Other countries may be interested in company secrets, specific knowledge or technology, as well as information about the political and economic situation in our country. Business trips to these countries may come with a risk of espionage. One of these countries is China. Persons travelling to China for work have to be alert to espionage attempts, for example via their devices. This is the case for employees of both public and private organisations. Especially when they are involved in fields which are relevant to China.
Espionage via malware
One of the ways in which espionage can take place is by installing software on the devices of the traveller. This usually happens via the USB port.
The malware installation takes place after a copy of the hard drive is made. If the hard disk is encrypted (with e.g. BitLocker), the device has to be opened to circumvent this encryption. This can leave visible traces.
In both situations direct access to the equipment is necessary. Access to a device takes place at the moment that it is separated from its owner, such as during a dinner, meeting, or another gathering.
How to counter it?
It is possible to limit the risks of espionage as much as possible when travelling to China. The traveller can take the following measures:
- Only bring the information that is strictly necessary for the trip.
- Opt for temporary mobile devices such as a laptop and phone. To this end, many organisations already provide the possibility to use temporary devices.
- Install only applications which are necessary for the trip. Limiting the number of applications reduces the number of possibilities to infect or gain entry to the device.
- Take measures to prevent tampering. You can buy a laptop that registers whether the laptop has been opened up. It is also possible to use tamper-evident stickers or security bags for this.
- Prevent the temporary device you use from connecting to your email, instant messaging accounts, and social media.
- Use hard disk encryption of e.g. BitLocker or products assessed by the AIVD such as Hiddn Safedisk and PRIM’X Cryhod. Ensure that the equipment can only boot up with multifactor authentication (pre-boot authentication). Without pre-boot authentication with multifactor authentication, it is relatively easy for state-sponsored actors to break through the encryption.
- Use a software restriction policy.
- Prevent unknown or undesirable scripts, programs, or executables from running.
- Ensure that files cannot be executed from USB flash drives, desktop, or download folders.
- It is also sensible to take equipment and to not to leave this in, for example, a hotel room safe. Hotel safes can be opened by the hotel staff and as a result also by malicious actors.
- Use separate devices to use applications which are made available by, or are linked to the Chinese government.
- Do not connect the equipment you brought on your trip to your organisation's network upon return.
- Be alert to any damage or the equipment behaving strangely.
The above mentioned information and advice can also be downloaded as a one-pager.
In addition, further information can be found in the publication ‘Travelling Abroad - safety risks.'
Further information:
- ESET Research, A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity, dated 27 April 2022,
- Microsoft, BitLocker countermeasures, dated 18 June 2024,