is possible that government contracts require US-made computers containing US-made components.

Yeah, no. The government buys from domestic companies as much as possible, but it's not a requirement. Aside from that, many of Dell's components are sourced from overseas, and apart from the anemic configurations at premium prices, the PCs the government purchases are identical to the consumer versions. Plenty of other hardware is purchased directly from foreign companies as well.

That said, there's really no reason to source from domestic companies exclusively, because domestic companies are not inherently more trustworthy, and treating them as if they were would be a mistake from a security perspective. It is therefore the role of Information Assurance (IA) to ensure that there is no data leakage from ANY system. How well they perform that task is another matter entirely.

Re:PCs and phones *are* made in China

You can't be serious. Dell is a final assembler only. The chips and parts all come from overseas supplies.

Re:PCs and phones *are* made in China

[aaaantoine]

I like that this is modded Insightful instead of Funny. It says a lot about what Slashdot users think of Symantec.

Re:PCs and phones *are* made in China

I think Dell still makes PCs in Texas, so it is possible that government contracts require US-made computers containing US-made components. Of course, it only takes one compromised component to compromise the whole system...

I work for Dell in the notebook group. Dell makes EVERYTHING in China.

Even the ruggedized Latitude XFR which is aimed at military, government, police, etc is 100% made in China. They get around the 51% American built requirement by having it assembled in Texas by some outsourced assembly firm. They don't do ANYTHING with regards to the hardware design there. In fact, in this line of rugged laptops, the guts are taken straight from the business notebook production line in China.

Generally for Dell, the ONLY thing done in any westernized country is the configuration (adding HDD, RAM, Processor, etc) of each system which is done in Ireland, and soon to move to Poland.

Even now, Dell is moving its engineering and design groups to Taiwan. It used to be a handful of engineers in the USA oversaw the development of each laptop model. Now, the Dell Taiwan Design Center is handling the entire engineering process of many laptops.

This is also the same for servers and desktops. Some servers that are built the same way are being installed world wide in DoD applications.

I hope that for the sensitive situations, the NSA or DoD IT experts carefully review their hardware, but I can assure you that Dell is in no position to guarantee that their hardware is completely secure. Not even a prayer for their hardware being secure.

Re:PCs and phones *are* made in China

Actually I am more worried about code inserted on my machine by some three letter agency of the US government than from China.

Re:PCs and phones *are* made in China

It's justified. For example I just had to fix a friends Vista laptop which had stopped connecting to websites after doing Windows updates, after a bit of Google based research I decided to try removing Norton with Symantec's specific removal tool, which solved the problem. It turns out that my friend, while waiting for Windows to install its updates decided to uninstall Norton through Add/remove programs (well, whatever its called in Vista now) because the free trial had long since expired and she wasn't using it, the uninstaller left the system in a broken state and failed to remove a lot of crap (evidenced by the running time and output of the removal tool).

Related story

[BadAnalogyGuy]

It's almost impossible to tell whether additional software has been installed unless you either 1) diff your HDD (hard and time consuming) or 2) weigh the laptop and see if any data has been added. The government is, for once, correct and providing helpful information.

More on this topic at this old Slashdot story.

Re:Related story

[PenisLands]

The weighing is to detect the presence of hardware keyloggers and other such things.

Re:Related story

[camperdave]

Not necessarily. A keyboard controller chip with keylogging software will weigh exactly the same as a keyboard controller chip without keylogging software.

The real story

[Ukab+the+Great]

The real story in the article should be "CTO of world's largest Windows security software company uses a mac."

Re:The real story

[Jason+daHaus]

Also that he doesn't let his IT department near his laptop. Thats a level of distrust that, as an IT guy, drives me absolutely bonkers.

Re:The real story

[CharlyFoxtrot]

You can cripple a mac with Windows if you want.

Re:The real story

Well, apparently you have never dealt with most IT departments

Re:The real story

Look, if you hired at the lowest wages in the industry and demanded insane working hours, wouldn't you be just a little concerned some of them would be disgruntled enough to blow the whistle on your kiddie-porn stash?

Re:The real story

[mbone]

Sounds sensible to me.

Re:The real story

[CharlyFoxtrot]

Maybe he has some documents detailing the latest downsizing & outsourcing plans on it. He's visiting china after all.

Re:The real story

Like it matters? All he does on the thing is play Solitaire.

Re:The real story

If YOU were such an intimus to Windows Security (TM) as this guy, what Notebook would YOU use???

Lenovo running Linux?

SPARCbook running OpenBSD!?!

Re:The real story

[chaim79]

It may make sense in his situation... he may have an IT department that is MS only, being an executive he has the privilege of using what he wants, but he knows that the IT department is clueless with Macs so he does his own work.

Re:The real story

[TheKidWho]

I don't care who you are, I'm not letting anyone near my laptop ;-)

Re:The real story

[Lorien_the_first_one]

Agreed.

Re:The real story

[rohan972]

Also that he doesn't let his IT department near his laptop. Thats a level of distrust that, as an IT guy, drives me absolutely bonkers.

On the other hand, you'd hope that a CTO could handle his own laptop sufficiently well without help from anyone.

Re:The real story

So I guess you'd have to treat his laptop with a similar level of paranoia - keep it on a separate interface and insist on his using a terminal server if he wants access to files, etc. Unless it was set up properly in the first place, in which case you don't have to be near it to monitor it.

Re:The real story

You beat me to it, but that was my thought as well. What a ringing endorsement of his product huh?

Don't use a "cell phone" in China

[ickleberry]

Its far too easy for the Communist government to tap into those, a Thuraya or Iridium satellite phone should be a bit harder but if I went to China I'd still be using a one-time pad to send messages home.

Re:Me sorry

Me just play joke.

Sucky sucky?

Orginal date of warning?

[NoYob]

I'm just curious. Isn't it a bit of a coincidence that this warning comes out when there is a growing trade dispute with China happening now? We have been using China as our factory an major offshoring partner for quite a few years and now there are warnings.

They must be that good.

[Stu1706]

So they are able to bug your cell phone while it is in your pocket or in your hotel room charging. Or do they check all cell phones at the door like in The Dark Knight? Even when you RTFA it does not give you any support for these claims. I think he is a little paranoid.

Re:They must be that good.

[mosch]

For the cell phone, maybe they're concerned about China pushing out OTA firmware upgrades?

Re:They must be that good.

[TheRaven64]

Pick your pocket while you're waking down the street, copy the contents across into a trojaned version, and then slip the replacement back into the victim's pocket. Or, if that's hard, tell them they dropped their phone and hand it back.

