Forgot your password?
typodupeerror

US Government Fears China Bugs Lenovo PCs 348

Posted by ScuttleMonkey
from the gosh-we-didn't-think-of-that dept.
An anonymous reader writes "After approving the sale of IBM's PC Division to the Chinese Corporation Lenovo, the US Government has realized China could bug Lenovo PCs destined for US Government customers. Would the US have done the same to China? With American businesses so eager for business in China no matter what, where are we headed?"
This discussion has been archived. No new comments can be posted.

US Government Fears China Bugs Lenovo PCs

Comments Filter:
  • by Whiney Mac Fanboy (963289) * <whineymacfanboy@gmail.com> on Monday May 22, 2006 @05:26AM (#15378893) Homepage Journal
    While I have no doubt that the US & China spy on each other constantly:
    But after angry objections from the US-China Economic and Security Review Commission, a bipartisan panel of experts appointed by Congress, the department opted this week to pull the computers from the network. [emph mine]
    I really do have to ask. Is the US-China Economic and Security Review Commission really unaware that the vast majority [com.com] of PCs (including Apple, dell, hp, gateway, etc) are manufactured (or at least part manufactured) in China?

    I find it hard to believe that they don't, so this punishment is not for the computers being manufactured in China, rather for the company not being US owned anymore. In other words, it's fine for the Chinese to do the manufacturing, but it has to be Americans making the real money (and again, this sort of chauvinism is pretty common & not unexpected, but it would be nice for the US to be a little more honest about its motivations).
    • Americans have a hard time adjusting to the fact that the computer world doesn't revolve around them anymore. It's a general problem right now that American companies will not buy software and hardware from companies not perceived to be American.
      In many ways it's just like the automobile industry in the 70's and 80's
    • by Savage-Rabbit (308260) on Monday May 22, 2006 @07:33AM (#15379151)
      ...the vast majority of PCs (including Apple, dell, hp, gateway, etc) are manufactured (or at least part manufactured) in China?

      True enough, the whole suggestion of PC bugging is almost funny. If the Chinese were to bug every single computer that gets assembled in China just on the off chance that it happens to end up in a secret US.Govt facitlity they would leave a footprint so large that the operation would be blown wide open pretty quickly. How many amateurs and computer engineers are there around the world picking their computers apart? One would expect such a scam to be discovered pretty quickly. Besides that how are the Chinese going tell which of the tens, if not hundreds, of thousands of computers the US.Govt buys end up in secret facilities. Do the computes phone home? Do they have self activating bugging devices that phone home (through how many layers of firewalling and network security?) when they some how automatically detect that they are in a US Govt facility? The whole suggestion of the Chinese bugging computers wholesale is ridiculous. That leaves us with the possibility of a sophisticated Chinese sting operation that uses the Lenovo distribution network to spike only those computers Lenovo and its distributors (distributors which would have to be staffed by the Chinese intelligence) know are likely to be destined for sensetive facilites. That would minimize the likelyhood of the scam being discovered unless US intel started randomly sampling computers and checking them for bugs but it still seems collossally impractical. If I were Chinese intelligence I would stick to working the most vulnerable part of any US.Govt operation. I would, for example, look for that inevitable disappointed, bored out of his skull, stuck in a dead end career pencil pusher and bribe him/her. It has worked in the past and it will work today. There have to be a thousand more practical ways of spying on the US than bugging computers.
      • While I agree that it would be pretty tough for the Chinese to design a laptop that phones home without being detected. With the quality of firewalls in even the lowest levels of government, I would think that such a spying device would be picked up immediately.

        However, just to play devil's advocate, I think that they could much more easily integrate logic into one of the other support chips in the laptop (there are thousands) that could, for instance, look for and store an encryption key. Nothing major.
      • You're forgetting one major thing here. Since they do the selling and building, they will know exactly where the pc's are targeted to be... Therefore, greatly reducing said footprint.
      • How many amateurs and computer engineers are there around the world picking their computers apart?

        Yeah, how many pick the ethernet chip apart, transistor by transistor ?

        Plus, note that a backdoor does not necessarily result in observable information flow. If I wanted to bug a PC, I'd patch its hardware random number generator.

