Slashdot Mirror

← Back to Stories (view on slashdot.org)

Feds Ask IT Execs To Throw Away Cellphones After Visiting China

Posted by Soulskill on from the guilty-of-aberrant-longitude dept.

sholto writes "US intelligence agencies are advising top US IT executives to weigh their laptops before and after visiting China as one of many precautions against corporate espionage. Symantec Chief Technology Officer Mark Bregman said he was also advised to buy a new cellphone for each visit and to throw it away after leaving. Bregman said he kept a separate MacBook Air for use in China, which he re-images on returning, but claimed he didn't subscribe to the strictest policies. 'Bregman said the US was also concerned about its companies employing Chinese coders, particularly in security.'"

47 of 382 comments (clear)

  1. huh by JeanBaptiste · · Score: 4, Funny

    how much does data weigh? I'm sure the 1's are heavier than the 0's....

    1. Re:huh by thefear · · Score: 5, Insightful

      Data may be weightless, but how about hardware key logging devices?

      --
      :(
    2. Re:huh by JeanBaptiste · · Score: 5, Funny

      Yeah, but only the 1's contain data. The 0's are empty.

    3. Re:huh by Chrisq · · Score: 4, Funny

      If you two keep arguing about 1s and 0s my monitor will fall through the desk. Type some spaces quick.

    4. Re:huh by gardyloo · · Score: 4, Funny

      Filter error: Please use less whitespace.

          Sorry, man. You'll just have to buy a stronger desk.

    5. Re:huh by vlm · · Score: 5, Interesting

      how much does data weigh? I'm sure the 1's are heavier than the 0's....

      In the punchcard / papertape era, it was obviously the other way around, 0s are heavier, 1s (punched out) are lighter.

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    6. Re:huh by Shakrai · · Score: 4, Interesting

      Data may be weightless, but how about hardware key logging devices?

      That reminds me of a Cold War story I heard once upon a time. The CIA worked with a Xerox technician to secretly install a camera inside the machine(s) at the Soviet embassy. They got away with it for a long time because those old machines were so complicated that only a handful of people knew how they really worked.

      This is just the modern day equivalent. If your hardware is out of your sight even for a few moments it should be treated as though it was compromised. If it's worked on by someone that you don't trust implicitly then it should be treated as though it was compromised.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    7. Re:huh by supernova_hq · · Score: 4, Funny

      Hey cool, the hotel fixed all the scatches in my cellphone while I was having a shower. This calls for a BIG tip to housecleaning!

    8. Re:huh by Eevee · · Score: 4, Funny

      They knew the camera was there, but they were too overcome with joy that the copier wasn't constantly broken to care.

    9. Re:huh by b4dc0d3r · · Score: 5, Interesting

      An airplane builder had its proprietary metal reverse engineered by asian companies. They did a great job with security, so couldn't figure out how the metals got sampled. People can't just go scrape parts off a military airplane, especially when it's not built yet.

      They gave tours and you couldn't take pictures, but you could see planes being built.

      Turns out asians were using very soft-soled shoes. So while looking up and pointing, they pressed their feet down on metal filings, and when they drove away they had samples in their shoes, to be analyzed later.

      Sneaky bastards work in corporate espionage.

    10. Re:huh by buswolley · · Score: 5, Insightful

      I understand the concern but...all our computers are made in China anyway. How dow e know if the Hardware isn't betraying us already?

      --

      A Good Troll is better than a Bad Human.

    11. Re:huh by Darth+Cider · · Score: 5, Informative

      No, the Soviets did that. Here's an old George Will column relating the tale. The subject of the column is Soviet industrial espionage.

    12. Re:huh by GodfatherofSoul · · Score: 5, Interesting

      It is. There was a story a few months ago about the Department of Defense using router hardware sent to them with onboard hacks.

      --
      I swear to God...I swear to God! That is NOT how you treat your human!
    13. Re:huh by LanMan04 · · Score: 4, Informative

      Yes, bugged/compromised hardware coming out of China is most definitely a concern.

      TRUST ME, people in high places in the Fed Gov look into this stuff on a regular basis.

      --
      With the first link, the chain is forged.
  2. Industrial espionage? by jmpeax · · Score: 5, Funny

    Symantec Chief Technology Officer Mark Bregman [...] was advised to buy a new cellphone for each visit

    Yes, heaven forbid China learns the secret of bloated antivirus software that ignores state-sponsored keyloggers.

    --
    Amnesty International
    1. Re:Industrial espionage? by mrdoogee · · Score: 4, Funny

      What a coincidence! I advise people to buy new software after every Symantec install!

  3. Manufacture by fridaynightsmoke · · Score: 5, Funny

    I'm sure glad that the laptops and cellphones in question weren't MADE in China in the first place...
    Oh, wait..