It's also a good idea to make sure you turn your phone on at the airport before you get on the plane to China. When a phone registers with a new cell, it passes on the ID of the last cell it was affiliated with (to allow routing tables to be updated). MI6 was wondering a few years ago how the Russians were able to spot their people so easily, until they realised that they were turning off their phones at the headquarters in London when they went in and then not turning them back on again until they stepped off the plane. As soon as they turned them back on, they broadcast a nice little message to the cell tower at the airport saying 'the last place I went to was very near the MI6 building' which was flagging them for extra surveillance.

Re:They must be that good.

[japhering]

Pick your pocket while you're waking down the street, copy the contents across into a trojaned version, and then slip the replacement back into the victim's pocket. Or, if that's hard, tell them they dropped their phone and hand it back.

Why go to that much work, just set up a small site in a confined area and simply send new firmware to any cell phone you decide you need to be able to control.

Re:They must be that good.

Do you have any references to read more into this?

Re:They must be that good.

operational security, I *love* it.

During the cold war the spooks would follow each other. Despite the movies, a tail generally involves multiple vehicles following. They stayed coordinated by radio. A radio scanner became a good way to tell you were being followed (we used the British radio call system which isn't exactly hard to spot). We got smart and started encrypting our radio traffic (encrypted bursts sound like blips of static). They still detected tails via frequency of bursts of static (protocol was to do a status call every x minutes).

I me laugh,

[Icegryphon]

As companies continue to send more jobs and more money over to china.
It is like asking to be raped, is it really rape anymore?
Mark Bregman needs to STFU.

What about Chinese nationals?

[bezenek]

(The following discussion is based on real experiences and is not meant to profile people, but to state facts.)

This is really ridiculous. If the Chinese want to steal our technology, all they have to do is to contact several of the thousands of Chinese nationals who are working in the US until they find someone who needs money or other help for their family back in China.

One company I worked for had a Chinese national who was not allowed to work on part of a project because it was protected technology. The same person could have dropped the entire project onto their iPod and carried it out the door, but did not.

The ethics problem is represented by an experience I had while at an American research university. A Chinese faculty member met with the Chinese students in order to tell them in America, cheating and other ethical breaches are not considered a good way to get ahead. This suggested certain cultural differences which should not be used to discriminate, but need to be recognized because of the risks involved.

-Todd

Re:What about Chinese nationals?

[Chrisq]

... all they have to do is to contact several of the thousands of Chinese nationals ...

History shows that approaching US Nationals with enough money can also have the desired affect.

Re:What about Chinese nationals?

This is really ridiculous. If the Chinese want to steal our technology, all they have to do is to contact several of the thousands of Chinese nationals who are working in the US

Well, of course, they are doing that as well.

Re:What about Chinese nationals?

>cheating and other ethical breaches are not considered a good way to get ahead

Unless you're already rich.

Re:What about Chinese nationals?

[digitalhermit]

This truly is ridiculous.

The ethics problem is represented by an experience I had while at an American research university. A Chinese faculty member met with the Chinese students in order to tell them in America, cheating and other ethical breaches are not considered a good way to get ahead. This suggested certain cultural differences which should not be used to discriminate, but need to be recognized because of the risks involved.

In my junior high and high school (John F. Kennedy Jr. and North Miami Beach Sr.) there was rampant cheating. There was note passing, stolen test copies, students writing down questions to pass to others in the next class. This didn't affect me so much as the attitude among the students that the classes really didn't matter and they were in fact being smarter for having cheated the system.

Ethical breaches are everywhere and that's what kids do here to get ahead.

And I can say proudly that I never cheated. I worked my ass off to get my grades and took the bad grades with the good.

KLL

Re:What about Chinese nationals?

[xplenumx]

The ethics problem is represented by an experience I had while at an American research university. A Chinese faculty member met with the Chinese students in order to tell them in America, cheating and other ethical breaches are not considered a good way to get ahead. This suggested certain cultural differences which should not be used to discriminate, but need to be recognized because of the risks involved.

While I certaily wasn't at that talk (and I suspect that neither were you), I'm willing to bet that you don't completely understand what the talk was about. I'm on the faculty of a top tier reserch insitution conducting immunological research - I've had several Chinese graduate students, have sat on the international admissions committee, and have given the talk that you describe to our new Chinese students. The problem isn't one of ethics, but one of culture. The Chinese don't regard plagiarism the same way we do - in fact, the educational system encourages it in a way as it is an honor, of sorts, to 'plagiarize' your mentor. Additionally, a lot of these students don't have confidence in their english, so whey they write they occassionally take an idea from another article and copy it verbatim thinking "that's exactly what I was thinking, and I don't have to worry about incorrect english" - in most cases, there is not an intention of deceit. The Chinese certainly have their issues (admitting mistakes and nationalism), but I wouldn't call them unethical.

Re:What about Chinese nationals?

[immakiku]

I think the point you both want to get at is that you shouldn't judge other people by your standards of ethics and morals. As long as they conform to their own standards of ethics or morals, it wouldn't be right to call them unethical, no matter the differences between your standards and their standards.

Re:What about Chinese nationals?

[bezenek]

While I certaily wasn't at that talk (and I suspect that neither were you), I'm willing to bet that you don't completely understand what the talk was about. ... The problem isn't one of ethics, but one of culture. The Chinese don't regard plagiarism the same way we do - in fact, the educational system encourages it in a way as it is an honor, of sorts, to 'plagiarize' your mentor...

I was at the talk. I understood the problem to be what one culture considers ethical, another might not. Thank you for clarifying this. Since I did not grow up in China, I do not understand the issue as well as someone who did, but I now feel I understand it better than I did.

Thank you,

-Todd

Re:What about Chinese nationals?

"in America, cheating and other ethical breaches are not considered a good way to get ahead"

it wasn't fair to lie to them like that. now they'll never get a head

Re:What about Chinese nationals?

*BANG*

Oh I'm sorry, in my culture its okay to shoot you in the face.

It's seen as a form of respect.

Re:What about Chinese nationals?

[khchung]

Another theory would be you need to tell those students (who have never been to the US) how actual life in the US is. Even though they read about people like Madoff earning gazillions by cheating, and watched many US movies where cheating and lying works, they would actually get into big trouble if they try to do that themselves.

Native USians have no idea how their news and movies (those that made it to other countries) portray their own country to the world.

Re:What about Chinese nationals?

[geminidomino]

A Chinese faculty member met with the Chinese students in order to tell them in America, cheating and other ethical breaches are not considered a good way to get ahead.

They are, however, considered invaluable in *staying* ahead once you get there.

Re:What about Chinese nationals?

[craagz]

The Chinese nationals might do it for free, actually.

Re:What about Chinese nationals?

[ak3ldama]

Moderation: -1 Horse Shit.

Re:What about Chinese nationals?