        AC

    • True. Probably the majority of electronics (not just computers) seem to be sporting the "MADE IN CHINA" sticker these days. But the difference between, say a Lenovo computer and an HP computer, is that while the HP may be made in China, it is an American company, and you have to assume they have some kind of oversight of their manufacturing plants in China and would be looking out for things like employees planting bugs in computers. Lenovo has no such interest since it is based in China and is answerable o
      • Why is this post marked a troll? I think the parent makes a very good point about the fact that it could happen. Do I think that the Chinese might try to bug a computer that they ship to the U.S. government? Maybe. Do I think it would be successful? Nope. It would have to "call home" and the admins on the government's network would see it if it wasn't already blocked by the firewalls. So the likelihood of this happening is slim, but it *could* happen.
    • I know this is going to come across as chauvinistic or whatnot. Bear with me. I'm not an American, and don't really like the USA government, but in this case I can't blame them either. For a _government_ I find it normal to try to stimulate domestic economy and not the economy in China. In fact, I find it their duty to.

      See, there was this thing called the Great Depression. And there was this guy called John Maynard Keynes [wikipedia.org] who came up with a new economic theory. Best known as Keynesian economics [wikipedia.org] Look it up s
  • Bugged, you say? (Score:4, Informative)

    by gowen (141411) <gwowen@gmail.com> on Monday May 22, 2006 @05:28AM (#15378897) Homepage Journal
    My computer's bugged. It keeps regurgitating the same information over and over again [slashdot.org].
    • Judging by my remote scan of your computer, it seems to have picked up a bad case of Dupeware. Have you been clicking on links on slashdot recently?

      Also, this is Scuttle's second dupe in 8 hours. He duped the article about the new New York Applestore. He managed to remove that quickly enough [slashdot.org], though, and I don't think many saw it.

      Scuttle Monkey, I give you editors a hard time, but usually it's all in good fun*. But you're just pathetic. Hang it up and go back to work at McDonald's, man! I want my fries hot
    • It's cool ... the new /. CSS will fix dupes. :-)
  • Isn't this about the third time we've seen this 'story'?
    • Re:*sigh* (Score:3, Funny)

      by gedeco (696368)
      Yep,

      But soon this will be over.
      The new lenovo pc will automagicly connect through the great firewall of China and deliver the chinese the coordinates to nuke slashdot dupe posters.

      Just making the internet a safer place :)
  • by vandan (151516) on Monday May 22, 2006 @05:33AM (#15378906) Homepage
    It's not like the US government has exactly been leading the way on demonstrating restraint with respect to bugging.
    They bug everyone calling into and out of the US. They keep aggregate data for the purpose of dragnetting the stuff later for evidence of links to terrorism.
    They even bug members of the United Nations ( not that I have a great deal of respect for them, but still ... at least most other people do ).
    Why wouldn't they bug China. And yes, why wouldn't China bug the US.
    It's an insane system. A paranoid, power-hungry system.
  • by madnuke (948229) on Monday May 22, 2006 @05:37AM (#15378913)
    Wrap your laptop in foil, it will protect it from Chinese bugs and boost your wifi signal by 40%!
  • Yes (Score:5, Interesting)

    by Samir Gupta (623651) on Monday May 22, 2006 @05:37AM (#15378915) Homepage
    The USA did it to China indeed [slashdot.org].
  • by macadamia_harold (947445) on Monday May 22, 2006 @05:39AM (#15378919) Homepage
    what's with all the speculation? With their domestic spying program [infoworld.com], wouldn't the NSA know whether the PCs were "phoning home"?
    • Not necessarily. Bugs can be designed to be passive, and nearly undetectable. Information can be leaked via intentional flaws in the shielding and filtering. Covert information channels can be very subtle and difficult to detect. They aren't going to stuff a bunch of bytes in a packet and ship it off to hq.pla.cn.
  • by danro (544913) on Monday May 22, 2006 @05:41AM (#15378923) Homepage
    China may bug US government PCs?
    Welcome to the rest of the world!
    Everyone else has to keep the same thing in mind when they use Windows in government and industry.
    • Just Windows?

