If you carry classified government information or trade secrets as part of your job, traveling in China is risky. Hackers, whether affiliated with the government, on the payroll of competing companies, or operating alone, are a constant threat, and you generally have to assume that you are never unobserved online. But a piece in the New York Times makes it exceedingly clear just how far one has to go to get even a measure of electronic privacy and security in China:
When Kenneth G. Lieberthal, a China expert at the Brookings Institution, travels to that country, he follows a routine that seems straight from a spy film. Kenneth G. Lieberthal of the Brookings Institution takes precautions while traveling. He leaves his cellphone and laptop at home and instead brings “loaner” devices, which he erases before he leaves the United States and wipes clean the minute he returns. In China, he disables Bluetooth and Wi-Fi, never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery, for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, “the Chinese are very good at installing key-logging software on your laptop.”
This is a philosophy that Representative Mike Rogers, chairman of the House Intelligence Committee, calls traveling “electronically naked”; Jacob Olcott, a cybersecurity expert at Good Harbor Consulting, calls it ‘Business 101’ for people involved in commerce in China. Read the NYT piece for more, but here’s one more nugget that emphasizes how dangerous, in terms of information security, it is to have any contact at all with Chinese systems:
McAfee, the security company, said that if any employee’s device was inspected at the Chinese border, it could never be plugged into McAfee’s network again. Ever. “We just wouldn’t take the risk,” said Simon Hunt, a vice president.
February 13th, 2012 at 7:22 pm
What I’ve been pondering since reading the NYT article: how is the password kept on the flash drive? Encrypted with a one-time password?
February 13th, 2012 at 9:51 pm
Hmm, seem like ‘Yankee traders’ whatever they were.
February 15th, 2012 at 2:48 am
The great thing about copy and paste is that its unencrypted and the chinese can read it just fine, but thats software for you.
The real crux of the situation they are trying to explain to the lay-person is that China specialises in hardware spying. That keyboard on your desk right now has a small amount of memory in it and is sending its feed without you knowing. Every keystroke you punch is forever going out.
That usb drive and harddrive that says 4GB/1TB but actually only gives you 3.7GB and 900 MB has a little extra space in it for spy software and lots of space for spy hardware.
That USB microphone you just plugged in is recording all your keystokes, and sending them back to base, using sophistcated software that can learn EASILY over time which finger is pushing which key, by the time between keys and which hand and finger it was.
That USB speaker is is really sending behind the scenes anything it hears.
That mouse is micromanaging every click in conjunction with the screen image software hidden in the background.
That phone which goes over the internet is routed very easily to a juntion box then to the internet.
That website you mistyped comes up perfectly as if you had typed it perfectly only its now going through a local server capturing everything and relaying everything.
The web-site you typed in perfectly using copy and paste or favourites is actually being spoofed with a “bogus” DNS entry and relaying everything you do to the real website.
That light you just turned on with the little camera capturing your screen in full HD, what you cant see a camera behind a light….of course not who the hell would look towards a light.
February 16th, 2012 at 7:47 pm
This certainly isn’t what I would call traveling “electronically naked”; that would be to travel with no electronics at all. This is more like electronically sandboxed.
Most people are vulnerable to being compromised, when faced with a skilled and determined attacker. Perhaps these examples have some extraordinary resources to help them. However never forget that during the Cold War, each side repeatedly penetrated the other’s veils of secrecy. The Soviets excelled at human spies and moles, while the U.S. excelled at technology based intrusions.
Not that it’s not worth trying to mount a defense. More like, never forget that any good defense can be matched with a good offense. And paranoia, it will destroy ya!
February 17th, 2012 at 3:38 am
Shut the eff up “m”, you rambling troll.