♫ Everytime I turn around
Something don’t feel right
Just might be paranoid..♫
I guess it was just a matter of time. IT World posted an article today by Steven J. Vaughan-Nichols (firstname.lastname@example.org) entitled: “Can you trust Chinese computer equipment?”
While this may seem like the musings of a hyper-active Homeland Security Department, it is based on MI5’s report in The Times Online “China bugs and burgles Britain” that the Chinese Government has given British executives equipment with security holes.
The Times Online article contains a chilling paragraph in discussing a report on these incidents:
Written by MI5’s Centre for the Protection of National Infrastructure, the 14-page “restricted” report describes how China has attacked UK defence, energy, communications and manufacturing companies in a concerted hacking campaign.
It claims China has also gone much further, targeting the computer networks and email accounts of public relations companies and international law firms. “Any UK company might be at risk if it holds information which would benefit the Chinese,” the report says.
It would seem that there is no reason to suspect that if this behaviour is going on, that it would be restricted to UK companies and executives.
The Times further states:
In 2007 Jonathan Evans, the director-general of MI5, had written privately to 300 chief executives of banks and other businesses warning them that their IT systems were under attack from “Chinese state organisations”.
There have been unconfirmed reports that China has tried to hack into computers belonging to the Foreign Office, nine other Whitehall departments and parliament.
Well – instead of trying to hack your way in, what better way to get into sensitive data than by placing the trojans directly into the computer equipment being manufactured in China? That is the thrust of the IT World article.
For anyone who handles confidential data, and here I am speaking of lawyers in particular, (such as those who handle proposed mergers and acquisitions, sensitive patents and other commercially-valuable transactions) the thought that we may be using equipment that allows a foreign government to read the secrets of our clients is a real threat to client confidentiality and commercial activity. Our clients may have first-class computer security surrounding their sensitive commercial information, but can they rely on their lawyers to have equally robust security systems?
Most people would scoff at this, stating that international companies would not build such trojans and back-doors into their hardware.
However, Bruce Schneier, a security expert in an essay entitled: “Technology Shouldn’t Give Big Brother a Head Start” states:
But that’s not the most serious misuse of a telecommunications surveillance infrastructure. In Greece, between June 2004 and March 2005, someone wiretapped more than 100 cell phones belonging to members of the Greek government — the prime minister and the ministers of defense, foreign affairs and justice.
Ericsson built this wiretapping capability into Vodafone’s products, and enabled it only for governments that requested it. Greece wasn’t one of those governments, but someone still unknown — a rival political party? organized crime? — figured out how to surreptitiously turn the feature on.
I don’t know about you – but something don’t feel right..I just might be paranoid.