In search of fun and exotic places, travelers often carry electronic devices to record their adventures, but you should be aware of the downside of carrying these devices, which can be compromised by criminals and the security services of foreign governments, says the National Counterintelligence and Security Center, part of the Office of the Director of National Intelligence.
Foreign intelligence entities, which may include foreign governments, large international corporations, local businesses and their proxies, are actively targeting information, assets and proprietary data about technologies that are vital to both U.S. national security and our global competitiveness, NCSC says.
NCSC’s recently published 2018 Foreign Economic Espionage in Cyberspace report highlights “current threats and future trends in foreign efforts to steal U.S. intellectual property, trade secrets and proprietary information via cyberspace.”
In most countries you have no expectation of privacy in internet cafes, hotels, offices or public places. Hotel business centers and phone networks are routinely monitored in many countries. In some countries, hotel rooms are often searched, NCSC says.
The NCSC advises that all information you send electronically – by fax, electronic devices, telephone and mobile phone – can be intercepted. Wireless devices are especially vulnerable.
Security services and criminals can track your movements using your mobile phone, or other electronic devices, and can turn on the microphone in your device without your knowledge. NCSC recommends that you remove the battery to prevent this.
Security services and criminals can insert malicious software into your device through any connection they control. They can also do it wirelessly if your device is enabled for wireless. When you connect to your home server, the malware can insidiously travel to your business, agency or home network, can inventory your network, and can send information back to the security service or potential malicious actor.
Malware can also be transferred to your device through thumb drives (USB sticks), computer disks and other “gifts” that security services and criminals may try to give you while masquerading as a fellow tourist or friendly local.
Transmitting sensitive government, personal or proprietary information from abroad is extremely risky, NCSC says, “Corporate and government officials are most at risk, but don’t assume you’re too insignificant to be targeted.” Foreign security services and criminals are especially adept at “phishing” – that is, pretending to be someone (or an organization) you trust to obtain personal or sensitive information.
The NCSC cautions that if a customs official demands to examine your device, or if your hotel room is searched while the device is in the room and you’re not present, you should assume the device’s hard drive has been copied and is compromised.
The NCSC advises that before you travel, you should refer to the checklist below.
- If you can do without the device, don’t take it and don’t take information you won’t need, including sensitive contact information. Consider the consequences if your information were stolen by a foreign government or industry competitor.
- Back up all information you take and leave backed-up data at home.
- If possible, use a different mobile phone, or other electronic device, from your customary one and remove the battery when not in use.
- Seek official cybersecurity alerts from: www.onguardonline.gov and www.us-cert.gov/cas/tips.
For general travel alerts and information, go to the Department of State site: http://travel.state.gov/content/passports/en/alertswarnings.html.
If you do decide to take electronic devices, the NCSC offers these recommendations:
- Create a strong password: a mix of numbers, upper and lower case letters, special characters – at least 8 characters long. Never store passwords, phone numbers, or sign-on sequences on any device or in its storage case. Change passwords at regular intervals and as soon as you return.
- Download current, up-to-date antivirus protection, spyware protection, OS security patches and a personal firewall.
- Encrypt all sensitive information on the device. But be warned that in some countries, customs officials may not permit you to enter with encrypted data.
- Update your web browser with strict security settings and disable infrared ports and features you don’t need.
Good Cybersecurity Practices
While you are traveling, do not carry electronic devices in checked baggage, and don’t leave electronic devices unattended. If you must store them, remove the battery and SIM card and keep them with you, NCSC says.
Shield passwords from shoulder surfing attempts. It’s a criminal specialty for obtaining sensitive information, including credit card numbers and PINs. It’s especially effective in crowded places where you may not be aware that you are being observed.
Terminate connections when you’re not using them and clear your browser after each use. Delete history files, caches, cookies, URL and temporary internet files. Avoid Wi-Fi networks. In some countries they’re controlled by security services; in all cases they are inherently insecure.
Finally, if your device or information is stolen, report it immediately to your home organization and the local U.S. embassy or consulate.
The National Counterintelligence and Security Center (NCSC) is led and staffed by a cadre of professionals with decades of national security and law enforcement expertise and varied analytic, investigative and policymaking backgrounds. Working with partners across the Executive Branch Departments and agencies and the private sector, NCSC provides expertise in several mission areas including insider threat, supply chain risk management and personnel security. Additional information is available in the NCSC Strategic Plan for 2016-2020.