[Shotgun]

I think the point you both want to get at is that you shouldn't judge other people by your standards of ethics and morals. As long as they conform to their own standards of ethics or morals, it wouldn't be right to call them unethical, no matter the differences between your standards and their standards.

So, if another culture finds it acceptable to force pre-teen girls into prostition rings, it wouldn't be right to call it unethical? How about if their culture allowed for the slaying of a girl that "embarrassed" the family? What about a culture that abandons their old or sick?

I'm sorry you've been overcome by so much political correctness, but moral relativism is bullshit. I have a moral compass, and I'm not ashamed of it. I choose not to deal with people or companies that purposely lie, cheat and steal. I will not make excuses like "things are done differently where they come from." If they do things like that there, then they are liers, cheaters and thieves. If it is a cultural thing, then it is a nation of liers, cheaters and thieves.

Re:What about Chinese nationals?

[chiguy]

The same person could have dropped the entire project onto their iPod and carried it out the door, but did not.

Or so you think.

Re:What about Chinese nationals?

[doesnothingwell]

A Chinese faculty member met with the Chinese students in order to tell them in America, cheating and other ethical breaches are not considered a good way to get ahead.

Unless you're in management.

Re:What about Chinese nationals?

[smellsofbikes]

>The Chinese don't regard plagiarism the same way we do

One of the things I think about when I'm reading about this subject is t-shirts. In the community in which I hang out, if you're wearing a t-shirt that you've designed and silkscreened/airbrushed, that's cool. If you're wearing a shirt that has a Nike swoosh symbol on it, it's considered something like plagiarism, certainly a lack of originality. Yet I see other Americans wearing DKNY shirts all the time. My mini-culture considers that to be copying, but most people don't even think about it, or if they do, think of it as a sort of status thing -- they can afford a designer t-shirt.

It's quite possible something similar is going on here. By taking material from a very good source, the person is forming an association with the very good source. If you aren't raised with a sense of what Americans consider the line between research (copying from several sources) and plagiarism (copying from one source) you might be acting in a way you think is not only ethical but praiseworthy, while other people think you're plagiarizing.

For the record, today my t-shirt is covered with monochrome images of old cassette tapes of various brands. It certainly doesn't say Nike on it.

Re:What about Chinese nationals?

[lord_sarpedon]

Native USians have no idea how their news and movies (those that made it to other countries) portray their own country to the world.

Accurately.

Re:What about Chinese nationals?

in America, cheating and other ethical breaches are not considered a good way to get ahead

Guess you haven't been paying attention to Wall Street, and most of the larger corporations in this country.

Re:What about Chinese nationals?

[indi0144]

WRONG! last time I checked F-22s can't fight against Decepticons, F-22s barely take off, fly by, and return in one piece.

Oh GP was talking about non fiction movies?! I don't think movies portray America in a bad way, it's fiction. The "bad" image is from TV shows about spoiled brats wasting shitloads of money in ridicule stuff, car pimping, life-style bragging and things related to unnecessary money burning. That piss off the majority of people inside and outside N. America.

Re:What about Chinese nationals?

[idlemachine]

The Chinese don't regard plagiarism the same way we do - in fact, the educational system encourages it in a way as it is an honor, of sorts, to 'plagiarize' your mentor. Additionally, a lot of these students don't have confidence in their english, so whey they write they occassionally take an idea from another article and copy it verbatim thinking "that's exactly what I was thinking, and I don't have to worry about incorrect english" - in most cases, there is not an intention of deceit.

Wow, it almost sounds like they think that human knowledge is built on top of past endeavours rather than pumped out fully formed by the self-contained genius of a handful of people.

Haven't they heard of intellectual property?

Not Worthless

[oodaloop]

The article is referring to planting physical keylogging or other devices on specific machines. As in breaking into your hotel room, opening up your laptop, and installing something that will send information back. This is why you should weigh before and after. TFA metions 3-letter agencies telling him to do this, so maybe they know something you don't.

Re:Not Worthless

[TheRaven64]

It's not all that surprising. British companies used to be advised not to talk business on the plane to France, because the French intelligence agencies were placing bugs in the headrests and giving sensitive information to French companies.

Re:Not Worthless

TFA metions 3-letter agencies telling him to do this, so maybe they know something you don't.

Yeah, they need more funding and need to drum up more FUD.

Re:Not Worthless

[mrdoogee]

Well at least FEMA isn't involved, then.

Re:Not Worthless

[fridaynightsmoke]

It's not all that surprising. British companies used to be advised not to talk business on the plane to France, because the French intelligence agencies were placing bugs in the headrests and giving sensitive information to French companies.

And I'm quite sure that MI5 (or whoever) did/do spy on non-British companies to give British ones an advantage (or at least I hope so :P)
This is one of those examples of "war morality"; whereby "us doing X to them" is fine, but "them doing X to us" is completly unacceptable and a sign of cowardice and various other undesireable traits.

Re:Not Worthless

[Rich0]

More likely than not the 3-letter agencies have done it to nationals from other countries, so they know it can be done to their own citizens.

During the cold war the US sabotaged a Soviet oil facility by introducing a trojan into firmware for various control systems. They also tapped undersea lines, listened to cell-phone conversations from space, and likely did all manner of other elaborate info-gathering operations that we still don't know about.

When you're talking about state-sponsored intelligence, there is a remarkable number of vulnerabilities that they have the resources to exploit. If China really cared what Steve Jobs had on his laptop, they could easily gas his hotel room while he was sleeping and do all manner of things to his laptop. I'm not sure that weighing is going to do you much good - if I wanted to be really slick I'd just replace a chip on the motherboard with something that does a little extra. If you replaced a chip on the northbridge, and one on the ethernet controller, you could gather any intel you'd like and send it out over the internet and it would be utterly undetectable without a packet sniffer.

Re:Not Worthless

[oodaloop]

It's more like, "They're going to do it us, so we need to try to stop them and do it to them first." Same thing for arms races and carrying a concealed gun. If everyone else has one, I don't want to be the one person without it. The rhetoric in the presses about unacceptable behavior is just that. We all know we all spy on each other.

OTOH, DHS Might eliminate the issue as well....

[atlmatt36]

For all the barking of the agencies, it's obvious they haven't encountered the treatment I and my colleagues have encountered re-entering the US from abroad only to have laptops have the data examined, and that data be copied for "further analysis" or even the laptop confiscated for an undetermined amount of time. It's just a matter of time before other countries make the same advertisment about travel to the US.... What's the old saying (Kettle calling the Pot black).

Re:OTOH, DHS Might eliminate the issue as well....

Actually, I'm not from the USA and my company tells not to have any valuable data in the laptop when visiting there, because of the "further analysis" they perform at the airports.

