Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Lenovo Banned by U.S. State Department

Zonk posted more than 8 years ago | from the somebody's-watching-me dept.

474

chrplace writes "The BBC is reporting that the Chinese-made Lenovo PCs are not allowed inside secure US networks." From the article: "Assistant Secretary of State Richard Griffin said the department would also alter its procurement process to ensure US information security was guaranteed. His comments came after Rep Frank Wolf expressed national security concerns. The company Lenovo insisted such concerns were unwarranted and said the computers posed no security risk."

Sorry! There are no comments related to the filter you selected.

Protectionism? Why? (5, Interesting)

denissmith (31123) | more than 8 years ago | (#15365254)

While Levono insists that their computers pose no security risk, we need to remember that they do run the Windows OS which is a significant hole:-) On a more serious note, this is obviously a purely political step - but why? No one with any technical savvy is going to believe that these systems pose a greater security risk, unless someone independently confirms this and demonstrates how a backdoor exists. Is a mere accusation enough to get a company dumped from secure contracts, if so I have dirt on Halliburton, KBR, CACI and a host of companies who are defrauding government agencies. Isolationism doesn't score political points the way it used to, and these are the same people that will happily defend moving jobs off shore. Who are they trying to appeal to here? There can't be that many blindly stupis people in the country ( 29%, or so, it seems)...

Re:Protectionism? Why? (1)

joe 155 (937621) | more than 8 years ago | (#15365321)

I would really like to see what "evidence" they put up as to how a computer can pose a security risk at all. As far as I know other than software hacks the only real harware threat would be a physical block inside the computer as a key logger which would need to be retrived afterwards (although we know how people like to lose clasified laptops/usb pen drives). I'm convinced that to check random PCs for either of these would take almost no effort They could do a byte for byte comparison against what it was meant to be and look for a little box on the keyboard wire. A random sample of about 500 should do it

What is more pressing I think is; why would IBM want to do this anyway? Why is an American/English/French/whatever computer more trustworthy than an American one with some ownership from the chinese?

Re:Protectionism? Why? (4, Insightful)

CosmeticLobotamy (155360) | more than 8 years ago | (#15365368)

"A little box on the keyboard wire"? I'm sorry, but do you imagine Chinese intelligence to be run by 14-year-old pranksters that get their spy supplies at ThinkGeek?

Re:Protectionism? Why? (2, Funny)

zimus (68982) | more than 8 years ago | (#15365558)

No, but I do imagine them buying their supplies at RadioShack.

Re:Protectionism? Why? (1)

Thundercleets (942968) | more than 8 years ago | (#15365541)

It is very possible that any agency in the PRC has access to any advanced technology manufactured in their borders. The way the old scam worked was that if you were having a microchip manufactured in China and the goverment/military decided they were interested in it.
You either give up the design or you have "labor problems" as a pre-cursor to nationalizing your facilities and your design and kicking you out of the country.

If they wanted to the party/PLA could have any number of devices integrated into a design with or without complicity from the re-seller. These could be hardware devices that may not be detectable unless samples of arriving product are reviewed at random.

Considering the fact that all PCs have Chinese manufactured componants and most are enitrely manufactured in the PRC and that the plutocracy that runs the US has let the multinations write it's foreign policy that is not going to happen anytime soon.

 

Re:Protectionism? Why? (3, Interesting)

Spiked_Three (626260) | more than 8 years ago | (#15365343)

"No one with any technical savvy is going to believe that these systems pose a greater security risk, unless someone independently confirms this and demonstrates how a backdoor exists."

Why would you think this has not already happened? Add to that the fact the the government buys these things in bulk and even IF a sample posessed no backdoor, how hard would it be to put a backdoor in 1 out of 1000 and hope it gets by?

Paranoid? I think not, you haven't had night shift cleaning crews hired by the chinese into your business have you? It happens.

If Windows has US government demanded backdoors as so many Slahdotters insist, why would ANYONE think the Chinese (or the Russians or the French or the Germans or the English or the Japanese or the Koreans ....) wouldn't do the same on their hardware?

Re:Protectionism? Why? (5, Insightful)

denissmith (31123) | more than 8 years ago | (#15365431)

I don't believe in Windows backdoors any more that I believe that the Lenovo people are able to pull this off without anyone detecting it. Remember, Lenovo assembles these in this country and in Mexico, and the company has moved its headquarters here, and hired American executives, etc. If they got caught doing this HEADS WOULD ROLL. These people would all be guilty of spying or treason, so it wouldn't be quietly hidden away, they would face arrest, possible execution. These aren't products from a company where the Chinese government has direct control of operations, and design, specification and manufacture is worldwide.

Re:Protectionism? Why? (4, Interesting)

blueZhift (652272) | more than 8 years ago | (#15365355)

There's definitely a lot of politics and money in play here. Practically speaking, it would be difficult to impossible to exclude products made by any country that may be a present or future enemy of the US from use in govt agencies. And ironically the US govt has aided and abetted the rise of Chinese economic and political power that now they suddenly fear. If they really cared so much, they should have said something before IBM sold its PC division to Lenovo. So given that everyone spies on everyone else, the real trick is not to stop the spying, but to make sure that your enemy (and sometimes your friends) only get inaccurate or junk info.

