Forgot your password?
typodupeerror
China Security

Best Practice: Travel Light To China 334

Posted by timothy
from the micro-sd-in-dental-work dept.
Hugh Pickens writes "What may once have sounded like the behavior of a raving paranoid is now considered standard operating procedure for officials at American government agencies, research groups and companies as the NY Times reports how businesses sending representatives to China give them a loaner laptop and cellphone that they wipe clean before they leave and wipe again when they return. 'If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated,' says Joel F. Brenner, formerly the top counterintelligence official in the office of the director of national intelligence. The scope of the problem is illustrated by an incident at the United States Chamber of Commerce in 2010 when the chamber learned that servers in China were stealing information from four of its Asia policy experts who frequently visited China. After their trips, even the office printer and a thermostat in one of the chamber's corporate offices were communicating with an internet address in China. The chamber did not disclose how hackers had infiltrated its systems, but its first step after the attack was to bar employees from taking devices with them 'to certain countries,' notably China. 'Everybody knows that if you are doing business in China, in the 21st century, you don't bring anything with you,' says Jacob Olcott, a cybersecurity expert at Good Harbor Consulting. 'That's "Business 101" — at least it should be.'"
This discussion has been archived. No new comments can be posted.

Best Practice: Travel Light To China

Comments Filter:
  • by Anonymous Coward on Monday February 13, 2012 @09:14AM (#39017963)

    Read the subject line.

  • I wonder... (Score:5, Insightful)

    by Anonymous Coward on Monday February 13, 2012 @09:14AM (#39017965)

    ...if people traveling from Russia or China to here are told the same thing?

  • A good start (Score:5, Insightful)

    by gtvr (1702650) on Monday February 13, 2012 @09:17AM (#39017979)
    Good to see companies waking up to a very obvious threat. Next will be if they can figure out that sharing IP for a little bit of extra market share over there is NOT a good long term investment.
  • Since your laptop can be confiscated legally at the border.

  • by msobkow (48369) on Monday February 13, 2012 @09:21AM (#39018005) Homepage Journal

    When there are risks of company devices being hacked and used to spy on corporate data, is it any wonder that many companies still refuse to allow personal devices to be connected to the company networks?

    Still, you have to wonder how much of these issues are due to poor maintenance and management of the corporate infrastructure enabling the penetrations and attacks.

    I've heard of ONE incident where a penetration was actually a zero-day exploit and did not happen because someone didn't upgrade a server or change passwords after employees left the company. 25 years. A quarter century. And only ONE incident that wasn't someone's failure to perform due diligence of maintenance?

    That doesn't say much for North America's corporate security policies, does it?

  • by million_monkeys (2480792) on Monday February 13, 2012 @09:23AM (#39018017)
    This has been standard practice in many places for years. And not just when travelling to China. Even if you're not working with high value information, there's usually not any justification for taking equipment full of company information abroad.
  • Chromium OS (Score:4, Insightful)

    by should_be_linear (779431) on Monday February 13, 2012 @09:28AM (#39018057)
    For this purpose notebook with ChromeOS (or ChromiumOS) seems like good solution.
  • by eldavojohn (898314) * <eldavojohn.gmail@com> on Monday February 13, 2012 @09:29AM (#39018061) Journal

    Since your laptop can be confiscated legally at the border.

    I'm not saying it's right for them to be able to do that but they do catch individuals engaged with corporate and even economic espionage [slashdot.org] that way. The key difference here is that it's intended to be an open action against you by US Customs whereas in China the intent is for you to never know anything happened and the key logger or stolen information being covertly used without your knowledge of who did it or even what's going on. I think one is much worse than the other but I guess that's just my opinion.

  • Re:A thermostat? (Score:4, Insightful)

    by Captain Hook (923766) on Monday February 13, 2012 @09:30AM (#39018067)
    I read it as... laptop taken to China, infected with something which then wormed it's way into all the systems it could when reconnected to the corporate network, which happened to include some network controllable thermostats.

    i.e. the Chinese aren't after the thermostat, it was just part of a system which got compromised.
  • sign (Score:5, Insightful)

    by CohibaVancouver (864662) on Monday February 13, 2012 @09:31AM (#39018073)
    Sigh.

    Cue all the "BUT THE US IS WORSE THAN CHINA!" posts. You should log off WoW and read a little on Amnesty International about China. Could the USA do much better? Absofreakinglutely - But I can tell you as a Canadian business traveller that the USA is orders of magnitude less intrusive when it comes to visitors to their country. The next time you're in China go try to surf Tibet videos on Youtube and let me know how that goes for you.
  • by N1AK (864906) on Monday February 13, 2012 @09:32AM (#39018083) Homepage
    I have no intention of defending the USA's often excessive intrusions; however, as with many other issues, trying to make out that they are operating on the same level as China is misleading and counter-productive. Unless you actually have, or can provide links to a credible source showing, evidence that the US is routinely compromising the electronic devices of a vast number of foriegn visitors then you're just spreading FUD.
  • by IWantMoreSpamPlease (571972) on Monday February 13, 2012 @09:34AM (#39018099) Homepage Journal

    Stop doing businees in and with China, entirely.
    Bring manufacturing and jobs back to your home country/state and improve your own damn economy. /radical concept I know.

