Paranoia and Chinese High-tech Espionage

Is it paranoia when they really are out to get you?

It appears that some parts of the People's Republic of China's (PRC) government wants to snoop on Western governments and countries. Since then, I discovered that at least two news bureaus in China have had some of their e-mail accounts hacked. This only furthers my fears that China is engaged in wide-spread high-tech spying that may even go so far as exporting hardware that comes with built-in security holes.

Am I being paranoid? My buddy David Coursey thinks I may be "a tad over the top." As he points out, of the major PC manufacturers, only Lenovo is based in mainland China

Coursey also wrote: "Can you imagine the firestorm that would break out if it could be proven that computers were bugged?" Sure. Gigantic.

But, that presumes that those parts of the Chinese government that want to spy on the West care about Western public opinion. I doubt they do.

For years now, the U.S. in particular has been shipping manufacturing jobs offshore. Manufacturing, once the bedrock of the American economy, has been sold off piece-by-piece to the lowest-possible bidder. Often, that has meant high-tech manufacturing and jobs have ended up in China's Shijiazhuang National Hi-Tech Industry Development Zone and other Chinese provinces.

At the same time, China and the U.S. have grown increasingly strong economic ties. The two often don't see eye-to-eye though. And, the evidence continues to mount that at least part of China's government sees the West as an enemy that needs constant spying on.

Perhaps I am paranoid about general computer equipment. Even with server farms to weed out the wheat from the chaff of millions of PCs, it may not be worth the Chinese's time to filter out potential targets. But, what about networking equipment?

As a Slashdot commentator named Animats wrote about my article: "One of the obvious places to put in a "back door" is in Ethernet controllers. Many used in servers already have logic for hardware "remote administration" (turn machine off, reboot, load code, etc.). It is supposed to be disabled by default, and work only when initialized with keys during hardware installation. Just build a set of default remote administration keys into the chip, and everyone using that chip is 0wned. Send the right UDP packets, and you can take over the machine. This would be completely invisible until activated."

He's exactly right. Everyone in networking circles knows that a lot of gray-market networking switches are made in China. This equipment typically looks just like, say a Cisco switch, but it's actually a knock-off made on the cheap.

Then, of course, there's the legit network hardware that's made in China. Every move you make, every byte you make goes over networks. Place the right routers and switches in the right places, and you can watch every move your competition makes.

I wish I were paranoid. I wish I could simply dismiss this vision of how China might be looking at the outside world. Unfortunately, I keep reading the news, and I know who makes much of the technology we now use in our businesses and homes. So, while I wish this was an irrational fear, I fear that's nothing unreasonable at all about it.

ITWorld DealPost: The best in tech deals and discounts.