Forgot your password?
typodupeerror

Lenovo Banned by U.S. State Department 474

Posted by Zonk
from the somebody's-watching-me dept.
chrplace writes "The BBC is reporting that the Chinese-made Lenovo PCs are not allowed inside secure US networks." From the article: "Assistant Secretary of State Richard Griffin said the department would also alter its procurement process to ensure US information security was guaranteed. His comments came after Rep Frank Wolf expressed national security concerns. The company Lenovo insisted such concerns were unwarranted and said the computers posed no security risk."
This discussion has been archived. No new comments can be posted.

Lenovo Banned by U.S. State Department

Comments Filter:
  • Re:Dumb (Score:3, Informative)

    by insecuritiez (606865) on Friday May 19, 2006 @10:26AM (#15365320)
    Read the article:

    "But Lenovo insisted the state department computers, which were made at former IBM facilities in North Carolina and Mexico, posed no security threat."
  • Re:Dumb (Score:5, Informative)

    by burnin1965 (535071) on Friday May 19, 2006 @10:29AM (#15365349) Homepage
    "It's not like the PCs weren't made in China when the division was owned by IBM."

    That truely is the ironic part of Wolf's concern. As if the upper management, the part of IBM PCs that changed when they were pruchased by Lenovo, would have ever noticed if the Chinese made PCs were bugged before leaving the factory.

    That said, there should be proper due diligence for any equipment that is purchased and used in sensitive work. In the 1960s the Soviet embassy in Washington purchased/leased a Xerox copier and didn't realize that it was bugged with a CIA camera that took pictures of every document they copied. When the Xerox repairman came in to do routine maintenance on the equipment he would replace the film and take the exposed roll to the CIA. :)

    http://www.parascope.com/articles/0197/xerox.htm [parascope.com]
  • by Anonymous Coward on Friday May 19, 2006 @10:38AM (#15365414)
    ...of the time I spent working in a Secret-level Navy building. When NMCI (the Navy-Marine Corps Intranet, a "service" for which you taxpayers dropped over $8B to Ross Perot's EDS company) came in to give us new computers, I lauged at the huge stack of boxes, many of which said "Made in China." It was even funnier when each new computer came with a microphone that the EDS folks gladly hooked up for us. Yeah, that's a good idea.
  • Re:Cry Wolf (Score:3, Informative)

    by timster (32400) on Friday May 19, 2006 @10:42AM (#15365447)
    You forgot to mention that laptops from all manufacturers tend to be made in China. It's silly to think that Apple or Dell carefully examines all their laptops shipped from China to make sure they don't contain some kind of spy hardware or software.
  • by the eric conspiracy (20178) on Friday May 19, 2006 @10:43AM (#15365458)
    I just bought an HP laptop that was FedEx'ed directly from Kunshun China to my door.

  • Re:Dumb (Score:3, Informative)

    by rodgster (671476) * <rodgster.yahoo@com> on Friday May 19, 2006 @10:49AM (#15365493) Journal
    It's not like the HP laptop I'm typing this on wasn't made/assembled/shipped from China too.

    Agreed very dumb.

  • Re:Cry Wolf (Score:3, Informative)

    by Daniel_Staal (609844) <DStaal@usa.net> on Friday May 19, 2006 @10:52AM (#15365515)
    IIRC (it's been a while since I did IT support for the state department), a classified computer (the only type they are talking about a ban on) shouldn't be connected to the Internet at all. It might be connected to the State Department's own secure network, but even that is a question.

    (As for wiping it and installing their own software: duh. There's a disk image with the standard State Department software, and it is written to every computer. That's not even security: that's just the easist way to do the installs.)
  • Re:Cry Wolf (Score:4, Informative)

    by mungtor (306258) on Friday May 19, 2006 @11:02AM (#15365608)
    Dell laptops are assembled in Malaysia and shipped to the US from there. Components are mostly Taiwan, Singapore, and Korea. I'm sure there is China in there too, but there doesn't seem to be a lot.
  • Re:Old News (Score:1, Informative)

    by Anonymous Coward on Friday May 19, 2006 @11:10AM (#15365672)
    "Rigorous investigation" of software? Nope, never seen that either.
    It's contractors that use classified networks that have to adhere to this process. Say a company like Raytheon has a classified lab to install their end product and host customer demos on classified networks. The government is very particular about this. Even though you've never seen this process, you can be sure that the software installed has been ok'd at some point (you just weren't involved). Companies always make a big stink in the world of defense when their product has been ok'd to work on classified networks. It's true there are different kinds of classified with DoD being the least concerned but as you move up, it just gets more and more rigorous.