  • by jimbolauski (882977) on Monday February 13, 2012 @09:34AM (#39018105) Journal

    Exactly.

    I'm much more worried about how the U.S is allowing drones to be used by police agencies in this country to spy on us, etc., etc., etc.

    I'm sure if you were a major stakeholder in a company with valuable IP, that had business with China you would have a different attitude. The reason you don't need to worry about either is because you don't have any IP of worth that the Chinese want and you are not doing anything illegal. I'm not saying either is OK, just that jet fuel is expensive and following your every move is not worth their time, and how exactly can a drone invade your privacy any more then a manned plane?

  • Re:Chromium OS (Score:5, Insightful)

    by idji (984038) on Monday February 13, 2012 @09:38AM (#39018123)
    Where Google has full access to all your data
  • by siddesu (698447) on Monday February 13, 2012 @10:06AM (#39018335)

    His position is obviously against maximizing corporate profits. As such, it is undeniably dangerous, abhorrent, anti-capitalist and utterly unjustifiable, as I already explained. It is also very bad for you, although you probably cannot realize it now. By supporting this position, it looks like you may benefit, but this is most assuredly a delusion. And here's why.

    You are a man who thinks in terms of nations and peoples. There are no nations. There are no peoples. There are no Russians. There are no Arabs. There are no Third Worlds. There is no West. There is only one holistic system of systems. One vast and immane, interwoven, interacting, multi-varied, multi-national dominion of dollars. Petro-dollars, electro-dollars, multi-dollars, reichmarks, rands, rubles, pounds and shekels.

    It is the international system of currency which determines the totality of life on this planet. That is the natural order of things today. That is the atomic, and sub-atomic and galactic structure of things today.

    You get up here on Slashdot howl about America and democracy. There is no America. There is no democracy. There is only IBM and ITT and AT&T, and DuPont, Dow, Google and Apple. Those are the nations of the world today.

    We no longer live in a world of nations and ideologies, Mr AC. The world is a college of corporations, inexorably determined by the immutable bye-laws of of business. The world is a business, Mr AC. It has been since man crawled out of the slime.

    And our children will live, Mr AC, to see that perfect world, in which there is no war nor famine, oppression or brutality. One vast and ecumenical holding company for whom all men will work to serve a common profit. In which all men will hold a share of stock.

  • by TheEyes (1686556) on Monday February 13, 2012 @10:14AM (#39018431)

    Exactly.

    I'm much more worried about how the U.S is allowing drones to be used by police agencies in this country to spy on us, etc., etc., etc.

    I'm sure if you were a major stakeholder in a company with valuable IP, that had business with China you would have a different attitude. The reason you don't need to worry about either is because you don't have any IP of worth that the Chinese want and you are not doing anything illegal. I'm not saying either is OK, just that jet fuel is expensive and following your every move is not worth their time, and hquipow exactly can a drone invade your privacy any more then a manned plane?

    Saying you don't have to worry about surveillance because you're not doing anything illegal is something like saying you don't have to worry about being shot because one of your legs is artificial. There are so many problems with being able to be put under surveillance by anyone who can flash a badge, or can fake it sufficiently to get away worn it, that concealing potentially illegal activity is almost trivial.

    We Americans need to stop this live affair we are having with arbitrary privacy invasion, both by the government and private companies; if we keep it up we might someday be as bad as China is today.

  • by fuzzyfuzzyfungus (1223518) on Monday February 13, 2012 @10:23AM (#39018517) Journal

    how exactly can a drone invade your privacy any more then a manned plane?

    Lower cost. Virtually all of your privacy(especially if you are just Joe Sixpack) isn't protected by some fancy set of 'rights' or a 'judicial system', it's protected by the fact that watching you is too expensive to be worth the likely results.

    The cheaper surveillance gets, the further down the food chain you can expect it to go, and the more frequent(and effective, unlike the grainy camera at EZ-mart that has been recording over the same grungy VHS tape since 1997...)

    Unless surveillance has some atypically wonky demand curve, which doesn't seem to be the case, lowering the price will increase the amount done.

  • by CohibaVancouver (864662) on Monday February 13, 2012 @10:38AM (#39018671)

    Since your laptop can be confiscated legally at the border.

    Yes, but you know it's happened. They scan your laptop for CP and bomb plans, then hand it back. In China, your privacy is raided without you ever knowing. This is the crucial difference.

  • by Moskit (32486) on Monday February 13, 2012 @10:49AM (#39018835)

    How do you know that USA does not do similar "covert" operations"?