Re:OTOH, DHS Might eliminate the issue as well....

[D+Ninja]

What's the old saying (Kettle calling the Pot black)

Actually, Pot started it. He called Kettle "black" first. It devolved into a war shortly thereafter when the Broiling Pan took sides and the Colander started screaming for legal recourse. Fortunately, Cheese Grater and Can Opener continued to get along. Then, of course, there was the scandal where Dish ran away with Spoon, but that's another story...

Re:OTOH, DHS Might eliminate the issue as well....

What's the old saying (Kettle calling the Pot black).

Pot calling the kettle black. The case being that the kettle is shiny and the pot is looking at its reflection.

Re:OTOH, DHS Might eliminate the issue as well....

[japhering]

For all the barking of the agencies, it's obvious they haven't encountered the treatment I and my colleagues have encountered re-entering the US from abroad only to have laptops have the data examined, and that data be copied for "further analysis" or even the laptop confiscated for an undetermined amount of time.

It's just a matter of time before other countries make the same advertisment about travel to the US.... What's the old saying (Kettle calling the Pot black).

Does it really matter? How many people when traveling keep their laptop, cellphone, ipod, etc isolated 100% of the time? For a skilled person with the right tools it only takes a matter of minutes to open a laptop and add bugging devices. Pop out one wireless lan card and replace with another with "special" control code in the firmware.

Re:OTOH, DHS Might eliminate the issue as well....

There's been several newsposts and news items on dutch media regarding this.
It is getting some attention. And I wanted to visit the US at some point, I've since dropped that thought completely.

And yes, I know that Euope's been feeding US information regarding citizens already.

Re:OTOH, DHS Might eliminate the issue as well....

[supernova_hq]

Minutes? 99% of laptops come with "dummy" plastic cards in the side where you would add extra network/etc cards later. All you need is an ACTUAL card with the plastic end on it, and you could do the switch by reaching into the guy's bag on the subway. Most of them even have dummy SD cards in them.

Re:Me sorry

me go pee pee in your coke!

whats the point?

[Coraon]

The US border guards are just going to swipe the laptop and smart phones at customs anyway.

Re:whats the point?

[iphayd]

Why do you think they tell you to go buy a new, shiny one. Oh, and put lots of hd space in it too, they need to store their porn collection.

Re:this is racism

[PhilHibbs]

No, through nationalism. This is against a specific nationality, nothing to do with ethnicity. Taiwan is not covered by this warning, and they're the same stock.

This Sounds Familiar

[Logical+Zebra]

Remember the Cold War, when the Soviets were 10-foot-tall super soldiers who could read your mind and fart atomic infernos out of their asses? Everything was thought to be a commie conspiracy.
Is this happening again, but now we are instead fearing the Chinese?

Re:This Sounds Familiar

[Chrisq]

Remember the Cold War, when the Soviets were 10-foot-tall super soldiers who could read your mind and fart atomic infernos out of their asses? Everything was thought to be a commie conspiracy. Is this happening again, but now we are instead fearing the Chinese?

Well at least they haven't got weapons of mass destruct ... oh wait

Re:This Sounds Familiar

[The+Archon+V2.0]

Remember the Cold War, when the Soviets were 10-foot-tall super soldiers who could read your mind and fart atomic infernos out of their asses? Everything was thought to be a commie conspiracy. Is this happening again, but now we are instead fearing the Chinese?

It's worse. It's happening again, but this time the enemy runs the big-box store we always shop at. And he's our loan officer.

Re:This Sounds Familiar

Remember the Cold War, when the Soviets were 10-foot-tall super soldiers who could read your mind and fart atomic infernos out of their asses? Everything was thought to be a commie conspiracy.
Is this happening again, but now we are instead fearing the Chinese?

Are you telling me the Chinese just grew 5 feet in height? That's going to depress Yao Ming.

Re:This Sounds Familiar

The Soviets:
1) never matched the US economically, achieving military parity or superiority only in ground forces and nuclear delivery systems
2) never had a true deep water navy, and no full year ocean access
3) their population never exceeded the US, and they needed troops to keep Poland, Hungary, East Germany in check

The Chinese:
1) are projected to exceed the US economically in the next 10-15 years
2) have 2000+ miles of access to the Pacific ocean
3) have a raw population exceeding 3 times the US, its urban population is about 1.5 times the US total population

I would say they need not reach 10-foot-tall and read minds to become a problem for the US.

Re:This Sounds Familiar

Ever play fallout 3?

Good for China

[Bert64]

If everyone who visits China buys a new cellphone and laptop for the trip...
Where were those cellphones and laptops likely manufactured? China...
China stands to make quite a profit from people doing this.

Silly

[hansoloaf]

and yet we have everything built in China for sale in the US (iPhones, Lenovo, etc).

Re:Silly

... And LCD displays for all our armed forces.

Hey Commie Chinese! Wanna have a war?

Good luck with that.

[ciroknight]

It's pretty hard to bug something at manufacturing time, since you usually don't have a clue as to who it's being shipped to. It can be done, but odds are you'll end up bugging a lot of 19 year old teenage girls going off to college instead of corporate execs.

Re:Good luck with that.

...odds are you'll end up bugging a lot of 19 year old teenage girls going off to college instead of corporate execs.

Either way, you win.

Re:Good luck with that.

[maxume]

Still, just embed some code in the bios that boots into a keylogging management screen when you hold down s-c-r-e-w during boot. That way, you don't need to modify anything, you just need to turn it on when you happen to gain access to the hardware of an interesting person.

Re:Good luck with that.

in theory you could build them all with the ability to be monitored, then when a Exec comes you know which one to activate.

Re:Good luck with that.

You say that like its a bad thing.

Re:Good luck with that.

[ciroknight]

Yeah, nobody would ever notice that. Nobody ever audits or reloads BIOS code. BIOS chips are just packed with extra room for code and even more, they have vast swaths of writable RAM for storing tons of keylogging data, a tiny insignificant fraction's worth that actually would be useful to a foreign intelligence agency (which has to be filtered through to find anything on your ridiculously huge Echelon-scale supercomputing network).

It's a great plot for a novel, Dan Brown, but to get that to work on the scale proposed (getting literally every machine out of China with the software), it's just not feasible.

Re:Good luck with that.

[bleh-of-the-huns]

Not necessarily true, you don't have to bug during manufacturer, just release counterfeit stuff that is sold to large entities.. prime example.. Counterfeit Cisco hardware, that may or may not have had hardware modified in such a way as to allow spying..

http://hardware.slashdot.org/article.pl?sid=08/04/22/1317212

The gov, and gov contractors in the US still use IBM/Lenovo laptops and desktops, its not a stretch to imagine that bug them at manufacturing time, all of them, and then just make sure the bugged batch ends up with vendors who are on the GSA schedule.

