Schneier on Security
A blog covering security and security technology.
« Another Piece of the Stuxnet Puzzle |
| Mention of Cryptography in a Rap Song »
February 24, 2012
Computer Security when Traveling to China
When Kenneth G. Lieberthal, a China expert at the Brookings Institution, travels to that country, he follows a routine that seems straight from a spy film.
He leaves his cellphone and laptop at home and instead brings "loaner" devices, which he erases before he leaves the United States and wipes clean the minute he returns. In China, he disables Bluetooth and Wi-Fi, never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery, for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, "the Chinese are very good at installing key-logging software on your laptop."
Posted on February 24, 2012 at 7:06 AM
• 56 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
But even with copy and paste from an external drive, if the computer is compromised a malware can simply monitor the clipboard. Won't a live CD be more effective against malwares? (It would still be vulnerable to malicious hardware, though.)
That is also the kind of advice you get to read for traveling to the US these days. At least the part with the loaner devices vs. TSA confiscations is pretty common.
My company requires us to do the same when travelling to China as well as being debriefed by our version of the FBI before and after travelling.
We have similar (not quite as extreme) restrictions for a number of countries, including the US, that are known for extensive attempts at corporate espionage.
Furthermore, there are a number of countries that we are prohibited from travelling to at all (including personal travel) including North Korea :-)
So what if his usb drive with the password on it is examined? A two-factor-authorization would be much more secure, and also protect him from keyloggers.
Wouldn't a plain encrypted laptop hard drive serve him much better? That way, it's impossible to secretly install malicious software without him knowing about it. Manipulated hardware is still an issue, but I don't see any defense against it and would rather go through my OS Root-CA certificate list and delete everything with a C in it.
I would expect that a corporation willing to support anyone in such defenses against corporate espionage would issue a throw-away user account for him to use should he require data from networks back home.
Unlike a regular corporate user account which tends to collect accesses from previous jobs (and forgotten about), a throw-away would be designed to have exactly what is required, and then be destroyed as soon as the the meetings are over. thusly, any user account/password activity that IS recorded is useless some period of time later.
@jupp: "Wouldn't a plain encrypted laptop hard drive serve him much better? That way, it's impossible to secretly install malicious software without him knowing about it."
One of the points noted in the article is that China and Russia prohibit travelers from entering with encrypted devices. A bit-locker (or similar whole-disk encryption method) enabled system would be confiscated if found, and for all I know it could be a crime there as well.
okay, waiting for someone to say something positive. Is security all about dissing and finding cracks? You cannot find them all you know. So what works?
Any border crossing where they take your laptop away from you is suspect. It doesn't matter which country it is.
It's as true for a laptop as it is for any other computer: a machine that is out of your physical control is not secure.
The disposable laptop is a good idea.
This makes me want to start a business "cleaning" laptops on return from suspect countries.
Some people aren't aware that even if their phone is turned off, it can still be remotely activated and used as a listening device. Removing the battery is good procedure, but I think this can cause bugs in newer phones if done on a regular basis.
Workplaces that regularly deal with classified material will often have rows of tiny cubbies (sometimes with locking doors to prevent theft) at the entrance to offices, meeting rooms, ops rooms, etc.
Digital eavesdropping is also an possibility with computers and tablets that are equipped with microphones and connected to the internet or cellular networks.
Why isn't anyone talking about the real problem here, which is that these devices are insecure no matter where you are? It's not like as soon as you cross the border into China Windows or Bluetooth becomes insecure.
The conversation should be more about why governments and industry are not working harder to make our devices more secure and less about the Chinese exploiting that insecurity. Unless of course everyone wants them to be insecure in the first place...
I'm unclear as to what you consider to be negative.
No, but it's a good start.
That depends on the domain.
Being better than your attacker. Note that in some domains, you need to be better than your attacker through a long time horizon, not just for the immediate moment.
I wonder as to the legality of possession of an encrypted HDD inside countries that don't allow them to be brought in. An un-encrypted automatic install CD that does a full wipe and an install directly to an encrypted partition might be a side step around the issue in those countries.
