Feds Ask IT Execs To Throw Away Cellphones After Visiting China 382
sholto writes "US intelligence agencies are advising top US IT executives to weigh their laptops before and after visiting China as one of many precautions against corporate espionage. Symantec Chief Technology Officer Mark Bregman said he was also advised to buy a new cellphone for each visit and to throw it away after leaving. Bregman said he kept a separate MacBook Air for use in China, which he re-images on returning, but claimed he didn't subscribe to the strictest policies. 'Bregman said the US was also concerned about its companies employing Chinese coders, particularly in security.'"
huh (Score:4, Funny)
how much does data weigh? I'm sure the 1's are heavier than the 0's....
Re:huh (Score:5, Insightful)
Data may be weightless, but how about hardware key logging devices?
Re:huh (Score:5, Interesting)
Data may be weightless, but how about hardware key logging devices?
That reminds me of a Cold War story I heard once upon a time. The CIA worked with a Xerox technician to secretly install a camera [editinternational.com] inside the machine(s) at the Soviet embassy. They got away with it for a long time because those old machines were so complicated that only a handful of people knew how they really worked.
This is just the modern day equivalent. If your hardware is out of your sight even for a few moments it should be treated as though it was compromised. If it's worked on by someone that you don't trust implicitly then it should be treated as though it was compromised.
Re:huh (Score:5, Funny)
Re:huh (Score:4, Insightful)
Re:huh (Score:5, Interesting)
An airplane builder had its proprietary metal reverse engineered by asian companies. They did a great job with security, so couldn't figure out how the metals got sampled. People can't just go scrape parts off a military airplane, especially when it's not built yet.
They gave tours and you couldn't take pictures, but you could see planes being built.
Turns out asians were using very soft-soled shoes. So while looking up and pointing, they pressed their feet down on metal filings, and when they drove away they had samples in their shoes, to be analyzed later.
Sneaky bastards work in corporate espionage.
Re:huh (Score:5, Insightful)
Re:huh (Score:4, Insightful)
Power supplies, computers, phones, etc. All stamped with 'made in china'.
Everything down to the component level is produced there. If they wanted to bug them they could do it at any point during manufacture.
Re:huh (Score:4, Interesting)
I submitted a story here about a year or so ago about Maxtor hard drives with compromised firmware that were made in China. It never got picked up. Go figure.
Re:huh (Score:5, Interesting)
Re:huh (Score:5, Informative)
Yes, bugged/compromised hardware coming out of China is most definitely a concern.
TRUST ME, people in high places in the Fed Gov look into this stuff on a regular basis.
Re: (Score:3, Insightful)
It would require a massive conspiracy, like none we have ever seen.
Not really, all it would require is a few people in the right places in a couple of high-market-share manufacturers. If you built something into the tools used by those manufacturers, it could be transparent.
Also, you don't need to own every device. You could choose to target critical infrastructure devices - say a router, switch, DPI equipment or whatever. Something that handles lots of traffic and thus is well-positioned for either intelligence collection or denial/disruption of service.
Apple, Dell, etc. are not so incompetent in their QA that they would not know that the hardware is somehow phoning home.
Maybe it only phon
Re:huh (Score:5, Informative)
No, the Soviets did that. Here's an old George Will column [google.com] relating the tale. The subject of the column is Soviet industrial espionage.
Re: (Score:3, Interesting)
Holy shit, I had no idea that you could look up old newspapers on Google. Thanks a bunch man.
Also, George Will is one badass motherfucker. Almost as badass as Paul Mulshine.
Re:huh (Score:4, Insightful)
Re: (Score:2, Funny)
Re:huh (Score:5, Interesting)
how much does data weigh? I'm sure the 1's are heavier than the 0's....
In the punchcard / papertape era, it was obviously the other way around, 0s are heavier, 1s (punched out) are lighter.
Re:huh (Score:5, Funny)
Yeah, but only the 1's contain data. The 0's are empty.
Re:huh (Score:5, Funny)
Re:huh (Score:5, Funny)
Filter error: Please use less whitespace.
Sorry, man. You'll just have to buy a stronger desk.
Re: (Score:3, Funny)
You young punks are lucky.
In my day we didn't have ones and zeros, we had to use l's and O's and we were damn luck to have them.