      What about Solaris? What about AIX? Irix? UNICOS (especially this one)?

      What about the specialized sh*t loaded on Rockwell vector processors used in radars by everyone but the russians?

      What about...

      Let's be real here.

      What goes around comes around and it is very nice to see the US govt being repayed in its own currency. It is only a matter of time until it gets more of it with everyone and his dog moving manufacturing to China and R&D to India and Russia.
  • by liangzai (837960) on Monday May 22, 2006 @05:44AM (#15378925) Homepage
    They say they want free trade, but they won't buy IBM PCs after China bought the brand (no other difference).

    They say they want democracy in the Middle East, but when there is democracy in the Middle East, they don't respect the outcome (Hamas).

    They say other nations should respect human rights, but they themselves don't (Gitmo, torture flights, numerous examples).

    Anyone still wonder why the rest of the world spits on America?
    • For the record, the whole world spits on China, too.

      America may be a mess, but it's not like China is a shining example of how to run a country. Your country sucks just as much as mine, and probably more so.

      At least I can say America is a mess without worrying about a knock on my door from the thought police. America may be poorly mistreating those captured on the war on terror, but at least we don't have "strike hard" campaigns where our own citizens are sentenced to death in stadiums and executed minu

      • So seriously, shut the fuck up, Chinese guy. You have no right to talk.


        Chinese guy? Pure Viking blood here, dude...
      • For those who missed it, devnull17's post can be summarised as:
        America - still more rights then China!
      • by Eivind (15695) <eivindorama@gmail.com> on Monday May 22, 2006 @07:19AM (#15379117) Homepage
        Agreed. Neither foreign policy, not human rigths is something China should be proud of.

        But here's the thing -- noone acts as if China are doing particularily well in these areas, neither do China currently act as "world police", waving the banner of freedom and democracy, and claiming to be chief protector of those values.

        For that matter, China doesn't even particularily seem to care if other countries ignore human rigths.

        When you go out in the world, invade other countries, wave the banner of freedom and democracy around, it is to be excepected that people will be bothered by this "image" and see it as fake when they're confronted by stuff like Gitmo.

        There are (lots of!) places worse than Gitmo in China, no doubt about it.

        But the thing is, like you say, US citizens are free to protest Gitmo. They're even free to toss out those politicians responsible for trampling americas reputation in the mud. Yet they do not. To me that's a mystery.

        Most americans I know are *proud* of their freedoms. Consider human rigths *important*. Want the world to have more freedom and less torture, less inhumane punishments, less repression, less people in jail without a fair trial. That's why I don't understand why you tolerate such abuses from your own government.

        At last: "We may be bad, but atleast we're better than China" is true. But it makes you wonder, doesn't it ? If you have to compare yourself to *China* to come out the winner, just how deeply have you sunk ?

        Sure, you're not alone in refusing to sign the convention on childrens rigths, you share that honor with Somalia. That give a warm cuddly feeling ?

        The thing is, I don't get it. I'm absolutely positive, if you where to read the declaration (available here [ohchr.org]) for the US public and ask if they're in favor or not, literally 95% (or more) would be in favor, and you're a democracy, so I don't understand why you don't demand your government gets with the program.

    • Democracy (Score:3, Insightful)

      by Detritus (11846)
      They say they want democracy in the Middle East, but when there is democracy in the Middle East, they don't respect the outcome (Hamas).

      Bullshit. Holding a democratic election does not absolve you of responsibility for the outcome. If "the People" want Hamas to run the P.A., they will have to live with the consequences of that decision. The rest of the world is under no obligation to underwrite the operations of a group of terrorists, whether democratically elected or not.

      • Bullshit. Holding a democratic election does not absolve you of responsibility for the outcome. If "the People" want Hamas to run the P.A., they will have to live with the consequences of that decision.

        Yes, that is fair enough, if they elect a government that doesn't want to play fair internationally, then they need not be treated fairly themselves.

