Feds Ask IT Execs To Throw Away Cellphones After Visiting China 382
sholto writes "US intelligence agencies are advising top US IT executives to weigh their laptops before and after visiting China as one of many precautions against corporate espionage. Symantec Chief Technology Officer Mark Bregman said he was also advised to buy a new cellphone for each visit and to throw it away after leaving. Bregman said he kept a separate MacBook Air for use in China, which he re-images on returning, but claimed he didn't subscribe to the strictest policies. 'Bregman said the US was also concerned about its companies employing Chinese coders, particularly in security.'"
Worthless (Score:5, Interesting)
PCs and phones *are* made in China (Score:5, Interesting)
Related story (Score:2, Interesting)
It's almost impossible to tell whether additional software has been installed unless you either 1) diff your HDD (hard and time consuming) or 2) weigh the laptop and see if any data has been added. The government is, for once, correct and providing helpful information.
More on this topic at this old Slashdot story [slashdot.org].
Re:The real story (Score:3, Interesting)
Orginal date of warning? (Score:4, Interesting)
What about Chinese nationals? (Score:5, Interesting)
This is really ridiculous. If the Chinese want to steal our technology, all they have to do is to contact several of the thousands of Chinese nationals who are working in the US until they find someone who needs money or other help for their family back in China.
One company I worked for had a Chinese national who was not allowed to work on part of a project because it was protected technology. The same person could have dropped the entire project onto their iPod and carried it out the door, but did not.
The ethics problem is represented by an experience I had while at an American research university. A Chinese faculty member met with the Chinese students in order to tell them in America, cheating and other ethical breaches are not considered a good way to get ahead. This suggested certain cultural differences which should not be used to discriminate, but need to be recognized because of the risks involved.
-Todd
Re:Not Worthless (Score:3, Interesting)
Re:PCs and phones *are* made in China (Score:5, Interesting)
Not a problem in the US! (Score:4, Interesting)
Since in the US they'll take your phone and laptop, MP3 player and any other good stuff and demand to see your company documents if they think there's something nice in there.
PS the US has used Echelon to get Boeing a european contract by finding out the figure they had to bit under to get the contract.
This didn't require a cell phone either, so throwing away your cellphone isn't necessary there either.
So much nicer being spied on by the US government. You don't have to buy new kit all the time, just accept the espionage.
Re:Chinese Coders? (Score:1, Interesting)
Re:Chinese Coders? (Score:1, Interesting)
Yes racial profiling. Thing is, the Chinese have this whole "for the mother country" thing going on, so it's a sensible precaution.
You say "sensible precaution", I say "blatant xenophobia/racism". The only reason people are worried about any of this to begin with is that America has that same childish and ignorant "for mother country" thing going on as well. It really disturbs me that in 2009 such hatred and bigotry is still the norm and is spouted, not only without consequence but to rave reviews and record ratings, on Fox News and right-wing pseudo-fascist radio programs. We need to realize that all of these boundaries we have set up are simply arbitrary, artificial constructs that have NOTHING to do with reality. To quote the great poet Bill Hicks, "I hate patriotism! It's a round world the last time I checked."
Re:Manufacture (Score:2, Interesting)
Do you think it would go undetected for long if thousands of cellphones and laptops made in China, Korea or wherever had a hardware sneak-chip installed?
For the sake of argument, yes. It would be entirely feasible for EVERY unit of a certain (or any) product to have a 'sneak chip' installed, it could very easily be 'baked in' to the IC designs used. :( ) that an attack has been demonstrated using this exact method, whereby a certain bit pattern on a certain bus triggered malicious behaviour.
I believe (meaning I don't have a link to evidence
There was also a real case in the UK whereby chip-and-pin credit card readers (used in retailer's POS setup) had a 'sneak chip' built in at the factory by unscrupulous agents. (I am aware that this both supports the 'it could happen' and the 'it would be detected quickly' arguments.)
Just to be clear, I'm not expressing any Anti or Pro Chinese sentiment here, but it seems somewhat ironic to be concerned about what "The Chinese" might do to compromise one's hardware, when that same hardware was designed and manufactured by "The Chinese" in the first place!
Possible to assemble a "Made in USA" system? (Score:2, Interesting)
At the risk of being slightly OT, I'm thinking about several comments noting that these systems were made in China to begin with, so it got me thinking.
If a ridiculous set of circumstances arose where certain organizations banned the use of computers "made in China", is it possible to obtain/assemble a system that's "made in the USA"? Or "made in <NATO_member>"?
I'm just wondering if there's a way to source all the parts domestically and what it would cost. I'm guessing the answer is "impossible", but I'm curious if anyone knows about it.
Re:huh (Score:5, Interesting)
how much does data weigh? I'm sure the 1's are heavier than the 0's....
In the punchcard / papertape era, it was obviously the other way around, 0s are heavier, 1s (punched out) are lighter.
Re:Manufacture (Score:5, Interesting)
In a word? YES.
