Slashdot Mirror

← Back to Stories (view on slashdot.org)

Best Practice: Travel Light To China

Posted by timothy on from the micro-sd-in-dental-work dept.

Hugh Pickens writes "What may once have sounded like the behavior of a raving paranoid is now considered standard operating procedure for officials at American government agencies, research groups and companies as the NY Times reports how businesses sending representatives to China give them a loaner laptop and cellphone that they wipe clean before they leave and wipe again when they return. 'If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated,' says Joel F. Brenner, formerly the top counterintelligence official in the office of the director of national intelligence. The scope of the problem is illustrated by an incident at the United States Chamber of Commerce in 2010 when the chamber learned that servers in China were stealing information from four of its Asia policy experts who frequently visited China. After their trips, even the office printer and a thermostat in one of the chamber's corporate offices were communicating with an internet address in China. The chamber did not disclose how hackers had infiltrated its systems, but its first step after the attack was to bar employees from taking devices with them 'to certain countries,' notably China. 'Everybody knows that if you are doing business in China, in the 21st century, you don't bring anything with you,' says Jacob Olcott, a cybersecurity expert at Good Harbor Consulting. 'That's "Business 101" — at least it should be.'"

24 of 334 comments (clear)

  1. I wonder... by Anonymous Coward · · Score: 5, Insightful

    ...if people traveling from Russia or China to here are told the same thing?

    1. Re:I wonder... by mbone · · Score: 5, Insightful

      I deal with Chinese companies on a regular basis, and can assure you that they are innovating like mad. China is following the same classic development arc, which goes something like copy, steal, make, innovate, that the Japanese did ~ 50 years ago.

    2. Re:I wonder... by mbone · · Score: 5, Informative

      Keep in mind that China has a recorded history of what, something between 11,000 and 17,000 years?

      Say what ? The Qin Shi Huang Emperor "buried the scholars and burned the books" in 213 BCE so the history of anything much before his reign is exceedingly fragmentary. The oldest extant Chinese writings are the Oracle "bones", which date from no earlier than 1500 BCE. Even Sima Qian started his history with the Yellow Emperor (~ 2600 BC), the first ruler he considered as probably historical.

      So, two thousand years ? Yes. Three, four thousand ? Maybe. Ten thousand ? No way.

  2. A good start by gtvr · · Score: 5, Insightful

    Good to see companies waking up to a very obvious threat. Next will be if they can figure out that sharing IP for a little bit of extra market share over there is NOT a good long term investment.

  3. Why not an article "Travel Light to US"? by stm2 · · Score: 5, Insightful

    Since your laptop can be confiscated legally at the border.

    --
    DNA in your Linux: DNALinux
    1. Re:Why not an article "Travel Light to US"? by N1AK · · Score: 5, Insightful

      I have no intention of defending the USA's often excessive intrusions; however, as with many other issues, trying to make out that they are operating on the same level as China is misleading and counter-productive. Unless you actually have, or can provide links to a credible source showing, evidence that the US is routinely compromising the electronic devices of a vast number of foriegn visitors then you're just spreading FUD.

    2. Re:Why not an article "Travel Light to US"? by jellomizer · · Score: 5, Interesting

      Or anywhere in the world.
      General rule of thumb when traveling is to always travel light and poor. The more valuable things you bring with you the more liability that you are lugging around, which may be stolen, confiscated, or make you prime bate to be kidnapped.
      Sure you may be street smart enough in your area to see the difference between a criminal and an honest folk, but in a different culture you are green all over again, and prime bate. Even if you are going across the US. In the country and need assistance often you can get help from those guys walking down the street with large riffles in hand (as they are probably just hunting) for those who live in the country these people are not threatening they are just out having a good time. In the City you should avoid the guy walking down the street with a riffle.
      Or up in the Northeast, People usually go straight to business with less pleasantries, down south there is more talk and gentlemen behavior. For a Northern folk if someone comes up to you and starts talking all friendly like, you get warning bells that this guys is trying to distract you. If down south someone gets straight to business this guy is just being rude and hiding information so you shouldn't trust him.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    3. Re:Why not an article "Travel Light to US"? by GameboyRMH · · Score: 4, Interesting

      Yep this is a point on which it is fair to say that America is no better.

