Tuesday, February 14, 2012

Traveling to China? Don't Phone Home!

One of the many benefits of smartphones and laptops is that it’s easy take your office with you, so to speak, and electronically patch in to your company’s main computer, catch up on emails, and transfer important documents back and forth. It’s also easy to talk with associates, friends, and family as if you were just across town instead of half way around the world.

That’s the good news. The bad news is that if you’re doing this from China, you’re not the only one checking in to your computer. Electronic spying is a big business in China and many companies suffer the consequences of this when their employees travel abroad and “phone home.”

With corporate spying taking on new dimensions, many companies insist that their employees “travel naked” when going to China. No, this doesn’t mean that the TSA has put new demands on you as you go through airport security; it means that you don’t take your laptop or smartphone with you. Instead, you travel with “loaner” devices that are erased before you leave the United States and wiped clean the moment you return. No Bluetooth, no Wi-Fi, no letting the phone out of your sight, and turning off the phone when in meetings and even removing the battery from the device. And no using the camera in it. It means connecting to the home office computer through encrypted, password-protected channels and copying and pasting passwords from a USB thumb drive and never typing in a password directly.

Why all this paranoia and secrecy? This is now SOP (Standard Operating Procedure) for officials at American government agencies, research groups and companies that do business in Russia and China. Why? Because digital espionage is big business, that’s why.

“If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated,” said Joel F. Brenner, formerly the top counterintelligence official in the office of the director of national intelligence.
Once upon a time, corporate hacking was just the work of corporate moles or disgruntled former employees. That’s no longer the case. With the proliferation of smartphones and the ability to plug a computer into the Internet and network to a company’s mainframe computer, being able to remotely steal proprietary corporate information has gotten easier and easier. The now-preferred modus operandi is to break into an employees’ portable device and leapfrog into an employers’ networks, leaving no evidence of this being done.

Cyber thieves seldom leave a footprint.

Statistics on the frequency and impact of this type of corporate theft are scarce because affected companies are reluctant to go public with information about the breach for fear of its impact on company stock prices. But many companies have strict policies in place about how their employees can and cannot use their devices when traveling to certain countries.

As quoted in the New York Times, “The Chinese are very good at covering their tracks,” said Scott Aken, a former F.B.I. agent who specialized in counterintelligence and computer intrusion. “In most cases, companies don’t realize they’ve been burned until years later when a foreign competitor puts out their very same product - only they’re making it 30 percent cheaper.”
“We’ve already lost our manufacturing base,” he said. “Now we’re losing our R.& D. base. If we lose that, what do we fall back on?”

Does this affect you when you travel abroad? It depends on who you work for, what type of work you do, and the circumstances under which you’re traveling. Before you leave, check with your employer to see if they have any policies in place about cyber security. But just to be on the safe side, it’s wise to assume that it could affect you and the company you work for, so err on the side of caution, and yes, do be a bit paranoid.

No comments:

Post a Comment

Thanks for leaving a message. I'm always interested in your thoughts and comments, and look forward to reading what you have to say.