Slashdot Mirror
Feds Ask IT Execs To Throw Away Cellphones After Visiting China
sholto writes "US intelligence agencies are advising top US IT executives to weigh their laptops before and after visiting China as one of many precautions against corporate espionage. Symantec Chief Technology Officer Mark Bregman said he was also advised to buy a new cellphone for each visit and to throw it away after leaving. Bregman said he kept a separate MacBook Air for use in China, which he re-images on returning, but claimed he didn't subscribe to the strictest policies. 'Bregman said the US was also concerned about its companies employing Chinese coders, particularly in security.'"
The same outsources plants that produce the goods just do a second run at night to produce grey market versions. Microsoft found this out after finding perfect counterfeit copies of their software that were only distinguished by having serial numbers that were never activated in their database, the plants that were producing packaging and holograms for their official packing were making exact duplicates for the counterfeiters.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
How about using phones and notebooks manufactured in China? Is that ok or do we have to assume they are bugged-at-factory? Are the US starting to move their production lines back to home?
It's almost impossible to tell whether additional software has been installed unless you either 1) diff your HDD (hard and time consuming) or 2) weigh the laptop and see if any data has been added. The government is, for once, correct and providing helpful information.
More on this topic at this old Slashdot story.
Also that he doesn't let his IT department near his laptop. Thats a level of distrust that, as an IT guy, drives me absolutely bonkers.
I'm just curious. Isn't it a bit of a coincidence that this warning comes out when there is a growing trade dispute with China happening now? We have been using China as our factory an major offshoring partner for quite a few years and now there are warnings.
It's NOT me! It's the meds! I'm on 1000mg of Fukitol.
(The following discussion is based on real experiences and is not meant to profile people, but to state facts.)
This is really ridiculous. If the Chinese want to steal our technology, all they have to do is to contact several of the thousands of Chinese nationals who are working in the US until they find someone who needs money or other help for their family back in China.
One company I worked for had a Chinese national who was not allowed to work on part of a project because it was protected technology. The same person could have dropped the entire project onto their iPod and carried it out the door, but did not.
The ethics problem is represented by an experience I had while at an American research university. A Chinese faculty member met with the Chinese students in order to tell them in America, cheating and other ethical breaches are not considered a good way to get ahead. This suggested certain cultural differences which should not be used to discriminate, but need to be recognized because of the risks involved.
-Todd
Omne ignotum pro magnifico.
It's not all that surprising. British companies used to be advised not to talk business on the plane to France, because the French intelligence agencies were placing bugs in the headrests and giving sensitive information to French companies.
I am TheRaven on Soylent News
Since in the US they'll take your phone and laptop, MP3 player and any other good stuff and demand to see your company documents if they think there's something nice in there.
PS the US has used Echelon to get Boeing a european contract by finding out the figure they had to bit under to get the contract.
This didn't require a cell phone either, so throwing away your cellphone isn't necessary there either.
So much nicer being spied on by the US government. You don't have to buy new kit all the time, just accept the espionage.
No - you, sir, have no clue about Americans. Americans are in it for themselves, bar none. Any social interest arising from an American economic activity is merely an unintended side-effect of a self interest the executor couldn't turn into profit.
Yes racial profiling. Thing is, the Chinese have this whole "for the mother country" thing going on, so it's a sensible precaution.
You say "sensible precaution", I say "blatant xenophobia/racism". The only reason people are worried about any of this to begin with is that America has that same childish and ignorant "for mother country" thing going on as well. It really disturbs me that in 2009 such hatred and bigotry is still the norm and is spouted, not only without consequence but to rave reviews and record ratings, on Fox News and right-wing pseudo-fascist radio programs. We need to realize that all of these boundaries we have set up are simply arbitrary, artificial constructs that have NOTHING to do with reality. To quote the great poet Bill Hicks, "I hate patriotism! It's a round world the last time I checked."
To the haters: You can't win. If you mod me down, I shall become more powerful than you could possibly imagine
Do you think it would go undetected for long if thousands of cellphones and laptops made in China, Korea or wherever had a hardware sneak-chip installed?
For the sake of argument, yes. It would be entirely feasible for EVERY unit of a certain (or any) product to have a 'sneak chip' installed, it could very easily be 'baked in' to the IC designs used. :( ) that an attack has been demonstrated using this exact method, whereby a certain bit pattern on a certain bus triggered malicious behaviour.
I believe (meaning I don't have a link to evidence
There was also a real case in the UK whereby chip-and-pin credit card readers (used in retailer's POS setup) had a 'sneak chip' built in at the factory by unscrupulous agents. (I am aware that this both supports the 'it could happen' and the 'it would be detected quickly' arguments.)
Just to be clear, I'm not expressing any Anti or Pro Chinese sentiment here, but it seems somewhat ironic to be concerned about what "The Chinese" might do to compromise one's hardware, when that same hardware was designed and manufactured by "The Chinese" in the first place!
This is a substitute for a clever sig that fits within the maximum number of characters.
At the risk of being slightly OT, I'm thinking about several comments noting that these systems were made in China to begin with, so it got me thinking.
If a ridiculous set of circumstances arose where certain organizations banned the use of computers "made in China", is it possible to obtain/assemble a system that's "made in the USA"? Or "made in <NATO_member>"?
