Can you trust Chinese computer equipment?
China may not only be breaking into Google's network, but giving people deliberately bugged technology gear. Can we trust any technology that comes from China?
As you surely know, Google has accused China of hacking into its systems and is considering pulling out of China altogether. The U.S. government is taking this seriously, and Google has partnered with the NSA (National Security Agency) to get to the bottom of this. What you may not know is that the United Kingdom's MI5 -- Americans can think of this as a combination of the FBI and CIA -- has reported that the Chinese government has been giving UK executives electronics with built-in security holes.
According to the Sunday Times, "A leaked MI5 document says that undercover intelligence officers from the People's Liberation Army and the Ministry of Public Security have also approached UK businessmen at trade fairs and exhibitions with the offer of 'gifts' and 'lavish hospitality.' The gifts -- cameras and memory sticks -- have been found to contain electronic Trojan bugs which provide the Chinese with remote access to users' computers."
That's bad. But why, if these stories are true, should the Chinese government stop there? U.S. and British citizens buy billions of dollars every year of Chinese-made USB memory sticks, computers, hard drives, and cameras. Why not just add security holes as a matter of course to the firmware of all of them?
It's not hard. Heck. It's trivial.
Backdoors, systems with a deliberate security hole that allows its creator full access to a system, have been around for ages. Indeed, back in 1983, Ken Thompson, one the creators of Unix, admitted that he had included a backdoor in early Unix versions. Thompson's backdoor gave him access to every Unix system then in existence.
If China's government really is hell-bent on keeping an eye on American and European businesses, why not just incorporate 21st century backdoors into their products? Then, you could just have them automatically call home to do a data dump of documents. If there's anything interesting in the files, it can be set to monitor its user on a regular basis.
There's nothing difficult about doing this. Not only are backdoors easy to create, running an automatic check for words of interest, even in terabytes of documents, just requires some servers. After all, Google does it every day with far more data than such a plot could ever uncover.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @ITworld
Brian Proffitt
openSUSE: Not for sale today
pasmith
Two new sources fuel the Verizon iPhone rumor mill
sjvn
The Corporation has gone Open Source
Mike Elgan
What to do with your Google 'Social Circle'
Sandra Henry-Stocker
Unix How To: Give me that old-time security!
Dan Tynan
What's worse than privacy legislation? No privacy legislation
The IFA consumer electronics exhibition turns 50
Albert Einstein opened the 7th Great German Radio and Phonograph Show, the forerunner to today's IFA, in Berlin in 1930. The show marked the public debut of a prototype 'television receiver.' Since then, some products, like the 3DTV, were ahead of their time. Others, like the MiniDisc...well, just never got off the ground. Here's a look at IFA's storied past.
IFA 2010
Samsung launches Galaxy Tab
3D content is king at giant tech show
PlayStation 3 will be ready for 3D by October
Sony announces music service, hints at TV service
Google's Schmidt to speak at Berlin show
3D, tablets galore expected at consumer electronics show
everybody does it. don't be one sided
Did you know that the Boeing plane delivered as the Air Force One for Chinese president had bugs placed in it?So everybody does it. Don't be one sided.
Crossing the red line
Obviously he's not one sided, he's commenting chinese gov behaviour.Besides, one thing is to bug a politician --classical spying-- and another one very different is to bug/hack/crack everyone's gizmos.
Can you trust a closed
Can you trust a closed source operating system like Microsoft Windows or Mac OS/X?