×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Trouble With Bringing Your Business Laptop To China

Soulskill posted about a year ago | from the laptops-are-the-panda's-favorite-food dept.

China 402

snydeq writes "A growing trend faces business executives traveling to China: government or industry spooks stealing data from their laptops and installing spyware. 'While you were out to dinner that first night, someone entered your room (often a nominal hotel staffer), carefully examined the contents of your laptop, and installed spyware on the computer — without your having a clue. The result? Exposure of information, including customer data, product development documentation, countless emails, and other proprietary information of value to competitors and foreign governments. Perhaps even, thanks to the spyware, there's an ongoing infection in your corporate network that continually phones home key secrets for months or years afterward.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

402 comments

That's only one of the problems (4, Interesting)

dtmos (447842) | about a year ago | (#42186713)

The other -- and, I would submit, more important -- reason for not taking your business laptop to China (if you're from the US) is US export control laws. The definitions of "export" and "controlled technology" have been so generalized that it is an even-money bet that the laptop of a given technologist contains information that, were he to travel to China, would result in at least a technical violation of the law -- and the penalties are severe.

Re:That's only one of the problems (3, Interesting)

ZorinLynx (31751) | about a year ago | (#42186771)

Considering these laptops are for the most part manufactured in China anyway, how does bringing them back there in anyway give China access to any "controlled technology" they don't already have?

Re:That's only one of the problems (5, Informative)

DragonWriter (970822) | about a year ago | (#42186809)

Considering these laptops are for the most part manufactured in China anyway, how does bringing them back there in anyway give China access to any "controlled technology" they don't already have?

Controlled technology includes software as well as hardware.

EVIL MAID! (1)

Jeremiah Cornelius (137) | about a year ago | (#42186845)

She's REAL! [schneier.com]

Re:EVIL MAID! (3, Funny)

FatdogHaiku (978357) | about a year ago | (#42187405)

Well... that explains why the HOT HORNY MAID never showed up... she got canned so they could insert their perfidious data thief in her place! Damn. Someone should update the Asian Porn section of the internet so travelers aren't disappointed...

Industrial espionage (4, Interesting)

Taco Cowboy (5327) | about a year ago | (#42186947)

I travel all the time, for business.

China is not the only country where industrial cloak and dagger stuffs happen.

The other countries that I've personally encountered industrial espionage activities includes Japan, Korea, Vietnam, France, Italy, India, Indonesia, Egypt, Turkey, and you will be surprised, I had had similar encounters in Canada, UK, Australia, and also US of A, although not that often.

Re:Industrial espionage (5, Interesting)

hendridm (302246) | about a year ago | (#42187097)

I've surprised by many of the countries on your list.

Can you give some examples of what you've observed that we non-travelers might find surprising/interesting?

Re:Industrial espionage (0)

Anonymous Coward | about a year ago | (#42187305)

Whilst in Vietnam, I found unsigned Ubuntu update packages coming down off an official mirror.

Re:That's only one of the problems (4, Informative)

dtmos (447842) | about a year ago | (#42186871)

how does bringing them back there in anyway give China access to any "controlled technology" they don't already have?

It's the information the technologist has stored on it that is the problem. The export control laws are enforced by the Bureau of Industry and Security [doc.gov] , and they are arcane, complex, and woefully out of date. Just to give one example, if you're a microprocessor designer, and have a design that operates at temperatures exceeding 125C, that design is controlled; carrying that design in your laptop when you go to China is a violation of the law -- whether or not it is even accessed while in China. (It's also illegal to show that design to any person of Chinese citizenship, even if you both are in the US at the time; that, too, is considered export under the law.)

Re:That's only one of the problems (1)

viperidaenz (2515578) | about a year ago | (#42186925)

So its illegal for me to buy this if I'm from China? http://www.ti.com/product/sm320f28335-ht [ti.com] It's a processor that runs at 210C. (You can buy this from TI's Asia distributor by the way)

Re:That's only one of the problems (1)

zerro (1820876) | about a year ago | (#42187109)

hrmm. When I buy certain chips/kits from TI's websites, it made me go through an export control interview and application.
What if you are buying from a non-US distributor in a non-US country. Do US trade/export laws still apply?