For the current matter, I would guess that some domestic PC maker is trying to take advantage of the situation, *cough*Dell*cough*HP*cough, pardon me!

Right hand, meet left hand? (1)

Thud457 (234763) | more than 8 years ago | (#15365450)

Wasn't the sale of Lenovo reviewed before hand? I'm sure I heard something about that? Weren't these same concerns raised (at least on that all-important venue, /. ) before the sale? If the State Department is legitimately concerned, they just need to have some technically savvy[1] people audit some of the machines.


[1] Yes, I understand we're talking duh gubbamint here... Even if they hire a consultant, it'd be some TSA-level quality MCSE who doesn't know which end of a soldering iron not to grab.

It's about security, seriously (1)

sterno (16320) | more than 8 years ago | (#15365421)

As you point out, there's really not an obvious political benefit here. Maybe there's some under the table deal where a lobbyist from Dell is getting them to do this. But overall I can see at being a valid security concern. The US government has a long history of using our technical reach to subvert other governments. I remember during the first Gulf War a story that printers the Iraqis bought were installed with a trojan such that when the war began a number of their AA batteries were rendered useless.

So why would the Chinese be any different?

As for Halliburton, etc, yeah they may be defrauding the government, but that's par for the course in government contracting. They don't care about how much things cost, they just care about making sure their secrets stay secret. I mean can you imagine what would happen if the government was spying on american phone conversations and e-mail and knowledge of that got out? Oh.... nevermind.

Re:Protectionism? Why? (1)

DragonWriter (970822) | more than 8 years ago | (#15365424)

Isn't Michael Dell a big Republican contributor? Is it likely that banning Lenovo will improve Dell's ability to win government contracts that are required to go to competitive bid?

Re:Protectionism? Why? (1)

bhirsch (785803) | more than 8 years ago | (#15365479)

It puts pressure no the Chinese, pure and simple.

So many COMMIES on Slashdot - whodathunk? (0)

Anonymous Coward | more than 8 years ago | (#15365519)



So many COMMIES on Slashdot - whodathunk?

Oh, right, slashdot is a hangout for cuba-loving commies. Viva commies !!!

Yes, I am communist, but I was born this way (0)

Anonymous Coward | more than 8 years ago | (#15365545)

So many COMMIES on Slashdot - whodathunk?
Oh, right, slashdot is a hangout for cuba-loving commies. Viva commies !!!

I am communist from country of birth. Was not my choice to be commie. I am so what? You hate me because I am not fat american, or idiot american like Bush?

Not protectionism, paranoia and justified. (1)

jmorris42 (1458) | more than 8 years ago | (#15365554)

> No one with any technical savvy is going to believe that these systems pose a greater security risk, unless someone
> independently confirms this and demonstrates how a backdoor exists.

I think you mean posers who think they have tech knowledge. People who actually know something realize that governments can do some pretty extreme shit to each other in the spying game. The US gov certainly spys hard and isn't so arrogant as to believe that they have some sort of monopoly on the skills so they assume their opposite numbers in potentially hostile potentially rogue states like China are also capable of some clever spy tricks. A notion that is almost certainly justified. Especially since all new Thinkpads have a fucking TCPA chip. Can you trust a chinese fabbed uber security module for critical national security purposes? It will be bad enough when the MPAA and Microsoft 0wnz all our asses with TCPA but to have Chinese Intelligence agencies backdooring the NSA with one is just an unacceptable risk.

It is just the way the game of international relations is played by the adults.

Of course since you can't actually find a laptop made in the USA with 100% domestic designs and all the chips fabbed in the USA I really would hate to be the head spook in charge of picking a laptop for secure work. I'd never sleep.

Cry Wolf (5, Insightful)

TripMaster Monkey (862126) | more than 8 years ago | (#15365258)


From TFA:
Mr Wolf, Republican chairman of the committee that oversees the department's funds, told reporters that China's spying efforts were "frightening".

It was "no secret that the US is a principal target of Chinese intelligence services", he said, adding: "No American government agency should want to purchase from them".
This is just plain stupid. Apparently, Representative Wolf's [house.gov] former crusades against meth [lasvegastribune.com] and medical marijuana [stopthedrugwar.org] no longer have the punch needed, especially in an election year, so he stirs up some ridiculous FUD about Lenovo laptops.

Never mind that the State Department would probably be wiping the default software load on these laptops in favor of its own custom software load (frankly, if they don't, they're idiots). Never mind that the State Department itself (as well as any other networks these systems will be connecting to) should be adequately protected by firewalls to prevent any unauthorized phoning-home by these systems (again, idiots if they don't). Never mind that someone at least halfway competent should be able to analyze packets exiting these systems to determine conclusively, one way or another, if they are trying to compromise security (again...well, you get the idea).

Trouble is, none of these measures will provide Rep. Wolf with the political ammo required in a year divisible by 2. By denouncing the Lenovo laptops as a 'security risk', he insures that his constituents (at least the less-technically minded of them) perceive him as 'fighting for America'.

Re:Cry Wolf (0)

Anonymous Coward | more than 8 years ago | (#15365288)

It would be very naive to think there is no risk of elements in foreign countries subverting their companies for the purposes of spying on the US government. This kind of thing happens all the time even if the media doesn't know about it. It's not paranoia if they're really after you.

