Travel to the US can be a nightmare; “Homeland Security” has free rein to take your laptop or mobile phone. Travel to China is a good way to bring spyware and malware back home. Here are some helpful tips to make air travel smooth and free of frustrating security snags.
In December 2011, the United States Chamber of Commerce, an American lobbying group, discovered that its office printer and a thermostat had been communicating with a Chinese IP address. A subsequent investigation found that hackers had intercepted at least six weeks’ worth of email.
It’s nothing new: espionage is rife in China.
The worst consequence of the Chamber hack — at least, the worst we know about — occurred last March, when their printer went berserk and randomly started printing documents with Chinese characters. (News reports lack any mention of the thermostat maliciously spiking in attempts to bake or freeze visitors.)
Nevertheless, travelling to the country is a good way to bring spyware and malware back home in your gadgets.
At the same time, travel to the United States can be a nightmare, with US Customs officers having free rein to take your laptop or cellphone at airports or other ports of entry. The American Civil Liberties Union recently took the US government to court over its seizure of a computer security consultant’s laptop — a seizure carried out at a Chicago airport about a year ago without a search warrant or any charges of crimes.
(US Customs’ powers are by no means unique, but the fact that they’re more often used means they’re well documented. It’s less well known that Her Majesty’s Revenue & Customs doesn't just protect tax revenue, but also contributes to intelligence collection. HMRC officers even have greater powers than the Police.)
If you don’t like the idea of the US government reading the sensitive contents of your computer, or you don’t like the idea of Chinese hackers installing keyloggers onto your gadgets, then you may wish to take steps before you travel. Take heed and follow the following procedures, which have become standard operating procedure in government agencies, research groups, and firms that do business in China and Russia. These include Google and the security company McAfee.
These tips and practices can help make air travel smooth; free of security issues and snags that cause frustration and delay...
- Leave your cellphone and laptop at home. Instead bring loaner devices. If you travel frequently, consider buying a second laptop, and leave your personal computer at home.
- Move needed information to an external drive. Encrypt whatever device to which you transfer sensitive information. USB drives fall out of pockets far too easily to be a surefire way to transport information without encryption.
[See also: Securing Data-at-Rest with Encrypted Portable Drives]
- Image your laptop before you leave the UK. Destructively restore the image as soon as you come home.
- If travelling to China, take great care with your devices. Prevent thieves from accessing sensitive information, and hackers from installing eavesdropping software. Always keep devices with you and keep them in sight; disable Bluetooth and Wi-Fi.
- Shut down your phone and remove the battery during meetings, in case its microphone could be turned on remotely. As Bruce Schneier noted, some handsets can’t be fully powered down without removing the battery, making it possible for hackers to access the phones, turn them on, and enable them to transmit room audio, all without physical access.
- Only connect to the Internet via trusted channels. Avoid typing passwords directly, since the Chinese excel at installing key loggers onto gadgets. Avoid public PCs in hotels or Internet cafés. Instead, copy and paste your password from a thumb drive into a trusted device. Do not trust sketchy SSL certificate authorities. Change passwords after travelling.
- Make sure everybody understands the issues. Teach every traveller at your organization the current state of government power to seize technology without warrant in the countries to which they travel. Make sure all employees understand how vulnerable they are to having their gadgets inspected, copied or confiscated.
Lisa Vaas has written about technology — information security, social media, civil liberties, databases, open-source, technology careers, resume writing, and the applicant tracking systems that eat and/or spit out resumes — since 1995. Her stories have appeared in venues including print and/or online versions of Naked Security, the US version of HP’s Input/Output, eWEEK, PC Magazine, Computerworld, CIO, IT Expert Voice, and TheLadders. Read more from Lisa on her website at lisavaas.com