Re:That's only one of the problems (1)

MichaelSmith (789609) | about a year ago | (#42187067)

It's also illegal to show that design to any person of Chinese citizenship

And perfectly legal if they have changed their citizenship, regardless of who they might be feeding information to.

Re:That's only one of the problems (0)

Anonymous Coward | about a year ago | (#42186941)

The hardware is not what is in question. It's the software and various other files on your machine. Various specifications, detailed design documents, requirement documents, schematics, drawings, etc., can all have export controlled aspects. Many companies I've worked with provide loaner laptops for travelling to China specifically because of export control cautions, as well as the potential for a security breach.

Re:That's only one of the problems (0)

Anonymous Coward | about a year ago | (#42187187)

It's not China doing the spying, it's entities within China. This kind of low-grade spying happens mostly by companies, not directly related to the government. You have to understand how easy this kind of thing is in China. It doesn't take much to convince an underpaid housekeeping staff in a Chinese hotel that she/he should let you into a room, especially since you're not actually stealing anything physical or obvious to them.

Shred of Evidence (0)

Anonymous Coward | about a year ago | (#42187009)

Do you have a shred of evidence that anyone who was not engaged in arms trafficking has been indicted for an ITAR violation?

Re:Shred of Evidence (0)

Anonymous Coward | about a year ago | (#42187135)

See here:
http://www.melbournelegalteam.com/itar-compliance.html

Though those aren't the direct news stories, I do remember the Boeing one a few years ago in particular for the 737 gyroscopes.

Fix 'em good. (4, Funny)

ackthpt (218170) | about a year ago | (#42186733)

Take a TRS-80 and watch them try to figure it out.

encryption (5, Insightful)

Anonymous Coward | about a year ago | (#42186741)

Why doesn't your business mandate HDD encryption?

China isn't the only place this goes on...

Re:encryption (2, Funny)

Qzukk (229616) | about a year ago | (#42186757)

Why doesn't your business mandate HDD encryption?

Not that it would matter, some person would decide its too much trouble entering the password all the time and just leave the laptop on.

Re:encryption (3, Informative)

dnaumov (453672) | about a year ago | (#42186933)

Mandatory and automatic lock-up of a computer after a period of inactivity is neither new nor hard to enforce.

Re:encryption (0)

Anonymous Coward | about a year ago | (#42186969)

Using the built-in camera to detect when the user gets up is a plus too.

Re:encryption (3, Interesting)

able1234au (995975) | about a year ago | (#42186783)

Encryption but to be extra paranoid, don't bring a laptop. You need to assume that there will be spies on your own payroll. Someone supplementing their pay and being patriotic at the same time. Paranoia is a good thing. Encryption is critical but don't assume it is a magic bullet. If they video or capture you typing in your password then you will have a false sense of security.

Re:encryption (1)

arbiter1 (1204146) | about a year ago | (#42186897)

if its business you probably need it. Personally if you are international traveler for business, i would use true encrypt and encrypt the entire drive, maybe throw in like usb drive/SD card that needs to be inserted with a password to access the laptop.

Re:encryption (4, Interesting)

lister king of smeg (2481612) | about a year ago | (#42186967)

better yet live cd let them try installing malaware on there then, encrypt the whole drive and only use it for data storage, when chinless agents tries booting and no OS is found so he simply images you drive for later analysis let him stew for a few billion years trying to decrypt it.

Re:encryption (5, Informative)

homer_ca (144738) | about a year ago | (#42187019)

A hardware keylogger inline with the keyboard cable takes care of that. It only means they'll have to break in twice instead of once.

Re:encryption (1)

blueg3 (192743) | about a year ago | (#42187053)

If you're really paranoid, you should keep in mind that encryption doesn't really provide data integrity, it only provides confidentiality. That is, if someone steals your laptop and looks at your hard drive, they should get no information, provided your passphrase is sufficiently unguessable. It does not necessarily protect you against someone changing the data on your hard drive, though that might be rather inconvenient. Do not treat an encrypted hard drive as protection against physical attacks!

