Slashdot Mirror
Feds Ask IT Execs To Throw Away Cellphones After Visiting China
sholto writes "US intelligence agencies are advising top US IT executives to weigh their laptops before and after visiting China as one of many precautions against corporate espionage. Symantec Chief Technology Officer Mark Bregman said he was also advised to buy a new cellphone for each visit and to throw it away after leaving. Bregman said he kept a separate MacBook Air for use in China, which he re-images on returning, but claimed he didn't subscribe to the strictest policies. 'Bregman said the US was also concerned about its companies employing Chinese coders, particularly in security.'"
how much does data weigh? I'm sure the 1's are heavier than the 0's....
Symantec Chief Technology Officer Mark Bregman [...] was advised to buy a new cellphone for each visit
Yes, heaven forbid China learns the secret of bloated antivirus software that ignores state-sponsored keyloggers.
Amnesty International
I'm sure glad that the laptops and cellphones in question weren't MADE in China in the first place...
Oh, wait..
This is a substitute for a clever sig that fits within the maximum number of characters.
The same outsources plants that produce the goods just do a second run at night to produce grey market versions. Microsoft found this out after finding perfect counterfeit copies of their software that were only distinguished by having serial numbers that were never activated in their database, the plants that were producing packaging and holograms for their official packing were making exact duplicates for the counterfeiters.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
How about using phones and notebooks manufactured in China? Is that ok or do we have to assume they are bugged-at-factory? Are the US starting to move their production lines back to home?
It's almost impossible to tell whether additional software has been installed unless you either 1) diff your HDD (hard and time consuming) or 2) weigh the laptop and see if any data has been added. The government is, for once, correct and providing helpful information.
More on this topic at this old Slashdot story.
The real story in the article should be "CTO of world's largest Windows security software company uses a mac."
I'm just curious. Isn't it a bit of a coincidence that this warning comes out when there is a growing trade dispute with China happening now? We have been using China as our factory an major offshoring partner for quite a few years and now there are warnings.
It's NOT me! It's the meds! I'm on 1000mg of Fukitol.
Here's the thing...
If EVERY laptop and cell phone phoned home to China to give away secrets, somebody is gonna notice. REAL quick.
They need to more selectively target folks if they want to actually be able to get away with hacking a machine to send them secret data.
It's not racial profiling, it's (current or previous) nationality profiling, you know, the information that's visible on your passport?
"..."
(The following discussion is based on real experiences and is not meant to profile people, but to state facts.)
This is really ridiculous. If the Chinese want to steal our technology, all they have to do is to contact several of the thousands of Chinese nationals who are working in the US until they find someone who needs money or other help for their family back in China.
One company I worked for had a Chinese national who was not allowed to work on part of a project because it was protected technology. The same person could have dropped the entire project onto their iPod and carried it out the door, but did not.
The ethics problem is represented by an experience I had while at an American research university. A Chinese faculty member met with the Chinese students in order to tell them in America, cheating and other ethical breaches are not considered a good way to get ahead. This suggested certain cultural differences which should not be used to discriminate, but need to be recognized because of the risks involved.
-Todd
Omne ignotum pro magnifico.
For all the barking of the agencies, it's obvious they haven't encountered the treatment I and my colleagues have encountered re-entering the US from abroad only to have laptops have the data examined, and that data be copied for "further analysis" or even the laptop confiscated for an undetermined amount of time. It's just a matter of time before other countries make the same advertisment about travel to the US.... What's the old saying (Kettle calling the Pot black).
It's not paranoia if they really are out to get you. And we have plenty of evidence that the Chinese really are. Actually, the intelligence agencies probably just forgot to say "because we're doing all this stuff to their top executives when they visit us".
The US border guards are just going to swipe the laptop and smart phones at customs anyway.
-Ours is the wisdom of Solomon, the magic of Merlyn, the fall of Icaris.
