Author Topic: Travel to China  (Read 7607 times)

Richardk

  • Global Moderator
  • Wise Sage
  • *****
  • Posts: 4153
    • View Profile
Travel to China
« on: September 25, 2013, 01:32:57 PM »
My sister is doing a 2 month teaching engagement in China and I'm her IT expert  :o.

Aside from loading Truecrypt, I'm not sure what she'll need. Will Skype work over there? What about alternatives?

What about https everywhere? I'm guessing that any banking she does will already be secured but are there other uses?

How about something as simple as Wi-Fi? Is that an international standard or do different countries use different standards?

I'm not even sure where to begin or what to expect when "advising" her. Anyone have any experience with traveling to Asia? And yes, after her gig she plans to visit some of the neighboring countries.

Thanks.

David Randolph

  • Trusted Member
  • Wise Sage
  • ******
  • Posts: 4355
    • View Profile
Re: Travel to China
« Reply #1 on: September 27, 2013, 05:07:23 AM »
Bit of IT planning I have heard "through the web":

Many companies had their executives a clean, loaded laptop to take with them to Asia. When they get back, that laptop is completely wiped (erased to bare metal and reloaded) before it is allowed to attach to the corporate networks. The expectation is that many Wi-Fi hubs will push spyware onto any computer that connects through them. The Wi-Fi will follow the same standard, so yes, she can use them, but be aware that everything will try to take over her system. It might be better for her to verbally tell you what banking she needs done and you do it rather than try to do it from there. (Also, NSA and foreign spy services will be watching all emails, voice calls, Skype, etc.)

Skype is dependent on the government and which day as to whether or not it works.

pxsant

  • CCF Winner's Circle - Supporter
  • Wise Sage
  • *
  • Posts: 1586
    • View Profile
Re: Travel to China
« Reply #2 on: September 27, 2013, 07:06:31 AM »
It would be a good idea to install a remote access program like Teamviewer on her system.  That way, you can log into her computer if she has problems and check up on things.

Don't install Teamviewer as a service.  You don't want it running all the time even though it will be password protected.  You never know whether someone else will sneak in.

Also set her up with Google hangouts (the old Google talk).   That way you can chat without paying for an expensive cell phone call.

This assumes that these progrms are not blocked in China.

TRexx

  • Trusted Member
  • Wise Sage
  • ******
  • Posts: 6198
    • View Profile
Re: Travel to China
« Reply #3 on: September 27, 2013, 07:31:37 AM »
Bit of IT planning I have heard "through the web":

Many companies had their executives a clean, loaded laptop to take with them to Asia. When they get back, that laptop is completely wiped (erased to bare metal and reloaded) before it is allowed to attach to the corporate networks.

My brother travels a lot and his company does that, except they use the M$ Surface. When possible instead of bringing it through Customs they ship the device via FedEx.  Customs officials have been known to "inspect" (read copy) hard drives.   

The Gorn

  • I absolutely DESPISE improvised sulfur-charcoal-salt peter cannons made out of hollow tree branches filled with diamonds as projectiles.
  • Trusted Member
  • Wise Sage
  • ******
  • Posts: 21648
  • Gorn Classic, user of Gornix
    • View Profile
Re: Travel to China
« Reply #4 on: September 27, 2013, 07:44:18 AM »
My understanding is that all memory devices like external hard drives and thumb drives are read at customs, in both directions (into China and into the US.) I've read anecdotal accounts that having any media contain encrypted data is an invitation to be detained and hassled, or worse. (I guess this is where Truecrypt's "stealth" nested encryption pays off - their instructions say that it's a way to conceal encrypted volumes so that you aren't coerced into providing passwords.) In essence, an ordinary tourist who uses encryption in a self evident way may be considered spying.

Ideally I wouldn't carry one piece of electronic crap containing memory devices into the "people's" republic because they're going to p0wn it.

About secure access: this probably doesn't solve all of the problems of secure access, but I subscribe to a service called "Private Internet Access". It is $40 a year. It provides you with a VPN that has access nodes located across the US and around the world. So everything from your laptop to the access nodes is encrypted. I subscribed to it so that I could perform searches for things like health insurance without wondering if Google or the ISP are collecting logs that others could see. Now, possibly, China blocks proxies like this.

I'd research this topic at the State Department web site and at ex-pat forums to find out what you can carry in and out and what constitutes risk of incrimination implicitly.
Gornix is protected by the GPL. *

* Gorn Public License. Duplication by inferior sentient species prohibited.

TRexx

  • Trusted Member
  • Wise Sage
  • ******
  • Posts: 6198
    • View Profile
Re: Travel to China
« Reply #5 on: September 27, 2013, 07:59:22 AM »
My understanding is that all memory devices like external hard drives and thumb drives are read at customs, in both directions (into China and into the US.)

What about smartphones?

The Gorn

  • I absolutely DESPISE improvised sulfur-charcoal-salt peter cannons made out of hollow tree branches filled with diamonds as projectiles.
  • Trusted Member
  • Wise Sage
  • ******
  • Posts: 21648
  • Gorn Classic, user of Gornix
    • View Profile
Re: Travel to China
« Reply #6 on: September 27, 2013, 08:01:36 AM »
Smartphones, tablets, cameras even. The Chinese manufacture this stuff. They know there's probably a micro SD card inside every device. Someone engaging in actual espionage would almost certainly look at burying data in a card inside a digital camera.

I may be paranoid and full of crap. But I have read past accounts of travelers hassled by TSA carrying digital stuff into and out of the country. To the extent that I was thinking after reading these accounts that the travelers really needed to be using a cloud based drive and not carry physical devices.
Gornix is protected by the GPL. *

* Gorn Public License. Duplication by inferior sentient species prohibited.

David Randolph

  • Trusted Member
  • Wise Sage
  • ******
  • Posts: 4355
    • View Profile
Re: Travel to China
« Reply #7 on: September 27, 2013, 11:57:06 AM »
My brother travels a lot and his company does that, except they use the M$ Surface. When possible instead of bringing it through Customs they ship the device via FedEx.  Customs officials have been known to "inspect" (read copy) hard drives.   

All that sending via FedEx does is to move the customs inspection out of your sight. Every package shipped out of this country has a customs sticker on it stating what it is (and in some cases, why it is being shipped). That allows customs to open it up and inspect it.

Richardk

  • Global Moderator
  • Wise Sage
  • *****
  • Posts: 4153
    • View Profile
Re: Travel to China
« Reply #8 on: September 27, 2013, 06:16:06 PM »
About secure access: this probably doesn't solve all of the problems of secure access, but I subscribe to a service called "Private Internet Access". ... So everything from your laptop to the access nodes is encrypted.

Help me understand this. So with this service the entire pipe between you and "the service" is encrypted, which hopefully gets you out of the country in this case. After that, it's out on the Internet.

With something like https, the content is secured but the rest can be either read or discovered, right? So someone can infer from the traffic, where you're going, the volume of traffic and its duration.

The ideal situation is to use both and even better, the VPN would extend all the way back to your host, for instance your company server.

And yes, it seems that China blocks most VPN's but I wonder if that is because of known IP's, ports or protocols? What if you setup your own or use a lesser known service?

Richardk

  • Global Moderator
  • Wise Sage
  • *****
  • Posts: 4153
    • View Profile
Re: Travel to China
« Reply #9 on: September 27, 2013, 06:23:53 PM »
I will pass on the info about Google hangouts but I wonder if it's accessible since sites like FaceBook seem to be blocked.

Teamviewer looks interesting. It reminds me of the VNC variants that are available. Does anything stand out when compared to others or is it just a solid performer that you'd recommended?

Google hangouts is similar but any Skype alternatives to consider?

As stated, almost everything electronic today has some means for storing data. You'd have to travel pretty bare bones to not have something with that ability. I'm assuming that any "good spy" would not simply put their data on a tablet or similar device. With that said, who and what determines if you have anything of interest?

I think modern encryption is expected today. Should it really raise a red flag if used? Now with that said, what uses encryption? Skype? Password protected files? Heck even camcorders that record to mini-DVD's can write encrypted VOB files. So it's not uncommon but what's the line that shouldn't be crossed?

For that matter, I wonder if using something like TrueCrypt is even legal in China? And if not but you're found using it, then what?

The Gorn

  • I absolutely DESPISE improvised sulfur-charcoal-salt peter cannons made out of hollow tree branches filled with diamonds as projectiles.
  • Trusted Member
  • Wise Sage
  • ******
  • Posts: 21648
  • Gorn Classic, user of Gornix
    • View Profile
Re: Travel to China
« Reply #10 on: September 27, 2013, 07:12:27 PM »
I'm using -

https://www.privateinternetaccess.com/

Just read up on it. YES, https goes out your laptop, over the bugged ISP, to P.I.A.

P.I.A. directs your traffic to an exit node in some other country.

All the Chinese will see is your encrypted traffic to Privateinternetaccess's IP address. They have no idea what you're sending or where it's actually going.

I also got it for use in hotels and public places where the wifi  is suspicious.

Here:

https://www.privateinternetaccess.com/forum/index.php?p=/discussion/13/accessing-our-vpn-service-in-china/p1

HOWEVER - if malware gets installed in the laptop which compromises it, then keystrokes may get logged, etc. I consider China an enemy country with little grabby scammy lying cheating fingers at every level. I personally wouldn't do online banking within China even on a proxy connection.
Gornix is protected by the GPL. *

* Gorn Public License. Duplication by inferior sentient species prohibited.

ckent1

  • Trusted Member
  • Occasional User
  • ******
  • Posts: 45
    • View Profile
Re: Travel to China
« Reply #11 on: March 13, 2014, 11:24:30 AM »
I'm resurrecting an old thread here but the solution is to Bitlocker your drive, included for free with the Enterprise and Ultimate editions of Windows Vista and Windows 7, and Pro and Enterprise editions of Windows 8 (requires device to have a TPM chip)). With Windows 7 and later, you can even fully Bitlocker any USB storage device (Bitlocker to Go).

Bitlocker uses 126/256 bit AES encryption in CBC mode with 'Elephant diffuser.' To avoid any remote possibility of unauthorized decryption, power off (do not use hibernate or standby) the device when not in your possession and at least 5 mins before crossing border, and require the BIOS password be entered at bootup. Do not bring your Bitlocker USB recovery key with you (store it at home in a safety deposit box).

One of the few encryption techniques not hacked by any gov't or non-gov't agency (worldwide).

Step by step guide: How to encrypt (almost) anything: http://www.pcworld.com/article/2025462/how-to-encrypt-almost-anything.html

See: Did the FBI Lean On Microsoft for Access to Its Encryption Software: http://mashable.com/2013/09/11/fbi-microsoft-bitlocker-backdoor/

Bitlocker - Security Concerns: https://en.wikipedia.org/wiki/BitLocker_Drive_Encryption#Security_concerns



The Gorn

  • I absolutely DESPISE improvised sulfur-charcoal-salt peter cannons made out of hollow tree branches filled with diamonds as projectiles.
  • Trusted Member
  • Wise Sage
  • ******
  • Posts: 21648
  • Gorn Classic, user of Gornix
    • View Profile
Re: Travel to China
« Reply #12 on: March 13, 2014, 11:46:51 AM »
I'm resurrecting an old thread here but the solution is to Bitlocker your drive, included for free with the Enterprise and Ultimate editions of Windows Vista and Windows 7, and Pro and Enterprise editions of Windows 8 (requires device to have a TPM chip)). With Windows 7 and later, you can even fully Bitlocker any USB storage device (Bitlocker to Go).

Sounds great, but that excludes Windows 7 Pro. I'm not using Enterprise anything, at least deliberately.

How do you feel about Truecrypt for the rest of us?

I think I posted here a while ago about Windows encryption available on Windows 7 all versions, applied to specific folders. I've done this. Unfortunately, it seems to have impaired the ability of the OS to roll back, which is a handy and sometimes necessary capability. (Applying a restore point after I made this change to encrypt a bunch of folders results in failure every single time.)
Gornix is protected by the GPL. *

* Gorn Public License. Duplication by inferior sentient species prohibited.

ckent1

  • Trusted Member
  • Occasional User
  • ******
  • Posts: 45
    • View Profile
Re: Travel to China
« Reply #13 on: March 13, 2014, 01:40:49 PM »
I believe we should find out shortly: NSA spying prompts open TrueCrypt encryption software audit to go viral: http://www.computerworld.com/s/article/9243873/NSA_spying_prompts_open_TrueCrypt_encryption_software_audit_to_go_viral

Also, just received a Security Advisory from Cisco that all ASA/PIX firewalls (since at least 2008) are being investigated for the NSA backdoor reported by Der Spiegel in Dec. 2013:

Cisco Security Response - Der Spiegel Article on Networking Equipment Infiltration: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20131229-der-spiegel

John Stewart, Cisco Senior Vice President, Chief Security Officer Blog: Comment on Der Spiegel articles about NSA TAO Organization (UPDATE 2): http://blogs.cisco.com/news/comment-on-der-spiegel-articles-about-nsa-tao-organization/

Shopping for Spy Gear: Catalog Advertises NSA Toolbox: http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html

ckent1

  • Trusted Member
  • Occasional User
  • ******
  • Posts: 45
    • View Profile
Re: Travel to China
« Reply #14 on: March 13, 2014, 03:20:48 PM »
All HTTPs as well as SSL implementations that utilize Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) are not safe (RSAs worldwide deployment helped by a $10M payment from the NSA):

Revealed: how US and UK spy agencies defeat internet privacy and security: http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

NSA backdoor in the Dual_EC_DRBG PRNG: https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator#NSA_backdoor_in_the_Dual_EC_DRBG_PRNG

N.S.A. Able to Foil Basic Safeguards of Privacy on Web: http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?pagewanted=all&_r=0

Dual_EC_DRBG: https://en.wikipedia.org/wiki/Dual_EC_DRBG