[Cryptography] Ranking what draws surveillance attention

[Kent Borg]

I'm a nobody, but I once drew personalized, physical attention of some 
Chinese internal state security organization.


At the time I worked for a company that did avionics for small aircraft. 
I have always been interested in security and practice pretty careful 
security myself, more as a thought exercise than for real reasons. I 
caught their attention.

My wife and I were on a trip to China over the holidays, 2008 to 2009. A 
couple-ish weeks, traveling alone, not on a tour. This was before the 
Great Firewall was so robust, and I brought my Linux computer with me. I 
could use the wifi in tourist hotels. When I did use the wifi it was for 
web stuff, and also encrypted connections (SSH, I suspect also IMAP at 
that point) to my personal server at home, on a static IP address, in 
the USA. This was before the "only bring disposable electronics to 
China"-rule, but I kept my computer with me at all times. Almost.

I also brought my handheld GPS hiking receiver with me and used it a 
lot, because I like my toys. (The embedded Garmin maps of China seemed 
to always about a ¼-mile offset from reality.) I most likely had a tiny 
shortwave radio with me, too. A Sony SW-1, or more likely the fancier 
Sony SW-100, both very nice little radios. We took a lot of pictures, 
too, because "film" (flash memory) was suddenly so cheap!

Very early in the trip I was attacked by an evil bowl of soup at dinner 
and was quite sick for a few days, holed up in our hotel room in the 
French Quarter of Shanghai, my wife was out and about, bringing me back 
some simple foods that she hoped wouldn't make me worse.

We were in Hangzhou and West Lake over Christmas where, as the only 
foreigners (only intelligence targets?) at the hotel's Christmas dinner 
event, we were treated like celebrities. I remember being up on stage at 
one point, my wife, too. Though I would have carried the silver 
"Bubbleope" the computer was in with me, like a woman's clutch. Or, 
maybe not. Maybe I left my computer and my "purse" with my wife, but 
then she got called up later and it was left alone for a couple minutes. 
Not enough time to tamper with my computer, but enough time to mess with 
my purse.

After our visit to Xian to see the Terracotta Warriors we returned to 
Shanghai, and one sight that was still a must-see on our list was their 
fabulous archeology museum. But they wouldn't let me bring in my 
computer in. I had to check it.


[Wonderful museum. In galleries with delicate scrolls the light on the 
art would be kept extremely dim if no one was in the room, but when we 
entered the lights would come up enough to see the art, but in a kind of 
sequence around the room. I would be looking at one spot and it would be 
okay level of brightness, then it would dim considerably—I could still 
kind of see what I was looking at because I was still looking at it, and 
a few seconds later out would get brighter again. My mind could 
integrate over the span. Very clever, the total light exposure was kept 
very low.]


When we decided we were done with the museum and were about to leave 
suddenly a young man in a suit appeared out of nowhere and recited from 
memory, in a thick Chinese accent, one of Obama's famous speeches. (We 
had been Obama donors and volunteers.) We were startled and delighted. 
Turned to each other with big smiles, and when we turned back he had 
vanished.


It took me an embarrassingly long time to realize that this was a well 
prepared contingency, a delaying tactic. I think they wanted time to get 
my computer back into the cloakroom before we got there. (This was a 
kinder, gentler time, when they didn't want to be caught in their snooping.)


I don't know what they did to my computer, nothing obvious. It was a 
cute, tough, little Panasonic "Lets Note" marketed only in the Japanese 
market (complete with my Obama '08 sticker on the lid). I had Red Hat 
(?) Linux on it, which was very unusual behavior, particularly back 
then. Fully encrypted disk, including swap—but not the boot partition. 
My user password was not known to them, not recycled from other 
purposes, not typed out in the open without hunching over the keyboard, 
my encryption passphrase also unknown to them and a lot longer than the 
password. I had left it at the museum in sleep mode, when I woke it up I 
was sensible enough to be observant it seemed to be exactly as I left 
it, same software running, windows in the same position, it had not been 
rebooted. I do know there was later discovered to be a DMA vulnerability 
on the PCMCIA card slot. Or maybe it was the Firewire. Or probably both. 
My guess at the time is they had some exploit ready to install, but were 
pissed to discover I wasn't running MS Windows. Maybe they imaged the 
live RAM. We were in the museum probably for over an hour but I think 
less than two, not sure.

We flew home a couple days later.


They went to a /lot/ of effort, presumably tracking us across the 
country, trying to catch my computer alone in a hotel room and failing, 
they did their research to know were were Obama supporters, someone 
memorized that speech for us. This was not a cheap operation.


I still have the computer, right here (it was a /very/ nice machine), I 
haven't booted it in years, I think I still have record of the 
passphrase and password, I think I even still have the power supply…

Back then I kept my passwords encrypted in a Palm Pilot, but I 
transferred them over to something more modern since. So I have 
passwords records going back a long time. I don't recycle passwords, my 
online accounts have never been compromised via anything other then a 
site itself being incompetent, such leaked passwords from, say, Myspace, 
are worthless elsewhere, I suppose that also makes me suspicious. (The 
Palm Pilot really did stay on me at all times. Or was it alone in the 
dark briefly on Christmas Eve?)


And I'm still just a nobody. But I caught their attention.


-kb, the Kent who probably would not return to China and if he did would 
have to go barefoot, so speak, with only disposable electronics; but the 
Kent who also would love to meet those who were on the other side of the 
operation, they must be getting old, too.


P.S. These days my computer is /fully/, fully encrypted. No unencrypted 
boot partition anymore. No boot partition at all, in fact. I keep that 
in my pocket, on a little UBS device, with my keys.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20260216/d5945fac/attachment.htm>