It's not all that surprising. British companies used to be advised not to talk business on the plane to France, because the French intelligence agencies were placing bugs in the headrests and giving sensitive information to French companies.
I am TheRaven on Soylent News
Remember the Cold War, when the Soviets were 10-foot-tall super soldiers who could read your mind and fart atomic infernos out of their asses? Everything was thought to be a commie conspiracy.
Is this happening again, but now we are instead fearing the Chinese?
I have a bad feeling about this...
If everyone who visits China buys a new cellphone and laptop for the trip...
Where were those cellphones and laptops likely manufactured? China...
China stands to make quite a profit from people doing this.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
It's pretty hard to bug something at manufacturing time, since you usually don't have a clue as to who it's being shipped to. It can be done, but odds are you'll end up bugging a lot of 19 year old teenage girls going off to college instead of corporate execs.
"Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
Maybe I'm taking this a little personally because I'm an IT guy. I dunno. But I do know I'd rather not work in IT for a large, tech-based company where the CTO is quoted publicly as saying: "I don't let my IT department near my laptop".
Anybody else have a WTF moment when they saw that? Or is it only me?
"Thing is, the Chinese have this whole "for the mother country" thing going on, so it's a sensible precaution."
And Americans don't? Americans practically invented RSI with all that damn flag waving they do, you sir are a racist.
Don't they have a right to know how their money is spent? ;)
Since in the US they'll take your phone and laptop, MP3 player and any other good stuff and demand to see your company documents if they think there's something nice in there.
PS the US has used Echelon to get Boeing a european contract by finding out the figure they had to bit under to get the contract.
This didn't require a cell phone either, so throwing away your cellphone isn't necessary there either.
So much nicer being spied on by the US government. You don't have to buy new kit all the time, just accept the espionage.
As a non-American citizen I feel the reverse holds true. When I enter the USA from Canada I should bring a seperate bare-bones, no thrills cell phone and an empty laptop. Because if the TSA decides that they want to snoop through my electronics there is no telling what information they are pulling out, government created spyware being installed, or some sort of magical chip that transmits everything I am doing back to them.
See, Conspiracy theories work both ways... No more fear mongering, okay? Lets play nice kids.
Pick your pocket while you're waking down the street, copy the contents across into a trojaned version, and then slip the replacement back into the victim's pocket. Or, if that's hard, tell them they dropped their phone and hand it back.
It's also a good idea to make sure you turn your phone on at the airport before you get on the plane to China. When a phone registers with a new cell, it passes on the ID of the last cell it was affiliated with (to allow routing tables to be updated). MI6 was wondering a few years ago how the Russians were able to spot their people so easily, until they realised that they were turning off their phones at the headquarters in London when they went in and then not turning them back on again until they stepped off the plane. As soon as they turned them back on, they broadcast a nice little message to the cell tower at the airport saying 'the last place I went to was very near the MI6 building' which was flagging them for extra surveillance.
I am TheRaven on Soylent News
Agreed. I was alluding to the fact that since execs outsource to China then China would already know many corporate secrets. Grey market goods often come from the same plants that make authentic goods.
UNIX/Linux Consulting
This is very good advice, as it would instantly catch the loss of weight if any data was stolen from the laptop. You hear of data theft all the time, and all it takes is something low-tech like a scale to detect it.
This is why the bugs are only activated when they detect an integer overflow error in any document called "personal finances.xls". With this method, they can be sure they're on an American executive's computer.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
This, friends, is the real reason behind the famed Apple design of no user serviceable parts. Not to save weight, not to give Apple a few measly bucks for battery replacements but to prevent FOREIGN ESPIONAGE. Think about that that when you drop your Dell and 12 little plastic panels pop off.
You Windows folks aught to be shot as spies.
Faster! Faster! Faster would be better!
I'm sure folks who share certain secrets with a partner in China who is doing their outsourced work already know that their is already a laptop in china 'all the time' with those secrets on them. No need to wait for a US exec to come over.
