The Trouble With Bringing Your Business Laptop To China

snydeq writes "A growing trend faces business executives traveling to China: government or industry spooks stealing data from their laptops and installing spyware. 'While you were out to dinner that first night, someone entered your room (often a nominal hotel staffer), carefully examined the contents of your laptop, and installed spyware on the computer — without your having a clue. The result? Exposure of information, including customer data, product development documentation, countless emails, and other proprietary information of value to competitors and foreign governments. Perhaps even, thanks to the spyware, there's an ongoing infection in your corporate network that continually phones home key secrets for months or years afterward.'"

encryption

[Anonymous Coward]

Why doesn't your business mandate HDD encryption?

China isn't the only place this goes on...

That's what encryption is for.

[stevenh2]

Who leaves their business secrets in the open. Especially laptops, they get lost stolen, or as the article says people examining it. Really you can use a truecrypt container and hide it somewhere.

Re:That's what encryption is for.

[sconeu]

If your boot partition is encrypted, and you can't boot without entering the password, it's harder to put a trojan or a keylogger on the system.

Sources Please?

[Anonymous Coward]

I see a lot of unsubstantiated opinions. How about some credible sources that this is happening?

Re:Industrial espionage

[DNS-and-BIND]

Industrial espionage is one thing. This is a government employee entering your hotel room to install software on your laptop and image your hard drive. It has been happening for years in China (but has just now made Slashdot). It is practically a signature move of theirs.

Re:Industrial espionage

[CoderJoe]

How about just doing a boot-time truecrypt volume? They can't boot the system from the hard drive, and booting from a live CD/USB is also useless, as the data on the hard drive is encrypted. (unless they want to take the time to image the whole hard drive so they can work on cracking it elsewhere)

Yeah

[bytesex]

We have the same problem. With an obscure little country called the USA.

Sorry, but the hypocrisy is staggering. We are NOT allowed to even bring an encrypted laptop across US borders.

Re:Fix 'em good.

[Dr_Barnowl]

Even more vulnerable - your compromised host machine could be screen-scraping the virtual image for all it's worth and sending the snapshots to Uncle Chang (side note - what is the Chinese equivalent of "Uncle Sam"?).

The guest machine also needs an unencrypted bootloader - because it's a virtual computer with the same BIOS implementation, which could be compromised in exactly the same way as the host.

UEFI Secure Boot? Not a defence. If you can get access to the machine, you can swap the BIOS out with one that trusts the signing key of Chinese Intelligence, and will load their signed bootloader. Or they'll just filch the Microsoft signing key and use that.

Boot from a USB that you keep on your person? Doesn't preclude your compromised laptop running some kind of hypervisor that captures all your keystrokes and again, mails them to Uncle Chang.

At the basic level they could just insert a traditional hardwired keylogger between your keyboard and motherboard, and you'd never detect it unless you were around when it decided to phone home (some models will run commands to send their logs out).

The only defence is not to leave your hardware unattended. Maybe this is a good use case for a Raspberry Pi in a physically secure case - powerful enough for basic productivity computing but portable enough to keep on your person. For maximum security you'd also have to carry the display and any input devices, so a visor display (like Google Glass), and a roll-up USB keyboard and mini-mouse would be reasonable.

Re:encryption

[Dr_Barnowl]

They defeat your HDD encryption by attacking the weak spot - the non-encrypted bits on your laptop.

The same physical attack pattern would work for VPN - keylogger, hypervisor, whatever, because it's still a compromised machine with access to the sensitive data.

The only defence is not to be separated from your hardware - which means carrying your laptop on your person at all times. They can still arrange to have it stolen by a "mugger", but it was all encrypted, right? But if the police conveniently "find" the culprit and give it back, you can't use it.

Re:Fix 'em good.

[Electricity Likes Me]

This is also unreasonable.

While it is technically possible to do most of these things, for low-grade espionage it's way too expensive to do and requires a well-defined target (i.e. building up a stock of compromised ROMs, of every laptop you're likely to hit, would be expensive as hell and even then you might end up tripping something or damaging the hardware doing it).

The BIOS swap for example would be particularly troublesome - you'd need to pull apart the laptop, desolder the BIOS chips and solder new ones. No matter how good you are, that's not going to be done in anything less then a few hours, presuming you had all the tools, the chips, and it went flawlessly. And it would require knowing the exact make and model of the target machine.