"We" have a policy of bringing "china laptops"; these are not used for corp matters.
To do that in China but not in US is a ridiculous paranoia. If Chinese government can spy on you, then so can American government.
and you dont have to be in china for the chinese to spy on you. Infact they might find it easier to do it where you are least aware
For me it looks like a smear piece on Russia and China.
Because if it's true it means that US government has the same capacity to spy on it's citizens.
And if it can, you know it does.
BE VERY AFRAID!
I always bring along a Navajo friend of mine.
@Brian: Technology will always be vulnerable to exploitation, as will the user of the technology in question - it's impossible to use it in a completely "secure" manner. The article describes ways the user is reducing the risk of using this technology during travel in what they consider a hostile environment. This is the right thing to do, and a good lesson.
online keyboards is the best option to get protection against keylogging.
Two good points.
I learned from a brief career in COMINT in the '60s that 1, borders haven't meant much since Marconi, and 2, Good Country/Bad Country distinctions do very little to enhance security and can even foster relaxed security if you believe in the concept and "relax" in supposed secure evirons.
Just hope our traveler takes his precautionary steps before he applies for his visa or publishes his plans in any other way..
I'm not long returned (to Europe) from 3 weeks in China, to install the european/high-tech part of a scientific collaboration. Airport border security apparatus could not have been faster, more efficient, or less interested in my laptop + cellphone.
Ah, but some piddling little science mission doesn't attract the same kind of scrutiny as big, super-important, billions-in-the-air business dealing!
If there are billions at stake, then the suggested precautions become f***ing mandatory from from the moment you step outside corporate HQ!
Oooh, but China is evil and scary and stuff....
Back in the day when I built toys for the chaps in khaki we had fairly strict computer security measures.
Nothing with storage left the site, phones and floppy disks (in those days) were left in your car outside the fence.
The office machines had removable hard drives that were locked in the safe at night and were destroyed in the Godzilla of shredders when not needed.
The CAD systems were in a metal shielded room with an interlocked door that turned all the screens off when opened.
Of course back in those days we weren't allowed to visit China anyway - they were a little suspicious if we went to France.
, if the computer is compromised a malware can simply monitor the clipboard. Won't a live CD be more effective against malwares? (It would still be vulnerable to malicious hardware, though.) be vulnerable to malicious hardware, though.
Although the article say's "key logging software" the journo might have just heard "key logging" and mentaly filled in the rest (it's been done before).
Also you need to ask "where" key logging software is loaded, the original PC design had two CPU's the main 16bit 8088/86 and a second 8bit microcontroler to do the keyboard scanning etc. A similar aproach is still taken today with many I/O devices having their own microcontroler. Also the BIOS design alows for I/O Device ROM code to be executed long long before the HD is touched and this code stays resident in most versions of MS OS's.
And lets be honest the number of laptops etc that get some or all their parts made in China is quite high these days. It is possible it already has key board snooping software built in already that just needs a magic number to be typed in to enable it.
If you have a look at Matt Blaze's crypto.com web site you will find the design of an inline keyboard device that actualy sent the key press information out onto the local (and presumably more distant) network by manipulating exactly when the key code was sent to the PC from the keyboard.
Over on Ross J. Andersons UK Cambridge Computer labs web site lightbluetouchpaper.org you will find information on how to make the hardware deliberatly manipulate EM emissions to improve the range over which it may be monitored.
There are also other techniques that I've discussed on this blog in the past that involve "illuminating" the hardware with an EM source from a distance. As the key presses hapen they open and close various circuit board traces that will become modulated onto the illuminating EM source and carry the info to a receiver.
Then there are techniques using the sound of key presses to work out which key is being pressed.
And then there is the low tech trick of just hiding a cheap 2.4GHz CCTV style camera above the area you are working at to "shoulder surf" the key presses.
So you have a lot more to worry about with keyboards than you might at first think...
