Feds Ask IT Execs To Throw Away Cellphones After Visiting China 382
sholto writes "US intelligence agencies are advising top US IT executives to weigh their laptops before and after visiting China as one of many precautions against corporate espionage. Symantec Chief Technology Officer Mark Bregman said he was also advised to buy a new cellphone for each visit and to throw it away after leaving. Bregman said he kept a separate MacBook Air for use in China, which he re-images on returning, but claimed he didn't subscribe to the strictest policies. 'Bregman said the US was also concerned about its companies employing Chinese coders, particularly in security.'"
One word... (Score:1, Insightful)
Paranoia.
Horse, close the barn door! (Score:1, Insightful)
The laptops and cell phones were probably manufactured there. In fact most US businesses outsource there manufacturing overseas.
Re:huh (Score:5, Insightful)
Data may be weightless, but how about hardware key logging devices?
Re:Horse, close the barn door! (Score:5, Insightful)
Here's the thing...
If EVERY laptop and cell phone phoned home to China to give away secrets, somebody is gonna notice. REAL quick.
They need to more selectively target folks if they want to actually be able to get away with hacking a machine to send them secret data.
Re:Chinese Coders? (Score:5, Insightful)
Re:PCs and phones *are* made in China (Score:5, Insightful)
Re:huh (Score:3, Insightful)
Re:Manufacture (Score:3, Insightful)
Do you think it would be worth the effort to seed just a few of those thousands for some possible marginal gain? (Also keep in mind that specialized changes wreak havoc on an assembly line's schedule)
Much easier to just target the fish directly.
Re:One word... (Score:5, Insightful)
It's not paranoia if they really are out to get you. And we have plenty of evidence that the Chinese really are. Actually, the intelligence agencies probably just forgot to say "because we're doing all this stuff to their top executives when they visit us".
This Sounds Familiar (Score:5, Insightful)
Remember the Cold War, when the Soviets were 10-foot-tall super soldiers who could read your mind and fart atomic infernos out of their asses? Everything was thought to be a commie conspiracy.
Is this happening again, but now we are instead fearing the Chinese?
Good for China (Score:3, Insightful)
If everyone who visits China buys a new cellphone and laptop for the trip...
Where were those cellphones and laptops likely manufactured? China...
China stands to make quite a profit from people doing this.
Re:What about Chinese nationals? (Score:5, Insightful)
... all they have to do is to contact several of the thousands of Chinese nationals ...
History shows that approaching US Nationals with enough money [wikipedia.org] can also have the desired affect.
Good luck with that. (Score:3, Insightful)
Such respect for IT! (Score:5, Insightful)
Maybe I'm taking this a little personally because I'm an IT guy. I dunno. But I do know I'd rather not work in IT for a large, tech-based company where the CTO is quoted publicly as saying: "I don't let my IT department near my laptop".
Anybody else have a WTF moment when they saw that? Or is it only me?
Re:Chinese Coders? (Score:2, Insightful)
"Thing is, the Chinese have this whole "for the mother country" thing going on, so it's a sensible precaution."
And Americans don't? Americans practically invented RSI with all that damn flag waving they do, you sir are a racist.
The reverse holds true (Score:5, Insightful)
See, Conspiracy theories work both ways... No more fear mongering, okay? Lets play nice kids.
Re:Horse, close the barn door! (Score:3, Insightful)
Agreed. I was alluding to the fact that since execs outsource to China then China would already know many corporate secrets. Grey market goods often come from the same plants that make authentic goods.
Re:The real story (Score:5, Insightful)
Sounds sensible to me.
Re:Related story (Score:3, Insightful)
Re:Such respect for IT! (Score:5, Insightful)
Maybe he just has sensitive material about his company on the laptop. I've seen people in management who don't let anyone in the company, even IT, look at their laptops and it isn't because they think the IT department is incompetent or have no respect for them.
Re:PCs and phones *are* made in China (Score:5, Insightful)
I'm sure it IS a good idea to throw away any cellphone or laptop that has any Symantec product installed.
Re:Horse, close the barn door! (Score:4, Insightful)
You're falling into the same trap that got the electronic voting people. It is not at all obvious if an electronic device has a backdoor function. You can change the software to react to a complicated trigger sequence, or worse, you can change the hardware to do it. Unless you deconstruct the device to the point of rendering it unusable, there is no way to reliably detect "sleeper" functions. This is especially dangerous if the bug is in all devices and not just a few "interesting" ones, so that comparisons between devices don't show any deviation.
Re:Chinese Coders? (Score:5, Insightful)
America has that same childish and ignorant "for mother country" thing going on as well
If we had international laws, policies, standards of living, etc. I'd agree with you. As we don't, I don't see a problem with wanting to take care of our own. International espionagers aren't going to share information--they only want to take it.
It's similar to the prisoner's dilemma. We'd probably all do better overall if we all worked together. China's not going to work with us, though, which means that if we just give them the technology, we're the suckers.