Re: (Score:3, Funny)
You had O's? We had to use the Q key.
Re:huh (Score:4, Funny)
Yes, we had O. To do a "Q", you did an O, then backspaced and typed a comma over it.
Re: (Score:3, Informative)
malicious hardware (however likely or not this may be).
I would argue that it isn't all that unlikely. Keylogging devices can be cheaply purchased for consumers, and we already know of cases where China has broken into hotel rooms, stollen blackberry's, etc.
I actually consider it unlikely that they WOULDN'T be installing keyloggers in the laptops of execs who frequently travel to china.
Re: (Score:3, Insightful)
Re:huh (Score:4, Insightful)
Re:huh (Score:5, Funny)
Re: (Score:3, Funny)
China, a country, broke into a hotel room and stole blackberrys?
please reword...
Re: (Score:3, Funny)
Perhaps he's talking about a secret band of mafia cutlery?
Re:huh (Score:4, Funny)
Industrial espionage? (Score:5, Funny)
Symantec Chief Technology Officer Mark Bregman [...] was advised to buy a new cellphone for each visit
Yes, heaven forbid China learns the secret of bloated antivirus software that ignores state-sponsored keyloggers [wikipedia.org].
Re:Industrial espionage? (Score:5, Funny)
Re: (Score:3, Insightful)
I'm wondering if Symantec will be closing down their China Development Center [symantec.com] in Bejing since Symantec has been developing security software in China for a few years now. Don't know how you reconcile these draconian security concerns with having a major development center in said country... developing security software for use in the west.
It is interesting how the Obama administration seems to be much less accommodating to the Chinese than the Bush administration was. The Bush administration bent over bac
Manufacture (Score:5, Funny)
Oh, wait..
Re: (Score:3, Insightful)
Do you think it would be worth the effort to seed just a few of those thousands for some possible marginal gain? (Also keep in mind that specialized changes wreak havoc on an assembly line's schedule)
Much easier to just target the fish directly.
Re:Manufacture (Score:5, Interesting)
In a word? YES.
It would require actual competence to detect a piece of hardware that essentially did nothing until activated and simply sat on a motherboard. Do you know if there are extremely detailed inspections done on every piece of circuitry brought into country X from country Y? I know for a fact that in a certain very large defense company I worked for lots of "surprises" were found on a regular basis. Typically things like parts that were different from the specs, insects, and on occasion completely incorrect assemblies.
The funny part was these nearly all made it past QA and into the finished products, only to be discovered when something failed.
So based on that, I'd say that *if* someone were choosing to do something like this, it would be fairly easy to sneak it past the level of moron that would typically be doing these inspections.
Tinfoil hats aside - the real trick is getting the data back off again. It's trivial to convince a cell phone (for example) to record conversations while appearing off. The trick is to get to the data without anyone noticing, while you're in a foreign (possibly hostile) nation. I'd think someone would notice if a cell phone was constantly 'phoning home'.
Doing this with a laptop would also be trivial, but I would hope that the firewall filter would catch outbound connections to unusual sites?
Re: (Score:3, Insightful)
Screw the phone.. the cell towers are all made by the chinese anyway (Round here Huewei make most of them).
And the DSL connections, and the routers connecting them to the internet..
Good luck with that. (Score:3, Insightful)
Re:Good luck with that. (Score:5, Funny)
...odds are you'll end up bugging a lot of 19 year old teenage girls going off to college instead of corporate execs.
Either way, you win.
Re:Good luck with that. (Score:5, Funny)
...odds are you'll end up bugging a lot of 19 year old teenage girls going off to college instead of corporate execs.
Either way, you win.
Until the restraining order kicks in.
Re: (Score:3)
It's a great plot for a novel, Dan Brown, but to get that to work on the sc
Worthless (Score:5, Interesting)
Not Worthless (Score:2)
Re: (Score:3, Interesting)
Re: (Score:3, Insightful)
It's not all that surprising. British companies used to be advised not to talk business on the plane to France, because the French intelligence agencies were placing bugs in the headrests and giving sensitive information to French companies.
And I'm quite sure that MI5 (or whoever) did/do spy on non-British companies to give British ones an advantage (or at least I hope so :P)
This is one of those examples of "war morality"; whereby "us doing X to them" is fine, but "them doing X to us" is completly unacceptable and a sign of cowardice and various other undesireable traits.