Re:Cry Wolf (4, Insightful)

TripMaster Monkey (862126) | more than 8 years ago | (#15365312)


I didn't say there was no risk. I did say:
  • By following proper security procedures, any risk could be effectively managed.
      - and -
  • Rep. Wolf isn't interested in avoiding risk. He's interested in acquiring political clout.

Re:Cry Wolf (2, Funny)

Guysmiley777 (880063) | more than 8 years ago | (#15365369)

Political clout!? Surely sir you jest! /sarcasm

If only there were some way he could spin this so he was also saving children wrapped in American flags from burning buildings. Won't someone please think of the children?

Re:Cry Wolf (2, Interesting)

networkBoy (774728) | more than 8 years ago | (#15365491)

My concern would be a compromised firmware &&|| microcode in the chipset.
With a large enough flash memory you could log a lot of information, all this can happen at the BIOS level. Then you try to acquire the notebooks upon refresh. Doesn't matter that the HDD is crushed, you have it in flash. If you comprimise the network stack you could (in theory) do packet inspection and store interesting packets. If you comprimise the chipset you can do almost anything. NOR flash cells are a compatible process with logic cells (NAND is not). So there is no reason that you can't make chipsets with a gob of flash memory hidden on-die. You could even obfsucate the existance of the array by placing random metal lines on higher layers, thus hiding the orderly row and collumn arrangement of a memory array.

None of these techniques require the machine to phone home, none are externally obvious, none are electrically obvious (sniffing the hardware would not yield a result as all the parsing and storage happens on the same die). The only way to be partly sure is to deprocess every die on the system, and that could take some time.

Every single system could be compromised and you simply reclaim the ones from waste that you can, chances are even if the unit is crushed, some of the chips you are interested in retreiving are intact.
-nB

Re:Cry Wolf (0)

Anonymous Coward | more than 8 years ago | (#15365417)

Yes, it is believable because the USA has done it themselves. The CIA used Coke-Cola as a way to get agents into hostile countries during the Cold War. i.e. the agent's cover was that of a Coke employee.

It might also be why China is moving away from Windows to Red Flag linux.

Re:Cry Wolf (2, Interesting)

Anonymous Coward | more than 8 years ago | (#15365356)

A simple fact makes Mr. Wolf's statements non-sensical:

Pretty much all laptops are made in China by the Chinese.

Not necessarily... (1, Troll)

WebHostingGuy (825421) | more than 8 years ago | (#15365399)

It is not the software they are worried about. They are worried about a hardware compromise. Now that a Chinese company can control what happens within the computer they can "do" a lot.

The representative is not crying wolf. If you speak with anyone in the intelligence business China has a very aggressive spying program and they will stop at nothing. (I know because I have heard this first hand from the people who do counter-intelligence.) Put it this way, if the Chinese government could put spying ability into Leveno laptops they would.

Re:Cry Wolf (2, Informative)

timster (32400) | more than 8 years ago | (#15365447)

You forgot to mention that laptops from all manufacturers tend to be made in China. It's silly to think that Apple or Dell carefully examines all their laptops shipped from China to make sure they don't contain some kind of spy hardware or software.

When it comes down to it (0, Flamebait)

James_Aguilar (890772) | more than 8 years ago | (#15365457)

Hey, when it really comes down to it, the problem is that we're racist and paranoid. But then again, shouldn't all the trade deficitists out there be rejoicing that the Chinese have lost such a big customer? Hmmm . . . it's weird how people only think about things in the way that is convenient at the moment, not recognizing the inherent conflicts between the things they say at one time and the things they say at another.

Re:Cry Wolf (1)

bigpat (158134) | more than 8 years ago | (#15365475)

This is just plain stupid. Apparently, Representative Wolf's [house.gov] former crusades against meth...

I am not sure what is funnier, that I thought you wrote "math" instead of "meth" or that I found either statement to be believable.

Re:Cry Wolf (2, Informative)

Daniel_Staal (609844) | more than 8 years ago | (#15365515)

IIRC (it's been a while since I did IT support for the state department), a classified computer (the only type they are talking about a ban on) shouldn't be connected to the Internet at all. It might be connected to the State Department's own secure network, but even that is a question.

(As for wiping it and installing their own software: duh. There's a disk image with the standard State Department software, and it is written to every computer. That's not even security: that's just the easist way to do the installs.)

Damn Chinese (2, Funny)

Jizzbug (101250) | more than 8 years ago | (#15365262)

Why would anyone buy from electronics from the Chinese?!?

Re:Damn Chinese (1)

Skywings (943119) | more than 8 years ago | (#15365307)

Yeah, we should be buy our electronics from the Taiwanese!

Because Dell lovers love Dell (1)

cyfer2000 (548592) | more than 8 years ago | (#15365560)

Dell PCs are made in China, IBM PCs were made in China, many Macs are made in China. And Lenovo PCs available in US are made in Mexico.

Would you buy Lenova or a Dell?

Dumb (5, Interesting)

homer_ca (144738) | more than 8 years ago | (#15365263)

It's not like the PCs weren't made in China when the division was owned by IBM.

