zlacker

>>el_dud+(OP)
Given China's expansive attitude to industrial espionage (all foreign companies are fair game), if I were in charge of security for a large multinational, what's my security policy going to be for my employees who travel to China for meetings? Does this change anything? or is behaviour like this from China or indeed anyone else, already priced in?

>>erdo+7f
Others can chime in, but I believe that most serious companies doing business with China have a burner-device policy for employees travelling to China.

Your devices will all be hacked with industrial espionage malware, and just in case you don't have anything on those devices, you will be given devices as "gifts"—like flash drives and WiFi-equipped smart home devices--that will exploit any devices you didn't bring with you.

INAE, but I believe the usual policy is to accept the gifts but discard them at the first opportunity.

>>brayth+Ag
I'm always confused when I hear this about why malware researchers don't obtain a huge trove of malware samples (and/or zero-day exploits) by obtaining some of these "gifts" and then connecting them to honeypot devices. If all you have to do to receive one is travel to China as an employee of a major U.S. company, they must be quite easy to get ahold of.

>>schoen+Qj
Someone must have a lot of free time to do this instead of work.