Re: (Score:2)
Same thing happens with dvds, clothes, and all manner of other things... And yet they still try to claim counterfeit copies are inferior?
PCs and phones *are* made in China (Score:5, Interesting)
Re:PCs and phones *are* made in China (Score:5, Insightful)
Re:PCs and phones *are* made in China (Score:5, Insightful)
I'm sure it IS a good idea to throw away any cellphone or laptop that has any Symantec product installed.
Re:PCs and phones *are* made in China (Score:5, Interesting)
Related story (Score:2, Interesting)
It's almost impossible to tell whether additional software has been installed unless you either 1) diff your HDD (hard and time consuming) or 2) weigh the laptop and see if any data has been added. The government is, for once, correct and providing helpful information.
More on this topic at this old Slashdot story [slashdot.org].
Re: (Score:3, Insightful)
The real story (Score:5, Funny)
The real story in the article should be "CTO of world's largest Windows security software company uses a mac."
Re: (Score:3, Interesting)
Re:The real story (Score:5, Insightful)
Sounds sensible to me.
Don't use a "cell phone" in China (Score:2)
Orginal date of warning? (Score:4, Interesting)
What about Chinese nationals? (Score:5, Interesting)
This is really ridiculous. If the Chinese want to steal our technology, all they have to do is to contact several of the thousands of Chinese nationals who are working in the US until they find someone who needs money or other help for their family back in China.
One company I worked for had a Chinese national who was not allowed to work on part of a project because it was protected technology. The same person could have dropped the entire project onto their iPod and carried it out the door, but did not.
The ethics problem is represented by an experience I had while at an American research university. A Chinese faculty member met with the Chinese students in order to tell them in America, cheating and other ethical breaches are not considered a good way to get ahead. This suggested certain cultural differences which should not be used to discriminate, but need to be recognized because of the risks involved.
-Todd
Re:What about Chinese nationals? (Score:5, Insightful)
... all they have to do is to contact several of the thousands of Chinese nationals ...
History shows that approaching US Nationals with enough money [wikipedia.org] can also have the desired affect.
Re:What about Chinese nationals? (Score:5, Informative)
The ethics problem is represented by an experience I had while at an American research university. A Chinese faculty member met with the Chinese students in order to tell them in America, cheating and other ethical breaches are not considered a good way to get ahead. This suggested certain cultural differences which should not be used to discriminate, but need to be recognized because of the risks involved.
While I certaily wasn't at that talk (and I suspect that neither were you), I'm willing to bet that you don't completely understand what the talk was about. I'm on the faculty of a top tier reserch insitution conducting immunological research - I've had several Chinese graduate students, have sat on the international admissions committee, and have given the talk that you describe to our new Chinese students. The problem isn't one of ethics, but one of culture. The Chinese don't regard plagiarism the same way we do - in fact, the educational system encourages it in a way as it is an honor, of sorts, to 'plagiarize' your mentor. Additionally, a lot of these students don't have confidence in their english, so whey they write they occassionally take an idea from another article and copy it verbatim thinking "that's exactly what I was thinking, and I don't have to worry about incorrect english" - in most cases, there is not an intention of deceit. The Chinese certainly have their issues (admitting mistakes and nationalism), but I wouldn't call them unethical.
Re: (Score:3, Insightful)
I think the point you both want to get at is that you shouldn't judge other people by your standards of ethics and morals. As long as they conform to their own standards of ethics or morals, it wouldn't be right to call them unethical, no matter the differences between your standards and their standards.
So, if another culture finds it acceptable to force pre-teen girls into prostition rings, it wouldn't be right to call it unethical? How about if their culture allowed for the slaying of a girl that "embarrassed" the family? What about a culture that abandons their old or sick?
I'm sorry you've been overcome by so much political correctness, but moral relativism is bullshit. I have a moral compass, and I'm not ashamed of it. I choose not to deal with people or companies that purposely lie, cheat and stea
Re: (Score:3, Funny)
A Chinese faculty member met with the Chinese students in order to tell them in America, cheating and other ethical breaches are not considered a good way to get ahead.
They are, however, considered invaluable in *staying* ahead once you get there.
