Protecting Your Computer Overseas
The FBI probe into the scandal involving CIA Director David Petraeus and his mistress may have stolen global headlines the past week but there is something else the FBI knows that should warrant more attention. Something closer to the hearts of the man in the street.
The FBI is known to have video footage, covertly taken in a hotel room somewhere in China, showing Chinese agents breaking in and sweeping through the belongings and laptop of an American businessman. There were recent media reports of similar incidents and the FBI is taking no chances by showing the clip as a warning to the corporate security experts for major US companies operating in China.
The FBI, which earlier launched a nationwide advertisement about the risks of corporate espionage, also understands very well the art of emails interception. Hence, the agency warned some months ago about the risks of using hotel wi-fi networks and recommended that all government officials, businessmen and academicians take extra caution when traveling abroad.
The White House is also preparing an executive order for US intelligence agencies to share cyber-threats data with vital industries such as power grids and railroads to raise awareness of and protect against cyber attacks.
We are living in an age of intensive corporate espionage and cyber crime. While the corporate world is often most at risk, average citizens are also highly vulnerable, to electronic surveillance on home or foreign soil alike. The US and UK governments, for example, have introduced draconian laws – often for the sake of “national security”— to allow their respective intelligence agencies to enlarge the scope of their wiretapping and electronic eavesdropping activities.
So what can one do to protect the personal data and business secrets on the computers, especially when traveling abroad?
For starters, it is good practice to have two laptops. The primary laptop with a stored hard disk should never go online when used abroad. The spare computer – which stores no data so a used one is recommended – is only meant for online activities on oversea trips: use a flash memory stick to send or download files via emails. Alternatively, you may have one laptop but store all data in a handy external hard disk and remove that disk before going online when you’re overseas.
A third option, a variation of the above, is to have two laptops but bring only the spare data-less laptop and external hard disk on a trip.
The golden rule: if you believe there is reason for foreign governments to search your data, never leave your computer in a hotel room. More precisely: leave no data behind. So now you can either carry your primary laptop or just the external hard disk whenever you leave the room. That would limit the chance of hackers and secret agents picking up data on your computer.
I said “limit” and “hackers” because online activities are always at risk, even when you use a “safe” virtual private network (VPN). That is because the VPN still requires an internet connection. So it is either the free public wi-fi or hotel wi-fi network when you’re abroad and neither is safe.
A password-protected pocket router is a feasible solution. Simply tell the hotel to opt out the internet fees from your bill, which is usually about the same as the flat daily roaming charge for the pocket router – which is a better deal than hotel wi-fi as the router permits use beyond the hotel room and supports multiple devices simultaneously.
But the prying eyes can still trace you by tracking your IP address and other internet traffic data. My Oct. 15, 2012 column discussed the use of Tails, Linux software installed on a DVD or thumb drive that once installed will temporarily override the host operating system to let the user surfs online anonymously and leaves no trace on the computer.
These measures still do not prevent your email accounts from spam, phishing and virus attacks that bypass the filters. One solution is to access all emails on your handheld devices only – now you see the beauty of using the pocket router when abroad?
Any attacks will then damage only your smartphone or tablet - which you should back up regularly - and you can reset it to the manufacturer's default setting in the worst-case scenario. This beats having a laptop and its data compromised.
Still worried about spies breaking into your hotel room? It is a justified concern given a recent report about the security flaw of hotel room locks, manufactured by a company called Onity which supposedly secures millions of hotel rooms worldwide.
I suggest you plant a covert camera in the room, focused on the data-less laptop you deliberately left on the table. The FBI would be impressed with your recordings.
Alternatively, you can weigh your data-less laptop, with and without the battery, and the power plug before and after you leave the hotel room. You will then know if someone has put a bug on your equipment.
These may sound paranoic but the Petraeus scandal serves a stern reminder: nobody is safe from those prying eyes, not even a CIA Director and four-star general. In Petraeus’s case, the spying eyes belonged to the FBI.
(Vanson Soo runs an independent business intelligence and commercial investigations practice specialized in the Greater China region. Another version of this appears in the Standard of Hong Kong. Email: firstname.lastname@example.org)