Re:Dumb (5, Insightful)

just_another_sean (919159) | more than 8 years ago | (#15365286)

Not to mention every other PC manufacturer who's PCs are made in China. Dell, HP, Gateway, Acer, show me one PC manufacturer who doesn't have at least some of their PCs assembled in China by Chinese.

Seems kind of arbitrary for them to pick on one company over this.

Re:Dumb (3, Insightful)

archen (447353) | more than 8 years ago | (#15365309)

Actually I'd like to know where they are going to get these PC's that are not made in China. And why stop at China anyway? Ban all foreign PCs (which isn't going to make much of a difference since they're all made in China anway). Oh, the U.S. doesn't make any anymore? Guess that's too bad for us. Most companies don't even bother hiding where it comes from. My iBook shipped directly from China to my address.

Re:Dumb (2, Informative)

insecuritiez (606865) | more than 8 years ago | (#15365320)

Read the article:

"But Lenovo insisted the state department computers, which were made at former IBM facilities in North Carolina and Mexico, posed no security threat."

Re:Dumb (3, Funny)

gedeco (696368) | more than 8 years ago | (#15365334)

The only pc's who don't have electronics "made in China" are part of musea colections.

Re:Dumb (4, Informative)

burnin1965 (535071) | more than 8 years ago | (#15365349)

"It's not like the PCs weren't made in China when the division was owned by IBM."

That truely is the ironic part of Wolf's concern. As if the upper management, the part of IBM PCs that changed when they were pruchased by Lenovo, would have ever noticed if the Chinese made PCs were bugged before leaving the factory.

That said, there should be proper due diligence for any equipment that is purchased and used in sensitive work. In the 1960s the Soviet embassy in Washington purchased/leased a Xerox copier and didn't realize that it was bugged with a CIA camera that took pictures of every document they copied. When the Xerox repairman came in to do routine maintenance on the equipment he would replace the film and take the exposed roll to the CIA. :)

http://www.parascope.com/articles/0197/xerox.htm [parascope.com]

Re:Dumb .. and dumber (2, Interesting)

forgotten_my_nick (802929) | more than 8 years ago | (#15365360)

While I may not agree with it the US government has a point.

Does anyone remember the US Jet that was sold to the Chinese President? More then 20 bugging devices found in it. Some of them built into the jets framework itself (so they weren't casually put there).

http://news.bbc.co.uk/2/hi/asia-pacific/1771238.st m [bbc.co.uk]

Although there is so much Chinese tech in the US these days even just avoiding the chinese company isn't going to avoid China.

Re:Dumb .. and dumber (2, Interesting)

jandrese (485) | more than 8 years ago | (#15365506)

Not to mention the US Embassy [bugsweeps.com] in Moscow built during the cold war.

This is why there is legitimate concern about this sort of thing. It actually happens. It would make a great spying tool as well. Just add some keylogging logic as well as some storage (perhaps store it on unused sectors of the HDD) to the southbridge as well as a hook into the onboard NIC. When an attacker gets a machine on the network (these machines wouldn't be connected to the internet) somehow, they send out a specially formatted broadcast message (probably in the form of an apparently corrupt Ethernet frame) that causes all of the affected machines to dump the contents of their keylogs to the machine that sent the broadcast. It'd take just seconds and it'd be almost impossible to catch. It would work even if you don't have full access to the network and you wouldn't have to leave a machine conspicuously on the network for a long time. It could even be a PDA or some custom box that can be plugged and unplugged within seconds.

What do I think about the feasability of this attack? Personally, I don't think it's likely that it's in use at the moment. Most laptops just use off of the shelf components. AFAIK, Lenovo doesn't actually manufacture the southbridge themselves, they use existing chips from other companies (like Intel). Adding another chip to the laptop (especially a lot of laptops) would be too risky since eventually some repair monkey is going to notice it, especially if the chip you add fails and causes problems with the laptop. There are still guys out there who know what chips do by their serial number and what they should look like. They'll also know if you have some mislabeled chip that shouldn't be there (Why is there an external UART chip on this laptop? It's a built in feature of the southbridge. Why is it wired to the keyboard lines on the Southbridge?) Thus, such a change would have to be installed strategically, which is difficult when selling in quantities of a thousand to the government.

Re:Dumb (0, Troll)

muellerr1 (868578) | more than 8 years ago | (#15365391)

It's not like the PCs weren't made in China when the division was owned by IBM.

It's not like the Federal Building in Oklahoma wasn't bombed by an American citizen, either. Gotta love the irrational nationalism, especially in the face of corporate greed. Though it's my suspicion that the US government might use the cover of national security as convenient leverage over the Chinese in other areas.

Re:Dumb (2, Informative)

rodgster (671476) | more than 8 years ago | (#15365493)

It's not like the HP laptop I'm typing this on wasn't made/assembled/shipped from China too.

Agreed very dumb.

Old News (5, Insightful)

eldavojohn (898314) | more than 8 years ago | (#15365265)

This is old news to anyone who works in Defense.

In fact, if you want to use hardware/software in a classified area, it has to be from a United States based company and passed through a rigorous investigation as to whether or not it is safe to use. Even things like Java or C++ libraries have to undergo this for the simple fact of the matter that the US government is over-cautious.

Do you blame them? Can you strip down a Laptop and really ensure that there's nothing like a keystroke logger or a very very low-level chipset process running on a side processor or microcontroller that captures choice information and automatically sends it out the NIC to a Chinese agency?