I'm just wondering if there's a way to source all the parts domestically and what it would cost. I'm guessing the answer is "impossible", but I'm curious if anyone knows about it.
how much does data weigh? I'm sure the 1's are heavier than the 0's....
In the punchcard / papertape era, it was obviously the other way around, 0s are heavier, 1s (punched out) are lighter.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
In a word? YES.
It would require actual competence to detect a piece of hardware that essentially did nothing until activated and simply sat on a motherboard. Do you know if there are extremely detailed inspections done on every piece of circuitry brought into country X from country Y? I know for a fact that in a certain very large defense company I worked for lots of "surprises" were found on a regular basis. Typically things like parts that were different from the specs, insects, and on occasion completely incorrect assemblies.
The funny part was these nearly all made it past QA and into the finished products, only to be discovered when something failed.
So based on that, I'd say that *if* someone were choosing to do something like this, it would be fairly easy to sneak it past the level of moron that would typically be doing these inspections.
Tinfoil hats aside - the real trick is getting the data back off again. It's trivial to convince a cell phone (for example) to record conversations while appearing off. The trick is to get to the data without anyone noticing, while you're in a foreign (possibly hostile) nation. I'd think someone would notice if a cell phone was constantly 'phoning home'.
Doing this with a laptop would also be trivial, but I would hope that the firewall filter would catch outbound connections to unusual sites?
An operating system should be like a light switch... simple, effective, easy to use, and designed for everyone.
Data may be weightless, but how about hardware key logging devices?
That reminds me of a Cold War story I heard once upon a time. The CIA worked with a Xerox technician to secretly install a camera inside the machine(s) at the Soviet embassy. They got away with it for a long time because those old machines were so complicated that only a handful of people knew how they really worked.
This is just the modern day equivalent. If your hardware is out of your sight even for a few moments it should be treated as though it was compromised. If it's worked on by someone that you don't trust implicitly then it should be treated as though it was compromised.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
I believe you are referring to citizens of the People's Republic of China which are not all of the same race. So to call it racial profiling is inaccurate. It would be more accurate to call it nationalism profiling. It is clear from the replies you have received so far that racist/nationalist bashing is en vogue so here goes my karma. There is no way to guarantee safety 100% of the time but to ignore the fact that a foreign government that, while not openly hostile, is known for its intense dislike of your countries policies would be derelict. So basically I agree with what I think you were trying to say but not what you said.
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
To be fair China is still a Command economy that let's "Capitalism" play because it's a useful way to get people to work harder.. they are a long way from the idea of "Free Markets". This is where it's not a "round" world.. The Chinese government has their eye on the 50 year game and is more than willing to tie up all of a natural resource... and throw people in jail when the "free market" price goes up.
While the US punishes "intervention" by state banks in places like Japan and Korea for making sure their chip makers don't go under, China is stacking the deck on a NATIONAL level for resources... setting prices that corporations are allowed to SELL to China for.. and nobody is really stopping them. Just last week China "decided" they weren't going to be exporting any more rare earth metals (needed for high power magnets in electronics) They just issued a directive it wasn't allowed to be exported anymore....for any price. Back in 2007 one of the things that knocked US auto makers on their butts was China using scrap US steel instead of imported ore. It nearly doubled the price of scrap here (ironically bought with trade surplus dollars no less!) and made it even harder to complete with Asian companies... it was the straw that caused a good deal of the auto maker meltdown earlier this year. China manipulates their currency by not allowing dollars to be converted into Chinese money except for specific state-sponsored investments, and they don't allow US companies to take their Chinese profits OUT of the country either. It sets up a situation where they pile up money in US banks to buy US resources... but US companies can't pull their capital profits OUT of China...
China is playing the long game, highly protectionist and stacking the deck with our own money and resources against us. It's economic "war" played at the highest level and the US government has no grasp that the "invisible hand' won't save them.
An airplane builder had its proprietary metal reverse engineered by asian companies. They did a great job with security, so couldn't figure out how the metals got sampled. People can't just go scrape parts off a military airplane, especially when it's not built yet.
They gave tours and you couldn't take pictures, but you could see planes being built.
Turns out asians were using very soft-soled shoes. So while looking up and pointing, they pressed their feet down on metal filings, and when they drove away they had samples in their shoes, to be analyzed later.
Sneaky bastards work in corporate espionage.
Indeed. For us - we're an EU company - it is official company policy to take only empty PCs across the US border (in either direction).
Linux user since early January 1992.
It is. There was a story a few months ago about the Department of Defense using router hardware sent to them with onboard hacks.
I swear to God...I swear to God! That is NOT how you treat your human!
I submitted a story here about a year or so ago about Maxtor hard drives with compromised firmware that were made in China. It never got picked up. Go figure.
1. install phoning home hardware on all devices
2. disable them by default
3. enable them with some radiation or other mean (just like erasing an EPROM with utraviolet light)
4. wait for key people to arrive under your control so you know their devices. turn on homming components.
5. ???
6. profit!
Holy shit, I had no idea that you could look up old newspapers on Google. Thanks a bunch man.
Also, George Will is one badass motherfucker. Almost as badass as Paul Mulshine.
Random Thoughts From A Diseased Mind (Not For Dummies)
There was also a story about them using lenovo computers on CIA networks to get data (it was all unclassified) thats what started the fear about the routers and what not, so they started looking and thats what they found