    Echelon is just one example of a covert industrial espionage mechanism established and run by Americans. I would not think US does not do the same things as China, Russia, France or other countries. China is just so convenient to be a scapegoat. If you believe this is just to "catch criminals", you've been convinced by the dark side ;-)

    In any case this article is a valuable reminder that nothing is "private" these days, that every electronic device is susceptible to be used against you.

  • Re:I wonder... (Score:5, Insightful)

    by mbone (558574) on Monday February 13, 2012 @11:03AM (#39019009)

    I deal with Chinese companies on a regular basis, and can assure you that they are innovating like mad. China is following the same classic development arc, which goes something like copy, steal, make, innovate, that the Japanese did ~ 50 years ago.

  • by chill (34294) on Monday February 13, 2012 @11:08AM (#39019083) Journal

    Because once the cost is driven down so much by the commoditization of the hardware that it becomes ubiquitous, they will not stop at looking for marijuana crops.

    The argument is called a slippery slope and perfectly valid. For popular media references see everything from The Simpsons [simpsonswiki.net] to the Clint Eastwood classic Magnum Force [wikipedia.org].

    The distinction isn't manned or unmanned surveillance, it is the frequency and pervasiveness.

    [Note: The Magnum Force reference is to the slippery slope argument in general, not necessarily total surveillance in specific.]

  • Re:I wonder... (Score:4, Insightful)

    by hitmark (640295) on Monday February 13, 2012 @11:29AM (#39019359) Journal

    And USA did right after gaining independence.

  • by jackhererUK (992339) on Monday February 13, 2012 @11:37AM (#39019471)
    They only catch the moronic ones that way. If you want to move data from country x to country y there is this new fangled thing called "the internet" that allows you to move data from one place to another without having to pass through customs. If you are dumb enough to try and smuggle illicit data from one country to another by carrying a laptop across the border containing said illicit data then you deserve to get caught because you are a moron.
  • by fuzzyfuzzyfungus (1223518) on Monday February 13, 2012 @12:07PM (#39019945) Journal
    I apologize if I was insufficiently clear on this aspect of the 'price' argument:

    Historical legal norms, governing what is/isn't protected, what does/doesn't require special permission, etc. are crafted in response to the situations that the lawmakers have to confront, either hypothetically, when crafting legislation, or in actuality, when a case comes before a court. In no small part, those actual and hypothetical situations are influenced by technology, what it costs and what it can do. If something is impossible or economically prohibitive in virtually all cases, there isn't any impetus for legal norms or institutional protections to grow up and prevent it.

    Consider, for example, the notion that things done in public spaces are fair game without any sort of warrant. Historically, that seems plausible enough: cops are a limited resource, and people have lousy memories, so everybody who is acting normally enough to be forgotten quickly, and isn't interesting enough to justify the expense of having one or more agents tailing them with a notebook is safe. Thus, in practice the historical standard was not'anything is fair game in public', it was 'anything notable enough for Joe Citizen to remember it later, and anyone worth the expense of tailing manually is fair game'. If, through some innovation in cameras and machine vision, say, it becomes technologically and economically viable to track everybody all the time, the formal 'in public, no problem' standard hasn't been violated; but the previous actual 'only stuff of note, and people suspected enough to spend real money on for some reason' standard is overwhelmingly weakened.

    Overflights would be a similar thing: as long as aircraft time costs some hundreds of dollars or more an hour(depending somewhat on your chosen craft and method of cost accounting), the de-facto standard for aerial observation is actually fairly high. It doesn't demand a warrant; but it demands some internal explanation good enough to move those resources. If flyovers cost $10/hour or $1/hour, that de-facto standard would vastly weaken.

    That's the real core of the argument: outside of specific, dramatic, cases(like getting evidence stricken from a trial because it was illegally obtained, where your protections are essentially purely legal, since the practical side has already happened and gone against you), the real standards that governed relations between people and the state(or one another) have always been governed to a great degree by logistics, with law stepping in in situations where logistics seemed to be providing a bad result. If you merely examine those accumulated legal fixes, without reference to the logistical situation under which they were enacted, you grossly distort the actual protection(or lack thereof, as in the stereotypical gossipy small town where everybody knows everybody) which a given legal standard implied in practice. Technological change tends not to attack specific, legally formulated, protections/nonprotections very much, it just massively changes their operational significance.
  • by networkBoy (774728) on Monday February 13, 2012 @12:25PM (#39020219) Homepage Journal

    I am worried about the drones, yes.
    I am vastly more worried about China if I travel there for work.
    I am a not major stakeholder for a company that they would really like some intel on. We have the clean laptop, clean phone policy.
    Earlier in the thread someone said pot/kettle, but seriously I don't think that's the case. The US does it's fair share of snooping, yes, but I do not think it is directed at corporate espionage, at least not at the insane level that you see in China.
    Does this absolve the US of it's transgressions? no, not at all, but this is not a binary thing, it's not saint/evil, there is a vast grey area involved.
    -nB

In a consumer society there are inevitably two kinds of slaves: the prisoners of addiction and the prisoners of envy.

Working...