You have to remember that there are conspiracy theorists out there that are paid and unpaid. The paid ones are simply better at controlling their imagination to realistic limits and are hired by governments to think & fear.

Now, do you remember when certain Chinese conspiracy theorists decided that China's government suspected Windows SP2 [newamerica.net] of foul play? This is more of the same kind of thinking ...

Sure, the IBM employees (0, Flamebait)

Chas (5144) | more than 8 years ago | (#15365293)

Remember, the PC division was sold, lock, stock, and smoking employees, to Lenovo. The people responsible for the design of the systems are still the same people who designed them for IBM. Most of them are here in the US. And you can be certain that SOMEONE would bitch if Lenovo was slapping spychips onto the system in defiance of the design parameters of the designers.

Sorry, but this is just brain-dead protection with a thick layer of xenophobic scaremongering.

It's Standard Security (0)

eldavojohn (898314) | more than 8 years ago | (#15365366)

Sorry, but this is just brain-dead protection with a thick layer of xenophobic scaremongering.
Appearantly one man's security measures are another man's "xenophobic scaremongering."
And you can be certain that SOMEONE would bitch if Lenovo was slapping spychips onto the system in defiance of the design parameters of the designers.
First off, the United States government assumes it knows nothing of technology when doing these investigations. And that's a very good thing because often times the people putting it through these investigations are complete idiots, technologically speaking. Now, tell a government inspector to take apart a Lenovo and verify that there are no spychips in it. They'll simply laugh and say, "It has spent time outside of this country, it cannot be used to store or process sensitive information." This isn't saying "Chinese bad," it's simply a fail safe security measure for them.

Re:It's Standard Security (2, Interesting)

JanneM (7445) | more than 8 years ago | (#15365442)

Now, tell a government inspector to take apart a Lenovo and verify that there are no spychips in it. They'll simply laugh and say, "It has spent time outside of this country, it cannot be used to store or process sensitive information." This isn't saying "Chinese bad," it's simply a fail safe security measure for them.

And why does this not go for the subsystems in any computer, not just the assembled whole? How do you for a fact know that the IC in that ethernet board or video card really is bog standard and not a "special" version? How do you know that the motherboard does not have a few "extras" implemented, in hardware or in the BIOS? They've all been manufactured abroad, after all.

With your logic, nothing that isn't built ground up within the US borders should be allowed - and good luck with that.

No, to paraphrase Freud, sometimes a xenophobix knee-jerk reaction is just a xenophobic knee-jerk reaction.

Re:Old News (0, Flamebait)

Anonymous Coward | more than 8 years ago | (#15365325)

By the same token, any US citizens who value their privacy should definitely avoid purchasing any hardware that was assembled in the USA. You just can't be sure that the NSA hasn't secretly installed keyloggers in every Dell laptop. At least if you buy Chinese, you can be sure that any government that's listening in on your activities is physically several thousand miles away and unlikely to be able to leverage whatever information it gathers against you.

Not even close to an expert, but... (1)

nathan s (719490) | more than 8 years ago | (#15365331)

...you can install traffic monitors on a network and I'm pretty sure any weird traffic going out wouldn't be too hard to pick up on. I've done this for more benign purposes, such as discreetly determining whether someone was using office computers to do P2P after noticing a bandwidth problem. So I don't think it would be that hard to do.

Re:Not even close to an expert, but... (1)

damian cosmas (853143) | more than 8 years ago | (#15365374)

...you can install traffic monitors on a network and I'm pretty sure any weird traffic going out wouldn't be too hard to pick up on.

Surely that's possible, but in order for it to work, the weird traffic will have to have already left, right? It's kind of like watching the open barn door to see if any cows leave before deciding to close it.

Re:Not even close to an expert, but... (1)

DJProtoss (589443) | more than 8 years ago | (#15365405)

No, since you detect it at the router level trying to leave, whereupon you log and block the traffic. Of course, you still have the problem of deciding what is weird traffic - you can do some interesting stuff with traffic disguising...

Re:Not even close to an expert, but... (1)

alexhs (877055) | more than 8 years ago | (#15365488)

Of course, you still have the problem of deciding what is weird traffic

Everything is weird, except what has explicitly been allowed.
That's the way you should configure your firewall...

And classified computers shouldn't be linked to the outside in the first place...

Re:Not even close to an expert, but... (0)

Anonymous Coward | more than 8 years ago | (#15365432)

I'm quite certain the US Gov't could easily design an "extrusion* detection system" to analyze and automagically block suspicious _outgoing_ traffic.

*obtrusion? Ok, what's the opposite of "intrusion"? I have no idea.

Re:Old News (1)

voice_of_all_reason (926702) | more than 8 years ago | (#15365335)

Hmm, I guess that rules out Bittorrent and Snood...

Re:Old News (1)

oliverthered (187439) | more than 8 years ago | (#15365339)

And why would you think that US companies aren't going to spy on the US Government. If I wanted to spy on the US I would setup a company in the US, so I expect China would do the same thing.

Not necessary (1)

Opportunist (166417) | more than 8 years ago | (#15365476)

Why spy on someone you already bought? To make sure he stays bought?