    --
    This is a substitute for a clever sig that fits within the maximum number of characters.
    1. Re:Manufacture by WinterSolstice · · Score: 5, Interesting

      In a word? YES.
      It would require actual competence to detect a piece of hardware that essentially did nothing until activated and simply sat on a motherboard. Do you know if there are extremely detailed inspections done on every piece of circuitry brought into country X from country Y? I know for a fact that in a certain very large defense company I worked for lots of "surprises" were found on a regular basis. Typically things like parts that were different from the specs, insects, and on occasion completely incorrect assemblies.

      The funny part was these nearly all made it past QA and into the finished products, only to be discovered when something failed.

      So based on that, I'd say that *if* someone were choosing to do something like this, it would be fairly easy to sneak it past the level of moron that would typically be doing these inspections.

      Tinfoil hats aside - the real trick is getting the data back off again. It's trivial to convince a cell phone (for example) to record conversations while appearing off. The trick is to get to the data without anyone noticing, while you're in a foreign (possibly hostile) nation. I'd think someone would notice if a cell phone was constantly 'phoning home'.

      Doing this with a laptop would also be trivial, but I would hope that the firewall filter would catch outbound connections to unusual sites?

      --
      An operating system should be like a light switch... simple, effective, easy to use, and designed for everyone.
  4. Worthless by afidel · · Score: 4, Interesting

    The same outsources plants that produce the goods just do a second run at night to produce grey market versions. Microsoft found this out after finding perfect counterfeit copies of their software that were only distinguished by having serial numbers that were never activated in their database, the plants that were producing packaging and holograms for their official packing were making exact duplicates for the counterfeiters.

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  5. PCs and phones *are* made in China by pmontra · · Score: 5, Interesting

    How about using phones and notebooks manufactured in China? Is that ok or do we have to assume they are bugged-at-factory? Are the US starting to move their production lines back to home?

    1. Re:PCs and phones *are* made in China by Yvanhoe · · Score: 5, Insightful

      I read the article, and I stopped when it became clear that this information comes from Symantec. Your favorite over-paranoid, FUD-spreading company.

      --
      The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
    2. Re:PCs and phones *are* made in China by TheRaven64 · · Score: 4, Interesting

      The NSA has already expressed concerns over this. I don't know if this ever got turned into policy, but there are still chip fabs in the USA and Europe and I think Dell still makes PCs in Texas, so it is possible that government contracts require US-made computers containing US-made components. Of course, it only takes one compromised component to compromise the whole system...

      --
      I am TheRaven on Soylent News
    3. Re:PCs and phones *are* made in China by Cro+Magnon · · Score: 4, Insightful

      I'm sure it IS a good idea to throw away any cellphone or laptop that has any Symantec product installed.

      --
      Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
  6. The real story by Ukab+the+Great · · Score: 5, Funny

    The real story in the article should be "CTO of world's largest Windows security software company uses a mac."

    1. Re:The real story by mbone · · Score: 4, Insightful

      Sounds sensible to me.

  7. Re:Horse, close the barn door! by LurkerXXX · · Score: 4, Insightful

    Here's the thing...

    If EVERY laptop and cell phone phoned home to China to give away secrets, somebody is gonna notice. REAL quick.

    They need to more selectively target folks if they want to actually be able to get away with hacking a machine to send them secret data.

  8. Re:Chinese Coders? by bheekling · · Score: 5, Insightful

    It's not racial profiling, it's (current or previous) nationality profiling, you know, the information that's visible on your passport?

    --
    "..."
  9. What about Chinese nationals? by bezenek · · Score: 4, Interesting

    (The following discussion is based on real experiences and is not meant to profile people, but to state facts.)

    This is really ridiculous. If the Chinese want to steal our technology, all they have to do is to contact several of the thousands of Chinese nationals who are working in the US until they find someone who needs money or other help for their family back in China.

    One company I worked for had a Chinese national who was not allowed to work on part of a project because it was protected technology. The same person could have dropped the entire project onto their iPod and carried it out the door, but did not.

    The ethics problem is represented by an experience I had while at an American research university. A Chinese faculty member met with the Chinese students in order to tell them in America, cheating and other ethical breaches are not considered a good way to get ahead. This suggested certain cultural differences which should not be used to discriminate, but need to be recognized because of the risks involved.

    -Todd

    --
    Omne ignotum pro magnifico.
    1. Re:What about Chinese nationals? by Chrisq · · Score: 4, Insightful

      ... all they have to do is to contact several of the thousands of Chinese nationals ...

      History shows that approaching US Nationals with enough money can also have the desired affect.