    Are you honestly trying to tell me that they'd let you install whatever you wanted on a sensitive network with no review process? That just sounds like a stupid and insecure system to me!
  • by dracphelan (916527) on Friday May 19, 2006 @11:14AM (#15365693)
    (Speaking as someone who has some training in securing facilities against spying) If they allow secure work on laptops, they are already making a big mistake. This was proven by the recent fears of a leak in Afghanistan due to missing thumb drives. Regulations state that such devices are not to be used, and any computer they are on is to be no longer considered secure. But, the twits who care more about the ease of doing their work than security use them anyways. The more portable the information is, the harder it is to keep secure.
  • by sholden (12227) on Friday May 19, 2006 @11:16AM (#15365711) Homepage
    So they should spend more money than they need to, buy from less efficient producers, and reduce the productivity of the US?

    I take it you're a communist? Since you want the government to be bigger - higher taxes and higher expenditure, want the government to subsidise less efficient producers so they don't need to become more productive, and if that reduces the productivity and overall income/wealth of the country then it's worth it.

  • by SillyNickName4me (760022) <dotslash@bartsplace.net> on Friday May 19, 2006 @11:26AM (#15365783) Homepage
    I really suggest you go read the DOD's 'orange book' on secure systems, it explains the issue very well. While this book is old, and some things in it are outdated, the ideas and methods it suggests are still quite relevant.
  • by HalAtWork (926717) on Friday May 19, 2006 @11:46AM (#15365939)
    But the article says they ARE buying them from Lenovo. They're just not using them for classified work.

    The US State Department says the 16,000 computers it bought from a Chinese firm with links to the Beijing government will not be used for classified work.

  • by lgw (121541) on Friday May 19, 2006 @01:27PM (#15366913) Journal
    One reason the US government is so paraoid about hardware backdoor is the number of times we've done this to other countries! Line printers (line-at-a-time impact printers) sold to Iraq in the 80s had radio transponders secretly embedded, so that they could be located at some distance. As such printers are only used in large data centers, we had a targets list of a significant portion of the Iraqi communications infrastructure, which we bombed at the start of Gulf War I.

    Xerox machines sold to the USSR during the cold war often had cameras embedded, and service technicians would take great risk in retreiving the data (I think it was actual film) when servicing the machines, but we had pictures of everything copied.

    These are just 2 very simple examples that have been made public, who knows what sort of stuff we've done that's clever enough that we still keep it secret. If the Chinese got busted the consequences wouldn't be much worse than where we already are today. The CHinese government could, after all, argue that they're not crossing the line any more than the US government has repeatedly done.
  • by Quikah (14419) on Friday May 19, 2006 @01:31PM (#15366941)
    Yeah, but the Chinese market is still pretty closed off, so there is potential, but it has a long way to go yet. Right now a company that releases a product in China has a very good chance of competing against that same product at a much lower price point in a few months after a chinese company copies it. Cars [autoblog.com] being the most obvious example right now. Just search for chinese car copies on google for more examples.
  • by Defector!!! (49874) <roblisy@g m a il.com> on Friday May 19, 2006 @01:33PM (#15366960)
    I'm not sure that many of you all remember this, but a while back the US actually sold China a Boeing 767 with at LEAST 27 different spying devices on board. Both China and the US were mostly quiet about this though, which kept things under wrap. The BBC has articles here [bbc.co.uk] and here. [bbc.co.uk]

    Looks like America has every right to be paranoid, if it expects China to treat it as it has been treated.
  • by irix (22687) on Friday May 19, 2006 @01:41PM (#15367053) Journal
    You are absolutely correct - if I had mod points I'd give them.

    Plus, Blackberries are mostly manufactured in Waterloo, ON - right next to the R&D facility :-)
  • by DrVomact (726065) on Friday May 19, 2006 @01:47PM (#15367120) Journal
    Most techs could probably look at the mobo and tell you what every componet and chip-set part was for. If some strange component was included, it would immediately be recognized as something that was not right.

    Yes, but what about the software embedded in those familiar chips? What about the BIOS? There's lots of nasty stuff that could be hidden at that level, and would be hard to detect. Certainly, visual inspection is not going to be enough...

  • by jim_deane (63059) on Friday May 19, 2006 @02:17PM (#15367400) Journal
    You assume that soft-stored software (OS and higher) is the only risk.

    You forget, there is an entire hard-stored software subsystem and electronic circuitry which could be altered or designed to compromise security. Not just the BIOS; networking, display, and disk subsystems, as well as power and wireless communications.

    Jim
  • by ChePibe (882378) on Friday May 19, 2006 @05:08PM (#15368803)
    These are actual State Dept. Regulations as found in the Foreign Affairs Handbook regarding the purchase of ANYTHING that enters a Classified Access Area (CAA). Give it a quick read. [state.gov] It could shed some light on the present situation.

I have ways of making money that you know nothing of. -- John D. Rockefeller

Working...