You need to be "electronically naked" when you travel to countries like China and Russia, otherwise your data becomes their data. This could be true in other countries as well. Are you sure that your hotel network is safe when you travel?
I am not surprised. But I did not know to what lengths a traveler must go to ensure their data is safe. The New York Times article, "Traveling Light in a Time of Digital Thievery" provides insight into the measures that must be taken when traveling especially to China and Russia. The article points out that travelers should leave their laptops and cellphones at home and carry only clean (information-empty) devices. When the traveler returns, any devices carried oversees should be wiped clean before anyone uses them. If a device is carried, then it should have the Bluetooth and Wi-Fi disabled. It may be better to remove the battery as well when in meetings. When a device is carried, the article recommends that Internet communications should be over an encrypted password protected connection. The passwords should be carried in a thumb drive and not stored on the laptop.
The Times article goes on, "What might have once sounded like the behavior of a paranoid is now standard operating procedure for officials at American government agencies, research groups and companies that do business in China and Russia--like Google, the State Department and the Internet security giant McAfee. Digital espionage in these countries, security experts say, is a real and growing threat--whether in pursuit of confidential government information or corporate trade secrets."
The U.S. Chamber of Commerce was hacked because Asian policy experts who traveled in China had their information stolen. The Chamber did not know of the theft problem until the FBI informed them. At least six weeks of e-mails with Chamber members were stolen. Even after the problem was resolved, it was discovered that one of the Chamber’s printers was printing documents containing Chinese characters. The Chamber owned apartment thermostat was communicating with Chinese servers.
James R. Clapper, the director of national intelligence spoke of the loss of trade secrets to organizations in China and Russia. His statements are covered in "Unclassified Statement for the Record on the Worldwide Threat Assessment of the US Intelligence Community for the Senate Select Committee on Intelligence", January 31, 2012.
Under the subtitle "CYBER Threats: An Evolving and Strategic Concern”, the report stated, "Cyber threats pose a critical national and economic security concern due to continued advances in...IT that underpins nearly all aspects of modern society. Data collection, processing, storage, and transmission capabilities are increasing exponentially.... Owing to market incentives, innovation in functionality is outpacing innovation in security, and neither the public nor private sector has been successful at fully implementing existing best practices."
Clever hackers are targeting companies that produce security technologies. A recent example is the attack at RSA in March 2011. Hackers accessed the RSA network and stole the algorithms used in its authentication system. The stolen information was then used to gain access to a defense contractor’s network.
China and Russia do not allow the use of encrypted devices in their countries without government permission. Many U.S. organizations and government agencies are enforcing do-not-carry rules. Only clean devices can be carried overseas. If a device is inspected at the Chinese border, then that device should never be connected to any organizations network. It may well be contaminated.