        However, Americas medling in democratic elections is not limited to the Middle East, nor is it limited to violent regimes. Take a look at the past 50 years o

        • Pick almost any country and you can name an election that was tampered with by the USA

          There was even an incompetant bungled attempt at removing a leader who was on his way out in Australia in 1975 which apparently only provoked hilarity in the Australian government and intelligence agencies. It backfired in the USA when a couple of agents were apparently apalled by this interference and used it as an excuse to sell secrets to the USSR. The fictionalised account of the real court case about this was turned

      • Very true. I think that you hit upon a good point: Democracy is a means to an end, and not an end in and of itself.

        The purpose of Democracy is to protect against evil and tyranny. In this case, bringing Democracy to the Middle East is not a valuable goal, while freeing it from tyranny is.

        Not that the Iraq invasion actually DID that, though...

      • It's not just a matter of economic support. It's the diplomatic isolation. You can't claim to support democracy, then refuse to recognize a democratically elected government.
  • by jkrise (535370) on Monday May 22, 2006 @05:48AM (#15378935) Journal
    He suspects everyone else is a thief... or atleast a potential thief. Why would the US fear Chinese 'bugs' in Lenove PCs? And if indeed the fear is valid, then why was IBM allowed to contract it's manufacturing outside of the US, and in particular, China? If laws could be framed to control export of things like encryption etc, why not h/w manufacturing as well? So many jobs could be kept within the US.....

    • I've been doing manufacturing in China for a few years now, and I can confirm that this sort of thing is exactly what the Chinese would do.

      The strange part is that Lenovo doesn't even need to do that - the Chinese are stealing American technology left and right, and they're doing just fine without bugged PCs.

    • If laws could be framed to control export of things like encryption etc, why not h/w manufacturing as well?

      Who really needs a free market anyway?
      • People "need" free markets like they need a third tit. The only people really benefitting from "free" markets are the wealthy and the powerful with enough economic clout to twist the market to do their bidding.
  • A bit ironic (Score:2, Insightful)

    by Anonymous Coward
    Earlier this year the Bush administration was very disappointed as they weren't able to sell your harbours to an Saudi company because of the senate's fear of terrorism but are afraid of computers manufactured and _owned_ by a Chinese company.

    Using the chinese as manufacturers on the other hand, that's all right since the money goes to US companies.
  • Obvious (Score:2, Funny)

    by lovebyte (81275) *
    where are we headed?

    Above the neck?
  • Doesn't the US Government re-image the machines once they're in-house? If so, then the threat of bugs is somewhere near 0. Maybe they're talking about the normal Windows adware/spyware stuff?
    • by cduffy (652) <charles+slashdot@dyfis.net> on Monday May 22, 2006 @07:03AM (#15379082)
      Maybe they're talking about hardware that, say... logs keystrokes, and can be summoned to retrieve them by a later software infection (or by a low-power radio request -- if these machines make it into an embassy or somesuch, it's entirely reasonable to have a feet-on-the-ground representative carry a piece of hardware that transfers the logs off the box).

      Look at some of the ways the US bugged equipment exported to Russia during the cold war -- there's a lot of ingenuity going on there.
  • Tit for Tat? (Score:4, Insightful)

    by N8F8 (4562) on Monday May 22, 2006 @06:02AM (#15378963)
    Could it be a little revenge for China helping Irans nuclear program [google.com] and supporting its military in general? More specifically, supplying high grade Uranium gas?
  • This is stupid... (Score:5, Insightful)

    by Bert64 (520050) <bert@noSPam.slashdot.firenzee.com> on Monday May 22, 2006 @06:05AM (#15378967) Homepage
    A huge proportion of computer hardware is manufactured in China and has been for years, not to mention countless other things... What's to stop the Chinese from sending bugged components instead of full machines?

    However it raises an interesting point, it's much easier to hide back doors in software, so by this reckoning china should ban the use of american software... If this started happening, i`m sure microsoft would make it's pet government back down.
  • by Flying pig (925874) on Monday May 22, 2006 @06:36AM (#15379020)
    The Venetian Empire was constantly threatened by the Turkish Empire...but their traders just couldn't resist doing business with the vast expanse of Asia Minor. And the long term outcome? Venice lost.

    Interestingly Dubai looks like its ruler is consciously aiming at becoming the next Venice, and his relations with the US are going the same way (trying to obtain harbours in the Turkish empire==trying to buy ports in the US).

