_
Traveling Light in a Time of Digital Thievery
By NICOLE PERLROTH

Published: February 10, 2012

SAN FRANCISCO — When Kenneth G. Lieberthal, a China expert at the Brookings Institution, travels to that country, he follows a routine that seems straight from a spy film.
.

Kenneth G. Lieberthal of the Brookings Institution takes precautions while traveling. He leaves his cellphone and laptop at home and instead brings “loaner” devices, which he erases before he leaves the United States and wipes clean the minute he returns. In China, he disables Bluetooth and Wi-Fi, never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery, for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, “the Chinese are very good at installing key-logging software on your laptop.” What might have once sounded like the behavior of a paranoid is now standard operating procedure for officials at American government agencies, research groups and companies that do business in China and Russia — like Google, the State Department and the Internet security giant McAfee. Digital espionage in these countries, security experts say, is a real and growing threat — whether in pursuit of confidential government information or corporate trade secrets.

“If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated,” said Joel F. Brenner, formerly the top counterintelligence official in the office of the director of national intelligence.

Theft of trade secrets was long the work of insiders — corporate moles or disgruntled employees. But it has become easier to steal information remotely because of the Internet, the proliferation of smartphones and the inclination of employees to plug their personal devices into workplace networks and cart proprietary information around. Hackers’ preferred modus operandi, security experts say, is to break into employees’ portable devices and leapfrog into employers’ networks — stealing secrets while leaving nary a trace.

Targets of hack attacks are reluctant to discuss them and statistics are scarce. Most breaches go unreported, security experts say, because corporate victims fear what disclosure might mean for their stock price, or because those affected never knew they were hacked in the first place. But the scope of the problem is illustrated by an incident at the United States Chamber of Commerce in 2010.

The chamber did not learn that it — and its member organizations — were the victims of a cybertheft that had lasted for months until the Federal Bureau of Investigation told the group that servers in China were stealing information from four of its Asia policy experts, who frequent China. By the time the chamber secured its network, hackers had pilfered at least six weeks worth of e-mails with its member organizations, which include most of the nation’s largest corporations. Later still, the chamber discovered that its office printer and even a thermostat in one of its corporate apartments were still communicating with an Internet address in China.

The chamber did not disclose how hackers had infiltrated its systems, but its first step after the attack was to bar employees from taking devices with them “to certain countries,” notably China, a spokesman said.

The implication, said Jacob Olcott, a cybersecurity expert at Good Harbor Consulting, was that devices brought into China were hacked. “Everybody knows that if you are doing business in China, in the 21st century, you don’t bring anything with you. That’s ‘Business 101’ — at least it should be.”

Neither the Chinese nor Russian embassies in Washington responded to several requests for comment. But after Google accused Chinese hackers of breaking into its systems in 2010, Chinese officials gave this statement: “China is committed to protecting the legitimate rights and interests of foreign companies in our country.”

Still, United States security experts and government officials say they are increasingly concerned about breaches from within these countries into corporate networks — whether through mobile devices or other means.

Last week, James R. Clapper, the director of national intelligence, warned in testimony before the Senate Intelligence Committee about theft of trade secrets by “entities” within China and Russia. And Mike McConnell, a former director of national intelligence, and now a private consultant, said in an interview, “In looking at computer systems of consequence — in government, Congress, at the Department of Defense, aerospace, companies with valuable trade secrets — we’ve not examined one yet that has not been infected by an advanced persistent threat.”

(Page 2 of 2)

Both China and Russia prohibit travelers from entering the country with encrypted devices unless they have government permission. When officials from those countries visit the United States, they take extra precautions to prevent the hacking of their portable devices, according to security experts.

Now, United States companies, government agencies and organizations are doing the same by imposing do-not-carry rules. Representative Mike Rogers, the Michigan Republican who is chairman of the House Intelligence Committee, said its members could bring only “clean” devices to China and were forbidden from connecting to the government’s network while abroad. As for himself, he said he traveled “electronically naked.” At the State Department, employees get specific instruction on how to secure their devices in Russia and China, and are briefed annually on general principles of security. At the Brookings Institution, Mr. Lieberthal advises companies that do business in China. He said that there was no formal policy mandating that employees leave their devices at home, “but they certainly educate employees who travel to China and Russia to do so.”

McAfee, the security company, said that if any employee’s device was inspected at the Chinese border, it could never be plugged into McAfee’s network again. Ever. “We just wouldn’t take the risk,” said Simon Hunt, a vice president.

At AirPatrol, a company based in Columbia, Md., that specializes in wireless security systems, employees take only loaner devices to China and Russia, never enable Bluetooth and always switch off the microphone and camera. “We operate under the assumption that we will inevitably be compromised,” said Tom Kellermann, the company’s chief technology officer and a member of President Obama’s commission on cybersecurity.

Google said it would not comment on its internal travel policies, but employees who spoke on condition of anonymity said the company prohibited them from bringing sensitive data to China, required they bring only loaner laptops or have their devices inspected upon their return.

