UNCLASSIFIED//FOR OFFICIAL USE ONLY
UNCLASSIFIED//FOR OFFICIAL USE ONLY
Homeland Security Assessment
Office of Intelligence and Analysis
(U) Warning: This document is UNCLASSIFIED//FOR OFFICIAL USE ONLY (U//FOUO). It contains information that may be exempt from public release under the
Freedom of Information Act (5 U.S.C. 552). It is to be controlled, stored, handled, transmitted, distributed, and disposed of in accordance with DHS policy relating to
FOUO information and is not to be released to the public, the media, or other personnel who do not have a valid need-to-know without prior approval of an
authorized DHS official. State and local Homeland security officials may share this document with authorized security personnel without further approval from DHS.
(U) Foreign Travel Threat Assessment: Electronic
Communications Vulnerabilities
10 June 2008
(U) Prepared by the Critical Infrastructure Threat Analysis Division. Coordinated with the FBI/Domestic
Threats and Technology Cyber Intelligence Unit, the National Cyber Security Division/United States
Computer Emergency Readiness Team, and the Office of the National Counterintelligence Executive.
(U) Key Findings
(U//FOUO) Foreign governments routinely target the computers and other electronic
devices and media carried by U.S. corporate and government personnel traveling
abroad to gather economic, military, and political information. Theft of sensitive
information can occur in a foreign country at any point between a traveler’s arrival
and departure and can continue after returning home without the victim being aware.
(U//FOUO) Use of cell phones, laptops, and personal digital assistants (PDAs) in
foreign countries exposes these devices to unauthorized access and theft of data by
criminal and foreign government elements. Travelers should assume that they cannot
protect electronically stored data and should not transmit sensitive government,
personal, or proprietary information on the Internet or through telecommunications
equipment.
(U//FOUO) Personal electronic equipment carried abroad is vulnerable to installation
of malicious software that can steal or manipulate data well after the traveler returns
home. Devices carried overseas should be screened thoroughly upon return for the
presence of malicious software.
(U//FOUO) Risks associated with use of electronic media overseas can be reduced
through proper handling techniques. The simplest of these is to leave such devices at
home. Barring that, protective measures should include using designated “travel”
computers, single-use cell phones, and temporary e-mail addresses as well as
refraining from communicating with a home organization’s information technology
systems.