Re:Good luck with that.

[maxume]

Of course it isn't feasible. But we are playing paranoid here. Jeez.

I take great offense at being compared to Dan Brown, I poured seconds into that post and marketed it to no one.

Re:Good luck with that.

[snspdaarf]

...odds are you'll end up bugging a lot of 19 year old teenage girls going off to college instead of corporate execs.

Either way, you win.

Until the restraining order kicks in.

Re:Good luck with that.

[The+Archon+V2.0]

...odds are you'll end up bugging a lot of 19 year old teenage girls going off to college instead of corporate execs.

Either way, you win.

So if we see a lot of .cn sites with "barely legal" sexting pics, we know that they tapped the wrong phones and are just cutting their loses? Awesome! I never knew this espionage thing was so easy. Or sexy! Does a license to kill come with any sort of reciprocity for getting a license to statutory rape?

Re:Good luck with that.

[fahrbot-bot]

It's a great plot for a novel, Dan Brown ...

Obviously:

• Angels and Daemons
• The Da Vinci Coder
• The Lost Symbol Table

Re:Good luck with that.

It can be done, but odds are you'll end up bugging a lot of 19 year old teenage girls going off to college instead of corporate execs.

Not a chance -- I'll arrange to bug only twenty-one to twenty-four year old teenage girls.

Re:Good luck with that.

[uninformedLuddite]

So let's say everything was bugged at manufacture. It would be pretty trivial to have a plant at a major OS provider who could advise the buggers(that's worth at least two mod points) the license keys being used in specific industries and then activating the bugs based on this data.

Re:Good luck with that.

[uninformedLuddite]

Until the restraining order kicks in.

Sounds to me like you've dated girls before

Re:Good luck with that.

[uninformedLuddite]

I saw a couple of years ago a tutorial on how to modify the firmware on a dlink router so that it would automagically modify any .exe sent through it to add a trojan of your choice or design to the file. It required a very expensive doodad to do the actual modifying but it was an interesting read. I just added this as it isn't necessary to counterfeit the hardware. You just need to be a middle man in the supply chain. I will see if I can find the article and add a link to it as the know-how required was script kiddy level so it will be of great interest here. I guess you could just do a good old break and enter too.

Re:Good luck with that.

[uninformedLuddite]

here's an interesting link. I realise it's not a very popular CPU but this could be done to every single chip going out of a fab plant. Would it be that outrageous to think that someone in the design/fabrication process could sneak this onto the silicon without it being noticed? Or, if it was a state sponsored program then it definitely wouldn't get noticed.

Such respect for IT!

[BenEnglishAtHome]

Maybe I'm taking this a little personally because I'm an IT guy. I dunno. But I do know I'd rather not work in IT for a large, tech-based company where the CTO is quoted publicly as saying: "I don't let my IT department near my laptop".

Anybody else have a WTF moment when they saw that? Or is it only me?

Re:Such respect for IT!

I'm not sure what point he was trying to make with that comment and I'm willing to give him the benefit of the doubt that the report is badly phrased. How can the CTO of a Security company say he is "pretty relaxed" about following the security policies set by his own company?

Re:Such respect for IT!

[walshy007]

If you want something done right, do it yourself... is a good way to do things close to home.

Re:Such respect for IT!

[mc+moss]

Maybe he just has sensitive material about his company on the laptop. I've seen people in management who don't let anyone in the company, even IT, look at their laptops and it isn't because they think the IT department is incompetent or have no respect for them.

Re:Such respect for IT!

I'm an IT administrator and I don't trust my fellow "Windows-centric" IT admins to go anywhere near my iMac. In a sense I understand where he's coming from.

Can China make a hardware-based keystroke recorder small enough to even fit in a MacBook Air? ;-) Good luck getting it open in a timely fashion too!

Re:Such respect for IT!

[chaim79]

It very well could be that the IT department is MS only and would mess up any Mac they work on simply because they are clueless, that'd be a reason for not letting them near it.

Re:Such respect for IT!

As the principal website maintainer and graphics designer at my employer's shop, I don't let the IT department near my workstation. The primary objective of MCSE and related vendor-sponsored training programs is to maximize vendor income by producing mercenary hacks who prioritize their loyalty to & dependence on the vendor(s) in question far above their commitment to their employers' interests. Today's nominal "IT Professional" hits the ground running as a high pressure sales rep for whatever vendor(s) certified him, and unless upper management includes powerful players who are computer literate, the result is a mile wide swath of damage. Microsoft products are born to fail, at a calculated rate that drives maximum replacement sales without quite driving customers away. Managing a workplace LAN and its machines the MCSE way means installing a treadmill that assures system failures if the company stops constantly buying redundant products. The MCSE is also the enemy of computer based production staff who are not "with the program" of vendor indoctrinated ignorance, and preventing the replacement of our professional production tools with worthless but expensive trashware can be a constant battle.

I am fortunate in that my employer understands, it will be necessary to hire two or more people to get the jobs I handle done, if I give up and walk away. So I am allowed to maintain my own workstation and, ironically enough, it is the only even remotely stable or secure box the company owns. Go figure.

Re:Such respect for IT!

I work at Symantec. Our IT department is largely outsourced to EDS. EDS is now owned by HP. HP is a Symantec competitor in several areas. Mark is responsible for a huge chunk of our M&A strategy and overall product roadmap. Therefore, I for one would be very unhappy if Mark let them touch it. :)

Re:Such respect for IT!

It's only due to the fact that his IT team would install all the companys products on it, following company rules and regs.

Well at least now I know why they can't write a good AV product.

Re:Such respect for IT!

IT departments and policies are for the "employees". Same thing with ethics and best practice.
Besides, IT only hinders knowledgeable people from using their computer productively. Machines are so encumbered with crapware in the name of security and "compliance" that they are near unusable.
I won't let IT touch my computer either. Most of IT is staffed by morons.

Re:Such respect for IT!

[yabos]

Yeah, they'd probably try and install Norton Antivirus for Mac. No one wants that crap.

Re:Such respect for IT!

[Blakey+Rat]

He probably has confidential information on it that the IT guys aren't privy to. When I worked IT, it was a very small company so this wasn't as big a concern, but I frequently worked on computers that had, for example, full payroll data on them.

Re:Such respect for IT!

[srleffler]

You probably shouldn't take it personally. He's a chief technical officer. He ought to be better at your job than you are.

Re:Such respect for IT!

[Buelldozer]

Having spent some time in the I.T. trenches his "sensitive material" is probably a largish collection of porn, copyrighted material that he didn't pay for, and emails from his two mistresses. Yes I've seen all of those and in some cases all three of those on the same machine.

Re:Such respect for IT!

