Lenovo Under U.S. Probe for Spying 327
BigControversy writes "The DailyTech has a report indicating that Lenovo, the giant Chinese PC manufacturer, is under a probe by the U.S.-China Economic Security Review Commission (USCC) for possible bugging. Apparently, the government has ordered 16,000 PCs from Lenovo but is now requesting that Lenovo be investigated by intelligence agencies. The fear is of foreign intelligence applying pressure to Lenovo to equip its PCs so that the U.S. can be spied on." From the article: "Despite the probe, Lenovo says that its international business, especially those that deal with the US, follow strictly laid out government regulations and rules. Lenovo also claims that even after purchasing IBM's PC division, its international business has not been affected negatively. Interestingly, in an interview with the BBC, Lenovo mentioned that an open investigation or probe may negatively affect the way that the company deals with future government contracts or bids." There just has to be better uses of our intelligence community's time.
Disagree on the last comment (Score:5, Insightful)
A lot of federal agencies have policies about using foreign hardware/software for reasons just like this. Go USA!
Re:Disagree on the last comment (Score:4, Insightful)
Seriously, who would be surprised if a Chinese company (remember the Chinese? They're still Communists!!) was encouraged to spy on U.S. Government agencies? To think otherwise is, IMO, incredibly naïve.
Personally, I think Lenovo ought to be barred from selling hardware to the U.S. Government altogether. It's simply not worth the security risk.
Re:Disagree on the last comment (Score:3, Informative)
it is? it seems like mostly what the 'intelligence' community does in the united states these days is spy on unarmed, constitutionally-protected demonstrators. like these cases, for instance:
http://www.msnbc.msn.com/id/11751418/ [msn.com]
http://www.washingtonpost.com/wp-dyn/content/artic le/2006/03/14/AR2006031401520_pf.html [washingtonpost.com]
http://www.dailytexanonline.com/media/paper410/new s/2006/03/24/TopStories/Students.Fbi.Lecture.Displ ays.Watch.List-1716066.s [dailytexanonline.com]
Re:The t3rr0r1st threat (Score:4, Funny)
Re:Disagree on the last comment (Score:2, Insightful)
Seriously, who would be suprised if a US Company (remember the US, they invaded Cuba, supported the Contras and recently invaded two countries and have taken part in illegal renditions and torture) was encouraged to spy on Foreign Goverment agencies, like the French, Russians, Chinese or Germans who oppo
Re:Disagree on the last comment (Score:3, Interesting)
The reason for picking on China is xenophobia, plain, old and simple, dressed up in McCarthy era justifications around communism.
Hardly. The fact is that China is really the only adversary who potentially has the military strength and intent to engage the US. North Korea and Taiwan are both problem areas where the Chinese and American viewpoints are very different. I'm sure European and Middle Eastern countries spy as well, but the US is not going to be invaded by Germany or Jordan.
I'm sure China would
Speaking about those Chinese (Score:4, Insightful)
Likewise (Score:3, Insightful)
Re:Disagree on the last comment (Score:3, Informative)
IMHO, it is good practice to have standing procedures to investigate all contracts/purchases, be them government, business or personal. And it would be extremely bad procedure for a foreign government to attempt such a poor spying procedure, but no harm in checking, which I doubt would be very hard.
But I think this is a ve
Declining population (Score:2, Interesting)
United States: 298,290,000
Get back to me when China doesn't outnumber the United States 4 to 1.
But seriously, what effect does declining population have on either China's stability or beligerence.
Also, what does it say when successive generations are viewed not as hope for the future but a threat to it?
Re:Disagree on the last comment (Score:3, Insightful)
China is a problem. It is a
Re:Disagree on the last comment (Score:3, Informative)
The US continues to trade with and indeed support many despotic regimes, but at least they nominally support change towards more democracy. China on the other hand *prefers* to deal with despotic r
Re:Disagree on the last comment (Score:2)
If you believe that, then I know a general who would like your ad
Re:Disagree on the last comment (Score:5, Interesting)
Re:Disagree on the last comment (Score:3, Interesting)
A cynic might take that to mean that the US is looking to make a lot more enemies.. Who am I kidding, the plans to invade my country have already been made, a bill was passed by Congress to invade The Hague in the event the International Criminal Court would ever attempt to try a USian.. SO yeah, I live in a future enemy State, despite being one of
Everyone has spies here. (Score:2, Insightful)
Re:Everyone has spies here. (Score:3, Funny)
Canada would never spy on the U.S. As an employee of the CIA, I can assure you that you have no idea what you're talking aboot, eh?