Removing the battery is good procedure, but I think this can cause bugs in newer phones if done on a regular basis
Yes some smart phones can get mucked up, but all phones will suffer from "contact wear" on the battery if you take it out more than a few times.
One solution is to make your own "pocket EMC shield" for your phone, it's not difficult relativly cheap and I'm realy surprised a cheap commercial version is not for sale.
If you have the money you can go and buy one of those "forensic mobile phone shield bags".
Either way the proceadure is the same,
1, Put phone in "aircraft mode".
2, Turn the phone off.
3, Put phone in shield device and close.
If you are especially paranoid you can put an RF or EM sniffer on the outside, if the phone transmitts a signal the sniffer will pick it up and can set of a warning.
@Bob T: "I always bring along a Navajo friend of mine."
+1 Internets to you, sir!
Didnt China start with physical access to all of these laptops?
what about all the devices that were made or assembled in china. anyone using an iphone or ipad in the white house?
This is so much FUD. If/when a govt wants your secrets, they aren't going to wait for you to go over there and hope you're not one of the paranoid ones - they'll actively engage people in the target company, or get people to be hired there. If you have to have this level of fear while travelling, then you're operations at home muct be at least as ironclad, but as it is, most companies that act this way probably pat themselves on their back and pretend they've done well.
Right - how can you trust a device when your adversary had control over its manufacture? Maybe a FPGA, where the adversary does not know the pin assignments (then they can sniff your data but cannot know where to send it?)
@Clive Robinson You *need* to remove the battery from the phone, otherwise the microphone could record to storage on the device (and I'm sure some sound will leak through the sheild). Many phones have at least 8gb of storage, so that's quite a lot of hours of 128kbps quality captured. Perhaps a whole week's worth?
Alistair McDonald said:
"@Clive Robinson You *need* to remove the battery from the phone, otherwise the microphone could record to storage on the device (and I'm sure some sound will leak through the shield)."
or maybe use a dumb phone that doesn't have all these extra functions.
To confirm what someone above said: the Chinese are not in the habit of inspecting people's laptops at the border. I've entered China nine times in the last four years, and nobody has ever been checking laptops. You're not going to get stopped at the border and turned back for having an encrypted company laptop. If you are an activist on their blacklist...that's another story.
It's been a while; I hope you're well.
@ Bob T
I was fortunate to meet a group of the original WW2 Navaho Talkers in the 90's - great guys.
I was also pleasantly surprised to hear recently that the British army used a similar system utilising Welsh speakers in Bosnia.
@william "To confirm what someone above said: the Chinese are not in the habit of inspecting people's laptops at the border... If you are an activist on their blacklist...that's another story."
Or if you work for Google, or Yahoo!, or Microsoft, or Boeing, or Raytheon, or Lockheed Martin, or SpaceX, or Orbital Scoences, or NASA, or AT&T, or verizon, or Halliburton, or Kellog Brown Root, or Shlumberger, or General Motors, or Ford, or Chevrolet, or General Electric, anyone dealing with driling, fracking, pipelines, upstream, downstream, or ... or for ANY level of government. So really just a few people, nothing to fear, folks ...
As written before, if your data is worth billions, you should be careful wherever you go.
Boot your laptop from an encrypted thumbdrive. Surf through an ssh pipe to your own server, which sidesteps the SSL certification problem. Do not type in passwords but use ssh public keys and password safes, like the one in Firefox (which was stored on the encrypted drive!). That way your opponent needs your thumbdrive AND your password (two factor).
But obviously, if they really want something from you they will use social engineering anyway, blackmail, or torture.
@ Alistair McDonald,
... need to remove the battery from the phone, otherwise the microphone could record to storage on the device
As I noted contact wear on the battery contacts on the battery and in the phone is quite a serious issue with all modern phones and is getting worse due to the rapidly rising cost of certain rare(ish) metals. An unreliable mobile/cell phone has it's own security risk. In that it will cause the users to use other phones which will usually be either very insecure or in very insecure areas. And as the user would only use such a phone under urgent conditions, they are not likely to be as discreet as thy might otherwise be.