Re:Chinese Coders? (Score:4, Insightful)
Plus the fact that China uses its technical workers for both industrial and political espionage quite frequently, and has been caught doing it several times.
It really disturbs me that in 2009 such hatred and bigotry is still the norm and is spouted, not only without consequence but to rave reviews and record ratings, on Fox News and right-wing pseudo-fascist radio programs. We need to realize that all of these boundaries we have set up are simply arbitrary, artificial constructs that have NOTHING to do with reality.
To quote the great poet Bill Hicks, "I hate patriotism! It's a round world the last time I checked."
The reason I distrust China is precisely BECAUSE they are too "patriotic"/nationalistic; they're even worse than the US I think in this regards, hell they're still mad over the OPIUM WARS. It has bred a very "us vs. them" mentality (obviously, some of it is understandable because of the country's history) that I think is a hell of a lot more dangerous to us and the world than the communism was.
Just as a side note, Hicks was kind of overrated.
Re:huh (Score:4, Insightful)
Re:Not Worthless (Score:3, Insightful)
It's not all that surprising. British companies used to be advised not to talk business on the plane to France, because the French intelligence agencies were placing bugs in the headrests and giving sensitive information to French companies.
And I'm quite sure that MI5 (or whoever) did/do spy on non-British companies to give British ones an advantage (or at least I hope so :P)
This is one of those examples of "war morality"; whereby "us doing X to them" is fine, but "them doing X to us" is completly unacceptable and a sign of cowardice and various other undesireable traits.
Re:Chinese Coders? (Score:2, Insightful)
Self interest is why we're alive. It's why we have kids, it's why we fall in love, and it's why we go to work. Why isn't it good enough for a law-abiding, hard working citizen to live his or her life without the new original sin that is a "debt to society" for thier success? Maybe if everyone was more concerned about how they live *their* lives and less concerned with how their neighbors are living their's the world would be a better place.
Re:Horse, close the barn door! (Score:3, Insightful)
Re:Chinese Coders? (Score:3, Insightful)
Assassin's Mace, anyone?
While few people recognize it as such, China is waging war against the west. And, they are claiming victories every day, because we have trouble just spelling "asymmetric warfare". I wonder if that recto-cranial insertion so common in Washington and on Wall Street have anything to do with it?
I recognize that the Chinese government is "waging war" on the west in order to become the next century's superpower. This does not mean that we ought to resort to xenophobia and racism to "beat" them. That is completely back-asswards and will only serve to give them more ammunition against us.
Re:This Sounds Familiar (Score:3, Insightful)
The Soviets:
1) never matched the US economically, achieving military parity or superiority only in ground forces and nuclear delivery systems
2) never had a true deep water navy, and no full year ocean access
3) their population never exceeded the US, and they needed troops to keep Poland, Hungary, East Germany in check
The Chinese:
1) are projected to exceed the US economically in the next 10-15 years
2) have 2000+ miles of access to the Pacific ocean
3) have a raw population exceeding 3 times the US, its urban population is about 1.5 times the US total population
I would say they need not reach 10-foot-tall and read minds to become a problem for the US.
Here's a long shot... (Score:3, Insightful)
How are you going to detect a 15g to 100g logging circuit that's more than likely (if there was malicious espionage intent) designed to fit or mount into current hardware and not be detected on a scale that's accurate down to 0.5 pounds.
Here's a long shot... how about using a postal scale that's accurate down to a gramme? Do you think there might be one in the mailroom?
Re:huh (Score:5, Insightful)
historical revisionism (Score:1, Insightful)
Are you kidding? The US basically gave away the entire manufacturing sector to china, gratis, brought them a century ahead in wealth and technology in just 20 years. We rebuilt germany and japan after we defeated them in wars, partially because we helped russia so much during that war and they became belligerent towards us just because they felt like it, they were jerks to us.. And so on. We've been the most generous to other people nation ever, all we ask is don't screw with us, and even then, we still get shafted. If anything we aren't nearly enough nationalistic and protectionist. We are now on the ropes economically from this misguided policy. It was stupid and pushed by a small number of ultrarich and traitorous globalist fatcats to make profits, that's it.
I'm all for having the US turn a little more turtle, stop exporting tech, throw the big smackdown on those wallstreet pirates, rebuild our own manufacturing, get 100% energy independent so we aren't exporting cash to nations that don't like us, stop all our lame corporate military expansion that has nothing to do with self defense and everything to do with, again, making wall street profits and stop supporting that racist and fascist loon little Mediterranean nation, and just be done with it.
Get rid of harmful foreign entanglements, it always goes sour and turns into a big fat mess.
Re:huh (Score:4, Insightful)
Power supplies, computers, phones, etc. All stamped with 'made in china'.
Everything down to the component level is produced there. If they wanted to bug them they could do it at any point during manufacture.
Re:Manufacture (Score:3, Insightful)
Screw the phone.. the cell towers are all made by the chinese anyway (Round here Huewei make most of them).
And the DSL connections, and the routers connecting them to the internet..
