US probes whether laptop copied on China trip

WASHINGTON (AP) -- U.S. authorities are investigating whether Chinese officials secretly copied the contents of a government laptop computer during a visit to China by Commerce Secretary Carlos M. Gutierrez and used the information to try to hack into Commerce computers, officials and industry experts told The Associated Press.

Surreptitious copying is believed to have occurred when a laptop was left unattended during Gutierrez's trip to Beijing for trade talks in December, people familiar with the incident told the AP. These people spoke on condition of anonymity because the incident was under investigation.

Gutierrez told the AP on Thursday he could not discuss whether or how the laptop's contents might have been copied.

"Because there is an investigation going on, I would rather not comment on that," he said. "To the extent that there is an investigation going on, those are the things being looked at, those are the questions being asked. I don't think I should provide any speculative answers."

A Commerce Department spokesman, Rich Mills, said he could not confirm or deny such an incident in China. Asked whether the department has issued new rules for carrying computers overseas, Mills said: "The department is continuing to improve our security posture, and that includes providing updates, guidances and best practices to staff to maintain security."

It was not immediately clear what information on the laptop might have been compromised, but it would be highly unorthodox for any U.S. government official to carry classified data on a laptop overseas to China, especially one left unattended even briefly. Modern copying equipment can duplicate a laptop's storage drive in just minutes.

The report of the incident is the latest in a series of worrisome cyber security problems blamed on China and comes at a sensitive time, with looming trade issues between the countries and special attention on China over the upcoming summer Olympics. Gutierrez returned just weeks ago from another trip to Beijing, where he noted he had "traveled here more than to any other foreign city during my tenure as commerce secretary."

In the period after Gutierrez returned from China in December, the U.S. Computer Emergency Readiness Team - known as US-CERT, some of the government's leading computer forensic experts - rushed to the Commerce Department on at least three occasions to respond to serious attempts at data break-ins, officials told the AP.

"There's nothing to substantiate an actual compromise at this time," said Russ Knocke, spokesman for the Department of Homeland Security. Knocke said he was unable to find records of a DHS investigation. He said US-CERT workers have visited the Commerce Department eight times since December, but none of those visits related to laptops or the secretary's trip to China. He said the US-CERT organization works routinely with all U.S. agencies.

The FBI declined to comment.

It wasn't clear whether leaving the laptop unattended violated U.S. government rules. Some agencies, such as Homeland Security, routinely provide officials with sanitized laptops to carry on trips overseas and require them to leave in the U.S. their everyday laptops, which might contain sensitive information. Some former Commerce officials told the AP they were careful to keep electronic devices with them at all times during trips to China.

"We have rules in place," Gutierrez said. "We have procedures that people go through before they travel. So, there is a very significant process in place. Technology is obviously moving very quickly, and we have to move very quickly with it. But all of that is something that we are going through."

A senior U.S. intelligence official, Joel F. Brenner, recounted a separate story of an American financial executive who traveled to Beijing on business and said he had detected attempts to remotely implant monitoring software on his handheld "personal digital assistant" device - software that could have infected the executive's corporate network when he returned home. The executive "counted five beacons popped into his PDA between the time he got off his plane in Beijing and the time he got to his hotel room," Brenner, chief of the office of the National Counterintelligence Executive under the CIA, said during a speech in December.

Brenner recommended throwaway cellular phones for any business people traveling to China.

"The more serious danger is that your device will be corrupted with malicious software that takes only a second or two to download - and you will not know it - and that can be transferred to your home server when you collect your e-mail," he said.

The Pentagon, State Department and Commerce Department all have been victimized by widespread computer intrusions blamed on China since July 2006. Defense Secretary Robert Gates confirmed in September that parts of the Pentagon's unclassified e-mail system - used by Gates and hundreds of others - were disrupted in June 2007 due to a break-in.

The Commerce Department break-ins have been so serious that its Bureau of Industry and Security, which regulates exports of sensitive technology that might be used in weapons, effectively unplugged itself from the Internet.

Workers were instructed to use a few laptops placed around the office that are isolated from the department's network, even to search for public information using Google's Web search engine.

"We have discovered a number of very serious threats to the integrity of our systems and data," wrote then-Deputy Undersecretary of Commerce Mark Foulon to employees in an e-mail obtained by AP under the Freedom of Information Act. He said the department was not the government's only hacking victim, "but we have an obligation, which we must take seriously, to take all necessary measures to protect our systems and our data."

At the time, Foulon acknowledged that some of the protective measures "may create difficulties and even reduce productivity."

Fully one year after being unplugged from the Internet, some Commerce Department employees complained about the inconvenience. One worker offered to provide his own laptop so he could work at his desk, rather than use one of the office terminals 30 feet away. "How that endanger the network?" the employee wrote last summer. His request was denied by a security supervisor who complained that he, too, was struggling with the same Internet restrictions.