Re:Everyone has spies here. (Score:3, Funny)
Re: (Score:2)
This is a good argument for open source hardware. (Score:5, Interesting)
Mil Spec used to require second source suppliers for everything. That means every chip, resistor and capacitor. To do that now would require that several companies have the complete design of everything down to the last square mm of silicon. Such a policy would effectively prevent spying devices because many people would be able to examine the design. The same reason that open source is safer than Windows is the same reason that hardware designs should be open sourced (or at least second sourced).
BTW. You are absolutely right. Even friendly countries spy on each other. There was a story going around a while ago about an embassy had to be totally torn down because the local workers who built it had planted many microphones in it.
Re:Disagree on the last comment (Score:3, Insightful)
Oh yes, while the notebooks carried the IBM lable, they were good american products, while now they're evil chinese. Very interesting approach, considering that the computers were built all the time in the same factory in China.
I guess, if you'd have to buy american-only computers, you won't be able to purchase from Dell, IBM, HP, Toshiba, Sun and most other brands.
Re:Disagree on the last comment (Score:2)
Re:Disagree on the last comment (Score:2)
Keep in mind, that China, like USA, will go to great lengths to spy on others. We both do it against our own citizens as well as against other nations. USA really does need to check the equipment.
Re:Disagree on the last comment (Score:5, Funny)
| to spy on you. Would you like to? |
| *Save your changes and exit now. |
| *Trace the attackers IP. |
\ *Turn off these warnings. /
/
__/
olo
|||
\_/
Re:Disagree on the last comment (Score:2)
(1) Factually, the computers are not being made in different placed than they were before or by different people. It should only be slightly easier for the Chinese to do this now that it's Lenovo and not "IBM PC Division."
(2) Lets say that the Chinese were caught bugging computers -- it would be horrible public relations not only for Lenovo, which would lose some gigantic portion of its market share, but for the entire computer industry that manufactures oversea
Lenovo's Hengzhi TPM chips (Score:2)
The question is whether or not the SEA has mandated backdoors. Since the chips are meant to be used for state purposes, I highly doubt that there's a backdoor in the chips used by China because that would make China weak to spies if someone found
DOES NO ONE REMEMBER THIS SLASHDOT ARTICLE???? (Score:2, Informative)
National Security != Waste Of Time (Score:3, Insightful)
Better late than never. If there's no problem, no problem, which would be nice to know. If there is a problem, the US needs to react to it. Consider it an unintentional consequence of the wholesale offshoring of US (or for that matter, all of the OECD's) manufacturing to cheap labor markets. It's an uncontrolled economics experiment f
Re:Disagree on the last comment (Score:2)
Re:Disagree on the last comment (Score:2)
I don't see what you're getting so uppity about.
So let me get this straight.. (Score:3, Insightful)
Re:So let me get this straight.. (Score:2)
Try and find a computer not made in China (Score:5, Insightful)
Re:Try and find a computer not made in China (Score:2)
http://www.impactlab.com/modules.php?name=News&fi
"Dell has six factories around the world - in Limerick, Ireland; Xiamen, China; Eldorado do Sul, Brazil; Nashville, Tennessee; Austin, Texas; and Penang, Malaysia"
Interestingly enough there are actually 2 factories in the USA. The rest of the article has a very intersting look at what goes into a dell notebook.
Re:Try and find a computer not made in China (Score:2)
1. Slows growt
US Corps can verify ROMs and installed software (Score:2)
However US corporations can inspect the goods returned from manufacturing, verifying that the ROMs and the installed software matches what they provided. I'd imagine they would be doing so already, due to QA and antivirus concerns. A foreign agent would need to infiltrate the US corp to alter the expected results. Plauable but more difficult than the corp and the manufacturing being in an "unfriendly
Re:US Corps can verify ROMs and installed software (Score:3, Insightful)
Harder said than done. I could have a chip made that looks just like a ROM, but contains an extra code version that it switches to after say, 100 hours of use.
You could run checksums all you want, but the only way you could catch that is if you either depackage the chips and inspect it, or happen to inspect your computer after it's alreay been in serv
Re:Try and find a computer not made in China (Score:2)
Re:So let me get this straight.. (Score:2)
Well, first of all, we don't - outsourcing ended US PC manufacturing a long time ago. Even if it didn't, outsourcing of mobo's, hard drives, and most other components would make sure if there was some sort of monitoring agent put in there, you wouldn't know it.