    The parallels are considerable. Venice relied on seapower and built the greatest manufacturing business in the world - the Arsenal, which employed 16000 men and could turn out three ships a day at its peak. But when it tried to rely on dominating trade and took its eye off manufacturing and naval power, it went into decline. The current US emphasis on creating a world of "intellectual property" and slowly de-emphasising manufacturing is not a good long term trend, at least for the US. Look at the UK, which is now a very third class power dependent on managing financial flows.

    It looks like Marx was right; US capitalism may be destroyed by the internal contradictions, in that the interests of capitalists are contrary to the security of the country. Meanwhile, China while claiming to be business friendly is using Lenin's approach of using capitalism against itself.

    • The Venetian Empire was constantly threatened by the Turkish Empire...but their traders just couldn't resist doing business with the vast expanse of Asia Minor. And the long term outcome? Venice lost.

      The decline of Venice had less to do with the Ottomans than it had to do with the discovery of the Americas and the sea routes to the east indies. Mediterranean trade simply became less important, and Italy lost much of its centrality.

      The winds changed, the well ran dry, insert appropriate analogy. Basically, t
    • The current US emphasis on creating a world of "intellectual property" and slowly de-emphasising manufacturing is not a good long term trend, at least for the US.

      You have some very interesting points in comparing the decline of Venice with the decline of the USA. But I don't think the problem is in overemphasis of intellectual property. The problem, IMHO, is that IP is being devalued, not over valued. When a patent is granted on "one-click" methods, these are granted the same status as very important disco

  • by pubjames (468013) on Monday May 22, 2006 @06:42AM (#15379035)
    Today, Wired published the full evidence of the AT&T/NSA domestic surveillance program. It is fascinating reading:

    http://www.wired.com/news/technology/0,70944-0.htm l [wired.com]
  • Given that the rest of the world has to worry that the US might bug any of Windows, MacOS, and a huge range of hardware we are not sympathetic.
  • We have a saying... (Score:4, Interesting)

    by Serious Simon (701084) on Monday May 22, 2006 @06:47AM (#15379046)
    In the Netherlands we have a saying that can be translated into English as "The way the innkeeper is himself, he suspects his guests"...
  • by QuietLagoon (813062) on Monday May 22, 2006 @06:56AM (#15379067)
    Would the US have done the same to China?

    The Chinese dpo no trust Windows unless they have the source code.

    Do you really know what Windows is doing? They is this blob of unknown code that is running on 90% of the world's computers, all under the control of one corporation in the US, a corporation that receives special treatment from the US government.

    • If the Chinese wanted the Windows source code so badly, all they'd have to do is take all the Windows bug reports with the offending code attached, and piece all the code snippets together. Voila, instant Windows source code.
    • The Chinese dpo no trust Windows unless they have the source code.

      Nothing new or unusual here. The security folks have long had one primary rule: If you're at all interested in security, you don't run any software unless you have all the source code and you've compiled it yourself.

      If you run a binary from someone else, you have no way of knowing what's hidden in there. It could be doing all sorts of things in addition to what you think it's doing, and you have no way of knowing.

      Microsoft does have a bit
    • Even if you've got the source code, it won't help you determine if there is remote surveillance embedded in it. That source has to be compiled by a compiler that is controlled by MS. Ok, so lets say you have the source for that. It was compiled by itself, and I'm sure everyone here knows of the paper by Ken Thompson concerning hiding code in a compiler such that it is no longer in the source code.

      As Ken Thompson says; "No amount of source-level verification or scrutiny will protect you from using untrusted
  • This could become a case of chickens coming home to roost with China and other U.S competitors and adversaries using the TCP (Trusted Computing Platform) [cam.ac.uk] to have a back door to computers they produce and which are sold to businesses and governments all over the world.

    All they need to do is to make note of the keys or signatures from the TPMs(Trusted Platform Module) [infineon.com] that are embedded in every modern PC.

    In fact this illustrates the greatest challenge of TCP based DRM. Who will be the key escrow / signing

  • First off I fully realize that capitalism is the best way of maximizing economic output, although personally I'd prefer the so-called social-democratic model where the benefits of that growth get also filtered down to the have-nots in an organized manner.

