Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Security risks of doing business with China?
From: bk <chort0 () gmail com>
Date: Thu, 1 Nov 2012 10:41:11 -0700


On Nov 1, 2012, at 1:43 AM, Dan Ballance wrote:

Hi guys,

I greatly respect the collective knowledge about security matters on this list. What do you make of this BBC report? 
Here in the UK we are seeming happy to do business with China, but other countries are blocking over alleged security 
concerns. Do you think these concerns are legitimate or is this purely political protectionism?

http://www.bbc.co.uk/news/business-20163907

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


There are two main ways businesses are at risk when dealing with China:

a) Trying to business _in_ China, the authorities won't let you setup shop directly, but instead force you into a 
"joint venture" with an established (and state-supported) Chinese company. In order to make and sell your products, you 
have to transfer a lot of intellectual property to the joint venture. Guess what happens to that intellectual property? 
Pretty soon there are multiple Chinese companies making exactly the same thing you make, but selling for a lot cheaper, 
and maybe not only in their domestic market.

b) Deploying Chinese-built infrastructure components in critical areas of your country. There's a lot of hype about 
backdoors, but IMO the biggest practical risk is the technical experts they send to do the support. Do people do 
background checks on the support experts they send in who will have privileged access and debugging capabilities? I 
doubt it. Maybe they don't even steal any information directly, but simply file reports on how the infrastructure is 
designed and connected. That information alone has strategic value.

Related to the original article, simply selling a stake as an investment doesn't appear to be all that risky. It's a 
question of what access is granted as a part of that investment. Do they get access to board members, to sensitive 
financial data? If there's no access to non-public data or trade secrets, then there wouldn't appear to be much risk.

Are politicians exploiting China-bashing for votes? Absolutely. Just like any major issue, people are trying to hitch 
their wagon to it in improbable ways. That doesn't mean there isn't any truth to it.

If you're a business going into China, know that their goal will be to replace you with domestic companies within 
several years. Don't get bullied into stretching past your risk tolerance. They're really good at making it seem like 
you have a huge opportunity, if only you give in just a little bit more...

--
chort
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault