Caribbean governments may be at risk from donated computers

270
Are Lenovo laptops the Chinese equivalent of a Trojan Horse?
Are Lenovo laptops the Chinese equivalent of a
Trojan Horse?

Just in the last few days, Russia is reported to have spied on foreign powers at the recent G20 summit near St Petersburg by giving delegations USB flash drives capable of downloading sensitive information from laptops.

The devices were given to foreign delegates at the summit, including heads of state, according to reports in two Italian newspapers.

Computers manufactured by Lenovo, a Chinese company originally created by a Chinese government department and now one of the world’s largest computer makers, have been banned by intelligence agencies around the world because of concerns over hardware inserted into the production line by the manufacturer, the Australian Financial Review (AFR) reported earlier this year.

In 2009, Canadian researchers reported that an electronic spy network, based mainly in China, had infiltrated computers in government offices around the world. They said the network had infiltrated 1,295 computers in 103 countries, and included computers belonging to foreign ministries and embassies.

Amongst regional governments that have received donated computers from China are:

Antigua and Barbuda:

Signed a bilateral agreement with China to provide 500 laptop computers towards the One Laptop per Child Policy in secondary schools. China has also provided the government of Antigua and Barbuda with military aid, including computers.

Bahamas:

As recently as September of this year, the Chinese government supplied Lenovo laptops to the Bahamas Government Information Services.

Barbados:

In March 2013, the government of China donated laptops to all members of parliament in Barbados.

Dominica:

Received 30 desktop computers, six laptop computers and computer accessories earlier this year, courtesy of the government of China.

Grenada:

The Royal Grenada Police Force has received a number of Chinese-supplied computers.

Guyana:

The Chinese government has so far supplied some 30,000 laptop computers for Guyana’s One Laptop per Family Initiative.

Trinidad and Tobago:

In 2011, the Trinidad government purchased some 17,300 Lenovo laptops.

Should Caribbean governments be concerned that their communications or cyber security could be compromised by donated equipment?

Jose Otero of Signals Telecom suggested that, even if the computers don’t have any modifications, it would be prudent for the Caribbean states to verify that the donated equipment is not compromised.

“Since this is a pan-Caribbean phenomenon, it would be better if the different governments coordinate the forensic investigation of the equipment through an independent entity such as the Caribbean Telecommunications Union,” Otero said.

According to the AFR report, the British and Australian defence and intelligence communities say that malicious modifications to Lenovo’s circuitry were discovered that could allow others to remotely access devices without the users’ knowledge. The alleged presence of these hardware “back doors” remains highly classified.

The ban has apparently been in effect for years at some of these agencies, if only for classified networks.

Some hardware modifications are reportedly designed to make the computer less reliable, causing hardware failures down the road. However, some include small antennae to transmit data to an outside source.

Gerard Best, new media editor at Guardian Media Limited, believes that the Eastern Caribbean could be a sore spot for China, since some territories continue to deepen diplomatic relations with Taiwan.

“So there’s certainly the incentive to tap into government communications even if there is no evidence of actual attempts to do so,” he said.

The Australian Department of Defence has called the AFR story “factually incorrect” and stated, “There is no Department of Defence ban on the Lenovo Company or their computer products; either for classified or unclassified systems.”

No other defence department or security agency has responded officially to the AFR report and, more recently, following the latest revelations of attempted spying by the Russians, a US intelligence source declined to provide a comment “at this time.”

“The Caribbean needs to significantly ramp its investment in indigenous technical capacity, infrastructure and innovation,” said Bevil Wooding, chief knowledge officer, Congress WBN.

In a recent Technology Matters column published in Trinidad’s Business Guardian of October 3, 2013, Wooding said, “There are about 350 IXPs around the world and they have proven to be integral to the Internet infrastructure of many nations. The US has about 85. The Caribbean has fewer than ten.”

Wooding explained that the Internet is vitally important to economic development and social well-being in the Caribbean, pointing out that securing Internet communications and investing in domestic critical Internet infrastructure should be a matter of national and regional priority.

“The launch of Internet exchange points in countries like BVI, Curacao, Dominica, Grenada, Haiti, St Maarten, is an important milestone in the region’s efforts to facilitate the creation of a more secure, resilient and affordable domestic Internet for use. But it is only a start. The work continues across the region to ensure that all Caribbean countries have access to the same knowledge and facilities needed to realise the promise and benefits of the Internet,” he added.

The clandestine tampering of personal computers by intelligence services goes back to the infancy of such devices. Some 30 years ago, a blind eye was effectively turned to an illegal shipment of IBM computers to Cuba because the hardware had been “bugged” by US intelligence in order to spy on Cuban activity, something that to this day is still not widely known or discussed.

Michele Marius of ICT Pulse said, “I do think that Caribbean governments should be concerned that Chinese computers have been deliberately compromised in some way. To varying degrees the countries have been getting a lot of seemingly sweetheart deals from China on a broad range of initiatives, and so allowing the Chinese the ability to spy might be how ‘the Piper’ wants to be paid.”

Marius pointed out that, while there might be merit in being concerned about computer security, a considerable number of electronic devices are manufactured in China. Hence, mass consumer devices such as smartphones and tablets as well as laptops and PCs could all be at risk.

“Moreover, although most of those devices might not be used for classified government information, who’s to say that the average person’s electronic transactions/payments are not at risk, and details are being sent back to China?” she asked.

“Finally, and on an aside, we ought to also consider that a ban on Chinese-manufactured computers might be a ploy by others to marginalize that country, and support manufacturers in other countries. The continuing revelations about the extent to which the US has been spying on its allies (no less!) ought to give us something to think about,” Marius added.

 

(Reprinted from GBN4)

 

 

Comments are closed.