Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Trouble With Bringing Your Business Laptop To China

Posted by Soulskill on from the laptops-are-the-panda's-favorite-food dept.

snydeq writes "A growing trend faces business executives traveling to China: government or industry spooks stealing data from their laptops and installing spyware. 'While you were out to dinner that first night, someone entered your room (often a nominal hotel staffer), carefully examined the contents of your laptop, and installed spyware on the computer — without your having a clue. The result? Exposure of information, including customer data, product development documentation, countless emails, and other proprietary information of value to competitors and foreign governments. Perhaps even, thanks to the spyware, there's an ongoing infection in your corporate network that continually phones home key secrets for months or years afterward.'"

16 of 402 comments (clear)

  1. That's only one of the problems by dtmos · · Score: 4, Interesting

    The other -- and, I would submit, more important -- reason for not taking your business laptop to China (if you're from the US) is US export control laws. The definitions of "export" and "controlled technology" have been so generalized that it is an even-money bet that the laptop of a given technologist contains information that, were he to travel to China, would result in at least a technical violation of the law -- and the penalties are severe.

    1. Re:That's only one of the problems by ZorinLynx · · Score: 3, Interesting

      Considering these laptops are for the most part manufactured in China anyway, how does bringing them back there in anyway give China access to any "controlled technology" they don't already have?

    2. Re:That's only one of the problems by neyla · · Score: 4, Interesting

      True !

      Fun Fact

      encryption*SOFTWARE* was classified as munitions and restricted, meanwhile free speech laws meant that printed words could very seldom be stopped.

      I was part of exporting PGP from USA legally, by way of printing the (zipped, uuencoded + checksums) source-code, mailing it physically to norway, scanning it, OCRing it and manually proofreading all lines where the checksum failed.

  2. Re:encryption by able1234au · · Score: 3, Interesting

    Encryption but to be extra paranoid, don't bring a laptop. You need to assume that there will be spies on your own payroll. Someone supplementing their pay and being patriotic at the same time. Paranoia is a good thing. Encryption is critical but don't assume it is a magic bullet. If they video or capture you typing in your password then you will have a false sense of security.

  3. throw away laptops by lophophore · · Score: 5, Interesting

    Any serious exec is going to use a throw-away laptop for travelling to China. A $400 special will keep you online abroad, and then it can be destroyed as a business expense. Cheap insurance against hacking.

    --
    there are 3 kinds of people:
    * those who can count
    * those who can't
    1. Re:throw away laptops by Anonymous Coward · · Score: 5, Interesting

      Yup, that's how we deal with it. We're frequently in China to do software and hardware testing at our facilities (I work for a large US transportation company), and we have "China laptops". These are encrypted machines that are specifically loaded with the bare minimum stuff we need when we leave and immediately blown away when we get back. Installation of anything beyond the bare minimum (which is pretty much Win7 and VS2005) is strictly disallowed. Source is kept on a separate, encrypted sd card which is not to be kept in the machine, but even then it's just not that interesting. It's all internal source for package sort controllers and such, and we don't even have the ability to check code back in from these machines. It's purely for debugging and sending problem reports back home.

      There's a big sticker on them that even says "China laptop, do not connect to corporate network"

    2. Re:throw away laptops by Minupla · · Score: 3, Interesting

      I have in the past provided the following instructions to an exec:

      1) Go to local computer store
      2) Purchase off the shelf hard drive with this model:xxx-xxxx-xxx - pay with local cash
      3) Purchase philips screw driver
      4) Remove HDD (more details here on how to remove a HDD) and replace with local drive.
      5) Drive over old HDD with rental SUV. Repeat until fragments. Ensure HDD platters are fragments.
      6) drop into at least 3 random trash bins in tourist areas
      7) If questioned during exit, inform them that the computer crashed and that IT had you take it to a local repair shop but it's not working still.

      Such is life in the odd world we live in.

      Min

      --
      On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
  4. Industrial espionage by Taco+Cowboy · · Score: 4, Interesting

    I travel all the time, for business.

    China is not the only country where industrial cloak and dagger stuffs happen.

    The other countries that I've personally encountered industrial espionage activities includes Japan, Korea, Vietnam, France, Italy, India, Indonesia, Egypt, Turkey, and you will be surprised, I had had similar encounters in Canada, UK, Australia, and also US of A, although not that often.

    --
    Muchas Gracias, Señor Edward Snowden !
    1. Re:Industrial espionage by hendridm · · Score: 5, Interesting

      I've surprised by many of the countries on your list.

      Can you give some examples of what you've observed that we non-travelers might find surprising/interesting?

    2. Re:Industrial espionage by AaronW · · Score: 4, Interesting

      As you said, France is also notorious for this sort of thing which surprises a lot of people.

      --
      This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
  5. Re:encryption by lister+king+of+smeg · · Score: 4, Interesting

    better yet live cd let them try installing malaware on there then, encrypt the whole drive and only use it for data storage, when chinless agents tries booting and no OS is found so he simply images you drive for later analysis let him stew for a few billion years trying to decrypt it.

    --
    ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
  6. Re:That's what encryption is for. by blueg3 · · Score: 3, Interesting

    If your boot software is encrypted, how does your system boot at all?

    Oh, I see, you're thinking of something like Truecrypt. So, when you boot, where does the code that knows how to decrypt your hard drive live? Why can't the attacker put the keylogger there?

  7. Re:encryption by Qzukk · · Score: 4, Interesting

    And if the laptop has a firewire port, i'm fairly certain RAM can be dumped on ANY operating system.

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
  8. Full hard drive encryption by fufufang · · Score: 3, Interesting

    If you use Windows, you can install Truecrypt, and change the bootloader so it shows "Operating System Not Found".

    If you use Linux, set up encrypted LVM, and have your boot partition on a separate USB flash drive, which you attach to your keyring, and carry around with you all time.

  9. Re:encryption by mikeiver1 · · Score: 3, Interesting

    The wise money would go a couple of steps further. Install nothing more than a plain jane out of the box live Linux CD image. Boot the thing and store/work out of a fast USB thumb drive on which all data is encrypted with the latest and greatest super kick ass encryption and a key that is very strong. You take the USB key with you around your neck. For extra points you could have the OS start the camera and record upon boot as well as screen capture every few seconds to the HDD unless a special key combo is used to shut it down.

  10. Full disc encryption by Anonymous Coward · · Score: 2, Interesting

    I work for a major multi-national corporation with big interests in China. Every transportable computer in the company has strong full-disc encryption installed by default, and NO ONE is allowed to divulge the ID/password required to boot it. If you are going to travel internationally, you back up your system before you leave. If some border agency demands the keys to your kingdom, you give them the laptop, but not the keys. Then the company ($40+B and major presence in every country) will bang on a few heads until the system is returned and some poor schlub is hung out to dry...