[MoralHazard]

That's the most retarded thing I've ever heard. So the CEO has the most CRITICAL, SUPER-SECRET information on his laptop, the stuff that represents the company's lifeblood, and which can't be trusted to anybody else.

And this data isn't backed up on company file servers? What happens if the CEO's laptop gets dropped, or smashed by clumsy airport security, or stolen from him?

And you think they run a multi-billion dollar, Fortune 500 company this way? Seriously?

Re:Such respect for IT!

Aw come on. You think being a CTO makes somebody perfect? The place where I used to work was suddenly hit one morning with some nasty worm. Might have been Sasser. I don't remember. We had firewalls in place but many of the internal machines had no antivirus because they did production work on internal files only and didn't touch the internet. So anyway, we got clobbered one morning with this worm talking out nearly every PC.

It turned out that the problem came in with the CTO: he had a laptop he took home, it had gotten infected somehow at home, and when he came to work that day and plugged in the lan, effectively he had brought the worm inside the firewall, and all hell broke loose.

My mistake was running down the hallway ranting about the moron who just infected the network, when I didn't at that time realize WHO it was. Ooops. The guy had a history of making bone-headed IT moves. Every time something ended up not working, we just called it "One of Jim's pets"

Re:Such respect for IT!

Maybe I'm taking this a little personally because I'm an IT guy. I dunno. But I do know I'd rather not work in IT for a large, tech-based company where the CTO is quoted publicly as saying: "I don't let my IT department near my laptop".

Anybody else have a WTF moment when they saw that? Or is it only me?

Yea, I agree, I think the bigger ahah of this article was a CTO who flamed his own IT department.... and then went on to snub the government too (that part I'm OK with) Just seems his ego is out weighing his common sense of not pissing off IT departments and 3 letter agencies... Of which both are known for retaliatory behavior... :-)

Re:Such respect for IT!

[DigiShaman]

Agreed. If a CxO can't protect themselves (drive encryption, backups...etc), they will have to *trust* someone at least that can. Also, you can't become a Fortune 500 company unless there is some level of relational trust already in place.

Not a problem in the US!

Since in the US they'll take your phone and laptop, MP3 player and any other good stuff and demand to see your company documents if they think there's something nice in there.

PS the US has used Echelon to get Boeing a european contract by finding out the figure they had to bit under to get the contract.

This didn't require a cell phone either, so throwing away your cellphone isn't necessary there either.

So much nicer being spied on by the US government. You don't have to buy new kit all the time, just accept the espionage.

Re:Not a problem in the US!

[Logical+Zebra]

PS the US has used Echelon to get Boeing a european contract by finding out the figure they had to bit under to get the contract.

This was a claim made by Europe (specifically France) and never proven.

Take a look at this article, quoted here for your convenience:

"...the NSA runs Echelon jointly with Britain, Australia, Canada and New Zealand. And European experts acknowledge that France, Germany and Russia routinely engage in industrial espionage to ferret out the commercial secrets of other countries."

The reverse holds true

[ironicsky]

As a non-American citizen I feel the reverse holds true. When I enter the USA from Canada I should bring a seperate bare-bones, no thrills cell phone and an empty laptop. Because if the TSA decides that they want to snoop through my electronics there is no telling what information they are pulling out, government created spyware being installed, or some sort of magical chip that transmits everything I am doing back to them.

See, Conspiracy theories work both ways... No more fear mongering, okay? Lets play nice kids.

Re:The reverse holds true

You can take your tinfoil hat off sir. The only thing Canada has that we would ever want is
the occasional hockey player and more maple syrup.

Re:The reverse holds true

[s4ltyd0g]

Water? It's the next oil...

Re:The reverse holds true

[140Mandak262Jamuna]

And may be Lebensraum.

Re:The reverse holds true

You forgot trees.

Re:The reverse holds true

[supernova_hq]

What about water, electricity, oil (alberta's got a crap-load), beef (texas only has so many cows), gigantic robotic arms, ....? Now what exactly does the US make of value, flags?

Re:The reverse holds true

[dissy]

As a non-American citizen I feel the reverse holds true. When I enter the USA from Canada I should bring a seperate bare-bones, no thrills cell phone and an empty laptop. Because if the TSA decides that they want to snoop through my electronics there is no telling what information they are pulling out, government created spyware being installed, or some sort of magical chip that transmits everything I am doing back to them.

See, Conspiracy theories work both ways...

I know you said all that in jest, but you are more right than you suspect. And the situation with DHS and the TSA is very close to that (Other than installing hardware.. though the law does explicitly allow them to, even if they don't do it now)

That isn't a conspiracy or paranoia, its a well proven fact.

Re:The reverse holds true

[mce]

Indeed. For us - we're an EU company - it is official company policy to take only empty PCs across the US border (in either direction).

Re:The reverse holds true

[tsstahl]

I blame Canada.

Re:The reverse holds true

[Blakey+Rat]

beef (texas only has so many cows)

I hear cows can make more cows. Amazing how that works.

Re:The reverse holds true

[ironicsky]

This isn't South Park :-).
It's more like Simpsons when Homer is apologizing to the Queen for America being a bad country and Canada being a good country.

Re:The reverse holds true

[supernova_hq]

Fine, (texas can only reproduce cows so fast). Is your anal retentiveness contagious?

The weight of those bits adds up!

[noidentity]

US intelligence agencies are advising top US IT executives to weigh their laptops before and after visiting China as one of many precautions against corporate espionage.

This is very good advice, as it would instantly catch the loss of weight if any data was stolen from the laptop. You hear of data theft all the time, and all it takes is something low-tech like a scale to detect it.

Re:The weight of those bits adds up!

[Publikwerks]

You scoff, but this is how I found out my laptop was cheating on me. Started losing weight, hanging out with other OSes. Then I came early one day, and caught it dual-booting with not one, but two usb drives.

Re:The weight of those bits adds up!

[captainClassLoader]

Woah! Hot USB-on-USB action!... 8-O
Ahem...Sorry to hear about your nasty lappie, man...

Re:The weight of those bits adds up!

It the only way to find that lost noodle stuck up-under the "G" key along with the short grain rice left over in the number pad, don't cha know. The espionage claim is just a rouse to clean you laptop - physically so that us IT guys don't have to chastize the big wigs.

Re:The weight of those bits adds up!

US intelligence agencies are advising top US IT executives to weigh their laptops before and after visiting China as one of many precautions against corporate espionage.

This is very good advice, as it would instantly catch the loss of weight if any data was stolen from the laptop. You hear of data theft all the time, and all it takes is something low-tech like a scale to detect it.

This is discussed at
  http://social.answers.microsoft.com/Forums/en-US/vistahardware/thread/720108ee-0a9c-4090-b62d-bbd5cb1a7605

Re:The weight of those bits adds up!

