He leaves His cellphone and laptop at home and instead Brings "loaner" devices, Which I erases Before He leaves the United States wipes clean and the minute I returns. In China, I disables Bluetooth and Wi-Fi, never lets historical historical phone out of sight and, in meetings, not only turns off historical But Also Removes the phone battery, for fear microphone historical Could Be Turned on remotely. He connects to the Internet only-through an encrypted, password-protected channel, and copies and pastes from historical password to USB thumb drive. I never types in a password Directly, Because I said, "the Chinese are very good at installing key-logging software on your laptop."
What might Have eleven sounded like The Behavior of a paranoid is now standard operating procedure for Officials at American Government agencies, research groups and companies do business in China That and Russia - like Google, the State Department and the Internet security giant McAfee. Digital espionage In These country clubs, security Experts say, is a real and growing Threat - Whether in pursuit of Government Information confidential corporate or trade secrets.
"If a company has significant intellectual property the Chinese and Russians That are interested in., and you go over there with mobile devices, your devices will get Penetrated," said Joel F. Brenner, formerly the top counterintelligence official in the office of the director of national intelligence.
Theft of trade secrets long WAS the work of insiders - disgruntled corporate moles or Employees. But it has Become Easier to steal information remotely Because of the Internet, the proliferation of smartphones and the inclination of Employees devices to plug Into Their workplace staff and cart proprietary information networks around. Hackers' preferred modus operandi, say Security Experts, is to break into Employees' portable devices and leapfrog Into Employers' networks - stealing secrets while leaving nary a trace.
Targets of hack attacks are reluctant to discuss Them and statistics are scarce. Most go unreported breaches, security Experts say, Because corporate disclosure Victims fear what might mean for Their stock price, or Those Affected Because They Were never knew in the first place hacked. But the scope of the problem is illustrated by an incident at the United States Chamber of Commerce in 2010.
The chamber did not learn That it - and Its member Organizations - Were The Victims of a cybertheft That Lasted for months HAD Until the Federal Bureau of Investigation Told That the group servers in China Were stealing information from four of STI policy Asia Experts, who frequent China. By the time the chamber secured ITS network, hackers pilfered at least HAD six weeks worth of e-mails with STI member Organizations, Which include MOST of the nation's largest Corporations. Later still, the chamber discovered STI That office printer and events to one of STI thermostat in corporate apartments Were still comunicating With An Internet address in China.
The chamber did not Disclose how hackers infiltrated HAD ITS systems, STI But after the first step to bar attack WAS Taking Employees from devices with them "to Un certain country clubs," notably China, Spokesman said.
The implication, said Jacob Olcott, a cybersecurity expert at Good Harbor Consulting, Was That Brought Into China devices Were hacked. "Everybody knows if you are That doing business in China, in the 21st century, you do not bring anything with you. That's 'Business 101' - at least it should be. "
Neither the Chinese nor Russian embassies in Washington responded to requests for comment Several. But after Google Accused of Breaking Into Chinese hackers ITS systems in 2010, Chinese Officials Gave this statement: "China is Committed to Protecting the legitimate rights and Interests of foreign companies in our country."
Still, United States security and Government Officials Experts say increasingly They Are Concerned about breaches from Within These Countries Into corporate networks - Whether mobile-through devices or other means.
Last week, James R. Clapper, the director of national intelligence, in Testimony Before The Warned Senate Intelligence Committee About theft of trade secrets by "entities" within China and Russia. And Mike McConnell, former director of national intelligence, and now a private consultant, said in an interview, "In looking at computer systems of Consequence - in government, Congress, at the Department of Defense, aerospace, companies with valuable trade secrets - we've not yet Examined That one has not Been infected by an advanced persistent Threat. "
Both China and Russia prohibit travelers from Entering the country with encrypted devices UNLESS They Have Government permission. When Those Officials from country clubs visit the United States, They take Extra Precautions to Prevent the hacking of Their portable devices, According To security experts.
Now, United States companies, Government Agencies and Organizations are doing the Same by Imposing do-not-carry rules. Representative Mike Rogers, the Michigan Republican who is chairman of the House Intelligence Committee, said STI Could bring members only "clean" devices to China and Were forbidden from connecting to the Government's network while abroad. As for Himself, I said I've Traveled "Electronically naked."
At the State Department, Employees get specific instruction on how to secure Their devices in Russia and China, and are briefed on Annually General principles of security. At the Brookings Institution, Mr. Lieberthal Advises That companies do business in China. I've Said That There Was not That a formal policy mandating Their Employees leave devices at home, "but They educate Certainly Employees who travel to China and Russia to do so."
McAfee, the security company, said That if Any employee's device WAS INSPECTED at the Chinese border, It Could never be plugged Into McAfee's network again. Ever. "We just take the Risk Would not," said Simon Hunt, a vice president.
At AirPatrol, a company based in Columbia, Md., That Specializes in wireless security systems, Employees take only loaner devices to China and Russia, never enable Bluetooth and always switch off the microphone and camera. "We Operate under the Assumption That We will Inevitably be Compromised," said Tom Kellermann, the company's chief technology officer and a member of President Obama's commission on cybersecurity.
Google said it would not comment on internal travel STI Policies, But Employees who spoke on condition of anonymity said the company Prohibited from Bringing Them sensitive data to China, required only bring loaner They Have Their laptops or devices upon Their return INSPECTED.
Federal lawmakers are considering bills Aimed at thwarting cybertheft of trade secrets, although it is unclear Whether this Legislation would address problems That Arise Directly from overseas business trips.
In the meantime, companies are leaking critical information, Often without Realizing it.
