China and the Effects of Cyber-Espionage

Wayne Rash
As I'm writing this, it looks like China has just told Google to buzz off. Google has the choice of knuckling under to Chinese demands for censorship (and by the way, tolerating the government's attempts to break into its servers) or leave town. Nobody knows for sure what will actually happen.

But we're not really writing about Google, as difficult as its plight might be. Google, after all, is big enough to take care of itself. Also, moving out of China won't really hurt Google's bottom line, especially if you take into account the damage to the company's reputation for caving to the demands of the Chinese government.

What we're writing about is the danger to your company from China. What many companies don't realize or appreciate is the level of sophistication and aggression by the Chinese government when it comes to stealing intellectual property and personal information from U.S. companies. Here in Washington, the activities of the government-sponsored hackers is fairly well known. There's a nearly constant stream of attempts to crack the computer systems of government agencies and defense contractors here, and the Chinese government is behind many (but by no means all) of these efforts.

This is no surprise, of course. Defense contractors and government agencies are a natural target and the only surprise would be if they weren't being targeted. But what most technology companies don't know is that the effort extends to nearly every level of business. The fact is that the Chinese government is looking for anything it can find that might further its own industry, from intellectual property it might steal and pass along to Chinese companies, to people who might be supporting human right efforts.

This effort is fairly non-specific. If you're involved with any kind of technology they might want, whether it's for pharmaceutical manufacturing or building looms, they want it. What's also important to know is that the government won't just try to crack your company database. If you take your smartphone into China, you should assume that everything in it is being downloaded by the time you leave the airport.

If you have a network presence in China, you should assume that no effort is being spared to use it as a way to gain access to your entire network. If you use a wireless connection, you can assume whatever passes between you and the access point is being seen. There is no safety in China.

But I'm not suggesting that you decline to do business in China. Just be careful. Don't take your Blackberry or iPhone when you go, or if you do, don't turn it on for any reason. Instead, pick up a used Motorola RAZR cell phone and take that with you. They can break into that as well, but it's unlikely you'll have much worth taking.

But you need to go farther. This is why you have to actually worry about where your corporate data resides when your employees travel. Computers can be stolen and their contents copied. So can pretty much anything else. But if it's not there, then they can't take it.

The best approach is probably to help your employees who travel have a safe solution when they go to risky places. Keep a supply of clean laptops that don't contain any critical information. Have a few basic cell phones. Warn your employees to be aware that their smartphones might be compromised and be on the lookout for the possibility. And finally, once they return to the home office, wipe the hard drive and reimage it. Those Trojans that got placed there are sometimes hard to find and remove.

But enough about the Chinese. The Russians do this, too. So do some of the other former Soviet Bloc countries. And all of them will examine everything they find, and then pass it along to their own companies to give them a leg up in competing with you.

I know it sounds like a pain, but when I travel to such places, I leave my Blackberry at home.

Add Comment      Leave a comment on this blog post
Jan 15, 2010 5:01 PM Adam Adam  says:
Good tips, important information. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.