LisaVaas

How to Travel Unmolested by Warrantless Seizures and Creeping Malware

by LisaVaas ‎08-03-2012 03:55 AM - edited ‎08-03-2012 03:55 AM

dss.gifTravel to the US can be a nightmare; “Homeland Security” has free rein to take your laptop or mobile phone. Travel to China is a good way to bring spyware and malware back home. Here are some helpful tips to make air travel smooth and free of frustrating security snags.

In December 2011, the United States Chamber of Commerce, an American lobbying group, discovered that its office printer and a thermostat had been communicating with a Chinese IP address. A subsequent investigation found that hackers had intercepted at least six weeks’ worth of email.

It’s nothing new: espionage is rife in China.

The worst consequence of the Chamber hack — at least, the worst we know about — occurred last March, when their printer went berserk and randomly started printing documents with Chinese characters. (News reports lack any mention of the thermostat maliciously spiking in attempts to bake or freeze visitors.)

Nevertheless, travelling to the country is a good way to bring spyware and malware back home in your gadgets.

At the same time, travel to the United States can be a nightmare, with US Customs officers having free rein to take your laptop or cellphone at airports or other ports of entry. The American Civil Liberties Union recently took the US government to court over its seizure of a computer security consultant’s laptop — a seizure carried out at a Chicago airport about a year ago without a search warrant or any charges of crimes.

(US Customs’ powers are by no means unique, but the fact that they’re more often used means they’re well documented. It’s less well known that Her Majesty’s Revenue & Customs doesn't just protect tax revenue, but also contributes to intelligence collection. HMRC officers even have greater powers than the Police.)

If you don’t like the idea of the US government reading the sensitive contents of your computer, or you don’t like the idea of Chinese hackers installing keyloggers onto your gadgets, then you may wish to take steps before you travel. Take heed and follow the following procedures, which have become standard operating procedure in government agencies, research groups, and firms that do business in China and Russia. These include Google and the security company McAfee.

These tips and practices can help make air travel smooth; free of security issues and snags that cause frustration and delay... 

  1. Leave your cellphone and laptop at home. Instead bring loaner devices. If you travel frequently, consider buying a second laptop, and leave your personal computer at home.
     
  2. Move needed information to an external drive. Encrypt whatever device to which you transfer sensitive information. USB drives fall out of pockets far too easily to be a surefire way to transport information without encryption.
    [See also: Securing Data-at-Rest with Encrypted Portable Drives]
     
  3. Image your laptop before you leave the UK. Destructively restore the image as soon as you come home.
     
  4. If travelling to China, take great care with your devices. Prevent thieves from accessing sensitive information, and hackers from installing eavesdropping software. Always keep devices with you and keep them in sight; disable Bluetooth and Wi-Fi.
     
  5. Shut down your phone and remove the battery during meetings, in case its microphone could be turned on remotely. As Bruce Schneier noted, some handsets can’t be fully powered down without removing the battery, making it possible for hackers to access the phones, turn them on, and enable them to transmit room audio, all without physical access.
     
  6. Only connect to the Internet via trusted channels. Avoid typing passwords directly, since the Chinese excel at installing key loggers onto gadgets. Avoid public PCs in hotels or Internet cafés. Instead, copy and paste your password from a thumb drive into a trusted device. Do not trust sketchy SSL certificate authorities. Change passwords after travelling.
     
  7. Make sure everybody understands the issues. Teach every traveller at your organization the current state of government power to seize technology without warrant in the countries to which they travel. Make sure all employees understand how vulnerable they are to having their gadgets inspected, copied or confiscated.
     

has written about technology — information security, social media, civil liberties, databases, open-source, technology careers, resume writing, and the applicant tracking systems that eat and/or spit out resumes — since 1995. Her stories have appeared in venues including print and/or online versions of Naked Security, the US version of HP’s Input/Output, eWEEK, PC Magazine, Computerworld, CIO, IT Expert Voice, and TheLadders. Read more from Lisa on her website at lisavaas.com

Article Options
Comments
by Greg Johnson(anon) on ‎13-03-2012 09:54 AM
Options

I found this to be a very informative article.

by LisaVaas on ‎13-03-2012 11:11 AM
Options

Glad to hear it! If you have other articles you'd like to see us explore, feel free to leave suggestions. I actually got this article idea from a reader on Sophos's Naked Security blog who was asking to see coverage of this issue. 

by netpedant on ‎14-03-2012 10:29 AM
Options

Lisa, the TSA can be sillier than this.  Several years ago, en route to Portland, Oregon from my home in Toronto to deliver a keynote at OSCON, I had the DVD with my slides on it confiscated in Vancouver because "it's unlabelled."  Luckily, I had the same slides on a 4G keyfob in my pocket.  The Homeland Security folks are exceptionally stupid:  that's why they're so dangerous.

by LisaVaas on ‎14-03-2012 11:16 AM
Options

Unbelievable. They're not the most technically savvy bunch, are they? Good for you, you're smart. You're lucky they didn't go through your pockets and grab your backup! I'm actually working on a article about preventing utter presentation catastrophe, and having the presentation on a backup thumb drive is one piece of advice I'm hearing. I talked to one IT support guy who's paranoid enough about presentations that he has his people print out their presentation before they go—as in, enough copies for the whole audience. Can you imagine lugging that pile of paper, though? Ugh! Only if the company sent a valet with me. ;-)

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
 


The HP Input Output site is sponsored by HP and features articles and content from HP and third-party contributors. Third-party articles and content, while paid for by HP, do not necessarily represent the views and opinions of HP. HP does not endorse this content and is not responsible for its accuracy, availability and quality.

Follow Us
Spotlight
£50K-£80K for a Dead Computer? Oh, Wait... Twitter Alienates its Flock 400 more fibre engineers being hired, mainly ex-military Will the 'Real' Charles Babbage Please Stand Up?
 


©2012 Hewlett-Packard Development Company, L.P | Privacy Statement | Using this site means you accept its terms | Rules of Participation