You should also keep in mind that naturally an encrypted hard drive protects against no lower-level threat. A BIOS-level keylogger or malware will work just fine.

Re:encryption (1)

hobarrera (2008506) | about a year ago | (#42187225)

If you're really paranoid, you should keep in mind that encryption doesn't really provide data integrity, it only provides confidentiality. That is, if someone steals your laptop and looks at your hard drive, they should get no information, provided your passphrase is sufficiently unguessable. It does not necessarily protect you against someone changing the data on your hard drive, though that might be rather inconvenient. Do not treat an encrypted hard drive as protection against physical attacks!

It's protected in the sense that information cannot be stolen.
Also, it does offer some level of integrity protection - if someone alters encrypted data, it's very likely that I will be able to tell, since it would mean that parts of my disk now contain rubbish.

Re:encryption (0)

Anonymous Coward | about a year ago | (#42187419)

A checksum of the BIOS could be stored on the drive and verified as part of the boot process.
When the last known user logs in, it could alert them to the problem and block network access.

Re:encryption (1)

mjwx (966435) | about a year ago | (#42187249)

Why doesn't your business mandate HDD encryption?

China isn't the only place this goes on...

What good is HDD encryption when they have/had physical access to the device? If you get physical access tot he HW all you have to do is take a copy of the HDD (erm, DD will do this for you) and crack it at your leisure.

If you're that worried about corporate/govt espionage, there is only one defence... Don't keep the data on a mobile device. Yep it's a PITA doing everything via VPN, but it's the only secure way.

Besides this, the article is bollocks made up by people who have had too much pot/coffee and not enough exposure to the real world. China's govt doesn't give a shit about your crappy companies secrets. They don't bother stealing technology when it's cheaper and easier to buy it from the Russians. As for corporate espionage, once again not a big problem as it's cheaper to buy it than steal it and it's easier to steal it from the factory (where there are lots of low paid workers to bribe) than sneaking into some gwailo's room and rifling through his shit (also, people capable of stealing secrets from you are typically quite smart).

Re:encryption (2, Informative)

Anonymous Coward | about a year ago | (#42187329)

What good is HDD encryption when they have/had physical access to the device? If you get physical access tot he HW all you have to do is take a copy of the HDD (erm, DD will do this for you) and crack it at your leisure.

There was a story from a few years back where a fellow had his laptop confiscated. It was encrypted with TrueCrypt and the US govt tried, and failed, to break the encryption for months. So no, it's not an easy thing

Besides this, the article is bollocks made up by people who have had too much pot/coffee and not enough exposure to the real world. China's govt doesn't give a shit about your crappy companies secrets

China most certainly does care about your companies secrets if the company is involved in military contracts. Even if you don't travel, they are trying to get at the data that is here. Some of the recent fighter aircraft programs have had problems in particular with data theft.

The solution for data theft? (1)

Anonymous Coward | about a year ago | (#42186755)

Hardcore gay porn as the only contents of the laptop. not even an OS. just a drive full of pronotron of the rankest variety. compute on an sd card that you keep in your person...or on your person. depends how paranoid you are :)

Re:The solution for data theft? (1)

lister king of smeg (2481612) | about a year ago | (#42187007)

one terabyte drive filled with goatcx, lemon party, and two girls one cup, in the highest resolution you can find, next use stenography to hide encrypted data in. they will notice a difference in each copies checksum and spend years analyzing the worst porn on the planet. you have now made some poor chinese persons life miserable.

That's what encryption is for. (4, Insightful)

stevenh2 (1853442) | about a year ago | (#42186761)

Who leaves their business secrets in the open. Especially laptops, they get lost stolen, or as the article says people examining it. Really you can use a truecrypt container and hide it somewhere.

Re:That's what encryption is for. (1)

illestov (945762) | about a year ago | (#42186841)

Who leaves their business secrets in the open. Especially laptops, they get lost stolen, or as the article says people examining it. Really you can use a truecrypt container and hide it somewhere.