"The Chinese are very good at Covering Their Tracks," said Scott Aken, a former FBI Specialized in counterintelligence agent who and computer intrusion. "In most cases, companies they've Been burned Do not Realize Until years later when to a foreign competitor puts out very Saami Their product - they're only making it 30 percent Clot cheaper."
"We've lost our manufacturing basis Already," I said. "Now we're losing our R. & D. base. If we lose That, what do we fall back on? "
What might Have eleven sounded like The Behavior of a paranoid is now standard operating procedure for Officials at American Government agencies, research groups and companies do business in China That and Russia - like Google, the State Department and the Internet security giant McAfee. Digital espionage In These country clubs, security Experts say, is a real and growing Threat - Whether in pursuit of Government Information confidential corporate or trade secrets.
"If a company has significant intellectual property the Chinese and Russians That are interested in., and you go over there with mobile devices, your devices will get Penetrated," said Joel F. Brenner, formerly the top counterintelligence official in the office of the director of national intelligence.
Theft of trade secrets long WAS the work of insiders - disgruntled corporate moles or Employees. But it has Become Easier to steal information remotely Because of the Internet, the proliferation of smartphones and the inclination of Employees devices to plug Into Their workplace staff and cart proprietary information networks around. Hackers' preferred modus operandi, say Security Experts, is to break into Employees' portable devices and leapfrog Into Employers' networks - stealing secrets while leaving nary a trace.
Targets of hack attacks are reluctant to discuss Them and statistics are scarce. Most go unreported breaches, security Experts say, Because corporate disclosure Victims fear what might mean for Their stock price, or Those Affected Because They Were never knew in the first place hacked. But the scope of the problem is illustrated by an incident at the United States Chamber of Commerce in 2010.
The chamber did not learn That it - and Its member Organizations - Were The Victims of a cybertheft That Lasted for months HAD Until the Federal Bureau of Investigation Told That the group servers in China Were stealing information from four of STI policy Asia Experts, who frequent China. By the time the chamber secured ITS network, hackers pilfered at least HAD six weeks worth of e-mails with STI member Organizations, Which include MOST of the nation's largest Corporations. Later still, the chamber discovered STI That office printer and events to one of STI thermostat in corporate apartments Were still comunicating With An Internet address in China.
The chamber did not Disclose how hackers infiltrated HAD ITS systems, STI But after the first step to bar attack WAS Taking Employees from devices with them "to Un certain country clubs," notably China, Spokesman said.
The implication, said Jacob Olcott, a cybersecurity expert at Good Harbor Consulting, Was That Brought Into China devices Were hacked. "Everybody knows if you are That doing business in China, in the 21st century, you do not bring anything with you. That's 'Business 101' - at least it should be. "
Neither the Chinese nor Russian embassies in Washington responded to requests for comment Several. But after Google Accused of Breaking Into Chinese hackers ITS systems in 2010, Chinese Officials Gave this statement: "China is Committed to Protecting the legitimate rights and Interests of foreign companies in our country."
Still, United States security and Government Officials Experts say increasingly They Are Concerned about breaches from Within These Countries Into corporate networks - Whether mobile-through devices or other means.
Last week, James R. Clapper, the director of national intelligence, in Testimony Before The Warned Senate Intelligence Committee About theft of trade secrets by "entities" within China and Russia. And Mike McConnell, former director of national intelligence, and now a private consultant, said in an interview, "In looking at computer systems of Consequence - in government, Congress, at the Department of Defense, aerospace, companies with valuable trade secrets - we've not yet Examined That one has not Been infected by an advanced persistent Threat. "
Both China and Russia prohibit travelers from Entering the country with encrypted devices UNLESS They Have Government permission. When Those Officials from country clubs visit the United States, They take Extra Precautions to Prevent the hacking of Their portable devices, According To security experts.
Now, United States companies, Government Agencies and Organizations are doing the Same by Imposing do-not-carry rules. Representative Mike Rogers, the Michigan Republican who is chairman of the House Intelligence Committee, said STI Could bring members only "clean" devices to China and Were forbidden from connecting to the Government's network while abroad. As for Himself, I said I've Traveled "Electronically naked."
At the State Department, Employees get specific instruction on how to secure Their devices in Russia and China, and are briefed on Annually General principles of security. At the Brookings Institution, Mr. Lieberthal Advises That companies do business in China. I've Said That There Was not That a formal policy mandating Their Employees leave devices at home, "but They educate Certainly Employees who travel to China and Russia to do so."
McAfee, the security company, said That if Any employee's device WAS INSPECTED at the Chinese border, It Could never be plugged Into McAfee's network again. Ever. "We just take the Risk Would not," said Simon Hunt, a vice president.
At AirPatrol, a company based in Columbia, Md., That Specializes in wireless security systems, Employees take only loaner devices to China and Russia, never enable Bluetooth and always switch off the microphone and camera. "We Operate under the Assumption That We will Inevitably be Compromised," said Tom Kellermann, the company's chief technology officer and a member of President Obama's commission on cybersecurity.
Google said it would not comment on internal travel STI Policies, But Employees who spoke on condition of anonymity said the company Prohibited from Bringing Them sensitive data to China, required only bring loaner They Have Their laptops or devices upon Their return INSPECTED.
Federal lawmakers are considering bills Aimed at thwarting cybertheft of trade secrets, although it is unclear Whether this Legislation would address problems That Arise Directly from overseas business trips.
In the meantime, companies are leaking critical information, Often without Realizing it.
"The Chinese are very good at Covering Their Tracks," said Scott Aken, a former FBI Specialized in counterintelligence agent who and computer intrusion. "In most cases, companies they've Been burned Do not Realize Until years later when to a foreign competitor puts out very Saami Their product - they're only making it 30 percent Clot cheaper."
"We've lost our manufacturing basis Already," I said. "Now we're losing our R. & D. base. If we lose That, what do we fall back on? "