    2. Re:What about Chinese nationals? by xplenumx · · Score: 4, Informative

      The ethics problem is represented by an experience I had while at an American research university. A Chinese faculty member met with the Chinese students in order to tell them in America, cheating and other ethical breaches are not considered a good way to get ahead. This suggested certain cultural differences which should not be used to discriminate, but need to be recognized because of the risks involved.

      While I certaily wasn't at that talk (and I suspect that neither were you), I'm willing to bet that you don't completely understand what the talk was about. I'm on the faculty of a top tier reserch insitution conducting immunological research - I've had several Chinese graduate students, have sat on the international admissions committee, and have given the talk that you describe to our new Chinese students. The problem isn't one of ethics, but one of culture. The Chinese don't regard plagiarism the same way we do - in fact, the educational system encourages it in a way as it is an honor, of sorts, to 'plagiarize' your mentor. Additionally, a lot of these students don't have confidence in their english, so whey they write they occassionally take an idea from another article and copy it verbatim thinking "that's exactly what I was thinking, and I don't have to worry about incorrect english" - in most cases, there is not an intention of deceit. The Chinese certainly have their issues (admitting mistakes and nationalism), but I wouldn't call them unethical.

  10. OTOH, DHS Might eliminate the issue as well.... by atlmatt36 · · Score: 5, Informative

    For all the barking of the agencies, it's obvious they haven't encountered the treatment I and my colleagues have encountered re-entering the US from abroad only to have laptops have the data examined, and that data be copied for "further analysis" or even the laptop confiscated for an undetermined amount of time. It's just a matter of time before other countries make the same advertisment about travel to the US.... What's the old saying (Kettle calling the Pot black).

  11. Re:One word... by PhilHibbs · · Score: 5, Insightful

    It's not paranoia if they really are out to get you. And we have plenty of evidence that the Chinese really are. Actually, the intelligence agencies probably just forgot to say "because we're doing all this stuff to their top executives when they visit us".

  12. This Sounds Familiar by Logical+Zebra · · Score: 4, Insightful

    Remember the Cold War, when the Soviets were 10-foot-tall super soldiers who could read your mind and fart atomic infernos out of their asses? Everything was thought to be a commie conspiracy.
    Is this happening again, but now we are instead fearing the Chinese?

    --
    I have a bad feeling about this...
  13. Such respect for IT! by BenEnglishAtHome · · Score: 4, Insightful

    Maybe I'm taking this a little personally because I'm an IT guy. I dunno. But I do know I'd rather not work in IT for a large, tech-based company where the CTO is quoted publicly as saying: "I don't let my IT department near my laptop".

    Anybody else have a WTF moment when they saw that? Or is it only me?

    1. Re:Such respect for IT! by mc+moss · · Score: 5, Insightful

      Maybe he just has sensitive material about his company on the laptop. I've seen people in management who don't let anyone in the company, even IT, look at their laptops and it isn't because they think the IT department is incompetent or have no respect for them.

  14. Re:One word... by ryanov · · Score: 5, Funny

    Don't they have a right to know how their money is spent? ;)

  15. Not a problem in the US! by Anonymous Coward · · Score: 4, Interesting

    Since in the US they'll take your phone and laptop, MP3 player and any other good stuff and demand to see your company documents if they think there's something nice in there.

    PS the US has used Echelon to get Boeing a european contract by finding out the figure they had to bit under to get the contract.

    This didn't require a cell phone either, so throwing away your cellphone isn't necessary there either.

    So much nicer being spied on by the US government. You don't have to buy new kit all the time, just accept the espionage.

  16. The reverse holds true by ironicsky · · Score: 5, Insightful

    As a non-American citizen I feel the reverse holds true. When I enter the USA from Canada I should bring a seperate bare-bones, no thrills cell phone and an empty laptop. Because if the TSA decides that they want to snoop through my electronics there is no telling what information they are pulling out, government created spyware being installed, or some sort of magical chip that transmits everything I am doing back to them.

    See, Conspiracy theories work both ways... No more fear mongering, okay? Lets play nice kids.

    1. Re:The reverse holds true by dissy · · Score: 4, Informative

      As a non-American citizen I feel the reverse holds true. When I enter the USA from Canada I should bring a seperate bare-bones, no thrills cell phone and an empty laptop. Because if the TSA decides that they want to snoop through my electronics there is no telling what information they are pulling out, government created spyware being installed, or some sort of magical chip that transmits everything I am doing back to them.

      See, Conspiracy theories work both ways...

      I know you said all that in jest, but you are more right than you suspect. And the situation with DHS and the TSA is very close to that (Other than installing hardware.. though the law does explicitly allow them to, even if they don't do it now)

      That isn't a conspiracy or paranoia, its a well proven fact.