As far as i know, encryption doesn't prevent a keylogger or a trojan ,planted on your computer, from stealing your data/passwords/whatever is on your screen, or even worse, gaining access to your company's computers through yours when you go back to the states..

Re:That's what encryption is for. (3, Insightful)

sconeu (64226) | about a year ago | (#42186889)

If your boot partition is encrypted, and you can't boot without entering the password, it's harder to put a trojan or a keylogger on the system.

Re:That's what encryption is for. (3, Interesting)

blueg3 (192743) | about a year ago | (#42187069)

If your boot software is encrypted, how does your system boot at all?

Oh, I see, you're thinking of something like Truecrypt. So, when you boot, where does the code that knows how to decrypt your hard drive live? Why can't the attacker put the keylogger there?

Re:That's what encryption is for. (0)

Anonymous Coward | about a year ago | (#42187161)

If you're smart, it's because you've got it stored securely up your boot.

Re:That's what encryption is for. (1)

hobarrera (2008506) | about a year ago | (#42187241)

You can encrypt your disk with a password AND a physical USB token - requiring both to be present.
Hence, a theif would need to install a keylogger, AND steal your USB token, AND then have access to your PC again, to retrieve the keyloggers results - unless a pre-OS keylogger can somehow survive the entire boot (meaning it can survive a new kernel being loaded into memory).

Re:That's what encryption is for. (1)

realityimpaired (1668397) | about a year ago | (#42187345)

If your boot software is encrypted, how does your system boot at all?

Dunno what kind of hardware you have, but I'm typing this on a Dell business laptop. Coupled with an Intel SSD, it's capable of encrypting the hard drive in its entirety, at the hardware level. The BIOS is smart enough that it won't boot at all, even to the BIOS, without entering the passkey to decrypt the hard drive, and it's smart enough that you can't circumvent it temporarily by removing the hard drive.

Dell's far from the only company that's able to use a TPM in that way. Put tamper-resistant stickers over the screws so you can't get at the motherboard without making it obvious it's been done, and you should be safe.

Why does everybody think that crypto has to be done in software?

Re:That's what encryption is for. (0)

Anonymous Coward | about a year ago | (#42187133)

funny.. i wouldve just popped open your laptop and put a hardware sniffer in your pci-e slot that basically all laptops have for 3g/etc cards that basically no one uses. Coincidentally, the mfg's of such things I'm aware of are all in China.

sysadmins ... educated end-users that think they know a lot more than they do o_O

Re:That's what encryption is for. (1)

marcushnk (90744) | about a year ago | (#42186905)

because its a jail-able offence.

If they think you are trading in state secrets (like Stern Hu http://en.wikipedia.org/wiki/Stern_Hu [wikipedia.org] ) they will take and detain you and your equipment.
At that point they'll ask for you encryption key, if you refuse then you'll be jailed indefinitely and possibly executed.

best thing to do is to not take any data with you, or "burn" / wipe / replace your equipment after visiting.

Re:That's what encryption is for. (1)

dtmos (447842) | about a year ago | (#42186963)

It's not just trading in state secrets ("espionage"). In the US it's also the trading in controlled technologies. The difference is, a controlled technology can be transferred to any US citizen with no legal issue at all, but cannot be transferred to (certain) foreign citizens. A state secret, on the other hand, may not be transferred even to another US citizen without authorization.

Re:That's what encryption is for. (3, Informative)

dslbrian (318993) | about a year ago | (#42186971)

This exactly. Encrypt the laptop but don't actually keep anything important on it. Instead use Truecrypt and a USB thumb drive. Have the thumb drive keyed to a different password than the laptop.

Further, as far as customs, drop a live CD of any variety in the CD drive, and have the laptop default to booting the CD. Now when custom guys asks to inspect your laptop, say sure, and let it boot the live CD. You can be amused while they laugh at how slow your laptop boots. In the end let em clone the HD, whatever, even if the NSA cracks it there is nothing on it. Everything important is on the thumb drive that you have "hidden" away (usually in plain sight on a keychain).

