How the pros thwart computer spies with James Bond tricks

[InfoSec News <alerts () infosecnews org>]

http://news.cnet.com/8301-1009_3-57504727-83/how-the-pros-thwart-computer-spies-with-james-bond-tricks/

By Elinor Mills
Security & Privacy
CNET News
September 4, 2012

H.D. Moore wasn't taking chances.

During the spring of 2009, the information specialist traveled to 
Shanghai on a work trip. For a computer, though, he carried only a 
stripped down Netbook that he modified using a trick even James Bond 
would have admired. He sawed off the end of one of the laptop case 
screws and mashed a small bit of a crushed Altoids mint into the hole 
before putting the screw back in. After leaving it in his hotel room for 
a few hours, he came back to find that the powder had disappeared. 
Something had caused the battery to fail, and one of the three passwords 
protecting his machine had been wiped.

"More than likely it was tampered with," Moore, chief security officer 
at security firm Rapid7, said. While he concedes a "slim chance" that 
the battery just happened to die when he left the room, he notes that 
it's odd for dead batteries to start working again upon reboot, as his 
did. Not to mention the fact that the powder in the screwhole would have 
had to displace itself at the same time.

Welcome to the world of international corporate espionage, where USB 
sticks are a favored tools for spies and bribable hotel workers are a 
dime a dozen. The problem is rampant, particularly in China, where the 
secrets in laptops of U.S. officials and businessmen can reshape an 
industry or change the course of a war.

[...]