As has been noted many times before usually a human under preasure is very much the weakest link in any security chain.
So the solution needs to be considered within the users limitations, and many could not reliably take a battery out of a mobile phone, so won't bother.
As @Godel noted "dumb phones" may be a solution, but you need to take care that they are actually realy dumb and not wrapped up to look dumb. The reason this happens is that with the very large cost savings to be made on reduced inventory the actual chips in the packages on the phones PCB may well contain much of the functionality of high end phones.
Also as I noted most Fast Moving Consumer Electronic (FMCE) such as laptops / mobiles / etc are actually made in part or whole in the Far East often in China it's self so may well have had malware functionality "built in" that just needs a code to be keyed in to enable it, which could be done in seconds, or worse done via the "over the air" interface.
... and I'm sure some sound will leak through the sheild
Depends on the shield in use, I have an old "tobacco tin" lined with carbon loaded "100 Ohm Foam" as is used for storing DIL IC packages and it sits inside a neatly made padded canvas smokers pouch designed especialy by a crafts outlet especialy to hold such a tin. A practical demonstration with the "phone alarm" function indicates that while not fully sound proof it's rather better than you would expect (you can only hear it very close up in a very quite room).
Also modern phones have quite directional microphones that are in some cases augmented by noise cancelling systems (that might have disadvantages as it uses a second microphone)
So you might consider taking the microphone out of the loop, that is physicaly disconect it in the phone and use the "hands free" kit such as the ear piece and microphone on a lead (you can actually get such a lead with a "throat microphone" in it which means it's usable by "articulation without speach").
But remember not to use "bluetooth" etc as all you are doing is moving the problem out of the phone to somewhere else.
Many phones have at least 8gb of storage so that's quite a lot of hours of 128kbps quality captured. Perhaps a whole week's worth?
It depends on the codec go have a look at some of the "vorbis" speach quality codecs or those used in DAB they can get down to very low bit rates and have quite intelligible audio.
However this comes under a different threat vector class of "data storage" not "audio transmission" which is why I did not mention it (my posting was getting long enough already)
That said as the thread's a few days old now ;-)
Hidden "data storage" threats have compleatly different mitigations and there is actually not much written about those that "write data" as a buffer to onwards transmission as opposed to "copy/delete data".
First is the problem of knowing if it is actually happening which can be almost impossible for various reasons.
Second is where the memory being written too is located.
That is if the system is "closed" or "proprietory" you don't know if memory is hidden in it or not, likewise extra functionality. This is especialy true of System On a Chip (SOC) so applies to every modern FMCE platform even if it is supposadly "open" in design.
There are ways of finding out this information but it is usually way beyond that of most users and quite a few specialists.
Often it is only discovered by chance during "onwards transmission", a recent and quite widely known example was the researcher who discovered the "test / engineering software" put in US mobile/cell phones that logged key presses and all sorts of other information and bypassed user level security and even system level security that a knowledgable SysAdmin may have installed. It did this by doing an "end run" arround the security by acting as a shim between devices and the OS kernel...
The simplest way to find such activity is with an RF 'sniffer' monitor as the "file" is transmitted it produces RF energy. This can quite easily be detected with simple equipment if closely located to the phone. As an example leave a GSM phone next to an AM radio tuned to a weak radio station that is mainly "talk", when the phone registers to the network etc you will hear a characteristic "burp burp burp" noise. You can easily hear this by phoning the phone the noise lasts for a second or so before the phone starts to ring.
Having (potentialy) discovered the problem you then have to confirm it and do low level system testing to know what exactly is happening (suspicion is not proof, and acting on unwarented suspicion quickly ends up as a "tail chasing" excercise).
Another way is with thermal imaging etc all active electronics is inefficient, the faster the digital edges change the more energy is required (to charge and discharge capacitance etc) and this requires larger currents. And as all active electronics has a resistive component the power required (due to I squared R) goes up with the computational requirment and this causes a proportionate rise in temprature.
