« Fugitive on the run | Main | Seeking truth from facts »

Information insecurity

There was a frightening story in the Taipei Times this week. If true, it should have you running to renew all of your virus protection software. The boldface below is mine.

Here is the top:

Chinese subcontractors blamed for trojan horses

By Lin Ching-lin
Monday, Nov 12, 2007, Page 2

Following findings by the Investigation Bureau that portable hard discs produced by US disk-drive manufacturer Seagate Technology that were sold in Taiwan contained Trojan horse viruses, further investigations suggested that "contamination" took place when the products were in the hands of Chinese subcontractors during the manufacturing process.

On Saturday, Seagate Technology LLC, the manufacturer of the Maxtor portable hard drive, said on its Web site (www.seagate.com) that Maxtor Basics Personal Storage 3200 hard drives sold after August could be infected with the virus.

Anti-virus software manufacturer Kaspersky Labs also issued a similar warning. The hard drive has been temporarily pulled off the shelves and is no longer available for purchase.

The Investigation Bureau said the tainted portable hard drives automatically upload any information saved on the computer to Beijing Web sites without the user's knowledge.

While investigating a Chinese subcontractor involved in the manufacturing process, Seagate found that a small number of drives were infected with the viruses. The company said the products from the problem factory had been scanned and all viruses had been eliminated, adding that all inventory would also be treated before the product was returned to stores.

Seagate did not disclose the stage in the manufacturing process where the Chinese subcontractor installed the Trojan horse.

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451c64169e200e54f97120c8834

Listed below are links to weblogs that reference Information insecurity:

Comments

Virus Protection Software

wow, these recalls are really getting crazy.. about like the lead in the toys..

A B

Can someone tell me how is China protecting themselves from all these hacks / open doors / vulnerabilities in their imported computers, communications and other systems?

It seems to me that China is one of the most vulnerable major countries.

SAN FRANCISCO, Nov. 16 — One of the world’s most prominent cryptographers issued a warning on Friday about a hypothetical incident in which a math error in a widely used computing chip places the security of the global electronic commerce system at risk.

http://www.nytimes.com/2007/11/17/technology/17code.html

nanheyangrouchuan

China isn't stupid, but it is dark and evil.

H L

Not to be heartless, but I think people are getting a little crazy with the wave of recalls lately. Everything is being recalled whether or not it is truly a concern, as long as its made in China.

http://www.cpsc.gov/cpscpub/prerel/prhtml08/08085.html

This is what Gina B. is afraid of? Dangerous CHINESE products? Everything is dangerous, if my monitor fell on a baby, the baby would die too. What should have been been recalled was not the product but the neglegent parents who left their baby alone long enough for this to happen.

Shame on people.

Tian

I think we need to be mindful of the fallacy that whatever bad that happens is the intent of the Chinese government. Economically Communists no more, everyone in China is out to make a buck these days, and possibly that includes the guy involved in making this virus.

Remember, in the 1800s, one country notorious for making fake products including medicine and intellectual piracy which drew complaints from trading partners was, well surprise surprise, the United States where Gina B lives.

A B

Somewhere lost in this debate is that that the largest single world importer of technology, both hardware and software, is China.

Hence, by definition, the country most vulnerable to being hacked and taken advantage of by illicit foreign trojans, hacks, etc. is China.

Every cell phone, PDA, switch, microwave tower, computer, microprocessor, hard drive, printer, copier, aircraft, maintenance equipment, database system, router, firewall, Microsoft Vista / Windows XP, etc., is a potential point of vulnerability.

By the logic expressed in these postings, China need to move to complete self-reliance on most of these items to prevent foreigners from being able to gain access to their secrets.

What if a Chinese Boeing 777 is hacked and caused to fly into some buildings in Shanghai? There certainly is a technical capability by the manufacturer to have such a hack embedded in the aircraft's software that is remotely activated.

While it is asking a bit too much for countries to stop playing this game, which is as old as spying, war, and only slightly younger than sex, countries can at least, exercise a bit of restraint on having these games too openly played --- which ends up harming commercial interests.

Do we really want China to insist on all their computers, telecommunications, high tech systems, etc. to be 100% domestically manufactured and controlled?

Should the US really do the same?

There is room to be skeptical and cautious about using someone else's stuff without it becoming paranoia.

In the case of the Seagate stuff, it was almost certainly an innocent error on the part of a dumb sub-contractor.

bianxiangbianqiao

"For years I have consistently tried to warn politicians, policy-makers and others about the dangers....."

Somehow I am in my "deeply curious" mood tonight. If you really have access to these powerful people (bless their hearts), why are you wasting your time trying to educate the ineffective people reading this page?