Good policy (0)

truthsearch (249536) | more than 8 years ago | (#15365388)

I believe US companies should be given preferential treatment by the US government for the following reasons:

  • US taxes would be best spent on US-built hardware to support the economy.
  • Using local vendors would remove one political bargaining chip with foreign nations.
  • All hardware and software goes through a rigorous process to get approved, so all else being equal it's safer to trust a US company.


When nothing local will suffice then going foreign is a fine choice. Of course even hardware from a US company is usually manufactured in China anyway, but that's another issue...

Re:Good policy (1)

qwijibo (101731) | more than 8 years ago | (#15365435)

All else being equal, it's easier to prosecute a US company. For anything political, it's important to know who your scapegoat will be and how you'll parade them as the cause of the problem. It's hard to do that with foreign entities.

Re:Good policy (4, Insightful)

Homology (639438) | more than 8 years ago | (#15365481)

I believe US companies should be given preferential treatment by the US government for the following reasons:

But when other states does the same, we hear outraged yapping from US about undermining "free market". Go figure.

Re:Old News (1, Insightful)

Anonymous Coward | more than 8 years ago | (#15365401)

Do you blame them?
No, not at all. I'm reminded of typical adulterer behavior where they often suspect their spouse is as unfaithful as they are.

Theres a better example than the SP2 scare. Like say 27 covert listening devices [wikipedia.org] planted in a Boeing 767 sold to China and to be used by their president.

Paranoid based on own actions (1)

Mostly a lurker (634878) | more than 8 years ago | (#15365440)

Whenever I see the US authorities overreacting to perceived external threats, I always believe it is because they, themselves, are the world's worst offenders. It is possible, but I think unlikely, that China is trying to subvert computer hardware and software as part of their spying activities. It is proven that the US does so, and likely that they do so on a massive scale.

Re:Old News (1, Interesting)

superid (46543) | more than 8 years ago | (#15365504)

Find me a reference, I don't believe you.

I have at least 30 different classified computers and have been managing secure LANs for years. I have never ever seen or heard of such a requirement. "Rigorous investigation" of software? Nope, never seen that either.

amazing... (0, Flamebait)

pablo_max (626328) | more than 8 years ago | (#15365271)

It has always amazed me how many law are based on pure ignorance. It's clear that these ass blasters have no idea how thing work on their "magic typing machines"

Concern about security (4, Funny)

Garabito (720521) | more than 8 years ago | (#15365277)

"Assistant Secretary of State Richard Griffin said the department would also alter its procurement process to ensure US information security was guaranteed"

After the interview, Secretary of State Richard Griffin proceded to log on with his blank-password account on his spyware infested Windows PC...

ThinkPad (1)

pen (7191) | more than 8 years ago | (#15365282)

A beautiful piece of art: i love my thinkpad even though i know macs are better [mit.edu]

Re:ThinkPad (1)

fritzk3 (883083) | more than 8 years ago | (#15365503)

A beautiful piece of art: i love my thinkpad even though i know macs are better/i>

I guess "art" in this case is probably a flaming pile of chips and hardware that used to be a server. Slashdotted...

I heard (3, Funny)

fusto99 (939313) | more than 8 years ago | (#15365295)

I heard they make their motherboards out of enriched uranium.

Re:I heard (1)

Snarfangel (203258) | more than 8 years ago | (#15365389)

I heard they make their motherboards out of enriched uranium.

You have to admit, that sounds healthier than "depleted" uranium. "Now contains 12 isotopes -- and plutonium!" sounds positively delicious.

Does this mean... ? (5, Funny)

TheJediGeek (903350) | more than 8 years ago | (#15365299)

alter its procurement process to ensure US information security was guaranteed

Does this mean that they WON'T be outsourcing their network management to India?

Re:Does this mean... ? (1)

mangu (126918) | more than 8 years ago | (#15365382)

Does this mean that they WON'T be outsourcing their network management to India?


No, it means they will still outsource to India, but will take all necessary steps to make sure the Indian company will not outsource to China.

That's interesting (1, Interesting)

Anonymous Coward | more than 8 years ago | (#15365302)

Proprietry software is banned from our network for similar (more valid) reasons.

This is plain ignorant. (4, Insightful)

ZSpade (812879) | more than 8 years ago | (#15365305)

Exactly when have computer components been made in America. Most, in fact, are not. thinkpads were made in China before, the only difference now is that they are not supervised by a US company.

Somebody should show this guy the label on the pen he uses, on his reading glasses, on most of the small electronics he owns. Odds are they aren't made in America either. Does that mean his cellphone is a threat to national security!? This kind of ignorance really makes no sense whatsoever.

Re:This is plain ignorant. (5, Insightful)

Frumious Wombat (845680) | more than 8 years ago | (#15365396)

Digital Equipment Corporation PDP-8s, probably. The State Department should be finalizing the procurement procedures for 2 or 3 of those any day now.

In all seriousness, unlike our 80s Moscow Embassy (which did have microphones embedded in the cement), a laptop phoning home is pretty easy to detect. Don't do anything serious on it, hook it up to the network, start typing while someone watches your packets. It's not like the Chinese have their new MagicNet(tm) which doesn't require wires, or emit electromagnetic radiation detectable by standard instruments.

