As thousands of people prepare to visit China for next month’s Olympics, the question arises: What precautions should tourists take to protect digital devices, such as laptops, cell phones, BlackBerries, etc.
“For travelers to Beijing and the Olympics, my advice is to leave the gadgets at home and enjoy a vacation in China,” says Marcus Sachs, director of the SANS Internet Storm Center. There's so much to see and do, so why be tethered with an electronic leash? If you must bring along a PDA or laptop, then apply common sense and don't bring along anything on the device that you would miss if it got lost, stolen or copied. This is something you should do anytime you travel, regardless of whether it's to China, to Canada or to California."
When asked if is there any specific danger of computer users being infected with viruses or malware from using their computers in China, Sachs responds: “Yes, there is. And not necessarily because of any targeted attacks. It is well known that software piracy is rampant in China. Visitors will find cheap versions of popular software, very inexpensive USB memory sticks, cheap digital photo frames, and so forth.”
He highly recommends that any purchases made in China not be connected to a laptop until users can get them scanned or checked for malware.
“As for using your laptop, again, apply common sense,” he says. “Make sure your computer's software is fully updated (all patches applied), that the firewall is turned on, don't use unencrypted open wireless networks, and make sure your anti-virus software is up-to-date. Be careful with web usage, especially if you are required to install ‘helper’ applications before accessing a site, or before using a hotel's internet access point. The ‘helper’ application might, in fact, be malware used for keystroke recording or installation of bot software.”
Rich Mogull, founder of Securosis, a Phoenix-based security consulting practice, agrees that visitors to China need to be cautious with their mobile computing devices. He points out that both foreign and United States custom agents can search computers.
Also, he cautions that computer or mobile device users can assume that when they logon to a network, someone will be sniffing, even via a VPN that encrypts the connection.
“I wouldn’t bring my regular laptop,” he says. “I would bring a cheap, clean laptop.”
Business executives need to be extremely cautious, he adds, as the business trade secrets residing on their laptops could be stolen.