[screeble]

Well at least they weren't SCSI drives.

Why is that a problem?

They just stop listening to the teenage girls and when they hear a corporate exec talking, note the number and keep a watch on it.

It's not like they don't have a lot of people to listen in on conversations on each new phone until they work out whether there's anything juicy going on on it.

This is what I find disturbing about Symantec

"However, he said he was "pretty relaxed" when it came to following the security policies. "I don't let my IT department near my laptop"

I find this disturbing, very disturbing coming from the likes of "Mark Bregman, chief technology officer at security firm Symantec". This is one person that should know better. It's the kind of above the rules attitude that is far to prevalent in executives and that makes them so valuable for corporate espionage in the first place. Someone like Mr Bregman should know better and needs to have someone slap his hand and reign him in, even if it takes the board of directors to do it.

Policies are there for a reason Mr Bregman, it's to protect companies like yours from people like you and those that would exploit your naivety in a heartbeat. The higher in your organization you are, the more valuable you are as a target and the more rigorous your security practices need to be.

To be sure..

I say we take off and nuke the site from orbit. Itâ(TM)s the only way to be sure.

Re:this is racism

[MrMr]

Aka profiling.

Stealth technology weight?

[adosch]

Weigh your laptop before and after you enter and leave the country... to do what? How are you going to detect a 15g to 100g logging circuit that's more than likely (if there was malicious espionage intent) designed to fit or mount into current hardware and not be detected on a scale that's accurate down to 0.5 pounds. My point, you're not. I'm not ignorant to the fact that something as compact and sealed as a Mac Airbook or alike would take some real damn EE talent to pull something off but it's nice that ITFA they choose to have a separate laptop for overseas verses state side and re-images it when they leave. Just hope they practice good VPN security measures at their companies...

Executive entitlement

"I don't let my IT department near my laptop,"

Should you trust an security company where the executives ignore their own IT security policies?

reloading a phone

[wkk2]

Assuming the cell phone stays in your possession, why are phones so insecure that the software can be modified presumably through the network? If all phones are so bad, there must be state sponsored hooks to do anything to the phone. Do any cell phones support secure firmware loads? I guess the Sectera Edge is out of the question for your average traveler.

Re:this is racism

[PiSkyHi]

Nationalism is as much of a correlation as racism, since the cause of all of this is paranoia.

How much does a 1 weigh?

[hacker]

Weigh our laptops? Exactly how much does a 1 weigh? a 0 weigh? If I create some new data and delete old data, will my laptop weigh less? Or more? How much more does a 200k keylogger weigh?

Seriously, this is silly, because TFA is talking about re-imaging laptops before/after. That would imply malware/spyware being surreptitiously installed, but that won't change the weight directly.

Re-imaging the laptop if a hardware keylogger has been installed wouldn't have any effect either (but could possibly be detected by weighing).

There's ABSOLUTELY NO WAY AROUND IT

1. Myth: "They'd need physical access to install anything to log keystrokes anyway!" Wrong. They can do this all remotely, using your own patched operating system's default capabilities.
2. Myth: "You could just borrow a machine there and boot to a KNOPPIX CD and work from that!" Wrong. If a hardware keylogger is installed, it captures everything.
3. Myth: "You could just use your own laptop and re-image it!" Wrong. If someone owns the network above you, they're certainly sniffing that.
4. Myth: "You could just use SSL and secure your communications!" Wrong. See 1.) and 2.) above

...and so on. If someone wants access, they'll get it. Either on your local machine in software, on your local machine in hardware, or on the network outside of your machine.

Re:How much does a 1 weigh?

[Xtifr]

Seriously, this is silly, because TFA is talking about re-imaging laptops before/after. That would imply malware/spyware being surreptitiously installed, but that won't change the weight directly.

Re-imaging the laptop if a hardware keylogger has been installed wouldn't have any effect either (but could possibly be detected by weighing).

So you're saying that weighing is silly because it won't protect against software keyloggers (would need to re-image), and re-imaging is silly because it won't protect against hardware keyloggers (would need to weigh to do that). Your conclusion is then that one should do neither (rather than the very obvious both)? Really?

Yeah, I don't wear a belt because suspenders are fully adequate, and I don't wear suspenders because a belt is good enough. Yet for some reason, my pants keep falling down. :)

You go on to point out that there are other attacks which can't be prevented or detected by weighing or re-imaging, which is a very valid point, but does that really mean one shouldn't bother doing anything at all? If you can't have perfection, just give up and kill yourself? If someone with the power and sway of the Chinese (or US) government really wants to get you, chances are they probably can, but if they're just looking for targets of opportunity that may prove useful, making yourself less of a target is probably a very good idea!

Possible to assemble a "Made in USA" system?

[joeslugg]

At the risk of being slightly OT, I'm thinking about several comments noting that these systems were made in China to begin with, so it got me thinking.
If a ridiculous set of circumstances arose where certain organizations banned the use of computers "made in China", is it possible to obtain/assemble a system that's "made in the USA"? Or "made in <NATO_member>"?

I'm just wondering if there's a way to source all the parts domestically and what it would cost. I'm guessing the answer is "impossible", but I'm curious if anyone knows about it.

Re:Possible to assemble a "Made in USA" system?

[vlm]

Depends alot on your definition of laptop.

Chris Fenton, living in NYC, made his own laptop, based on a picaxe microcontroller.

http://chrisfenton.com/diy-laptop-v2/

Picaxe controllers are sold by a firm in Bath, UK

http://www.rev-ed.co.uk/

I'm guessing a picaxe is a pic controller with some proprietary firmware on top.

pic controllers are made by Microchip out of Arizona. Their environmental health and safety page implies they might be involved in Thailand, maybe.

Now, I have no idea where the copper wire was made, where the LCD screen was made, batteries, etc. Theres alot more than just the microcontroller.

This has happened to us.

One of our employees brought back unwanted additions to his laptop from China. This precaution is really smart. Although the Chinese will probably start to simply remove something from the laptop to make weights match.

From Northern Europe and anonymous for obvious reasons.

Re:This has happened to us.

[Shotgun]

Anti-tamper tape has been available for a LONG time, and it is really cheap.

Re:but

[Rashdot]

But what if they're using a Chinese font?

Poutine

We also want your Poutine!

Re:this is racism

The Han race is china is the communist party. There used to be dozens of other races inside china, most of them are now extinct.

Trading with suspicious people

So China is the US of A's biggest trading partner, and the biggest suspect for corporate espionage too.
Why would you trade with someone you suspect so much? Because you don't have a choice. So what are we complaining about?

Is this really the right attitude?