    However our friendly old capitalism has increasingly metamorphosed into a new kind of faceless corporate globalism where any remains of social responsibility have given way to pure greed and only the rights of the major shareholders -- themselves increasi

    • Although the destructive US-lead occupation of Iraq is bad enough, the Americans are expected to eventually leave that burned country to Iraqis (or whatever the remaining peoples choose to call themselves and their ethno-religious units). But other increasingly fascist second-rate superpowers like China and (Soviet) Russia are in the process of occupying and swallowing (de facto wiping off the map) their neigbouring nations and peoples as part of a nationalistic neo-imperial drive.

      Have you been away from

  • US Embassy - Moscow (Score:2, Informative)

    by Morky (577776)
    It reminds me of when the US let the Soviets build their embassy in Moscow. Bugs in the bricks. They couldn't use it.
  • by didiken (93521) on Monday May 22, 2006 @07:34AM (#15379155) Homepage
    Funny that US has bugged a Boeing 767 purchased from the US [bbc.co.uk] for use by former President Jiang Zemin [sptimes.com].

    Didn't hear the Chinese stop buying jumbo jets.
  • Do you guys ever get mad about these dupes? Scuttlemonkey, do you even read /. on your days off?
  • by mwilliamson (672411) on Monday May 22, 2006 @08:08AM (#15379245) Homepage Journal
    Ok, first of all for a bugged machine to communicate with its makers it would need some conduit to send its data. Since China is on the other side of the world any RF emissions can probably be ruled out, besides, the machine has got to be FCC certified to be sold here and if it were really RF-noisy, it wouldn't pass compliance.

    This leaves network traffic. Now I really hope there aren't many machines that stradle classified networks and unclassified networks. Real, physical separation could guarantee no crosstalk between classified and non-classified systems. A while back I recall some discussion that VMWare was being used to virtualize systems of different classifications, so maybe this is not the case anymore. Nevertheless, a firmware bugged system would have to report home, and any self-resperting network admin _should_ be able to notice periodic network connection attempts to its destination, especially in a very controlled enviroment where arbitrary tcp/ip connections just aren't the norm.

    This leaves the approach of using stenographic techniques to attempt to hide important data in files that the Chinese would hope to become declassified and published. Talk about hit and miss, not to mention the processing power and overhead such a scheme would take, but this is about the only way out I can think of this morning before my coffee. The firmware could be looking for keyword triggers, record big blocks of text around the keywords found, then embed in numerous other documents in hopes to leak it. Talk about a crapshot, but maybe it is worth adding to a paranoid agency's list of things to watch for.

    -Michael

  • Its' not a bug... it's a feature! It lets them see all of your data so they can verify its integrity. And since we're talking about the American government, they are currently in serious need of integrity!
  • In addition to the hardware bugs, maybe they'll throw in some spyware, adware, and viruses into Windows for good measure. You have to remember that they are competing with Dell.
  • I once bought a Lenovo and awoke in the form of a huge beetle shortly thereafter.

    Typing with insect legs is no fun—believe me.


  • Obviously forgotten about the alleged NSA backdoor in the Windows Crypto API [slashdot.org].
  • by Enrique1218 (603187) on Monday May 22, 2006 @02:04PM (#15382233) Journal
    I really don't how a services economy is going to mobilize for the next big war. How many financial analysts does it take to build F22? How many systems administrator does it take to build a submarine? I am going to mention the lower class who are alcoholic, drug-addicted, or just plain disillioned as their jobs are ship over seas or given to illegal immigrants. I am sure we can round up all the prostitutes, strippers, and drug addicts and train them to build a tank. Computer components are vital part our warfighting ability and exactly how much of that is manufacture in the continental US? I guess we are assuming that in a war with China, we can always have them make our weapons for us so we can in turn drop on them. Seems logical and we don't have top pay for shipping. Spying is the least of our problems. China hasn't asserted itself so far because it still needs to grow some but what about 20 years from now? We can always hope China evolves into a pluralistic democracy but then again we are one and we still invaded Iraq.

Practical people would be more practical if they would take a little more time for dreaming. -- J. P. McEvoy

Working...