  17. Re:Good luck with that. by Anonymous Coward · · Score: 5, Funny

    ...odds are you'll end up bugging a lot of 19 year old teenage girls going off to college instead of corporate execs.

    Either way, you win.

  18. Re:They must be that good. by TheRaven64 · · Score: 4, Informative

    Pick your pocket while you're waking down the street, copy the contents across into a trojaned version, and then slip the replacement back into the victim's pocket. Or, if that's hard, tell them they dropped their phone and hand it back.

    It's also a good idea to make sure you turn your phone on at the airport before you get on the plane to China. When a phone registers with a new cell, it passes on the ID of the last cell it was affiliated with (to allow routing tables to be updated). MI6 was wondering a few years ago how the Russians were able to spot their people so easily, until they realised that they were turning off their phones at the headquarters in London when they went in and then not turning them back on again until they stepped off the plane. As soon as they turned them back on, they broadcast a nice little message to the cell tower at the airport saying 'the last place I went to was very near the MI6 building' which was flagging them for extra surveillance.

    --
    I am TheRaven on Soylent News
  19. Re:Horse, close the barn door! by Lord+Ender · · Score: 5, Funny

    This is why the bugs are only activated when they detect an integer overflow error in any document called "personal finances.xls". With this method, they can be sure they're on an American executive's computer.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
  20. Re:Horse, close the barn door! by ColdWetDog · · Score: 5, Funny

    15-25? Try 5. On many laptops you could get to a good access point right under the easily-removable keyboard.

    This, friends, is the real reason behind the famed Apple design of no user serviceable parts. Not to save weight, not to give Apple a few measly bucks for battery replacements but to prevent FOREIGN ESPIONAGE. Think about that that when you drop your Dell and 12 little plastic panels pop off.

    You Windows folks aught to be shot as spies.

    --
    Faster! Faster! Faster would be better!
  21. Re:Horse, close the barn door! by Anonymous Coward · · Score: 4, Insightful

    You're falling into the same trap that got the electronic voting people. It is not at all obvious if an electronic device has a backdoor function. You can change the software to react to a complicated trigger sequence, or worse, you can change the hardware to do it. Unless you deconstruct the device to the point of rendering it unusable, there is no way to reliably detect "sleeper" functions. This is especially dangerous if the bug is in all devices and not just a few "interesting" ones, so that comparisons between devices don't show any deviation.

  22. Re:Chinese Coders? by Sancho · · Score: 4, Insightful

    America has that same childish and ignorant "for mother country" thing going on as well

    If we had international laws, policies, standards of living, etc. I'd agree with you. As we don't, I don't see a problem with wanting to take care of our own. International espionagers aren't going to share information--they only want to take it.

    It's similar to the prisoner's dilemma. We'd probably all do better overall if we all worked together. China's not going to work with us, though, which means that if we just give them the technology, we're the suckers.

  23. Re:Good luck with that. by snspdaarf · · Score: 4, Funny

    ...odds are you'll end up bugging a lot of 19 year old teenage girls going off to college instead of corporate execs.

    Either way, you win.

    Until the restraining order kicks in.

    --
    Why, without your clothes, you're naked, Miss Dudley!
  24. Re:Chinese Coders? by mabhatter654 · · Score: 5, Interesting

    To be fair China is still a Command economy that let's "Capitalism" play because it's a useful way to get people to work harder.. they are a long way from the idea of "Free Markets". This is where it's not a "round" world.. The Chinese government has their eye on the 50 year game and is more than willing to tie up all of a natural resource... and throw people in jail when the "free market" price goes up.

    While the US punishes "intervention" by state banks in places like Japan and Korea for making sure their chip makers don't go under, China is stacking the deck on a NATIONAL level for resources... setting prices that corporations are allowed to SELL to China for.. and nobody is really stopping them. Just last week China "decided" they weren't going to be exporting any more rare earth metals (needed for high power magnets in electronics) They just issued a directive it wasn't allowed to be exported anymore....for any price. Back in 2007 one of the things that knocked US auto makers on their butts was China using scrap US steel instead of imported ore. It nearly doubled the price of scrap here (ironically bought with trade surplus dollars no less!) and made it even harder to complete with Asian companies... it was the straw that caused a good deal of the auto maker meltdown earlier this year. China manipulates their currency by not allowing dollars to be converted into Chinese money except for specific state-sponsored investments, and they don't allow US companies to take their Chinese profits OUT of the country either. It sets up a situation where they pile up money in US banks to buy US resources... but US companies can't pull their capital profits OUT of China...

    China is playing the long game, highly protectionist and stacking the deck with our own money and resources against us. It's economic "war" played at the highest level and the US government has no grasp that the "invisible hand' won't save them.