There is however a fly in the ointment, in that if the software designer / writter is smart there are all sorts of tricks that can be used to reduce the data (including voice recognition) and hide the exported data in with other data.
The problem for the designer is that whilst they can reduce energy in one area, it consiquently goes up in other areas. Thus the investigator needs to work in several domains at the same time.
I expect that keen young researchers wanting to make a "publication name" for themselves to get in on an academic career will start to write papers in this area in the next couple of years, so the problem area of detecting hidden data stores will become better documented.
@Alistair: That's true, and a real concern. Some people (even some Intelligence officers…) aren't aware that even though they are working in a command bunker 10 stories down in the bedrock, this vulnerability could expose every word they say down there.
@Clive: Separating the input hardware from the phone itself is a good idea. That, or have a physical switch that would disconnect the actual circuit within the phone. Would probably have to disconnect the phone speakers too, because it's often possible to use speakers as a mike.
At present there are old phones that still work well, that can survive having their battery taken in and out on a regular basis. This is sufficient for most people's security needs. Once these phones are obsolete we will have a bigger problem.
While it's possible to secure specific devices or engineer new ones, when developing a procedure for groups of more than a few people (companies, agencies, militaries…) things get more complicated. It's not always financially efficient to buy every employee their own phone, and secure cellphones tend to be really shitty. People prefer their own phones.
In a workplace, I think cell phone lockers are probably the most practical solution (though I may be biased since I'm used to them myself). In ops in the army we had plain open cubbies for our phones. We would hear them when they rang but they weren't in the room with us. (I did get a personal cellphone stolen that way once though, which is why it's much better to have something with locks.) Better to leave the cellphones outside and invest in secure landline phones. People who work with classified material just need to get used to not taking their work out of the office, and keeping their work phone lines completely separate from their personal cellphones.
While traveling, while working in a space where landlines aren't an option, or for vital personnel (e.g. high-ranking officers/executives who need to be available to give orders 24/7) specialized hardware is necessary. I'd examine the work that the military is doing in securing commercial cellphones. Until lately the cellphones I've seen that were compatible with IDF "Secret" phone network were late-nineties-era Motorolas, but I heard they're replacing those with newer models. I've heard that the US Army has cellphones that are both modern and secure - never played with any myself, though.
I've heard that the US Army has cellphones that are both modern and secure - never played with any myself, though
They might do but that's not what the troops use...
Your average asspiring squad member/leader/OC has an iPhone with lots of grovey apps written by other soldiers. Some of those iPhones carry so much information in the form of army manuals etc etc they are virtualy a security threat in their own right.
However that's not what is bothering those further up the command tree (for now) because of the combat environment most US troops end up in currently.
What is worrying them is the high probability of going to war against China either directly or through a proxie like N.Korea. As many know the iPhone is made in that part of the world...
Which might be one of the reasons Apple have an interest in a new manufacturing plant in Texas.
How voice encryption is going to be put on the iPone etc is an open question, because if done at the app level then the "end run" attacks I mentioned still apply. It's however not an insermountable problem as we know from the election of the current US president, as he was (and probably still is) addicted to his "crackberry" the NSA re-engineered it to make the "Obahmaberry" which was considered secure enough for
As for the old POTS secure phones and the voice encryptors for HF/VHF radios they always had a problem. The out put of the encryption was random (or supposed to be) the telephone line was analog as is the detector in most receivers and thus liked smoth continuouss waveforms that stayed below a quater of the bandwidth of the effective channel.
It was only with sensible integration at the chip level in the past 15years or so that high data rates became possible in both the narrow audio bandwidth and in the case of HF/VHF the atmospheric conditions expected between 2&40MHz.
However previous generations of such voice encryptors concentrarted on using second generation DSP chips to get the voice data rate down towards it's theoretical upper band of 300ish baud. However even the systems running at 1200/2400 baud although intelligible still had a hollowness that made correct speaker identification more difficult.