The point of this policy is to keep other secrets that haven't been shared, out of China and away from danger.
At the risk of being slightly OT, I'm thinking about several comments noting that these systems were made in China to begin with, so it got me thinking.
If a ridiculous set of circumstances arose where certain organizations banned the use of computers "made in China", is it possible to obtain/assemble a system that's "made in the USA"? Or "made in <NATO_member>"?
I'm just wondering if there's a way to source all the parts domestically and what it would cost. I'm guessing the answer is "impossible", but I'm curious if anyone knows about it.
You're falling into the same trap that got the electronic voting people. It is not at all obvious if an electronic device has a backdoor function. You can change the software to react to a complicated trigger sequence, or worse, you can change the hardware to do it. Unless you deconstruct the device to the point of rendering it unusable, there is no way to reliably detect "sleeper" functions. This is especially dangerous if the bug is in all devices and not just a few "interesting" ones, so that comparisons between devices don't show any deviation.
America has that same childish and ignorant "for mother country" thing going on as well
If we had international laws, policies, standards of living, etc. I'd agree with you. As we don't, I don't see a problem with wanting to take care of our own. International espionagers aren't going to share information--they only want to take it.
It's similar to the prisoner's dilemma. We'd probably all do better overall if we all worked together. China's not going to work with us, though, which means that if we just give them the technology, we're the suckers.
You say "sensible precaution", I say "blatant xenophobia/racism". The only reason people are worried about any of this to begin with is that America has that same childish and ignorant "for mother country" thing going on as well.
Plus the fact that China uses its technical workers for both industrial and political espionage quite frequently, and has been caught doing it several times.
It really disturbs me that in 2009 such hatred and bigotry is still the norm and is spouted, not only without consequence but to rave reviews and record ratings, on Fox News and right-wing pseudo-fascist radio programs. We need to realize that all of these boundaries we have set up are simply arbitrary, artificial constructs that have NOTHING to do with reality.
To quote the great poet Bill Hicks, "I hate patriotism! It's a round world the last time I checked."
The reason I distrust China is precisely BECAUSE they are too "patriotic"/nationalistic; they're even worse than the US I think in this regards, hell they're still mad over the OPIUM WARS. It has bred a very "us vs. them" mentality (obviously, some of it is understandable because of the country's history) that I think is a hell of a lot more dangerous to us and the world than the communism was.
Just as a side note, Hicks was kind of overrated.
It's not all that surprising. British companies used to be advised not to talk business on the plane to France, because the French intelligence agencies were placing bugs in the headrests and giving sensitive information to French companies.
And I'm quite sure that MI5 (or whoever) did/do spy on non-British companies to give British ones an advantage (or at least I hope so :P)
This is one of those examples of "war morality"; whereby "us doing X to them" is fine, but "them doing X to us" is completly unacceptable and a sign of cowardice and various other undesireable traits.
This is a substitute for a clever sig that fits within the maximum number of characters.
And that's the way it should be. "Society" shouldn't be the religion of the 21st century, punishing us for our success and demonizing us for our humanity, all the while demanding we tithe to a new God.
Self interest is why we're alive. It's why we have kids, it's why we fall in love, and it's why we go to work. Why isn't it good enough for a law-abiding, hard working citizen to live his or her life without the new original sin that is a "debt to society" for thier success? Maybe if everyone was more concerned about how they live *their* lives and less concerned with how their neighbors are living their's the world would be a better place.
I believe you are referring to citizens of the People's Republic of China which are not all of the same race. So to call it racial profiling is inaccurate. It would be more accurate to call it nationalism profiling. It is clear from the replies you have received so far that racist/nationalist bashing is en vogue so here goes my karma. There is no way to guarantee safety 100% of the time but to ignore the fact that a foreign government that, while not openly hostile, is known for its intense dislike of your countries policies would be derelict. So basically I agree with what I think you were trying to say but not what you said.