      The only safe way to take devices there is to wipe your devices clean (an uncertain and damaging act on flash storage) and carry a hard drive with a deniable hidden encrypted partition (including duress key to unlock a decoy partition) containing backups of the devices. Or store the backup online (connecting with an anti-MITM system and using proper encryption of course, that means ONLY YOU have the key and there is no "recovery" option) if you have a shit-ton of bandwidth and time.

      Even then they may take your hardware and do who-knows-what to it, as happened to Moxie Marlinspike's phone. Or you may just not get it back at all.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    4. Re:Why not an article "Travel Light to US"? by ios+and+web+coder · · Score: 5, Interesting

      Yep this is a point on which it is fair to say that America is no better.

      I'm not sure I'd agree with that.
      This is a case of them planting trojans on your equipment in China, then exercising that, when you get back to the US.
      In the US, this can be (and I'm sure, is) done by folk like the CIA and NSA. However, folks like me don't do it. Foreigners can come to my office, exchange files and information, use my network, and even use my USB fobs with no worries that I'll plant spyware on their machines (I am quite capable of doing so, as, I'm sure, are a significant number of /. readers).
      To have it so prevalent in a nation is a serious, serious indictment. The NSA does not come to my office and demand that I arbitrarily plant trojans on our partners' and customers' machines. If they did, I would fight them fang, tooth and claw.
      What is happening in China is very dangerous. Not just for us, but also for the Chinese. They may think they have this tiger by the tail, but they will really be shocked when it turns around and bites them.

      --

      "For every complex problem there is an answer that is clear, simple, and wrong."

      -H. L. Mencken

    5. Re:Why not an article "Travel Light to US"? by vlm · · Score: 5, Interesting

      If down south someone gets straight to business this guy is just being rude and hiding information so you shouldn't trust him.

      I spent a year in the south in the 90s and the reason is people see themselves as instruments of tradition. Historically mobility was low in the south, so a simple business transaction well become a lifetime economic marriage, so there's lots of courting going on. Your GGGgrandpa and his GGGgrandpa probably served in the same civil war regiment, and in fact there probably is a distant genealogically tenuous connection between you two assuming you're genuine southern natives. If nothing bad happens, your kids might very well be expected to continue the business transaction. Also there exists a massive gossip network such that you can assume everyone is all into your business, so if they truly don't know you, they will be mystified as to what you're up to simply due to curiosity. I heard some hilarious jokes that probably only make sense in the rural south about old forgetful people simply relying on their gossip hound neighbors to remind them of stuff, like a human peer to peer network. In the go go go north economic transactions are more of a one night stand or fling at most, so no one cares what church if any you attend, or what military unit you or your GGGgreatgrandpa served in. Its an article of faith amongst the southerners I knew that tradition and reputation (both individual and familial) are extremely valuable, they believe in that about as much as their church, more or less.

      Northern business transactions are like a single hand of poker. Southern business transactions are like a multigenerational game of chess or Go. Before you freak out, obviously these stereotypes are only about 75% accurate.

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    6. Re:Why not an article "Travel Light to US"? by CohibaVancouver · · Score: 4, Insightful

      Since your laptop can be confiscated legally at the border.

      Yes, but you know it's happened. They scan your laptop for CP and bomb plans, then hand it back. In China, your privacy is raided without you ever knowing. This is the crucial difference.

  4. Why do you think companies hate user's devices? by msobkow · · Score: 4, Insightful

    When there are risks of company devices being hacked and used to spy on corporate data, is it any wonder that many companies still refuse to allow personal devices to be connected to the company networks?

    Still, you have to wonder how much of these issues are due to poor maintenance and management of the corporate infrastructure enabling the penetrations and attacks.

    I've heard of ONE incident where a penetration was actually a zero-day exploit and did not happen because someone didn't upgrade a server or change passwords after employees left the company. 25 years. A quarter century. And only ONE incident that wasn't someone's failure to perform due diligence of maintenance?

    That doesn't say much for North America's corporate security policies, does it?

    --
    I do not fail; I succeed at finding out what does not work.
  5. Good practice anywhere by million_monkeys · · Score: 5, Insightful

    This has been standard practice in many places for years. And not just when travelling to China. Even if you're not working with high value information, there's usually not any justification for taking equipment full of company information abroad.

  6. Hang on,,. by Anonymous Coward · · Score: 5, Funny

    My T510 Came from china in the first place...