On another tack, it seems it's always the right wing who bitch about high taxes and 'guvmint wastin' our money'
Re:So let me get this straight.. (Score:2, Informative)
Diversified Technology, Inc. [dtims.com] Everything is designed and manufactured in-house. They even do custom projects.
Summary correction. (Score:3, Funny)
Should read:
The fear is of the Chinese Trade Gap [csmonitor.com] widening further
Fixed! (Its a joke for the humour impaired)
If the US Govt is so worried about it... (Score:2)
Next time, but from US manufacturers! Let this be a lesson learned.
Re:If the US Govt is so worried about it... (Score:2)
Re:If the US Govt is so worried about it... (Score:2)
Re:If the US Govt is so worried about it... (Score:3)
So that they can start planting the seeds of war with China. What better way to recoup all the money that we owe them but to go to war w/them for years so we don't have to pay it back?!
Re:If the US Govt is so worried about it... (Score:2)
Unfortunately, most hippy love projects lead to jealousy-induced breakups and infighting.
I think not. (Score:3, Insightful)
Re:I think not. (Score:2)
It sounds to me like the usual suspects in the U.S. right are tr
MicroSoft (Score:5, Insightful)
Re:MicroSoft (Score:2)
Re:MicroSoft (Score:3, Informative)
Supposition and Speculation (Score:3, Interesting)
On the one hand, they have a point: it would be very easy for the Chinese government to "encourage" Lenovo to plant things in these machines to allow them to spy on the US. On the other hand, given the profusion of malware, keyloggers, Trojans, and such, the Chinese government could already be spying on the US without having to go to such extraordinary lengths. Frankly, it's too obvious to be credible.
Better use? (Score:2)
TV, and DVD Players May Listen Too! (Score:4, Interesting)
Not Surprised (Score:2, Insightful)
The only thing is now they're worried that the Chinese gov got a PC supplier to fiddle with their product. Maybe not all, just 1 out of 100 or something.
Do I think China did this? No.
But it's pretty much the job of intelligence agencies to be paranoid.
If you need real security (Score:3, Interesting)
Beyond that, by talking about it, you've given "the enemy" information on how your IT practices work: you pretty obviously don't use ghost or any similar sort of mass deployment software. (yes, I realize that for laptops with all their custom crap it doesn't work as well. Still, a place I worked as a summer intern used to do it back in the 96-2000 era on IBM thinkpads, so...)
Security by obscurity? Sure. That is all your password is, after all too, it (sec by obs) isn't strictly a bad thing.
Re:If you need real security (Score:2)
Re:If you need real security (Score:5, Interesting)
Irrelevant.
BIOS has gotten to the point [phoenix.com] that it can "phone home" before you even get to the OS. A small modification to hardware or firmware can make it so the system inserts key packets into the network stream, sending covert messages out to the equivalent of electronic "dead drops".
We aren't talking about always-on-a-secure-network PCs, but laptops that'll be jacked into hotels, Starbucks and other insecure networks at some point.
Unless you jack those machines in behind a traffic analyzer/router that captures every packet, then analyze *each* packet that goes out of the machine, you'll never be 100% sure the hardware isn't trojaned.
Ping is nice and innocuous. Are you sure you know what that 56-byte payload contains [wfu.edu]? Have you ever looked? What about DNS requests? They happen ALL the time. Did you analyze each one to make sure they aren't requesting TXT-records that get forwarded over to a Chinese-owned server in the U.S.?
-Charles
Re:If you need real security (Score:2)
The difference between a secret password and a "secret" IT practice is that the password can be changed easily if the secret is revealed. Bruce Schneier calls this "brittle" secrets vs. resilient secrets, e.g. a lock with a key or combination (which can be changed) vs. the location of a secret door (which would be difficuilt to relocate).
Also, don't overlook the possibility that potentia
Re:If you need real security (Score:2)
Security by obscurity isn't about existing secrets (hey, if you encrypt something, then you also obscure the contents and hope for security).
Security by obscurity means: We don't tell anyone how it works, so they will have a hard time figuring that out first until they can get in. Security by obscurity means: Putting the key under the doormat, so no one knows where the secret (the actual uniq
Re:If you need real security (Score:2)
Agreed. Maybe Roadhouse or any other Patrick Swayze film, but not Ghost.
I doubt it (Score:5, Insightful)
even the preinstalled operating system would be immediately
detected and destroy the entire PC business of Lenovo abroad.