OTOH, DHS Might eliminate the issue as well.... (Score:5, Informative)
Re: (Score:3, Funny)
What's the old saying (Kettle calling the Pot black)
Actually, Pot started it. He called Kettle "black" first. It devolved into a war shortly thereafter when the Broiling Pan took sides and the Colander started screaming for legal recourse. Fortunately, Cheese Grater and Can Opener continued to get along. Then, of course, there was the scandal where Dish ran away with Spoon, but that's another story...
whats the point? (Score:3, Funny)
This Sounds Familiar (Score:5, Insightful)
Remember the Cold War, when the Soviets were 10-foot-tall super soldiers who could read your mind and fart atomic infernos out of their asses? Everything was thought to be a commie conspiracy.
Is this happening again, but now we are instead fearing the Chinese?
Re: (Score:3, Insightful)
The Soviets:
1) never matched the US economically, achieving military parity or superiority only in ground forces and nuclear delivery systems
2) never had a true deep water navy, and no full year ocean access
3) their population never exceeded the US, and they needed troops to keep Poland, Hungary, East Germany in check
The Chinese:
1) are projected to exceed the US economically in the next 10-15 years
2) have 2000+ miles of access to the Pacific ocean
3) have a raw population exceeding 3 times the US, its urban
Good for China (Score:3, Insightful)
If everyone who visits China buys a new cellphone and laptop for the trip...
Where were those cellphones and laptops likely manufactured? China...
China stands to make quite a profit from people doing this.
Silly (Score:2)
Such respect for IT! (Score:5, Insightful)
Maybe I'm taking this a little personally because I'm an IT guy. I dunno. But I do know I'd rather not work in IT for a large, tech-based company where the CTO is quoted publicly as saying: "I don't let my IT department near my laptop".
Anybody else have a WTF moment when they saw that? Or is it only me?
Re:Such respect for IT! (Score:5, Insightful)
Maybe he just has sensitive material about his company on the laptop. I've seen people in management who don't let anyone in the company, even IT, look at their laptops and it isn't because they think the IT department is incompetent or have no respect for them.
Not a problem in the US! (Score:4, Interesting)
Since in the US they'll take your phone and laptop, MP3 player and any other good stuff and demand to see your company documents if they think there's something nice in there.
PS the US has used Echelon to get Boeing a european contract by finding out the figure they had to bit under to get the contract.
This didn't require a cell phone either, so throwing away your cellphone isn't necessary there either.
So much nicer being spied on by the US government. You don't have to buy new kit all the time, just accept the espionage.
The reverse holds true (Score:5, Insightful)
See, Conspiracy theories work both ways... No more fear mongering, okay? Lets play nice kids.
Re:The reverse holds true (Score:5, Informative)
As a non-American citizen I feel the reverse holds true. When I enter the USA from Canada I should bring a seperate bare-bones, no thrills cell phone and an empty laptop. Because if the TSA decides that they want to snoop through my electronics there is no telling what information they are pulling out, government created spyware being installed, or some sort of magical chip that transmits everything I am doing back to them.
See, Conspiracy theories work both ways...
I know you said all that in jest, but you are more right than you suspect. And the situation with DHS and the TSA is very close to that (Other than installing hardware.. though the law does explicitly allow them to, even if they don't do it now)
That isn't a conspiracy or paranoia, its a well proven fact.
The weight of those bits adds up! (Score:3, Funny)
This is very good advice, as it would instantly catch the loss of weight if any data was stolen from the laptop. You hear of data theft all the time, and all it takes is something low-tech like a scale to detect it.
Re:Horse, close the barn door! (Score:5, Insightful)
Here's the thing...
If EVERY laptop and cell phone phoned home to China to give away secrets, somebody is gonna notice. REAL quick.
They need to more selectively target folks if they want to actually be able to get away with hacking a machine to send them secret data.
Re: (Score:3, Insightful)
Agreed. I was alluding to the fact that since execs outsource to China then China would already know many corporate secrets. Grey market goods often come from the same plants that make authentic goods.
Re: (Score:3)
I'm sure folks who share certain secrets with a partner in China who is doing their outsourced work already know that their is already a laptop in china 'all the time' with those secrets on them. No need to wait for a US exec to come over.
The point of this policy is to keep other secrets that haven't been shared, out of China and away from danger.
