Did Chinese copy unattended U.S. laptop?
Update: This article was corrected to indicate that the laptop in question was government owned and didn't belong to Commerce Sec. Carlos M. Gutierrez, who doesn't carry a laptop.
News flash for high-ranking government officials visiting China: You just don't leave your laptop or PDA unattended – ever. AP is reporting a government laptop was left unattended during Commerce Sec. Carlos M. Gutierrez's visit to Beijing in December and "it is believed" the Chinese copied the hard disk and used information obtained to try to hack into Commerce computers.
In the period after Gutierrez returned from China in December, the U.S. Computer Emergency Readiness Team - known as US-CERT, some of the government's leading computer forensic experts - rushed to the Commerce Department on at least three occasions to respond to serious attempts at data break-ins, officials told the AP.
Even though officials emphasized that procedures are in place to make sure officials don't bring sensitive data to foreign countries and that "there's nothing to substantiate an actual compromise at this time" (DHS spokesman), people familiar with the incident apparently believe there is a connection. DHS confirmed eight CERT visits to Commerce since December but said they were all routine.
Hardly routine. Whether it was the Chinese or not, Commerce has suffered quite serious breaches. Serious enough that the Bureau of Industry and Security, which regulates exports of sensitive technology that might be used in weapons, effectively unplugged itself from the Internet.
"We have discovered a number of very serious threats to the integrity of our systems and data," wrote then-Deputy Undersecretary of Commerce Mark Foulon to employees in an e-mail obtained by AP under the Freedom of Information Act. He said the department was not the government's only hacking victim, "but we have an obligation, which we must take seriously, to take all necessary measures to protect our systems and our data."
And the U.S. knows full well that the Chinese will spy on official visitors any chance they get. In any case, it's not an isolated incident. Listen to senior intelligence official Joel Brenner:
An American financial executive who traveled to Beijing on business said he had detected attempts to remotely implant monitoring software on his handheld "personal digital assistant" device - software that could have infected the executive's corporate network when he returned home. The executive "counted five beacons popped into his PDA between the time he got off his plane in Beijing and the time he got to his hotel room," Brenner, chief of the office of the National Counterintelligence Executive under the CIA, said during a speech in December.