It would require actual competence to detect a piece of hardware that essentially did nothing until activated and simply sat on a motherboard. Do you know if there are extremely detailed inspections done on every piece of circuitry brought into country X from country Y? I know for a fact that in a certain very large defense company I worked for lots of "surprises" were found on a regular basis. Typically things like parts that were different from the specs, insects, and on occasion completely incorrect assemblies.
The funny part was these nearly all made it past QA and into the finished products, only to be discovered when something failed.
So based on that, I'd say that *if* someone were choosing to do something like this, it would be fairly easy to sneak it past the level of moron that would typically be doing these inspections.
Tinfoil hats aside - the real trick is getting the data back off again. It's trivial to convince a cell phone (for example) to record conversations while appearing off. The trick is to get to the data without anyone noticing, while you're in a foreign (possibly hostile) nation. I'd think someone would notice if a cell phone was constantly 'phoning home'.
Doing this with a laptop would also be trivial, but I would hope that the firewall filter would catch outbound connections to unusual sites?
Re:huh (Score:5, Interesting)
Data may be weightless, but how about hardware key logging devices?
That reminds me of a Cold War story I heard once upon a time. The CIA worked with a Xerox technician to secretly install a camera [editinternational.com] inside the machine(s) at the Soviet embassy. They got away with it for a long time because those old machines were so complicated that only a handful of people knew how they really worked.
This is just the modern day equivalent. If your hardware is out of your sight even for a few moments it should be treated as though it was compromised. If it's worked on by someone that you don't trust implicitly then it should be treated as though it was compromised.
Re:Chinese Coders? (Score:3, Interesting)
I believe you are referring to citizens of the People's Republic of China [wikipedia.org] which are not all of the same race. So to call it racial profiling is inaccurate. It would be more accurate to call it nationalism profiling. It is clear from the replies you have received so far that racist/nationalist bashing is en vogue so here goes my karma. There is no way to guarantee safety 100% of the time but to ignore the fact that a foreign government that, while not openly hostile, is known for its intense dislike of your countries policies would be derelict. So basically I agree with what I think you were trying to say but not what you said.
Re:Chinese Coders? (Score:5, Interesting)
To be fair China is still a Command economy that let's "Capitalism" play because it's a useful way to get people to work harder.. they are a long way from the idea of "Free Markets". This is where it's not a "round" world.. The Chinese government has their eye on the 50 year game and is more than willing to tie up all of a natural resource... and throw people in jail when the "free market" price goes up.
While the US punishes "intervention" by state banks in places like Japan and Korea for making sure their chip makers don't go under, China is stacking the deck on a NATIONAL level for resources... setting prices that corporations are allowed to SELL to China for.. and nobody is really stopping them. Just last week China "decided" they weren't going to be exporting any more rare earth metals (needed for high power magnets in electronics) They just issued a directive it wasn't allowed to be exported anymore....for any price. Back in 2007 one of the things that knocked US auto makers on their butts was China using scrap US steel instead of imported ore. It nearly doubled the price of scrap here (ironically bought with trade surplus dollars no less!) and made it even harder to complete with Asian companies... it was the straw that caused a good deal of the auto maker meltdown earlier this year. China manipulates their currency by not allowing dollars to be converted into Chinese money except for specific state-sponsored investments, and they don't allow US companies to take their Chinese profits OUT of the country either. It sets up a situation where they pile up money in US banks to buy US resources... but US companies can't pull their capital profits OUT of China...
China is playing the long game, highly protectionist and stacking the deck with our own money and resources against us. It's economic "war" played at the highest level and the US government has no grasp that the "invisible hand' won't save them.
Re:huh (Score:5, Interesting)
An airplane builder had its proprietary metal reverse engineered by asian companies. They did a great job with security, so couldn't figure out how the metals got sampled. People can't just go scrape parts off a military airplane, especially when it's not built yet.
They gave tours and you couldn't take pictures, but you could see planes being built.
Turns out asians were using very soft-soled shoes. So while looking up and pointing, they pressed their feet down on metal filings, and when they drove away they had samples in their shoes, to be analyzed later.
Sneaky bastards work in corporate espionage.
Re:The reverse holds true (Score:2, Interesting)
Re:huh (Score:5, Interesting)
Re:huh (Score:4, Interesting)
I submitted a story here about a year or so ago about Maxtor hard drives with compromised firmware that were made in China. It never got picked up. Go figure.
Re:huh (Score:2, Interesting)
2. disable them by default
3. enable them with some radiation or other mean (just like erasing an EPROM with utraviolet light)
4. wait for key people to arrive under your control so you know their devices. turn on homming components.
5. ???
6. profit!
Re:huh (Score:3, Interesting)
Holy shit, I had no idea that you could look up old newspapers on Google. Thanks a bunch man.
Also, George Will is one badass motherfucker. Almost as badass as Paul Mulshine.
Re:huh (Score:2, Interesting)