Re:What about Chinese nationals? (Score:3, Insightful)
I think the point you both want to get at is that you shouldn't judge other people by your standards of ethics and morals. As long as they conform to their own standards of ethics or morals, it wouldn't be right to call them unethical, no matter the differences between your standards and their standards.
So, if another culture finds it acceptable to force pre-teen girls into prostition rings, it wouldn't be right to call it unethical? How about if their culture allowed for the slaying of a girl that "embarrassed" the family? What about a culture that abandons their old or sick?
I'm sorry you've been overcome by so much political correctness, but moral relativism is bullshit. I have a moral compass, and I'm not ashamed of it. I choose not to deal with people or companies that purposely lie, cheat and steal. I will not make excuses like "things are done differently where they come from." If they do things like that there, then they are liers, cheaters and thieves. If it is a cultural thing, then it is a nation of liers, cheaters and thieves.
Re:huh (Score:4, Insightful)
Re:huh (Score:3, Insightful)
It would require a massive conspiracy, like none we have ever seen.
Not really, all it would require is a few people in the right places in a couple of high-market-share manufacturers. If you built something into the tools used by those manufacturers, it could be transparent.
Also, you don't need to own every device. You could choose to target critical infrastructure devices - say a router, switch, DPI equipment or whatever. Something that handles lots of traffic and thus is well-positioned for either intelligence collection or denial/disruption of service.
Apple, Dell, etc. are not so incompetent in their QA that they would not know that the hardware is somehow phoning home.
Maybe it only phones home after receiving some sort of signal (such as a predetermined sequence of packets, packets with certain formatting, etc). QA testing is unlikely to uncover something like that, and even if they do may have a hard time reproducing it (which may make them less likely to pursue it).
The sum of the worlds nerds are not so dumb that they would not notice all hardware phoning home.
As above, it doesn't have to be all hardware, nor so stupid as to phone home regularly, or even without receiving an activation signal. That would attract unnecessary attention.
Also, if you're targeting infrastructure devices, they handle so much traffic that it seems possible one could slip in some extra transmissions out without notice.
It is too expensive to bug every machine, natural competition would favor companies who do not install this extra stuff.
Competition favors those with the most capability for the lowest price. An intelligently designed surveillance or disruption module would not degrade capability during normal operation. It would be a sleeper agent until triggered.
The marginal cost of another copy of software is zero. And the initial development cost would likely be picked up by the intelligence agency, not the company that was infiltrated. So the presence of such equipment would have no effect on competition.
And if the company management was aware of the operation, they could even be given secret subsidies by the government to make them more competitive in the marketplace by artificially lowering the cost of their products. This would help ensure success of the trojan.
China would face political ruin by trying to pull a stunt like this if it was discovered that they were spying on the world.
How would anyone know the software was government-created, and not just one of the many unfortunate cases of malware infections we've seen at OEMs in the past?
I'm not saying China or anyone else is necessarily doing any of this stuff. But it wouldn't surprise me. Nations do a lot worse in the world of espionage.
Re:huh (Score:4, Insightful)
Re:Industrial espionage? (Score:3, Insightful)
I'm wondering if Symantec will be closing down their China Development Center [symantec.com] in Bejing since Symantec has been developing security software in China for a few years now. Don't know how you reconcile these draconian security concerns with having a major development center in said country... developing security software for use in the west.
It is interesting how the Obama administration seems to be much less accommodating to the Chinese than the Bush administration was. The Bush administration bent over backwards for China and all the multinationals that wanted to move all their operations, R&D, jobs, capital and IP in to the hands of the Chinese though the Chinese government is still basically the same one which was an bitter adversary 30-40 years ago and against whom the U.S. and U.N. waged a never concluded war in Korea.
Its amazing how all the Chinese had to do was create a free economic zone on their southern coast, declare profit and capitalism OK there, and use the flashing dollar signs as a snare to get the west to unilaterally capitulate economically and politically without a shot being fired.
Re:How much does a 1 weigh? (Score:3, Insightful)
Seriously, this is silly, because TFA is talking about re-imaging laptops before/after. That would imply malware/spyware being surreptitiously installed, but that won't change the weight directly.
Re-imaging the laptop if a hardware keylogger has been installed wouldn't have any effect either (but could possibly be detected by weighing).
So you're saying that weighing is silly because it won't protect against software keyloggers (would need to re-image), and re-imaging is silly because it won't protect against hardware keyloggers (would need to weigh to do that). Your conclusion is then that one should do neither (rather than the very obvious both)? Really?
Yeah, I don't wear a belt because suspenders are fully adequate, and I don't wear suspenders because a belt is good enough. Yet for some reason, my pants keep falling down. :)
You go on to point out that there are other attacks which can't be prevented or detected by weighing or re-imaging, which is a very valid point, but does that really mean one shouldn't bother doing anything at all? If you can't have perfection, just give up and kill yourself? If someone with the power and sway of the Chinese (or US) government really wants to get you, chances are they probably can, but if they're just looking for targets of opportunity that may prove useful, making yourself less of a target is probably a very good idea!