  7. They Do Catch Criminals That Way by eldavojohn · · Score: 5, Insightful

    Since your laptop can be confiscated legally at the border.

    I'm not saying it's right for them to be able to do that but they do catch individuals engaged with corporate and even economic espionage that way. The key difference here is that it's intended to be an open action against you by US Customs whereas in China the intent is for you to never know anything happened and the key logger or stolen information being covertly used without your knowledge of who did it or even what's going on. I think one is much worse than the other but I guess that's just my opinion.

    --
    My work here is dung.
  8. this is old news by mbone · · Score: 4, Interesting

    If you travel to China, this is old news.

    Yes, some businesses are beginning to require wiped travel laptops for entering the US. I have to say that I do not know anyone personally who has had laptop issues at the US border (although I know that there are some people who are on some sort of list and have them frequently). The assumption is, if you go to China, you will probably be hacked, and it's not going to happen at Customs.

    By the way, in my experience Chinese firms are incredibly paranoid about this, much more so than US firms. I suspect that paranoia has some justification.

  9. sign by CohibaVancouver · · Score: 4, Insightful

    Sigh.

    Cue all the "BUT THE US IS WORSE THAN CHINA!" posts. You should log off WoW and read a little on Amnesty International about China. Could the USA do much better? Absofreakinglutely - But I can tell you as a Canadian business traveller that the USA is orders of magnitude less intrusive when it comes to visitors to their country. The next time you're in China go try to surf Tibet videos on Youtube and let me know how that goes for you.

  10. Here's a better idea- by IWantMoreSpamPlease · · Score: 5, Insightful

    Stop doing businees in and with China, entirely.
    Bring manufacturing and jobs back to your home country/state and improve your own damn economy. /radical concept I know.

    --
    So rise up, all ye lost ones, as one, we'll claw the clouds.
  11. Re:Pot calling kettle. by jimbolauski · · Score: 5, Insightful

    Exactly.

    I'm much more worried about how the U.S is allowing drones to be used by police agencies in this country to spy on us, etc., etc., etc.

    I'm sure if you were a major stakeholder in a company with valuable IP, that had business with China you would have a different attitude. The reason you don't need to worry about either is because you don't have any IP of worth that the Chinese want and you are not doing anything illegal. I'm not saying either is OK, just that jet fuel is expensive and following your every move is not worth their time, and how exactly can a drone invade your privacy any more then a manned plane?

    --
    Knowledge = Power
    P= W/t
    t=Money
    Money = Work/Knowledge so the less you know the more you make
  12. Re:Chromium OS by idji · · Score: 4, Insightful

    Where Google has full access to all your data

  13. The lesson to take from this by Blahah · · Score: 5, Funny

    The lesson to take from this is: don't store valuable information on your thermostat.

  14. Re:Pot calling kettle. by 1s44c · · Score: 5, Funny

    pot calling kettle

    My cooking pots are stainless steel. My kettle is likewise stainless steel. Nether can talk and as far as I'm aware nether has racist tendencies.

    It's time that whole pot/kettle thing was just forgotten about.

  15. Re:Pot calling kettle. by fuzzyfuzzyfungus · · Score: 5, Insightful

    how exactly can a drone invade your privacy any more then a manned plane?

    Lower cost. Virtually all of your privacy(especially if you are just Joe Sixpack) isn't protected by some fancy set of 'rights' or a 'judicial system', it's protected by the fact that watching you is too expensive to be worth the likely results.

    The cheaper surveillance gets, the further down the food chain you can expect it to go, and the more frequent(and effective, unlike the grainy camera at EZ-mart that has been recording over the same grungy VHS tape since 1997...)

    Unless surveillance has some atypically wonky demand curve, which doesn't seem to be the case, lowering the price will increase the amount done.

  16. Re:Lacks disposable income by Cytotoxic · · Score: 4, Interesting

    The Chinese "middle class" surpassed the population of the entire United States or Europe several years ago. Sure, that still leaves roughly a billion poor people, but with nearly a half-billion doing well, they have some serious internal market power. This also bodes well for political change within China.... a half-billion people with iPhones (or clones) and cars are going to start asking why they don't have more control over their lives at some point.

    Of course, with twice as many people stuck in rural poverty while seeing a growing bourgeoisie, there's another potential road to political change....