Lenovo Under U.S. Probe for Spying 327
BigControversy writes "The DailyTech has a report indicating that Lenovo, the giant Chinese PC manufacturer, is under a probe by the U.S.-China Economic Security Review Commission (USCC) for possible bugging. Apparently, the government has ordered 16,000 PCs from Lenovo but is now requesting that Lenovo be investigated by intelligence agencies. The fear is of foreign intelligence applying pressure to Lenovo to equip its PCs so that the U.S. can be spied on." From the article: "Despite the probe, Lenovo says that its international business, especially those that deal with the US, follow strictly laid out government regulations and rules. Lenovo also claims that even after purchasing IBM's PC division, its international business has not been affected negatively. Interestingly, in an interview with the BBC, Lenovo mentioned that an open investigation or probe may negatively affect the way that the company deals with future government contracts or bids." There just has to be better uses of our intelligence community's time.
Supposition and Speculation (Score:3, Interesting)
On the one hand, they have a point: it would be very easy for the Chinese government to "encourage" Lenovo to plant things in these machines to allow them to spy on the US. On the other hand, given the profusion of malware, keyloggers, Trojans, and such, the Chinese government could already be spying on the US without having to go to such extraordinary lengths. Frankly, it's too obvious to be credible.
TV, and DVD Players May Listen Too! (Score:4, Interesting)
If you need real security (Score:3, Interesting)
Beyond that, by talking about it, you've given "the enemy" information on how your IT practices work: you pretty obviously don't use ghost or any similar sort of mass deployment software. (yes, I realize that for laptops with all their custom crap it doesn't work as well. Still, a place I worked as a summer intern used to do it back in the 96-2000 era on IBM thinkpads, so...)
Security by obscurity? Sure. That is all your password is, after all too, it (sec by obs) isn't strictly a bad thing.
Re:So let me get this straight.. (Score:1, Interesting)
Re:Disagree on the last comment (Score:5, Interesting)
Re:If you need real security (Score:5, Interesting)
Irrelevant.
BIOS has gotten to the point [phoenix.com] that it can "phone home" before you even get to the OS. A small modification to hardware or firmware can make it so the system inserts key packets into the network stream, sending covert messages out to the equivalent of electronic "dead drops".
We aren't talking about always-on-a-secure-network PCs, but laptops that'll be jacked into hotels, Starbucks and other insecure networks at some point.
Unless you jack those machines in behind a traffic analyzer/router that captures every packet, then analyze *each* packet that goes out of the machine, you'll never be 100% sure the hardware isn't trojaned.
Ping is nice and innocuous. Are you sure you know what that 56-byte payload contains [wfu.edu]? Have you ever looked? What about DNS requests? They happen ALL the time. Did you analyze each one to make sure they aren't requesting TXT-records that get forwarded over to a Chinese-owned server in the U.S.?
-Charles
This is a good argument for open source hardware. (Score:5, Interesting)
Mil Spec used to require second source suppliers for everything. That means every chip, resistor and capacitor. To do that now would require that several companies have the complete design of everything down to the last square mm of silicon. Such a policy would effectively prevent spying devices because many people would be able to examine the design. The same reason that open source is safer than Windows is the same reason that hardware designs should be open sourced (or at least second sourced).
BTW. You are absolutely right. Even friendly countries spy on each other. There was a story going around a while ago about an embassy had to be totally torn down because the local workers who built it had planted many microphones in it.
Declining population (Score:2, Interesting)
United States: 298,290,000
Get back to me when China doesn't outnumber the United States 4 to 1.
But seriously, what effect does declining population have on either China's stability or beligerence.
Also, what does it say when successive generations are viewed not as hope for the future but a threat to it?
Only on slashdot... (Score:5, Interesting)
1) criticize the United States for using it's intelligence resources to protect itself from a corporation operating out of Communist China.
2) criticize the US for not using intelligence resources "_enough_" to protect its ports/borders/etc.
3) criticize the US for using intelligence resource "_too_much_" by wire-tapping potential terrorists.
Go figure.
We have enteredd the xenophobic stage (Score:3, Interesting)
I still maintain that as this continues this will increase inflation, USD will be the new monopoly money.
Re:Disagree on the last comment (Score:3, Interesting)
A cynic might take that to mean that the US is looking to make a lot more enemies.. Who am I kidding, the plans to invade my country have already been made, a bill was passed by Congress to invade The Hague in the event the International Criminal Court would ever attempt to try a USian.. SO yeah, I live in a future enemy State, despite being one of the strongest supporters of NATO....
Re:Disagree on the last comment (Score:3, Interesting)
The reason for picking on China is xenophobia, plain, old and simple, dressed up in McCarthy era justifications around communism.
Hardly. The fact is that China is really the only adversary who potentially has the military strength and intent to engage the US. North Korea and Taiwan are both problem areas where the Chinese and American viewpoints are very different. I'm sure European and Middle Eastern countries spy as well, but the US is not going to be invaded by Germany or Jordan.
I'm sure China would just love to get a bunch of bugged PCs into places like the LLNL [llnl.gov] or NSA. Having a backdoor into the US labs developing missile defence systems would be their dream come true.
Eventually the Taiwan problem is going to have to be resolved. I can see this happening either by the Chinese government eventually becoming more moderate (ideally becoming democratic, but more likely giving up on the hardline Taiwan stance), or by a military conflict (eventually their economic and military strength will reach a level where they will think they can do whatever they want - its just a matter of time). I imagine the hardliners see the latter as the road to "reunification", so its very much in their interest to spy all they can. Lenovo might just be another part of their effort [slashdot.org].