Oh and of course we have the NSA to thank for many of our current voice vocoder / digitiser algorithms
Wrt laptops, for even stronger & simplier security just leave the harddrive at home & boot off a Linux LiveCD. The Air Force's Lightweight Portable Secruty is specifically made for this exact situation. See spi.dod.mil
Course not, troops don't need encrypted private cellphones. Teams in the field have their own communication devices, and shouldn't be allowed to bring their personal phones on operations at all.
Bottom line is, procedures need to be robust enough to work under the assumption that both China AND Al Qaida are listening in on each and every private cell phone. And for everything else, to use specialized encrypted mobile devices, however they end up manufacturing them. (I don't have the technical background to fully understand the technical considerations, but it's not like the US army doesn't have enough funding to engineer one from scratch if it really has to...)
There are 10 types of people:
. Those that look on the bright side. These can never be successful security professionals.
. Those that look on the negative side. These can be successful security professionals.
. Those that understand ternary.
It seems to me that I've been mentioning phone security as a huge security issue for about 4 years now. Basically since the Iphone came out.
unfortunately with each step forward we jump backwards about a mile in terms of securing the **** things.
Fundamentally voice is difficult to secure, but these modern devices are build around voice command driven input methods so the voice channel is in no way secured or reserved for the basband mobile use. There is nothing to stop viruses from recording anything they want, anytime they want, with or without the phone being active / connected to the network. (business meetings, military briefings, or just getting s back door into what the troops are really saying...when noone is listening)
With many people now having multiple Gbyte 3G data plans on their phones there is no practical way that they will even be aware of the data that might be leaking from their phones. All this is without considering the possibility of information leaks from things like
Bluetooth, WiFi, NFC, GPS and other comms HW being built into practically all phones.
Consider a simple Andriod app like Latitude ( lets your buddy list see where in the world you are accurate to a few meters GPS resolution) Now consider a solider with this app turned on during a mission. Brings new meaning to the concept of "smart munitions".
With current HW/FW designs there is absolutely no practical way to secure these devices, even if there were a way the environment in which they function basically asks for admin privilege for any simple operation. It's worse security than win95.
I'm not sure that China is the only country that is aware of this smart phone security problem, so singling them out seems rather harsh. As for laptop security at Chinese boarders I cross the border all the time over 50 times per year and so far they have taken absolutely no interest in my laptop or my phone.
A live CD with a mouse keyboard for entering passwords to his VPN/email would easily work. Something like Tails/Amnesic so when you shut it off it erased memory, in case his laptop is seized, or momentarily stolen and copied which has happened plenty of times like when the US secret service swiped a hackers laptop in Dubai to copy the drive and memory out of his hotel room while he was in the bar.
I'm not sure that China is the only country that is aware of this smart phone security problem, so singling them out seems rather harsh.
From that limited view point no, as I've often pointed out the US, Russia, UK, France, Israel et al should be on the list.
However to further view points tend to single them out,
1, They make in part or whole many of the devices concerned, or are involved in the supply chain of the devices.
2, The US War Hawks have been trying to start a war proxie or otherwise with the Chinese for atleast as long as I've been alive.
Most visable for the latter is the attempts to foster agression over N.Korea or Taiwan, which has resulted in occasional action such as the cutting of undersea communications cables and sinking of vessels in desputed waters.
So as I said from the US military side it is currently China that they are worrying about.
Oh and the viewpoint of many in many military organisations world wide that their comms irespective of final manufacturer has components that have "been touched" by China or other Nation where ethnic Chinese have or do work in positions where they can "back door" the technology in some way.
After all the fastest way to lose a battle or war is to lose your Command and Control channel from the commanders to the front line, in the middle of a battle.
And it's a real issue, as you've pointed out in the past it's very much about Systems on a Chip these days and few countries have the ability to actually manufacture or design from the "transistor up" 100% on home soil let alone in a secure way.