Federal lawmakers are considering bills aimed at thwarting cybertheft of trade secrets, although it is unclear whether this legislation would directly address problems that arise from business trips overseas.

In the meantime, companies are leaking critical information, often without realizing it.

“The Chinese are very good at covering their tracks,” said Scott Aken, a former F.B.I. agent who specialized in counterintelligence and computer intrusion. “In most cases, companies don’t realize they’ve been burned until years later when a foreign competitor puts out their very same product — only they’re making it 30 percent cheaper.”

“We’ve already lost our manufacturing base,” he said. “Now we’re losing our R.& D. base. If we lose that, what do we fall back on?”

SOURCE

 

_The Traveler's Checklist
Posted: January 12, 2012 11:00AM by Porcshe Moran

Vacations are a time of fun, relaxation and an escape from everyday life. However, the best getaways are the ones that are properly planned to account for everything that one might encounter away from home. It is especially important to plan ahead on international excursions to ensure a safe and enjoyable trip. Here are some things to consider before you go. (For related reading, see Travel Smart By Planning How You'll Pay.) 

TUTORIAL: Credit Cards

Country Laws
In a foreign country, U.S. citizens are subject to that country's laws and regulations. The better informed you are about the laws of your destination, the safer your trip will be. The Bureau of Consular Affairs website provides country specific information on topics such as criminal penalties, what to do if you are the victim of a crime and the documentation needed to enter and exit a particular country.

Visas
The rules on visas are different for each country. Travelers are advised to check the Bureau of Consular Affairs website and find out the requirement for the country they wish to visit. If you need a visa, make sure you obtain it before making travel plans.

Dangers
The Bureau of Consular Affairs runs the Smart Traveler Enrollment Program (STEP) which provides Americans with travel warnings, alerts and other information for the particular country they are visiting. The program also makes it easier to get help during natural disasters and to be contacted in case of an emergency. The U.S. Department of State maintains an online list of all U.S. embassies, consulates and diplomatic missions by country. These locations can help if your passport is lost or stolen and in other emergency situations. (For more information, read Travel Tips For Keeping You And Your Money Safe.)


Weather
Information about the weather of your destination will affect everything from the clothes you pack to what time of year you travel. Research the usual weather of your destination and constantly monitor the weather online as your departure date nears. If extreme weather conditions such as heavy rain or snow are in the forecast, plan ahead and allow some extra time for travel delays.

Additional Costs
There are some travel expenses that are unpredictable or not as obvious as others. One common cost is taxes on purchases that you want to bring back into the country. The law allows travelers to bring $200 to $800 worth of duty-free items into the country, depending on the length of the trip. Once that limit is exceeded, you'll pay a 3% surcharge on the next $1,000 worth of purchases. Amounts more than $1,200 to $1,800, determined by the length of the trip, are assessed a surcharge of up to 25%.

Shoppers who make their purchases from duty-free shops located at airports, border cities, ports and cruise ships can avoid these surcharges. Travel insurance is a way to manage other costs and financial risks that might come up over the course of a trip. Insurance can cover things like accidents, illness, missed flights and canceled tours, lost baggage, terrorism, travel-company bankruptcies, emergency evacuations and getting your body home if you die. There are five basic types of travel insurance, trip cancellation and interruption, medical, evacuation, baggage and flight insurance, which are usually sold in combination packages. Those who want complete coverage can purchase comprehensive insurance that will include all five types of coverage. It is recommended to consult a reputable travel agent to determine what type of insurance to purchase. (To learn more, check out The Advantages Of Vacation Insurance.)

International roaming charges for cell phone service is another large cost for travelers. Experts say the easiest way to save in this area is to call your cell phone service provider before you leave and temporarily change your plan to one that fits your travel plans.

Vaccinations
The Centers for Disease Control and Prevention (CDC) is the top resource for traveler health information. Every other year, the CDC publishes the Yellow Book which is a reference manual for international travelers written by health professionals. The most recent edition was published in 2012. The agency also produces a podcast series called "Travel Safe" which provides health and safety tips for families while traveling abroad. The CDC advises travelers to document their vaccination history, including dates, how many doses received in a scheduled series and any adverse events prior to travel. An appointment should be scheduled with your health care provider four to six weeks before departure. There are different vaccination schedules for children, adolescents, teens and adults. Vaccinations also vary by country, so research is required to find out what is needed for your destination. Some countries require that travelers carry proof of vaccination on an International Certificate of Vaccination or Prophylaxis to enter the country.

The Bottom Line
Research and planning are critical for a successful travel experience. Government websites and travel agents are some of the most reputable sources for international travel information. (Also, for more information check out The Basics Of Travel Insurance.)

SOURCE

_
50 Budget Travel Tips and Save Money on Vacations

by MoneyNing

Want budget travel tips for free? Wouldn’t you want to travel more often without breaking the bank? What if I told you that instead of planning one family trip a year, you can go twice with the same budget? If you are at all interested, read on to find out how you can do simple things to save money next time you go on vacation.

SOURCE