I am curious in what capacity you have delivered your warnings to politicians and policy-makers.

david

For years I have consistently tried to warn politicians, policy-makers and others about the dangers of using computers and their accessories ever since we began to import them into the US and West. The PRC employ 'white', 'gray' ad 'black' hats to test our cubersecurity and to make such devices suspectible to intrusion from their nation. The 'grays' & 'black' hats are mercenaries of a cyber-kind. Will America wake up? No because too many companies are heavily vested in the Chinese market out of greed. The fat cats' patriotism is in their wallet and bank accounts. The rank & file follow out of job security and feeding their families. Wait till China lauches its first wave of cyber-attacks and will Wall Street jump out of the windows again?

bianxiangbianqiao

Scary thoughts triggered by Gina B:

When I read her comments, "trashiness" and "inferiority" are the two words that popped up in my mind. These words scared me; I don’t know why but they are deeply unsettling. Can I still be a good and decent person if I use these concepts to characterize other human beings? These words are scary because they represent my deep and genuine feelings, my visceral reactions. I realize her trashiness and inferiority are personal traits, definitely not systematically associated with membership in any group. Does that help? I also realize there are plenty of trashy and inferior individuals among members of my own group, the Chinese, like the rabid anti-Japanese fen-qings. There are her kind of idiots among the Japanese too, like the right-wingers. Trashiness and inferiority are individual problems, not group problems. Is it okay then to label some members of your own species as trashy and inferior? I do not believe being trashy and inferior in my eyes (or anybody else's eyes) would deprive her or anyone of any rights or privileges that comes naturally with being human. Trashiness and inferiority refer to a messed up state of human life, equivalent to a "loser". Are these qualifications enough to sanitize these concepts and settle my qualms? Will I one day wake up and hate myself for having felt the emotional reactions so accurately labeled by these words from the bottom of my heart and expressed them honestly?

I need to deeply reflect on this issue, and find some answers for myself. Are there experts in ethics specialized on this issue? It bothers me more and more everyday. It is a challenge of getting caught in inter-group contact, a fate a lot of individuals cannot escape due to globalization.

IBM ThinkPad

Why do you think the U.S. was worried about letting IBM sell their laptop division to Lenovo China?

So when buying Lenovo laptops for Congress and Senate members, they wouldn't need to worry about trojans spying and phoning home state secrets...

To Pffefer

Pffefer, obviously you haven't lived in real China...

Why don't you come to mainland China and think about speaking up to be heard, and at the same time try to report to the media about anything that doesn't kiss the Communist Party ideology.

H L

*clap clap*

Pffefer

Tsk, tsk, tsk, Gina B, talk about sheer ignorance. China is out to sabotage the US and lead to our demise anyway they can? By doing what? What can China possibly gain by intentionally killing American pets and American babies? Or by orchestrating a terrorist attack on the US? What do you think the Chinese are? Stupid? And please, it is not the Americans who decide who will get to host the Olympic Games.

Getting personal? Doing something about it? Like what? Let's invade China before it screws with us again!

Thoughts and prayers are with Tim? Geez, Tim, how awful it is that you have to live in China, you must be in constant danger. Actually, my thoughts and prayers are with those who are hopeless ignorant.

H L

That's a naysayer if I never heard one. Typical for some in our parts to believe the end of the world would mean the demise of the US. Which is highly unlikely, if anything, we'll just not be a world power; which again is highly unlikely.

While China is plagued with business ethics problems, not all problems/flaws can be blamed on China. Mattel and many other manufactures have admitted to faulty designs. When you're the Manufacture of the World where 85% percent of the stuff comes out of your warehouses its not hard to find a few flaws. Heck even Mexico had toys recalled.

While the Chinese-state does sometime overlook a lot of things, they are at least trying to crack down on a lot of scams. Ultimately it is the choice of the individuals. Individuals who taint food or load virus onto portable drives disgust me. Shame on them.

Gina B

I just stumbled across your blog for the first time. Thank God you are there and reporting this kind of info. China is the "sleeping giant" prophisied in the Bible, that upon awakening (NOW) will be the beginning of the end times. Take notice. First..tainted cat and dog food, tainted hygiene products, tainted food, tainted toys and now this...Americans should be a little more paranoid that China is out to sabotage the U.S. and lead to our demise any way they can. We sholud take this PERSONALLY!! This is incredibly frightening...are we waiting for a Chinese 9/11 to wake up and DO something about it? Why are we even allowing the Olympics to be held there? I'm hoping someone like yourself who is getting info to the American people will make a difference before it is too late to do something about it. My thoughts and prayers are with you while you are there.

China and I

Really scary! Worse for me than the Mattel toy story.

A B

Most likely the virus was placed there as the portable drives were assembled into 'retail packages'.

It is at that point that Seagate's software is loaded onto the drives. An infected computer that did the loading would do it.

While the details are sketchy, it does not appear to be a 'superbug' that is loaded into areas of the hard drive that is not normally accessable to the end users. It is technically possible to put things on areas of the hard drive that only the manufacturer or those with manufacturer provided tools have access to.... but fortunately this is not the case.

Some years ago, Microsoft had a large operation in Taiwan writing code, and it was discovered that their Taiwan coders had put things like anti- China slogans, etc. into the code.....

Needless to say, the operation got straightened out pretty fast.

No matter how much things get 'cleaned' there is a residual risk whenever you buy someone else's equipment. That is why Lenovo had a deal with the US Government scuttled.

Any government worth its salt will place their really sensitive stuff only on computer hardware and software that they can control from beginning to end.

The comments to this entry are closed.

ABOUT THIS BLOG

Tom

"China Rises" is written by Tom Lasseter, the Beijing bureau chief for McClatchy Newspapers.

Send Tom a story suggestion.

Read Tom's stories at news.mcclatchy.com.

Follow Tom on Twitter: @TomLasseter

Follow Tom on Google Plus

Enter your email address:

Delivered by FeedBurner

THIS MONTH

    Sun Mon Tue Wed Thu Fri Sat
              1 2
    3 4 5 6 7 8 9
    10 11 12 13 14 15 16
    17 18 19 20 21 22 23
    24 25 26 27 28 29 30
    31            

Photo Albums