And as I've mentioned in the past many of the West's high tech / smart weapons are criticaly dependent on certain mineral resources that are currently only being mined in China. And for the past few years they have been adding more and more "draconian restrictions" (from the West's point of view) to get "best value" they can for them. Some of which definatly does involve industrial espionage and out right theft not just of IP but entire production plants etc.
So as once advised to the supposed "godless" in danger of losing their mortal souls, "If you chose to sup with the Devil, use a long spoon".
I'd do the same when traveling to USA.
There are two reasons why China is "singled out".
Firstly, there is an abundance of evidence that China is in fact the driving force behind most of the world's more sophisticated computer security intrusions, and that much of this espionage is state sponsored. It is true that so far to date, all of this evidence is circumstantial; but we tipped over the "balance of probability" line years ago.
Secondly, visiting a country like China really is a special case. You see, the constitution of the PRC says that PRC is a "People's Democratic Dictatorship". In simple terms, what this means is that the law is there to protect the government, not to constrain it. It may be illegal to hack in China; but not if you work for the government.
This makes a big difference. Consider the people who have foolishly suggested that they would be safe with a laptop with full disk encryption. As we all know, such a system is easily defeated by the so-called "evil maid attack." It goes like this:
1. The "evil maid" provides access to your laptop;
2. A hardware or BIOS key logger is installed;
3. Laptop is returned to its usual place. 4. Suspecting nothing, you log on, and your passphrase is captured.
5. Evil maid provides access a second time;
6. Bad guys obtain passphrase, and can either decrypt data at their leisure back at HQ, or even better, rootkit your encrypted OS.
Now the "evil maid attack" can potentially occur anywhere, but there a very large differences in the risk and level of difficulty. In countries like China, the security forces will be automatically granted access to your hotel room, room safe, rental car, gym locker, etc. to do whatever they please. If your laptop is ever left unguarded your full disk encryption will be trivially compromised.
There is no risk of the operation being exposed, no personal risk to the attacker, and very little cost. Even if the target catches the evil maid red-handed, the police will reassure him that it was a common burglary, and that the offender will be punished. He has no way to find out if this is true.
(WHile this attack is very cheap, it is probably also reasonable to assume that hotel rooms could contain cameras, and rental cars could contain GPS trackers. Unlike "evil maid" these devices are too expensive for casual snooping; however in those deployments they will be reusable many times and useful for much more than spying on tourists, so they are still quite economical.)
Security forces in the USA or other democracies can also attempt to mount such an attack, but they must either obtain a warrant or do it illegally. A warrant cannot be obtained instantly nor cheaply (in terms of budgeted person-hours), and it will not be granted for just any person of casual interest. And whilst illegal searches may occur, they are costly, high risk operations. It is unlikely that hotel staff would cooperate, and even if they appeared to do so, they couldn't be trusted to keep quiet. So cost, time, risk and difficulty are all vastly greater. If the evil maid is caught, he/she is almost certainly going to prison, even if the government would like to help him out (and yes, this has actually happened.)
This makes a vast difference of scale. In the US, you may expect to be personally bugged if you are important enough to warrant opening a budget for investigating you. Otherwise, in 21st century bureaucracy, it just isn't going to happen. In a People's Democratic Dictatorship, if you twitch any level of interest above "just another tourist bozo", then you can reasonably expect that your electronics will be compromised and there is a good chance that in some places you will also be bugged and filmed.
HAVING SAID ALL THAT:
Some of Lieberthal's precautions are just as necessary anywhere, and some are useless. Never mind China, you should *never* use a Bluetooth headset for discussing confidential business if you have a reasonably resourceful opponent. (Google "bluebugging" if you don't know why.)
Conversely, the "copy and paste from USB stick" is not going to be effective for someone as prominent as him. Against the chance I had to send a confidential message, I would bring a pencil, paper and a packet of playing cards!
Why isn't he using s/key, so that even if they manage to observe a password it's worthless as soon as it's used?
"Secondly, visiting a country like China really is a special case. You see, the constitution of the PRC says that PRC is a "People's Democratic Dictatorship"......"