OTOH, one could make the distinction between (for example) HP or Dell, which are built by Taiwainese companies, and Lenovo, which is Mainland Chinese, if you're really worried about embedded tracking devices, etc, but that's still a political, rather than a technical argument. Of course, someone at State could simply decide that auditing every 30th laptop for phoning home is too much work and risk, but even then they'd probaby only find a standard set of phishing tools and DOS zombie installs, rather than hostile foreign government spyware.

Any congresscritter proposing legislation involving technology should have to show credit from MIT for a recent course in computing/electrical engineering.

Re:This is plain ignorant. (3, Interesting)

Anonymous Coward | more than 8 years ago | (#15365532)

Acctually I consider that to be a very serious threat to national security. What happens if someday we do go to war with China, suddenly the shelves of Walmart are completley bare. We have no production base in the United States anymore, and it was that production base that won us the last World War. China doesn't have to embed gremlins in there products to take the USA down, they just have to stop selling their products to us and our economy/society would colapse.

I bought one of those things. (4, Funny)

Ivan Matveitch (748164) | more than 8 years ago | (#15365306)

It started to sing the Internationale [fordham.edu] so I took it back to store.

Damn... There goes the eggroll (5, Funny)

kid_oliva (899189) | more than 8 years ago | (#15365308)

I suppose next they're going to ban chinese take-out as well.

Chinese food may lead to Maoism. Protect yourself and your family with Freedom fries and toast!!! The American thing to do.

Military (1)

LittleLebowskiUrbanA (619114) | more than 8 years ago | (#15365314)

That's too bad because speaking from my experience, you'd see a Thinkpad in the desert with a "Classified" sticker on it working happily under an inch of dust. Although I hear now that the Navy/Marine Corps has switched entirely to a Dell solution.

Yeah! We'll show them! (2, Interesting)

BrianRoach (614397) | more than 8 years ago | (#15365318)

By buying Dells ... assembled from components made in Taiwan. ::rollseyes::

I wonder if it's actually possible to construct a PC at this point without using at least one component that originated in China, given that everyone is now shifting manufacturing there.

- Roach

Guess we will have to remove all other stuff too (4, Insightful)

digitaldc (879047) | more than 8 years ago | (#15365319)

All other computer equipment manufactured in China must be removed too, by this reasoning.

This includes keyboards, mice, USB hubs, and other PC equipment.

Thank GOD the Blackberries are manufactured in Mexico!

Re:Guess we will have to remove all other stuff to (1)

Tx (96709) | more than 8 years ago | (#15365436)

You're missing the point. It's not about preventing security-breaching hardware getting into secure locations, it's about having a US-based company to blame if it does happen. A US-based company that manufactures its products in China can still be held responsible in a US court, a Chinese company can't. And the Bush government really likes to have people to blame when things go wrong.

I can see it now. (4, Funny)

Chas (5144) | more than 8 years ago | (#15365327)

[NSA Agent 1] Duuude! Yer gettin' a DELL!

[NSA Agent 2] AUUUUGH!

other electronics (1)

pintomp3 (882811) | more than 8 years ago | (#15365337)

does this go for other electronics made in china? it's ironic for this govt to be wary of spying. if word gets out that we shouldn't trust electronics from china, walmart is in for a bumpy ride.

Stupid puppeteers / politicians (2, Funny)

ds_job (896062) | more than 8 years ago | (#15365353)

I haven't seen such a dramatic knee jerk reaction since I saw a marionette being controlled by a sufferer of Parkinson's Disease.

Spy vs. spy (2, Funny)

slushbat (777142) | more than 8 years ago | (#15365357)

It's worse than that. Do you realise that the Chinese security forces monitor all international calls out of China. Evil or what?

Re:Spy vs. spy (1)

Guysmiley777 (880063) | more than 8 years ago | (#15365426)

No, that's not evil, it's protecting America... err... China from the terrorists. Look, you're either with us or with the terrorists. Which is it?

Did we just travel back in time? (0, Offtopic)

voice_of_all_reason (926702) | more than 8 years ago | (#15365364)

How is this any different than the 1940's bugs bunny cartoons with: "take that, slant eyes!"

get the blue paint and start the sticker machine (0)

Anonymous Coward | more than 8 years ago | (#15365383)

It's time to de-Lenovo-ize and re-IBM-ize.

Would you like Freedom Fries with that?

At this point I would trust the Chinese more... (1, Flamebait)

MrCode (466053) | more than 8 years ago | (#15365403)

I have one of these Lenovos and I'm not too worried.

But with all the latest NSA spying crap we are hearing about, I'm not so sure I can trust US manufacturers, who could leave a nice little backdoor for their NSA friends. If they will illegally spy on our phone calls, why not illegally spy on our PCs?

Somehow the latter scenario seems a more valid conspiracy theory than Rep. Wolf's concerns.

That brings back memories... (1, Informative)

Anonymous Coward | more than 8 years ago | (#15365414)

...of the time I spent working in a Secret-level Navy building. When NMCI (the Navy-Marine Corps Intranet, a "service" for which you taxpayers dropped over $8B to Ross Perot's EDS company) came in to give us new computers, I lauged at the huge stack of boxes, many of which said "Made in China." It was even funnier when each new computer came with a microphone that the EDS folks gladly hooked up for us. Yeah, that's a good idea.

