Yesterday, I wrote about a prediction from the SANS Institute that news would break today about another government laptop being lost. And this laptop belonged to a top-level senior executive, according to a comment written by Alan Paller, director of research at SANS, who commented on a news brief. Now we know the news came from National Journal, which posted late on Thursday an in-depth article by Shane Harris on how China has infiltrated U.S. government computers, stolen proprietary information, and accessed electric utilities and possibly caused major blackouts in the United States. The laptop Paller referred to was one used by Commerce Department Secretary Carlos Gutierrez. The laptop wasn't lost or stolen, but its contents were "clandestinely" downloaded while Gutierrez and a U.S. trade delegation was in China, according to the article, which is also posted on Nextgov. Here's an excerpt:
During a trip to Beijing in December 2007, spyware programs designed to clandestinely remove information from personal computers and other electronic equipment were discovered on devices used by Commerce Secretary Carlos Gutierrez and possibly other members of a U.S. trade delegation, according to a computer-security expert with firsthand knowledge of the spyware used. Gutierrez was in China with the Joint Commission on Commerce and Trade, a high-level delegation that includes the U.S. trade representative and that meets with Chinese officials to discuss such matters as intellectual-property rights, market access, and consumer product safety. According to the computer-security expert, the spyware programs were designed to open communications channels to an outside system, and to download the contents of the infected devices at regular intervals. The source said that the computer codes were identical to those found in the laptop computers and other devices of several senior executives of U.S. corporations who also had their electronics â€œslurpedâ€ while on business in China. The source said he believes, based on conversations with U.S. officials, that the Gutierrez compromise was a source of considerable concern in the Bush administration. Another source with knowledge of the incident corroborated the computer-security expertâ€™s account.