Re:Horse, close the barn door! (Score:5, Funny)
This is why the bugs are only activated when they detect an integer overflow error in any document called "personal finances.xls". With this method, they can be sure they're on an American executive's computer.
Re: (Score:3, Insightful)
Re:Horse, close the barn door! (Score:4, Insightful)
You're falling into the same trap that got the electronic voting people. It is not at all obvious if an electronic device has a backdoor function. You can change the software to react to a complicated trigger sequence, or worse, you can change the hardware to do it. Unless you deconstruct the device to the point of rendering it unusable, there is no way to reliably detect "sleeper" functions. This is especially dangerous if the bug is in all devices and not just a few "interesting" ones, so that comparisons between devices don't show any deviation.
Re: (Score:2)
Sure, but it looks like they are concerned over the ol' switcheroo and hardware keyloggers. You cant put that in every device, but if you can separate the exec from his phone or laptop for 15-25 mins then youre golden.
Re: (Score:2)
15-25? Try 5. On many laptops you could get to a good access point right under the easily-removable keyboard.
Re:Horse, close the barn door! (Score:5, Funny)
This, friends, is the real reason behind the famed Apple design of no user serviceable parts. Not to save weight, not to give Apple a few measly bucks for battery replacements but to prevent FOREIGN ESPIONAGE. Think about that that when you drop your Dell and 12 little plastic panels pop off.
You Windows folks aught to be shot as spies.
Re:Chinese Coders? (Score:5, Insightful)
Re: (Score:2)
"The meek may inherit the earth, but the strong shall take the stars."
Where ya' takin' 'em? Your mama know about that? Ya' gonna' put 'em back where ya' got 'em from, when your done with 'em?
Re: (Score:2, Insightful)
"Thing is, the Chinese have this whole "for the mother country" thing going on, so it's a sensible precaution."
And Americans don't? Americans practically invented RSI with all that damn flag waving they do, you sir are a racist.
Re: (Score:3, Funny)
No - you, sir, have no clue about Americans. Americans are in it for themselves, bar none. Any social interest arising from an American economic activity is merely an unintended side-effect of a self interest the executor couldn't turn into profit.
aptly said by those who renamed "french fries" to "freedom fries"
Re: (Score:3, Interesting)
I believe you are referring to citizens of the People's Republic of China [wikipedia.org] which are not all of the same race. So to call it racial profiling is inaccurate. It would be more accurate to call it nationalism profiling. It is clear from the replies you have received so far that racist/nationalist bashing is en vogue so here goes my karma. There is no way to guarantee safety 100% of the time but to ignore the fact that a foreign government that, while not openly hostile, is known for its intense dislike of your
Re:Chinese Coders? (Score:5, Insightful)
America has that same childish and ignorant "for mother country" thing going on as well
If we had international laws, policies, standards of living, etc. I'd agree with you. As we don't, I don't see a problem with wanting to take care of our own. International espionagers aren't going to share information--they only want to take it.
It's similar to the prisoner's dilemma. We'd probably all do better overall if we all worked together. China's not going to work with us, though, which means that if we just give them the technology, we're the suckers.
Re:Chinese Coders? (Score:4, Insightful)
Plus the fact that China uses its technical workers for both industrial and political espionage quite frequently, and has been caught doing it several times.
It really disturbs me that in 2009 such hatred and bigotry is still the norm and is spouted, not only without consequence but to rave reviews and record ratings, on Fox News and right-wing pseudo-fascist radio programs. We need to realize that all of these boundaries we have set up are simply arbitrary, artificial constructs that have NOTHING to do with reality.
To quote the great poet Bill Hicks, "I hate patriotism! It's a round world the last time I checked."
The reason I distrust China is precisely BECAUSE they are too "patriotic"/nationalistic; they're even worse than the US I think in this regards, hell they're still mad over the OPIUM WARS. It has bred a very "us vs. them" mentality (obviously, some of it is understandable because of the country's history) that I think is a hell of a lot more dangerous to us and the world than the communism was.
Just as a side note, Hicks was kind of overrated.
Re:Chinese Coders? (Score:5, Interesting)
To be fair China is still a Command economy that let's "Capitalism" play because it's a useful way to get people to work harder.. they are a long way from the idea of "Free Markets". This is where it's not a "round" world.. The Chinese government has their eye on the 50 year game and is more than willing to tie up all of a natural resource... and throw people in jail when the "free market" price goes up.