Thanks for taking the time to enlighten me about sophisticated keylogger attacks and possible HW & FW changes / bugs. I'm still not sure why you are singling out China because these attacks seem equally probable / implementable anywhere else in the world. I guess the answer is in the "evil maid" assumption because I must admit I've met some very disagreeable hotel staff in various parts of western China.
I believe China is protecting its interests and today that means cyber security as well as physical security, so an active interest in hacking gives you first hand experience with what not to do. Frankly I'd be surprised if a similar "active hacking strategy" was not being pursued by every major country in the world. I've mentioned before how easy it is use the GFC for your own advantage, so I wont go into the details again, suffice to say I'm not the only one who sees value in looping through this opaque structure a few times.
As for filming me or bugging me, frankly I never do anything that interesting, they'd get bored silly within a week.
@Catherine: "Removing the battery is good procedure"
The battery may have been replaced for a model with microphone and memory storage.
You have better use a noised shield device (add an ipod loaded with random noise in the shield).
I would be very interested in hearing Mr. Schneier's opinion on this matter.
Is China really special and deserving of these extreme precautions? Are these measures an overreaction? Perhaps they should they be standard operating procedure everywhere, not just in China?
Mr. Schneier ... ?
Is China really special and deserving of these extreme precautions? Are these measures an overreaction? Perhaps they should they be standard operating procedure everywhere, not just in China
The quick answer to your three questions is No, No, Yes.
We do not know if China is behind a lot of the attacks, all we know is that is where they appear to come from and where the results appear to go back to.
It is highly likely that China are behind some attacks (against Tibetan's and members of other organisations). Likewise it's reasonable to suppose that Chinese criminals like the criminals in so many other countries are also involved in running attacks out of China. However many of the so called APT attacks are so "numpty" you cannot help but think China is not that incompetent at IT so is it a smoke screen and if so run by whom?
Thus it could be any nation that can get access to China's Cyber-Space or any nation that can get into the first gateway outside of China's Cyber-Space. You only need to look at the amount of Cyber-Crime (as opposed to Cyber-espionage) that "hops through" China to see it's easily possible for another nation to do the same with Cyber-espionage.
But in the case of the US War-Hawks it's not in their interest to trace it any further back than China's gateway because China is the one they want sitting in the "Cross hairs" for various political and financial reasons.
France by it's own admission has admitted that espionage is a very cheap way to do R&D over thirty years ago. We know Russia has performed economic espionage and market manipulation when their grain harvests failed before that. So it's not unreasonable to suppose that any nation that can do it is indeed doing it, and very probably through another three or four countries just to cover their own backs.
As for are the precautions an over reaction, no. Look at it this way IP is valuable more valuable than stocks and share or paper money can ever be. You don't walk around a foreign country with the equivalant value of a comapnies IP in cash hanging out of your pocket or in a duty free bag do you? So why do it with the IP it's self on your phone or laptop?
Finally as for doing it in general, yes even if you are not traveling to another country. Of all the laptopss and smart phones etc that go missing in the US do you realy think all of them are just carelless users and lucky to be on the spot thieves? No a few are targeted attacks carried out to get the information that is so valuable. Why do we know this because companies who are a little more cautious get people breaking in to their offices to steal speciffic computers with the IP on.
So take the precautions where ever you store the IP or use it.
Oh and one last thing remember HP and their senior person renting private eyes etc to spy on other members of the board of directors? So assume everyone friend or foe is out to get their grubby mits on the data.
Mr. Lieberthal's actions may sound a little extreme, but as someone has had a laptop stolen while on a supplier-sponsored trip to Beijing, I can say it's definitely worth it.
It was a lesson you don't have to learn more than once.
I used to know a marijuana dealer that went to jail thanks to his habit of not taking the battery out of the phone during his "negotiations with business associates". This was: 2003 in Croatia. So if you're realizing such things today, then just don't bother and don't bring any sensible data out of your office.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.