As far as the article, carrying your corporate secrets encrypted in your pocket will make any thieves job harder, and having the laptop encrypted will force them to install keylogger hardware, a more time consuming and harder thing to get away with. If I were such an executive and had real concerns I would just get a throwaway laptop, or better yet have some fun and epoxy all the case screws in. There are possibilities.

Re:That's what encryption is for. (0)

Anonymous Coward | about a year ago | (#42186981)

I wouldn't even use a TC partition -- BIOSes can be flashed to log keys, just like the HID exploit on Macbooks could be used to flash the keyboard controller itself to function as an eavesdropping device.

What I would do is see about something like Citrix, and bring a limited function laptop, perhaps a Chromebook. Preferably something that could be made tamper resistant and stores little to nothing locally. If it runs the receiver software, you then can VPN over to your main machine and do work from there... just make sure to have a duress code (since waking up in pieces, Niven style, is a good threat), so damage is limited if one is arrested. Yes, China has some strange charges foreigners can be arrested for, and there is always "sedition".

Re:That's what encryption is for. (0)

Anonymous Coward | about a year ago | (#42187159)

That still leaves the bootloader/decrypter stub as a point of attack. An attacker can still replace the passphrase prompter with a malicious version that looks the same.

Encryption needs to be combined with Secure Boot to prevent the "hotel maid attack"

Always encryption (3, Funny)

rbprbp (2731083) | about a year ago | (#42186769)

If you are travelling anywhere without HDD encryption, then you kinda deserve this. By the way, let's see them trying to put spyware on a PowerPC Linux laptop. :)

Re:Always encryption (1)

Anonymous Coward | about a year ago | (#42186829)

Keyloggers for linux are trivial to write without needing root access. Same with installing a trojan and the person not knowing.

Re:Always encryption (1)

mark-t (151149) | about a year ago | (#42187111)

References please. Specifically, show how it is possible to install a keylogger on a Linux workstation without the administrator knowing something was up if they had left their computer with a password-locked screensaver on.

Re:Always encryption (-1)

Anonymous Coward | about a year ago | (#42186847)

you already installed it. it's called linux.

Re:Always encryption (1)

WhitePanther5000 (766529) | about a year ago | (#42187123)

The nice thing about PowerPC is that nothing runs on it.
The crappy thing about PowerPC is that... nothing runs on it.
Old iBook/PowerBook? The one in my basement can't do much more than power on anymore.

They can get around my two-factor authentication? (1)

gubon13 (2695335) | about a year ago | (#42186781)

I'd love to know how! Do you have any idea how difficult it is to reach for a stupid RSA key while one-hand-surfing in my hotel room?

Take the hard drive with you... (1)

stewartwb (1606111) | about a year ago | (#42186789)

I keep the mounting screws out of my laptop hard drive's carrier, so I can easily swap in multiple drives. If I ever visit China, I'll make sure to carry the drive with me at all times in my coat pocket unless I'm actually using my laptop! (Plus, I encrypt the entire drive with TrueCrypt.)

Re:Take the hard drive with you... (1)

arbiter1 (1204146) | about a year ago | (#42186927)

that is not a bad idea, have 2 drives, 1 with a ton of dummy data on it that you put in the laptop when you going out.

Re:Take the hard drive with you... (1)

Threni (635302) | about a year ago | (#42187145)

Probably easier to have the laptop installed with a dual boot windows/linux (or even have 7 boot options - different versions of linux, 1 windows etc) just for show (and to waste their time) but carry a 16gig usb key which you boot into whenever you want to use your computer, accessing a large truecrypt file on one of the partitions if you need more storage. Having said that, if you're only there for a few days/weeks, you probably don't need more storage, and if you did you could just use a second/third usb key, again with a truecrypt file on it. Such a system, especially if all your surfing is done via vpn, should be rather safe.

If I were involved in trying to detect/defeat this sort of tampering, and I worked for (say) the American security services, I'd be offering to supply travelling westerners with clean partitions on the laptops and requesting a copy of them upon return to see what sort of crap gets installed.

