[Infowarrior] - US probes whether laptop copied on China trip

Richard Forno rforno at infowarrior.org
Fri May 30 01:45:28 UTC 2008 

(....so what's the point of us 'worker bees' having to endure mindless  
'foreign travel briefings' when the idiots up top don't even exercise  
common sense and basic overseas OPSEC?  ----rf)


US probes whether laptop copied on China trip
By TED BRIDIS, Associated Press Writer2 hours, 40 minutes ago
http://news.yahoo.com/s/ap/20080529/ap_on_go_ca_st_pe/china_hacking&printer=1;_ylt=Alo4DyD.pkDYRJ7Pn8KGwIqWwvIE

U.S. authorities are investigating whether Chinese officials secretly  
copied the contents of a government laptop computer during a visit to  
China by Commerce Secretary Carlos M. Gutierrez and used the  
information to try to hack into Commerce computers, officials and  
industry experts told The Associated Press.

Surreptitious copying is believed to have occurred when a laptop was  
left unattended during Gutierrez's trip to Beijing for trade talks in  
December, people familiar with the incident told the AP. These people  
spoke on condition of anonymity because the incident was under  
investigation.

Gutierrez told the AP on Thursday he could not discuss whether or how  
the laptop's contents might have been copied.

"Because there is an investigation going on, I would rather not  
comment on that," he said. "To the extent that there is an  
investigation going on, those are the things being looked at, those  
are the questions being asked. I don't think I should provide any  
speculative answers."

A Commerce Department spokesman, Rich Mills, said he could not confirm  
or deny such an incident in China. Asked whether the department has  
issued new rules for carrying computers overseas, Mills said: "The  
department is continuing to improve our security posture, and that  
includes providing updates, guidances and best practices to staff to  
maintain security."

It was not immediately clear what information on the laptop might have  
been compromised, but it would be highly unorthodox for any U.S.  
government official to carry classified data on a laptop overseas to  
China, especially one left unattended even briefly. Modern copying  
equipment can duplicate a laptop's storage drive in just minutes.

The report of the incident is the latest in a series of worrisome  
cyber security problems blamed on China and comes at a sensitive time,  
with looming trade issues between the countries and special attention  
on China over the upcoming summer Olympics. Gutierrez returned just  
weeks ago from another trip to Beijing, where he noted he had  
"traveled here more than to any other foreign city during my tenure as  
commerce secretary."

In the period after Gutierrez returned from China in December, the  
U.S. Computer Emergency Readiness Team — known as US-CERT, some of the  
government's leading computer forensic experts — rushed to the  
Commerce Department on at least three occasions to respond to serious  
attempts at data break-ins, officials told the AP.

"There's nothing to substantiate an actual compromise at this time,"  
said Russ Knocke, spokesman for the Department of Homeland Security.  
Knocke said he was unable to find records of a DHS investigation. He  
said US-CERT workers have visited the Commerce Department eight times  
since December, but none of those visits related to laptops or the  
secretary's trip to China. He said the US-CERT organization works  
routinely with all U.S. agencies.

The FBI declined to comment.

It wasn't clear whether leaving the laptop unattended violated U.S.  
government rules. Some agencies, such as Homeland Security, routinely  
provide officials with sanitized laptops to carry on trips overseas  
and require them to leave in the U.S. their everyday laptops, which  
might contain sensitive information. Some former Commerce officials  
told the AP they were careful to keep electronic devices with them at  
all times during trips to China.

"We have rules in place," Gutierrez said. "We have procedures that  
people go through before they travel. So, there is a very significant  
process in place. Technology is obviously moving very quickly, and we  
have to move very quickly with it. But all of that is something that  
we are going through."

A senior U.S. intelligence official, Joel F. Brenner, recounted a  
separate story of an American financial executive who traveled to  
Beijing on business and said he had detected attempts to remotely  
implant monitoring software on his handheld "personal digital  
assistant" device — software that could have infected the executive's  
corporate network when he returned home. The executive "counted five  
beacons popped into his PDA between the time he got off his plane in  
Beijing and the time he got to his hotel room," Brenner, chief of the  
office of the National Counterintelligence Executive under the CIA,  
said during a speech in December.

Brenner recommended throwaway cellular phones for any business people  
traveling to China.

"The more serious danger is that your device will be corrupted with  
malicious software that takes only a second or two to download — and  
you will not know it — and that can be transferred to your home server  
when you collect your e-mail," he said.

The Pentagon, State Department and Commerce Department all have been  
victimized by widespread computer intrusions blamed on China since  
July 2006. Defense Secretary Robert Gates confirmed in September that  
parts of the Pentagon's unclassified e-mail system — used by Gates and  
hundreds of others — were disrupted in June 2007 due to a break-in.

The Commerce Department break-ins have been so serious that its Bureau  
of Industry and Security, which regulates exports of sensitive  
technology that might be used in weapons, effectively unplugged itself  
from the Internet.

Workers were instructed to use a few laptops placed around the office  
that are isolated from the department's network, even to search for  
public information using Google's Web search engine.

"We have discovered a number of very serious threats to the integrity  
of our systems and data," wrote then-Deputy Undersecretary of Commerce  
Mark Foulon to employees in an e-mail obtained by AP under the Freedom  
of Information Act. He said the department was not the government's  
only hacking victim, "but we have an obligation, which we must take  
seriously, to take all necessary measures to protect our systems and  
our data."

At the time, Foulon acknowledged that some of the protective measures  
"may create difficulties and even reduce productivity."

Fully one year after being unplugged from the Internet, some Commerce  
Department employees complained about the inconvenience. One worker  
offered to provide his own laptop so he could work at his desk, rather  
than use one of the office terminals 30 feet away. "How that endanger  
the network?" the employee wrote last summer. His request was denied  
by a security supervisor who complained that he, too, was struggling  
with the same Internet restrictions.

___

Associated Press writers Jeannine Aversa and Eileen Sullivan  
contributed to this story from Washington.

More information about the Infowarrior mailing list