Can you trust Chinese computer equipment?

China may not only be breaking into Google's network, but giving people deliberately bugged technology gear. Can we trust any technology that comes from China?

By  

As you surely know, Google has accused China of hacking into its systems and is considering pulling out of China altogether. The U.S. government is taking this seriously, and Google has partnered with the NSA (National Security Agency) to get to the bottom of this. What you may not know is that the United Kingdom's MI5 -- Americans can think of this as a combination of the FBI and CIA -- has reported that the Chinese government has been giving UK executives electronics with built-in security holes.

According to the Sunday Times, "A leaked MI5 document says that undercover intelligence officers from the People's Liberation Army and the Ministry of Public Security have also approached UK businessmen at trade fairs and exhibitions with the offer of 'gifts' and 'lavish hospitality.' The gifts -- cameras and memory sticks -- have been found to contain electronic Trojan bugs which provide the Chinese with remote access to users' computers."

That's bad. But why, if these stories are true, should the Chinese government stop there? U.S. and British citizens buy billions of dollars every year of Chinese-made USB memory sticks, computers, hard drives, and cameras. Why not just add security holes as a matter of course to the firmware of all of them?

It's not hard. Heck. It's trivial.

Backdoors, systems with a deliberate security hole that allows its creator full access to a system, have been around for ages. Indeed, back in 1983, Ken Thompson, one the creators of Unix, admitted that he had included a backdoor in early Unix versions. Thompson's backdoor gave him access to every Unix system then in existence.

If China's government really is hell-bent on keeping an eye on American and European businesses, why not just incorporate 21st century backdoors into their products? Then, you could just have them automatically call home to do a data dump of documents. If there's anything interesting in the files, it can be set to monitor its user on a regular basis.

There's nothing difficult about doing this. Not only are backdoors easy to create, running an automatic check for words of interest, even in terabytes of documents, just requires some servers. After all, Google does it every day with far more data than such a plot could ever uncover.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question