While the US punishes "intervention" by state banks in places like Japan and Korea for making sure their chip makers don't go under, China is stacking the deck on a NATIONAL level for resources... setting prices that corporations are allowed to SELL to China for.. and nobody is really stopping them. Just last week China "decided" they weren't going to be exporting any more rare earth metals (needed for high power magnets in electronics) They just issued a directive it wasn't allowed to be exported anymore....for any price. Back in 2007 one of the things that knocked US auto makers on their butts was China using scrap US steel instead of imported ore. It nearly doubled the price of scrap here (ironically bought with trade surplus dollars no less!) and made it even harder to complete with Asian companies... it was the straw that caused a good deal of the auto maker meltdown earlier this year. China manipulates their currency by not allowing dollars to be converted into Chinese money except for specific state-sponsored investments, and they don't allow US companies to take their Chinese profits OUT of the country either. It sets up a situation where they pile up money in US banks to buy US resources... but US companies can't pull their capital profits OUT of China...
China is playing the long game, highly protectionist and stacking the deck with our own money and resources against us. It's economic "war" played at the highest level and the US government has no grasp that the "invisible hand' won't save them.
Re: (Score:3, Insightful)
Assassin's Mace, anyone?
While few people recognize it as such, China is waging war against the west. And, they are claiming victories every day, because we have trouble just spelling "asymmetric warfare". I wonder if that recto-cranial insertion so common in Washington and on Wall Street have anything to do with it?
I recognize that the Chinese government is "waging war" on the west in order to become the next century's superpower. This does not mean that we ought to resort to xenophobia and racism to "beat" them. That is completely back-asswards and will only serve to give them more ammunition against us.
Re: (Score:2)
For the cell phone, maybe they're concerned about China pushing out OTA firmware upgrades?
Re:They must be that good. (Score:5, Informative)
Pick your pocket while you're waking down the street, copy the contents across into a trojaned version, and then slip the replacement back into the victim's pocket. Or, if that's hard, tell them they dropped their phone and hand it back.
It's also a good idea to make sure you turn your phone on at the airport before you get on the plane to China. When a phone registers with a new cell, it passes on the ID of the last cell it was affiliated with (to allow routing tables to be updated). MI6 was wondering a few years ago how the Russians were able to spot their people so easily, until they realised that they were turning off their phones at the headquarters in London when they went in and then not turning them back on again until they stepped off the plane. As soon as they turned them back on, they broadcast a nice little message to the cell tower at the airport saying 'the last place I went to was very near the MI6 building' which was flagging them for extra surveillance.
Re:One word... (Score:5, Insightful)
It's not paranoia if they really are out to get you. And we have plenty of evidence that the Chinese really are. Actually, the intelligence agencies probably just forgot to say "because we're doing all this stuff to their top executives when they visit us".
Re:One word... (Score:5, Funny)
Don't they have a right to know how their money is spent? ;)
Re: (Score:2)
No, through nationalism. This is against a specific nationality, nothing to do with ethnicity. Taiwan is not covered by this warning, and they're the same stock.
Here's a long shot... (Score:3, Insightful)
How are you going to detect a 15g to 100g logging circuit that's more than likely (if there was malicious espionage intent) designed to fit or mount into current hardware and not be detected on a scale that's accurate down to 0.5 pounds.
Here's a long shot... how about using a postal scale that's accurate down to a gramme? Do you think there might be one in the mailroom?
Re: (Score:3, Insightful)
Seriously, this is silly, because TFA is talking about re-imaging laptops before/after. That would imply malware/spyware being surreptitiously installed, but that won't change the weight directly.
Re-imaging the laptop if a hardware keylogger has been installed wouldn't have any effect either (but could possibly be detected by weighing).
So you're saying that weighing is silly because it won't protect against software keyloggers (would need to re-image), and re-imaging is silly because it won't protect against hardware keyloggers (would need to weigh to do that). Your conclusion is then that one should do neither (rather than the very obvious both)? Really?
Yeah, I don't wear a belt because suspenders are fully adequate, and I don't wear suspenders because a belt is good enough. Yet for some reason, my pants keep falling down. :)
You go on