Know what would be funny? (5, Funny)

Rob T Firefly (844560) | more than 8 years ago | (#15365416)

I know it'd never happen in a million years, but wouldn't it be absolutely hilarious if the Chinese company was so upset by the American politics involved that they decided to stop doing business with us?

Re:Know what would be funny? (0)

Anonymous Coward | more than 8 years ago | (#15365516)

It will likely happen in significantly less than a million years. ;) (I'm guessing ten or so).

How Does This Help? (2, Insightful)

John_Booty (149925) | more than 8 years ago | (#15365418)

It seems rather shortsighted to single out Lenovo. It would make a lot more sense for government computers to pass some sort of actual security audit, rather than simply singling out a single manufacturer. Most IBMs were probably manufactured in China anyway, even before the sale to Lenovo.

A large percentage of consumer eletronics are produced in China - if we're truly worried about the Chinese government spying on us through consumer electronics, why only care about a single brand?

That was a rhetorical question, of course. Obviously the answer is: "political grandstanding in an election year"

Still, this thing isn't totally without merit. After all, do we really want our government using computers manufactured by a company owned in part by the Chinese government? The American government has sabotaged other countries with software Trojan horses before [msn.com] . While I certainly don't believe that Lenovo Thinkpads have anything malicious lurking in the firmware, it's not totally impossible or anything.

28% a minority? (5, Insightful)

dkone (457398) | more than 8 years ago | (#15365437)

I don't trust them.

The article claims that the Chinese government owns a 28% stake in the company. At the end of the article a Lenovo spokesman says that the "government is only a minority stakeholder"

Well call me naive, but look at the power our government has over influencing companies where they own 0%. ie.. the whole NSA call monitoring thing, DOJ over MS, etc... Not to mention we have a much 'nicer' government then Chinas.

So I would hardly classify a government that owns 28% of a company a "minority stakeholder". Can you imagine the board meeting where the Lenovo CEO tell the "minority" stakeholder no.

DK

Surely the least of their worries (3, Insightful)

simonjp (970013) | more than 8 years ago | (#15365452)

I was going to write a long(-ish) reply, but decided against it - after all - it can be summed up easier: surely there are much weaker security issues than who made a laptop -- such as the user for example. Others have commented about windows. I say they should worry about education of their users rather than who made it.

And surely the US can't talk back at people for spying on others considering recent news.

What Laptops AREN'T made in China? (2, Informative)

the eric conspiracy (20178) | more than 8 years ago | (#15365458)

I just bought an HP laptop that was FedEx'ed directly from Kunshun China to my door.

in OTHER news... (1)

nxs212 (303580) | more than 8 years ago | (#15365460)

In other news, Lenovo is NOT concerned - it's just a matter of time before US State Department employees' jobs are outsourced to China...where chinese workers will use Lenovo computers to perform their daily tasks.
While US government can't contract the work out to a chinese company directly I am 100% sure they will have no problems giving the contract to IBM who will ship the work to where the work is cheaper (China, India, Brazil, etc)

I Agree (1)

tealover (187148) | more than 8 years ago | (#15365464)

Since it is partially goverment owned now, they should get no business from American govt.

China can continue to play their half-assed communism, capitalism at other governments' expense.

Re:I Agree (4, Insightful)

gatkinso (15975) | more than 8 years ago | (#15365518)

While I would love to agree with you, I have to regretfully point out the fact that we long ago handed virtually any manufacturing capability to the Chinese and now have no choice but to buy from them and hope that they continue to fund our debt.

However, they don't really have a choice anymore in the debt funding dept. They have to in order to insure the viability of their own investments.

House of cards? Or is it a house of cheap plastic goods, motherboards, and US govt issued bonds? Either way....

Re:I Agree (0)

Anonymous Coward | more than 8 years ago | (#15365523)

Half of one, half of another.

Here government is partially owned own by corporations.

We are continuing to play half-assed fascism, capitalism at the people's expense.

OH NO!!! My mouse was made in China!!! (1)

tscheez (71929) | more than 8 years ago | (#15365485)

It must be sending secrets to the Commies!!!!

"It's a SONY!" (1)

ArsenneLupin (766289) | more than 8 years ago | (#15365487)

Methinks somebody doesn't know the difference between Lenovo and SONY here.

Actually, it's in the interest of the US taxpayer (3, Insightful)

Opportunist (166417) | more than 8 years ago | (#15365526)

Let's be reasonable here.

The US government, in theory, should do what is beneficial to the US citizens. They're, after all, their employers, their reason to exist. Without them, they're as superfluous as the RIAA to music.

So, the government should need no reason to reach for US manufactored goods and prefering them over foreign ones. For the simple sake of national commerce. Security aside, the US government is a non profit thing. Their "profit" is the well being of the US. And that isn't buying the cheapest products, the best deal for the US is their government buying at US companies.

Just stand up and proclaim that you won't buy the Chinese laptops and instead buy (insert something that at least partly could be possible manufactured at least at SOME areas within the US). Not because China is evil, not because you don't trust them, simply 'cause the US government should first and foremost aid (and thus buy from) US based enterprises.

didn't see this coming (1)

Potor (658520) | more than 8 years ago | (#15365527)

Perhaps Dell lobbied in favour of the sale of IBM's Personal Computing Division?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?