Source (1)

Anonymous Coward | about a year ago | (#42186791)

Find me one case of this happening. The article can't find one and I sure as hell don't think it's as common as they want you to think.

Booby trap time (1)

magarity (164372) | about a year ago | (#42186795)

I see a great market opportunity here; a system whereby if your keychain dongle isn't inserted into the usb port, the laptop battery goes critical on bootup.

Re:Booby trap time (1)

PaulBu (473180) | about a year ago | (#42186943)

Good idea!

Now, let's try to implement it... I suggest to start with Lenovo laptops, and we only need to outsource USB dongle and exploding battery production somewhere, I suggest China, they have experience mass-producing thing!

Wait! All your matching parts (laptop, dongle, battery) are made where? In... China? ;-)

Paul B.

Security? (0)

Anonymous Coward | about a year ago | (#42186797)

That scenario is completely the fault of the user and/or the IT infrastructure employed at their company. Do you think this doesn't happen when foreign nationals visit the USA? F-Bait.

Biological deterrence (0)

cosm (1072588) | about a year ago | (#42186811)

Full disk encryption with BIOS level password? Nah.
Keep it locked in a steel tamper-proof suitcase? Nah.
Physical locks on laptop exterior? Nah.
Log on email notifications and alerts? Nah.

Cover it with hello kitty stickers and used condoms? ***dons shades***...OPPAS GANGNAM STYLE HURR DURR

Hah, I had this problem... (4, Funny)

DDLKermit007 (911046) | about a year ago | (#42186825)

I had this problem when I was doing work with associates in China when I was working to develop some software to use there. After going out one night I noticed the next day my laptop had been gotten into. Sure they poked around, but I didn't care. Not stupid enough to actually bring any data physically there with me. Checked the machine for anything funky, but seemed he was poking around to copy any interesting data. In the end they ended up trying to screw us & do the job we were doing which was they found really hard without our actual software in their hands. We just ran pointers that always pushed data from China back to the US where we churned through the data because I was a paranoid maniac. Sucks the company went under due to them, but felt a sort of sick satisfaction they ended up looking really dumb when everything ground to a halt suddenly.

throw away laptops (5, Interesting)

lophophore (4087) | about a year ago | (#42186887)

Any serious exec is going to use a throw-away laptop for travelling to China. A $400 special will keep you online abroad, and then it can be destroyed as a business expense. Cheap insurance against hacking.

Re:throw away laptops (5, Interesting)

Anonymous Coward | about a year ago | (#42186959)

Yup, that's how we deal with it. We're frequently in China to do software and hardware testing at our facilities (I work for a large US transportation company), and we have "China laptops". These are encrypted machines that are specifically loaded with the bare minimum stuff we need when we leave and immediately blown away when we get back. Installation of anything beyond the bare minimum (which is pretty much Win7 and VS2005) is strictly disallowed. Source is kept on a separate, encrypted sd card which is not to be kept in the machine, but even then it's just not that interesting. It's all internal source for package sort controllers and such, and we don't even have the ability to check code back in from these machines. It's purely for debugging and sending problem reports back home.

There's a big sticker on them that even says "China laptop, do not connect to corporate network"

Re:throw away laptops (2)

AHuxley (892839) | about a year ago | (#42187191)

Same for entry into the USA or any country. The software needed on brand new storage media, replace when returning home.
The option to inspect any laptop that enters a country is getting to be a reality rather than having to be a 'suspect'.
When a state views your laptop as a "container" - you have no legal protection.
Diplomats and travellers to the Soviet Union knew what they faced at any hotel - why would Communist China be any different?

Re:throw away laptops (0)

Anonymous Coward | about a year ago | (#42187321)

Does it actually have to be destroyed? Can you not format? Are BIOS and/or other firmware viruses really that common?

solutions: (3, Informative)

wierd_w (1375923) | about a year ago | (#42186893)

There are several ways around this, with increasing levels of overhead.