Re:I doubt it (Score:2)
Not too long ago, Boeing sold a couple 747's to the Chinese government to be used for government officials. The Chinese found out they were loaded with listening devices. They bought a couple Airbuses for the Chinese officials instead, but it didn't effect the sale of Boeing planes to airlines and such that aren't worried about spying.
Re:I doubt it (Score:3, Insightful)
Some counterexamples include the Sony rootkit, which was shipping for most of a year before being caught and wasn't even that cleverly coded, and Interbase, which went six or seven years before anyone noticed the back door login. Or of course the brilliant Ken Thompson backdoor in
The problem with this investigation is that PCs shouldn't be trusted anyway. Does anyone think that an intelligence agency couldn't develop, or spend a thousand dollars to buy, a zero-day Windows vu
Corp may not be blamed (Score:2)
Not necessarily. They could claim that they were infiltrated by a government agent who made a substitution/alteration. It actually is plausible, the government might not want to trust management or more importantly the fewer people who know the less likely it is to leak. They could successfully argue that any corporation or m
This makes perfect sense (Score:3, Funny)
Better use of time? (Score:2)
Just a stunt (Score:3, Insightful)
The USCC is an organ of the US Congress. These are the members [uscc.gov]. If I understand correctly, they are all politicians. Chinese do things cheaper than Americans, American politicians whine so they look like they are against outsourcing, then they buy happily.
Seriously, bugging thousands of PCs to get intelligence? Give me a break. Intelligence is not just about getting information, it is also about not getting caught and leaving no evidence. Thousands of PCs trying to send coded messages to Beijing would ring a bell even at the Department of Homeland Security. It's much simpler and safer to buy or blackmail a politician or an employee to provide information.
Re:Just a stunt (Score:2)
Why doe there "There just has to be better uses".. (Score:2)
WHY ???
You dont think the Chineese would do this ?
Does anyone remeber our com plane and its pilots ?
The Chineese wouldnt even think twice about doing something like this. They would do it hands down.
Shit WE would do it, and we did, look at all the games we played with the russians, bugged photocopiers for example.
You seem like a plant , or a way to trusting soul to be on slashdot
Not the best direction... (Score:2)
Anyway, wouldn't outsorcing to other countries have some similar exposures?
What goes around could come around . . . (Score:2)
Well no wonder.... (Score:2)
http://digg.com/technology/_Help_me_Obi_Wan_Kenob
At best they've been spying on Bruce Wayne, Clark Kent, and Obi-Wan. Down with the bastahds.
There is a very good word for this phenomena: (Score:5, Insightful)
I have nothing further to add, because that word sums it all up. While there are valid threats against the USA and in the intelligence community there are measures to tap into restricted data, they are NOT going to mess with PCs for fuck's sake! If someone has high security requirements that entity is not going to buy from a consumer level shop ANYWAY.
Geez.
Re:There is a very good word for this phenomena: (Score:3, Insightful)
So you're saying that the sensitive departments of the US government custom builds their own desktops and laptops? Have a reference?
Re:There is a very good word for this phenomena: (Score:2)
Re:There is a very good word for this phenomena: (Score:2, Insightful)
Our steel industry is completely decimated now. We barely make any heavy machinery in the United States. God forbid we actually ever get into a real war against the countries we've outsourced these things to.
Besides that, xenophobia is good for business. Look at the Japanese.... no one can sell electronics to them except Japanese. It's a guaranteed lock that the new Nintendo and Playstation boxes will do
Re:There is a very good word for this phenomena: (Score:2)
Ah yes, the classic protectionist defense argument. How can you make this claim when, whatever difficulties U.S. ground troops may have, U.S. naval and air domination is absolutely overwhelming? According to this [csbaonline.org], the U.S. navy is the world's largest navy with a tonnage greater than 17 of the next
You fail to realize most espionage is industrial (Score:4, Insightful)
That's terribly naive. You fail to realize that most espionage is industrial. Billions of dollars are lost due to industrial espionage, foreign countries acquire R&D info that saves them time and money, their military tech is advanced by years,
Also naive is to think that people with high security are the only target. In the real world espionage often goes for indirect info. What companies are supplying the goods and services, are their changes in orders, their production, etc. You don't have to get the general's plan for an invasion, you may only need to identify his preparations.
That is one interesting article summary by OP (Score:3, Insightful)
The US Government is basically doing a security check on the computers they ordered to make sure there's nothing extra on those computers.
Someone got their panties all in a wad is trying to score some polipoints by being patriotic.
There really is smoke without a fire. This proves it.