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
Knowing the math issues and stability in excel 2007, almost anyone could activate that...
Assassin's Mace, anyone?
While few people recognize it as such, China is waging war against the west. And, they are claiming victories every day, because we have trouble just spelling "asymmetric warfare". I wonder if that recto-cranial insertion so common in Washington and on Wall Street have anything to do with it?
I recognize that the Chinese government is "waging war" on the west in order to become the next century's superpower. This does not mean that we ought to resort to xenophobia and racism to "beat" them. That is completely back-asswards and will only serve to give them more ammunition against us.
To the haters: You can't win. If you mod me down, I shall become more powerful than you could possibly imagine
How are you going to detect a 15g to 100g logging circuit that's more than likely (if there was malicious espionage intent) designed to fit or mount into current hardware and not be detected on a scale that's accurate down to 0.5 pounds.
Here's a long shot... how about using a postal scale that's accurate down to a gramme? Do you think there might be one in the mailroom?
To be fair China is still a Command economy that let's "Capitalism" play because it's a useful way to get people to work harder.. they are a long way from the idea of "Free Markets". This is where it's not a "round" world.. The Chinese government has their eye on the 50 year game and is more than willing to tie up all of a natural resource... and throw people in jail when the "free market" price goes up.
While the US punishes "intervention" by state banks in places like Japan and Korea for making sure their chip makers don't go under, China is stacking the deck on a NATIONAL level for resources... setting prices that corporations are allowed to SELL to China for.. and nobody is really stopping them. Just last week China "decided" they weren't going to be exporting any more rare earth metals (needed for high power magnets in electronics) They just issued a directive it wasn't allowed to be exported anymore....for any price. Back in 2007 one of the things that knocked US auto makers on their butts was China using scrap US steel instead of imported ore. It nearly doubled the price of scrap here (ironically bought with trade surplus dollars no less!) and made it even harder to complete with Asian companies... it was the straw that caused a good deal of the auto maker meltdown earlier this year. China manipulates their currency by not allowing dollars to be converted into Chinese money except for specific state-sponsored investments, and they don't allow US companies to take their Chinese profits OUT of the country either. It sets up a situation where they pile up money in US banks to buy US resources... but US companies can't pull their capital profits OUT of China...
China is playing the long game, highly protectionist and stacking the deck with our own money and resources against us. It's economic "war" played at the highest level and the US government has no grasp that the "invisible hand' won't save them.
No - you, sir, have no clue about Americans. Americans are in it for themselves, bar none. Any social interest arising from an American economic activity is merely an unintended side-effect of a self interest the executor couldn't turn into profit.
aptly said by those who renamed "french fries" to "freedom fries"
Seriously, this is silly, because TFA is talking about re-imaging laptops before/after. That would imply malware/spyware being surreptitiously installed, but that won't change the weight directly.
Re-imaging the laptop if a hardware keylogger has been installed wouldn't have any effect either (but could possibly be detected by weighing).
So you're saying that weighing is silly because it won't protect against software keyloggers (would need to re-image), and re-imaging is silly because it won't protect against hardware keyloggers (would need to weigh to do that). Your conclusion is then that one should do neither (rather than the very obvious both)? Really?
Yeah, I don't wear a belt because suspenders are fully adequate, and I don't wear suspenders because a belt is good enough. Yet for some reason, my pants keep falling down. :)
You go on to point out that there are other attacks which can't be prevented or detected by weighing or re-imaging, which is a very valid point, but does that really mean one shouldn't bother doing anything at all? If you can't have perfection, just give up and kill yourself? If someone with the power and sway of the Chinese (or US) government really wants to get you, chances are they probably can, but if they're just looking for targets of opportunity that may prove useful, making yourself less of a target is probably a very good idea!
Any link that supports your claims?
-> http://mobile.slashdot.org/mobile/08/07/20/0745236.shtml
But I was relying more on personal experience then what the internet says.
:(