0) don't bring the laptop to begin with. (Hehe.. har.. yeah, who am I kidding?)

1) yank the HDD completely, boot the laptop using a custom knoppix DVD, with an RDP client. Save your work in the cloud/at the enterprise, behind a strong enterprise password. Malware magically vanishes when the laptop powers down. No local data to collect.

2) use something like black ice defender.

3) use whole disk encryption with almost reigious zeal.

Personally, I prefer the live dvd approach. It has fringe benefts of always being a fresh, clean environment, and a complete black hole for forensic data recovery. Only the rubber hose method to get you to reveal the RDP account password remains as a reliable method of intrusion, though this assumes you aren't an idiot, and weren't so stupid as to package a keyring on the live DVD. (The whole idea is to keep sensitive data OFF the system!) If you absolutey NEED a keyring, find some way to use an actual usb keyfob to store it, and always carry your keys.

Regardless of the method used, remember that allowing unauthorized persons access to the physical system is practically synonymous with being pwned. The live dvd method only gives them physical access to a terminal.

Really? (0)

Anonymous Coward | about a year ago | (#42186895)

I assume this happens principally to people who use Windows and don't use:

a- a BIOS password
b- a password protected user account
c- a (different password) password protected admin account
d- an OS that's secure (meaning obviously nothing from Microsoft!)
e- tamper-evident seals on all access points on the machine
d- a physical lock on the computer preventing or at decreasing the odds of the computer wandering off.
e- the common sense not to take anything important with you on your computer, or sensitive, data-wise.

My own approach when I travel on business is to use a computer that doesn't have a hard drive. I have mine configured to boot from CD-ROM, have a MintLinux distro on CD that I boot from, and a card-reader, and files I use are stored on the card, (MicroSD HC, and on my most recent trip, SDXC and a Extreme Capacity-compatible card reader) so that if the computer is lost or stolen, I still have the disc and removable media with the data on it.

I also have a netbook with a similar setup, except that the distro is on a separate chip, in a very neat little card reader from Elago.

I carry the removable media and the CD (also technically RM) with me, on my person under these circumstances, even if I have to leave the machine at a hotel.

I haven't personally resorted to the tamper-resistant measures I mentioned above, but if I went to China, I think I would. But I'm just paranoid that way.

I wonder if this will work? (2)

roc97007 (608802) | about a year ago | (#42186903)

You take a laptop to China. In your coat pocket is a "live" thumbdrive, which remains on you at all times. You don't care what's on the laptop, because you boot the thumbdrive to do work.

When you leave China, toss the (presumably compromised) laptop in a dustbin in the airport restroom.

Re:I wonder if this will work? (0)

Anonymous Coward | about a year ago | (#42187017)

or put a rat trap in your laptop bag, and watch hilarity ensue. just follow the blood trail when you return

Re:I wonder if this will work? (1)

Lumpy (12016) | about a year ago | (#42187213)

"just follow the blood trail when you return"

You mean follow it to your torture cell? I dare you try that trick when you arrive in china.

Hell I dare yo to try that trick in the USA on the TSA guys.

Re:I wonder if this will work? (1)

roc97007 (608802) | about a year ago | (#42187307)

...but let us know *when* and *where* you're going to try it, because that sounds like a youtube moment if I ever heard one.

Re:I wonder if this will work? (1)

lister king of smeg (2481612) | about a year ago | (#42187095)

why toss it? you could give it to the kids to play flash games and minecraft on.

Re:I wonder if this will work? (2)

roc97007 (608802) | about a year ago | (#42187299)

I'm thinking because you don't want to connect it to a network (that you care about) until the disk is scrubbed and the bios is reflashed. (And perhaps, the back is taken off to make sure the box hasn't been physically compromised.) Laptops are, like, $200 apiece. Safer just to dump it.

APK - use hosts file (0)

Anonymous Coward | about a year ago | (#42186913)

I recommend using a hosts file to prevent spyware. I also use this [goatse.ru] as my wallpaper to prevent people from searching my computer.