"PC comes pre-loaded with spyware" (Score:3, Funny)
(A joke, not a troll)
There is precident (Score:2)
This crap pisses me off... (Score:5, Insightful)
Do the geniuses that ordered this "probe" realize that the vast majority of components in a modern computer come from the orient? That it is VERY difficult to find a keyboard, mouse, case, or power supply that is NOT made in China? Do they know that many laptops (not Lenovo) are manufactured by Chinese-owned companies, and/or made directly in China itself?
The only thing that could be worrisome is if they had Lenovo handle the builds on the hard drives, but NO classified shop should be relying on "outside" builds anyway.
Do these folks ALSO realize that by law, no computer containing classified data may be connected to a public network of any kind? How is any "bugged" machine supposed to export the data? Osmosis? Telepathy?
SirWired
Re:This crap pisses me off... (Score:2)
Sensitive-but-unclassified (SBU) data also deserves protection, and many non-military government facilities have Information Assurance policies that they are required to follow. Proving that a vendors' facilities and processes cannot be exploited by agents of foreign governments is not a simple matter.
Yes, the possibility exists t
Why is it a public story? (Score:2)
If the U.S. is concerned (which is reasonable), then they just take a few laptops out of the shipment when it arrives and send it down to the lab to be inspected and tested. If everything is in order, pass out the rest of them.
If you do find something, then... uh... Bomb china or whatever it is we do when people piss us off. Oh, and ask for your money back.
I don't see why this should be a story, I would hope tha
You are dead wrong, Zonk (Score:4, Informative)
The Chinese practically wrote the book on espionage. For some interesting reading on the subject take a look at The Tao of Spycraft" [amazon.com]. Interesting, if extremely dry, reading if you're interested in the intelligence community. A very good look at the LONG history of intelligence practice that the Chinese government has to draw on. I got interested working in computer security when everyone else in my office was ex-mil intelligence.
And not being particularly antagonistic toward us doesn't mean anything. Back in 1999/2000, the general opinion by most of my co-workers who knew something about it was that France and Israel were the countries that were spying on us the most, with China coming in third. The only reason Britain wasn't number 1 on the list was "we already give them everything we know."
I wouldn't put it past us to try it on them, so it would be ridiculous to trust that they wouldn't try it to us too.
Re:You are dead wrong, Zonk (Score:3, Informative)
I said many times during the DPW brooha that one cannot easily pick a poin
Jerry Taylor In Tuttle (Score:3, Funny)
Only on slashdot... (Score:5, Interesting)
1) criticize the United States for using it's intelligence resources to protect itself from a corporation operating out of Communist China.
2) criticize the US for not using intelligence resources "_enough_" to protect its ports/borders/etc.
3) criticize the US for using intelligence resource "_too_much_" by wire-tapping potential terrorists.
Go figure.
Re: (Score:2)
Re:Only on slashdot... (Score:2)
Perhaps we should all have the same opinions (as you?).
Re:Only on slashdot... (Score:2)
Nobody's shown a concrete reason to worry about Lenovo, the wiretaps of "potential terrorists" led the FBI to complain that their time was being wasted with dead ends [nytimes.com] (not to mention that the complaint was that the wiretaps were against the law), and the 9/11 commission pointed to port security as a serious and deadly weakness.
Maybe you'
Re:Only on slashdot... (Score:3, Insightful)
Except that China is not communist. It is MORE capitalist than the USA. It is also not a democracy.
"2) criticize the US for not using intelligence resources "_enough_" to protect its ports/borders/etc."
Actually, every sane government would and does protect it's borders. You don't generally see the security service outsourced to a foreign country for the same rea
A better use of intelligence (Score:3, Funny)
There is. You just don't hear about it.
uummm (Score:2, Insightful)
the reason all of those machines are 0wn3d (Score:2)
Why is it .... (Score:2)
But if the Americans accuse a foreign country of doing the exact same thing with the exact same lack of evidence it's a perfectly valid security concern?
The blurb provides no proof, no belief it's happening, merely that a US agency has decided to insist this possibility be investigate
Better uses? My ass (Score:2)
Are you fucking kidding me? I'd say it is critical to secure computers in government.
The real news here is that our government is stupid enough to buy computers from China. Are we going to have Russia building our ICBMs for us now? There are just some things you have to do yourself.
We have enteredd the xenophobic stage (Score:3, Interesting)
I still maintain that as this continues this will increase inflation, USD will be the new monopoly money.
Re:Hilarious (Score:2)