Nice to see the US doing their bit for positive International relations as usual.

Oh wait....

The trouble with throwing away your cellphone

[wcrowe]

The problem with throwing away your cellphone that's been to China: thirty minutes later you feel like throwing away your cellphone again.

Symantec CTO a Mac User?

[CodeBuster]

Does it strike anyone else as just a bit ironic that the CTO of a company whose business is plugging the holes in Windows and repairing the damage when there are leaks chooses to use a Mac instead of a PC?

I weighed my laptop...

[strangeattraction]

I weighed my laptop before and after I installed malware as a test. The weights are the same. I don't think the scales had the resolution necessary to measure the extra bits:)

Know your enemies

This is ridiculous stuff. What makes them think that the Chinese are out to get them?

We're talking about top corporate executives in a competitive marketplace. What about your domestic competitors? What about other countries? There are far more likely enemies than the Chinese and you can bet that some of those enemies actually are spying on you. Could be Germans, could be Israelis, could be Brazilians.

Bugging computers is pretty straightforward and even 3rd world countries have the technology to do this nowadays.

Here's a long shot...

[argent]

How are you going to detect a 15g to 100g logging circuit that's more than likely (if there was malicious espionage intent) designed to fit or mount into current hardware and not be detected on a scale that's accurate down to 0.5 pounds.

Here's a long shot... how about using a postal scale that's accurate down to a gramme? Do you think there might be one in the mailroom?

Re:Here's a long shot...

[adosch]

...So some CEO is going to go out of their way while overseas, trot down to find a "mailroom" and weigh their laptop? right. thanks for being a troll.

Re:Here's a long shot...

[argent]

1. What part of "weigh their laptops before and after visiting China" did you fail to notice? Oh, right, the "before and after" part.

2. Leaving that aside, I am sure that every post office, hotel, and convention center in China has a postal scale.

Non-sense

At Blackhat, I once met with a Chinese guy who said he works for Symantec as a security engineer. Some Chinese security researchers said they know *now* how to hack a Website operated by Symantec , but have not done it yet.

Proof, please

[cbraescu1]

we already know of cases where China has broken into hotel rooms, stollen blackberry's, etc.

Any link that supports your claims?

Re:Proof, please

[thefear]

Any link that supports your claims?

-> http://mobile.slashdot.org/mobile/08/07/20/0745236.shtml

But I was relying more on personal experience then what the internet says.

What's there to steal?

[Khashishi]

If anything, the Chinese already know more about how to make our products than we do. After all, they built them.

I'm going to use that.

[BenEnglishAtHome]

I work at a huge, universally hated TLA in the U.S. The next time someone tells me the way we do things is lousy because complete idiots at the highest level must have set up our business processes and private industry would never do anything that stupid - I'll have another good counter-example.

Thanks. I really appreciate the insight.

historical revisionism

Are you kidding? The US basically gave away the entire manufacturing sector to china, gratis, brought them a century ahead in wealth and technology in just 20 years. We rebuilt germany and japan after we defeated them in wars, partially because we helped russia so much during that war and they became belligerent towards us just because they felt like it, they were jerks to us.. And so on. We've been the most generous to other people nation ever, all we ask is don't screw with us, and even then, we still get shafted. If anything we aren't nearly enough nationalistic and protectionist. We are now on the ropes economically from this misguided policy. It was stupid and pushed by a small number of ultrarich and traitorous globalist fatcats to make profits, that's it.

I'm all for having the US turn a little more turtle, stop exporting tech, throw the big smackdown on those wallstreet pirates, rebuild our own manufacturing, get 100% energy independent so we aren't exporting cash to nations that don't like us, stop all our lame corporate military expansion that has nothing to do with self defense and everything to do with, again, making wall street profits and stop supporting that racist and fascist loon little Mediterranean nation, and just be done with it.

  Get rid of harmful foreign entanglements, it always goes sour and turns into a big fat mess.

Re:historical revisionism

[clodney]

And yet, the actual facts say something different.

Rebuilding Germany and Japan was probably very much a realpolitik decision - the seeds of WWII were present in the terms imposed on Germany after WWI. Spending to rebuild those countries and avoid economic collapse was probably a very farsighted thing to do.

In terms of direct foreign aid on a per-capita basis, the USA ranks quite low: http://www.infoplease.com/ipa/A0930884.html

That may be true, but

That sounds like a derivation of the original story which was how the Russians got samples of the alloys the British were using in their early turbojet engines.

Re:Me sorry

Why not? They've already done that in our pet food & baby toys.

MOD PARENT UP

[BenEnglishAtHome]

Now, that's funny. Thanks. I needed a laugh this afternoon.

the thief always bewares of theft

do not buy US network equipment with a processor in it, or other complex hardware.

Nobody can proof that they did not include a trojan bootloader.

it sits and waits for a command what to report. The code of it hidden in hardware or dirty programming.

the command hidden in traffic from and to search-engines. ( wasnt there a hint that in Google backoffice DHS & NSA sits? )

And blackberry is well know of telephonmig home!

Also DIFF your BIOS

[mosel-saar-ruwer]

1) diff your HDD (hard and time consuming)

You also need to DIFF the BIOS on your motherboard.

And DIFF the microcode in your CPU.

And DIFF the EEPROM on all your PCI cards.

And on and on and on...

BONUS PROBLEM: Describe an algorithm which can be run within the confines of an operation system so as to determine whether the operating system is running directly on metal or is running within an emulation environment that is running directly on metal [or is running within an emulation environment that is running within an emulation environment that is running directly on metal, or...].

Re:Also DIFF your BIOS

[Imrik]

BONUS PROBLEM: Describe an algorithm which can be run within the confines of an operation system so as to determine whether the operating system is running directly on metal or is running within an emulation environment that is running directly on metal [or is running within an emulation environment that is running within an emulation environment that is running directly on metal, or...].

Display on screen: "Is this running in an emulation environment?"
Take yes/no input from user

The first question to ask...

[westlake]

is why you are carrying sensitive information across an international border?

"Traveling light" is good advice for anyone headed abroad.

But perhaps especially so for the geek whose more incendiary political rants, porn stash or internal corporate memos aren't as well secured as he thinks.

Best of all...

[syousef]

This, friends, is the real reason behind the famed Apple design of no user serviceable parts. Not to save weight, not to give Apple a few measly bucks for battery replacements but to prevent FOREIGN ESPIONAGE. Think about that that when you drop your Dell and 12 little plastic panels pop off.

Best of all you'll WANT to throw away your Apple device and buy a new one after just a few days of frustrating use. That is if it's not already scratched itself or cracked.

Re:wrong time bud

ur thinking of Russians pirating the first jet engines from the British, so the /soft sole story/ is a ripoff :)

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion