Several Western Govts. Ban Lenovo Equipment From Sensitive Networks 410
renai42 writes "If you've been in the IT industry for a while, you'll know that Lenovo's ThinkPad brand has a strong reputation with large organisations for quality, dating back to the brand's pre-2005 ownership by IBM. However, all that may be set to change with the news that the defence agencies of key Western governments such as Australia, the US, Britain, Canada and New Zealand have banned Lenovo gear from being used in sensitive areas, because of concerns that the Chinese vendor has been leaving back doors in its devices for the Chinese Government. No evidence has yet been presented to back the claims, but Lenovo remains locked out of sensitive areas of these governments. Is it fearmongering? Or is there some legitimate basis for the ban?"
Their loss (Score:5, Insightful)
Thinkpads are very popular with people who need to do their own maintenance. They use them on the ISS for that very reason. Every part is replaceable and you can download a full service manual with excellent step-by-step illustrated instructions.
Sounds like fear of the boogyman and a bit of racism are really going to hurt the US in the long run.
So instead? (Score:5, Insightful)
Re:Their loss (Score:5, Insightful)
Is it racism to be concerned that our military is using computer parts that can't (or won't) be produced at home?
If we had to go to "total war" tomorrow like we had to after Pearl Harbor I think we would be in pretty big trouble if our enemy was from the east and all of our sudden our constant shipping was gone. It we Americans are so damn expensive and corporations are at their height of greed and power we've pretty much forgotten how do that manufacturing.
Re:Their loss (Score:3, Insightful)
Re:Their loss (Score:5, Insightful)
Re:So instead? (Score:5, Insightful)
Having components from China is different from having the entire machine, or at least key parts that can phone home, from China is very different. They don't give a damn if your capacitors or even the entire DVD drive are from China.
Re:Their loss (Score:3, Insightful)
...bit of racism...whatever. I find it funny that you point out the US in your comment, but totally ignore the other big countries also banning Lenovo...
sounds like you're anti-US (since we're throwing out generalizations).
Re:Nothing new (Score:4, Insightful)
Costs are higher, but Americans are being employed and paid with tax money. Sounds like a better approach than shipping it directly to someone else's economy.
New Cold War (Score:4, Insightful)
The new cold war will be electronic and China has already proven that they are willing to do whatever is necessary to stay ahead there.
This isn't racism, this is a forward looking policy that's saying when, not if but when, we start finding Chinese backdoors in our equipment, they won't be in our sensitive areas.
The down side is that even if our equipment says made in the USA, it means assembled. Most of the parts will have been manufactured in China.
Re:So instead? (Score:2, Insightful)
Re:Their loss (Score:5, Insightful)
Worse is yet still to come. Given the extent of backdoors, data sharing and data sniffing as has been exposed during the last couple of weeks a lot of service providers in the US may suffer a similar fate. All these service providers operate on trust and trust is at an all time low.
Now all I have to say when a customer/PHB talks about "cloud" is to counter their BS bingo with "trust". And trust is easier lost than earned.
The intelligence community in the US, UK and Europe have managed to sow the seed of distrust into everything that is connected to the net. While Joe Public doesn't seem to care, those who do have to care will think twice. The new bonanza will be security/privacy technology while the clouds disperse in the corporate sector.
Re:Their loss (Score:4, Insightful)
It isn't about race, it's about the proven track record of a government tainting their country's products with viruses, trojans and backdoors.
Re:Their loss (Score:5, Insightful)
Proven track record?
Please enlighten me and give me links to that proof of backdoors. (That's what this is about, not virii or trojans.)
All I heard on this matter are accusations without any proof.
On the other hand, we KNOW that the US is spying on everybody...
Re:Their loss (Score:5, Insightful)
PRISM: Microsoft, Google, Apple... Need I elaborate or is it sufficient to say that the US government is in the spying business and the Chinese will be doing themselves a favor by banning US products and services?
Re:Their loss (Score:5, Insightful)
Well, and let's talk about the US record of viruses (as I believe that's better documented than anything else out there)...
Re: Their loss (Score:5, Insightful)
Uhhh, Stuxnet comes to mind
Re:Their loss (Score:4, Insightful)
I am not sure why you just don't test the device. Every device if security is that big of a concern.
I mean it is a freaking man made computer not a Magic Box.
Plug it into an isolated network that looks like a Wan connection with some honey pots. And see what the heck it is sending with some simulated use. You can check the hardware to see what type of wireless transmitters it has installed. Put it in a Faraday Cage and monitor what stuff it is sending out wirelessly.
Also if security is a concern. Why would you leave the default image that came with the PC, you should do a clean install of your "trusted" OS with the software you want.
Besides if the Chinese wants to spy on us. They don't need to send us computers with hack in it. Most IT departments are so incompetent (Usually upper middle management who is unwilling to pay for the necessary upgrades until there is a problem) that they will leave gaping holes to get in.
While Think Pads are Black Boxes, there isn't anything magical about them. They are boxes that happen to be black, with normal PC stuff in them and compared to other models much easier to dissemble and have every part checked out.
I would be more worried about your smartphone. This thing has sends stuff wireless by design. And it relatively slow processor means security holes my be in the system as a trade-off to get a little extra performance out of it.
Suspicious kettles and pots (Score:5, Insightful)
Well now, it's been my keen observation over the years that people suspect of others the same nefarious behaviour that they indulge in themselves or would do given the opportunity. I am sure that there exist proposals to have Cisco/Juniper/Akami network gear do more than is advertised.
Knowing that the West intelligence services would do (are doing??) what Lenovo & Huawei are suspected of is enough to have those companies banned, at least in CIA/NSA thinking.
It's difficult enough to keep malware out of the network as it is without providing an easy doorway.
eg: stuxnet
However, if evaluation of the policy to ban Lenovo were up to me, I would do a serious risk evaluation and compare Lenovo to others such as Dell. Truth is that state sponsored malware could be introduced at many levels including embedded firmware in say, network or video chipsets.
I suspect that the multinational component sourcing makes banning Lenovo analogous to plugging a small hole in a screen door while leaving all the windows open.
Re:Their loss (Score:4, Insightful)
I have 4 ThinkPads, and wish you hadn't used 'racism', as it negates most of what you said. There's lots of hacking going on from China, targeting Boeing and Lockheed Martin. And most wouldn't put it past their government to do what's "necessary" to catch up to the west, and the Chinese government has lots of control over their corporations. So it isn't outlandish to be concerned about the hardware placed in sensitive areas.
I think it's more of a boogyman and fearmongering to start calling people/nations racist.
Re:Their loss (Score:5, Insightful)
You didn't really read my comment, did you?
I was explicitly asking for proof of backdoors, not attacks over the internet with trojans.
I don't doubt that the Chinese government is behind some cyber attacks. Just like the US government and/or their partners were behind Stuxnet and Duqu.
But here we are talking about compromised hardware. And while Western companies and governments have been talking about that for years, I haven't heard of any proof.
If somebody would find proof that any one Chinese company had in fact backdoors designed into their hardware, not only would that company not be able to make any business outside of China anymore, but many other Chinese companies would struggle as well.
So I have my doubts that they are that stupid.
Still, I might be wrong. So: Please share the proof about backdoors (!) in Chinese hardware.
How do we remain a soverign nation without Mfg? (Score:2, Insightful)
We dispense of the messy and "expensive" tasks of manufacturing and delegate to the lowest cost labor force. Makes sense untill one needs to be able to defend oneself. Once war does not make financial sense, we might be OK. Not sure if we can count on that though.
Re:Their loss (Score:4, Insightful)
Anyone says anything bad about China/Chinese and some PC do-gooder brings up race.
It isn't about race, it's about the proven track record of a government tainting their country's products with viruses, trojans and backdoors.
The fact that they play the race card just makes them look more guilty.
Re:Their loss (Score:5, Insightful)
If both parties have too much to lose there won't be another war. That's a fortunate consequence of globalization.
Before WWII I'm sure you could have made many reasonable and credible arguments for why Germany would never attack France or why Japan would never attack the US that are equal or better to "globalization". Many wars have started small and escalated quickly and unpredictably, whether it's North and South Korea, Taiwan, those islands south of Japan or whatever one match can start a kindle that'll start a fire to put the world in flames. I mean it's not like anyone saw the US getting involved because a dictator started annexing a few areas around Germany. In retrospect you can say the Mutually Assured Destruction policy worked in the Cold War but during the Cuban missile crisis.it was a very close call.
Maybe your perspective is different but my country of Norway took the neutrality route in the 1930s, no military build-up, no signs of military aggression, we were seeking a position of neutrality and being a non-threat to everybody. What happened was the Nazis said "thank you very much" and invaded with minimal resistance. And today I see the same, with the NATO alliance and Russia being a shadow of its former military might we're running the defense with half a skeleton crew on outdated equipment, we're spending some money on elite units for operations abroad but the mass defense? We'd fall like a house of cards, all the money is bet on their not being any war in the first place.
Re:Their loss (Score:5, Insightful)
Agreed!
And, to go along with this, whose hardware *isn't* produced in China? So, why are we even arguing about it? If this wasn't a targeted attack against Lenovo by the US Gov't, wouldn't they ban *all* hardware made in the PRC, which includes Apple, Dell, etc.?
Besides, since Big Brother is so all-knowing, why wouldn't they just stop the conversation between the backdoor and the Chinese bad guys? I mean, they have the big brains in their IT departments, don't they? Shouldn't they be able to detect and stop all those naughty conversations? If they can capture, record, and filter all public conversations, can't they keep their own house protected well enough to block something so simple as a covert "E.T. call home"?
Kind of makes you wonder exactly what they are trying to accomplish (or deflect attention from) with this move... There's an ulterior motive, and another, more interesting, story here behind-the-scenes...
Not likely (Score:5, Insightful)
However if the Chinese are ever coming for the USA, it will be through the courts with a small army of debt collectors.
Cute sound bite but the US has the Chinese over a barrel here. China has bought about $1.1 trillion dollars of US debt which is about 9% of total US debt. (Japan has a similar amount an total foreign debt obligations are around $5.8 tillion) Most of this debt was purchased to maintain the yuan's peg to the dollar in order to keep their exports cheap. (a weak currency helps exports) Exactly how do you propose the Chinese force the US to pay? The courts can't force the US government to do a thing. They can't sell the debt to someone else. No one else wants or could buy that much debt. If they let their currency get stronger (buys more dollars per yuan) then it hurts their exports by making them more expensive abroad. Since their economy is heavily export based, any action they could take carries a strong probability of badly damaging their economy. No the Chinese are in a tough spot. They have lent a lot of money to the US to keep their currency cheap and to ward off currency speculators. There is no way they could collect in a short time without a mushroom cloud appearing over their economy.
When you owe the bank a little money, you have a problem. When you owe the bank a lot of money, the bank has a problem.
Re:Their loss (Score:4, Insightful)
As Somalia shows very well, when central government becomes too weak to maintain control, warfare simply moves down to tribal/criminal/corporate level.
China has limited leverage (Score:5, Insightful)
I'll make this one easy on you
Gee thanks. I'm really glad I have you to explain this to me since I merely have a master's degree in finance and am a certified accountant with 10 years experience in global sourcing. Good thing I have smart people like you to explain how currency trading works. [/sarcasm]
Defaulting on even a small amount of debt to China would collapse this system and US and world economy would not survive the fallout
The US doesn't have to default on the debt. That was the whole point. China will get paid in due time and they have very little leverage over the US regarding when and how. China bought that much US debt because they had to, not because they particularly wanted to. The notion that China now "owns" the US, or that they could take the US to some court over the matter is just nonsense. China (probably rightly) regards US debt as a safe investment but the China is in a much more precarious position than the US even without the exercise of some fiscal nuclear option.
Re:Their loss (Score:4, Insightful)
Is it racism to be concerned that our military is using computer parts that can't (or won't) be produced at home?
No, which is why the US government should only use US-made computers, made with only US-made components.
Oh wait, there is no such thing. But that's OK, they can pass such a law, and since no computers or electronics are actually made in the US any more, the US government can just go back to using pencils and paper (no copy machines either, since those aren't US-made either).
Re:Their loss (Score:4, Insightful)
OK I agree Microsemi took the blame themselves: http://www.scribd.com/doc/149683384/Microsemi-Response-Security-Claims-With-Respect-to-ProASIC3-053112 [scribd.com]
So I'll withdraw this example.
Re:Their loss (Score:2, Insightful)
It is about race. We don't like the Chinese but we justify it to ourselves in weird ways. It is our rational mind trying to come in terms with our unconscious feelings of racial hate.
Same with Indians. People froth at the mouth with rage when they see Indian H1Bs. However, when there are German H1Bs in the auto industry or British H1Bs in the financial sector, nobody bats an eye.
All I'm saying is be honest with yourself and consider it a possibility. Our brains naturally tends to classify things by race and only with extensive training (and maybe experience) does one perhaps overcome that.
At least it will save you a lot of mental anguish of contorting facts to fit your view.
And, remember the German Untermesh [wikipedia.org]? Even if you are white, maybe you're not quite white white or Misching [wikipedia.org]? Even if you are a shoe in for the Aryan certificate, maybe there is age, weight, height, posture, demeanor, clothes, accent or anything that will classify you as something less. We have to guard against the unconscious mind making spurious correlations (and the mind can be trained in just a few samples) and our rational mind coming up with serpentine arguments to justify what is essentially a faulty classification rule in the brain.