Sources Please? (2, Insightful)

Anonymous Coward | about a year ago | (#42186979)

I see a lot of unsubstantiated opinions. How about some credible sources that this is happening?

Re:Sources Please? (0)

Anonymous Coward | about a year ago | (#42187141)

The US copies any data that enters its territory, why would China be different?

Use BIOS Password and PGP Encryption for hard driv (0)

Anonymous Coward | about a year ago | (#42186987)

I work for IBM and it is mandatory for all employees to have BIOS bootup password and PGP encryption no matter what OS your laptop is running and these requirements apply to desktops too.

Re:Use BIOS Password and PGP Encryption for hard d (1)

hobarrera (2008506) | about a year ago | (#42187275)

Or any other form of encryption for that matter - I see no reason to use PGP in particular.

I have two laptops... (0)

Anonymous Coward | about a year ago | (#42186999)

One is a Sony Vaio piece of junk. Super small, super thin, super light, and super slow. It works great for email and office, though. It has truecrypt full disk encryption, and a BIOS password. (which aren't the same).

My "real" laptop is a Macbook Air. It has file vault turned on and the EFI boot password enabled.

I seriously think anyone have a problem getting a drop of data off of either of them. Installing Spyware is difficult if they can't decrypt the drive. Even if there are secret back-doors into Truecrypt or FileVault, I would rather suspect they are shared with NSA or MI6, not the Chinese Government.

I think it would be 100x easier to hack my Dropbox Account.

And besides, anything really important is usually saved on OpenOffice format with a separate password (so that I don't mind having in Dropbox for a backup).

stolen in the U.S. (0)

Anonymous Coward | about a year ago | (#42187047)

You stand more of a chance of having your laptop data stolen in the U.S. than China, or almost any other country.

Travel 101 (0)

Anonymous Coward | about a year ago | (#42187113)

Travel 101: don't leave your valuables in the room.
IT 101: secure laptops. You don't need China to lose your laptop or have it stolen, inside or outside the hotel.

business people in strange foreign lands (1)

Anonymous Coward | about a year ago | (#42187177)

The best thing to use is and Ironkey with a virtualized OS using a product like Moka5. Moka5 does not use any memory on the host and ensures that no keyloggers are in place. Ironkey is a DOD level security memorystick which will kill its self if a person violates the rules you set on the web. If you were to loose the stick the next time its on the internet it will contact the ironkey host and lock itself up and or wipe itself.

Passwords and encryption (1)

bobjr94 (1120555) | about a year ago | (#42187185)

At minimum a good windows log on password, bios set to not boot from cd & usb drives and a bios password will stop most entry level snoopers. If your worried, take your battery and PS with you in a backpack or keep them in a friends/co workers room. Bring a small motion activated spy cam to leave in your room, see if your fears are true. Keep your data encrypted or have someone back in the office email (encrypted files) it to you, or get it off your companies secure servers before your meeting.

I have a solution.... (1)

Lumpy (12016) | about a year ago | (#42187193)

Dont bring a standard laptop. You can easily outsmart them.

Grab a ARM based laptop (chromebook) and install linux. The China spooks will not have any clue as to why their spyware is not running.

Shining passive security (1)

Grayhand (2610049) | about a year ago | (#42187267)

Just encrypt your actual work files then leave one unencrypted on the desktop called "Work Documents". Inside each file contains an endless string of the text "All work and no play makes Jack a dull boy"". Hundreds and hundreds of files all with the same repeated text. Not only will they avoid your room but you can tell who was doing the spying, they're the maid that turns and runs when they see you in the hallway.

Silly (3, Informative)

Charliemopps (1157495) | about a year ago | (#42187323)

We don't even have people that travel outside the country and yet your security standards state that:
A. The laptop is wiped and re-imaged upon return. Every time.
B. The user simply uses the laptop to VPN into our corporate network which is protected by a random keyfob plus all the usual security.
C. Corporate laptops never leave the site of the user. You take it with you everywhere you go. Period.

Granted, I don't think C gets followed all that much. But A and B are pretty solid. Who the hell keeps a personal laptop for work anymore?

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...