Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Cyberattack on Google Said to Hit Password System
By JOHN MARKOFF
Published: April 19, 2010
Ever since Google disclosed in January that Internet intruders had stolen information from its computers, the exact nature and extent of the theft has been a closely guarded company secret. But a person with direct knowledge of the investigation now says that the losses included one of Google’s crown jewels, a password system that controls access by millions of users worldwide to almost all of the company’s Web services, including e-mail and business applications.
Readers' Comments
Share your thoughts.
Post a Comment »
Read All Comments (33) »
The program, code named Gaia for the Greek goddess of the earth, was attacked in a lightning raid taking less than two days last December, the person said. Described publicly only once at a technical conference four years ago, the software is intended to enable users and employees to sign in with their password just once to operate a range of services.
The intruders do not appear to have stolen passwords of Gmail users, and the company quickly started making significant changes to the security of its networks after the intrusions. But the theft leaves open the possibility, however faint, that the intruders may find weaknesses that Google might not even be aware of, independent computer experts said.
The new details seem likely to increase the debate about the security and privacy of vast computing systems such as Google’s that now centralize the personal information of millions of individuals and businesses. Because vast amounts of digital information are stored in one place, popularly referred to as “cloud” computing, a single breach can lead to disastrous losses.
The theft began with an instant message sent to a Google employee in China who was using Microsoft’s Messenger program, according to the person with knowledge of the internal inquiry, who spoke on the condition that he not be identified.
By clicking on a link and connecting to a “poisoned” Web site, the employee inadvertently permitted the intruders to gain access to his (or her) personal computer and then to the computers of a critical group of software developers at Google’s headquarters in Mountain View, Calif. Ultimately, the intruders were able to gain control of a software repository used by the development team.
The details surrounding the theft of the software have been a closely guarded secret by the company. Google first publicly disclosed the theft in a Jan. 12 posting on the company’s Web site, which stated that the company was changing its policy toward China in the wake of the theft of unidentified “intellectual property” and the apparent compromise of the e-mail accounts of two human rights advocates in China.
The accusations became a significant source of tension between the United States and China, leading Secretary of State Hillary Rodham Clinton to urge China to conduct a “transparent” inquiry into the attack. In March, after difficult discussions with the Chinese government, Google said it would move its mainland Chinese-language Web site and begin rerouting search queries to its Hong Kong-based site.
Company executives on Monday declined to comment about the new details of the case, saying they had dealt with the security issues raised by the theft of the company’s intellectual property in their initial statement in January.
Google executives have also said privately that the company had been far more transparent about the intrusions than any of the more than two dozen other companies that were compromised, the vast majority of which have not acknowledged the attacks.
Google continues to use the Gaia system, now known as Single Sign-On. Hours after announcing the intrusions, Google said it would activate a new layer of encryption for Gmail service. The company also tightened the security of its data centers and further secured the communications links between its services and the computers of its users.
Several technical experts said that because Google had quickly learned of the theft of the software, it was unclear what the consequences of the theft had been. One of the most alarming possibilities is that the attackers might have intended to insert a Trojan horse — a secret back door — into the Gaia program and install it in dozens of Google’s global data centers to establish clandestine entry points. But the independent security specialists emphasized that such an undertaking would have been remarkably difficult, particularly because Google’s security specialists had been alerted to the theft of the program.
However, having access to the original programmer’s instructions, or source code, could also provide technically skilled hackers with knowledge about subtle security vulnerabilities in the Gaia code that may have eluded Google’s engineers.
“If you can get to the software repository where the bugs are housed before they are patched, that’s the pot of gold at the end of the rainbow,” said George Kurtz, chief technology officer for McAfee Inc., a software security company that was one of the companies that analyzed the illicit software used in the intrusions at Google and at other companies last year.
Rodney Joffe, a vice president at Neustar, a developer of Internet infrastructure services, said, “It’s obviously a real issue if you can understand how the system works.” Understanding the algorithms on which the software is based might be of great value to an attacker looking for weak points in the system, he said.
When Google first announced the thefts, the company said it had evidence that the intrusions had come from China. The attacks have been traced to computers at two campuses in China, but investigators acknowledge that the true origin may have been concealed, a quintessential problem of cyberattacks.
Several people involved in the investigation of break-ins at more than two dozen other technology firms said that while there were similarities between the attacks on the companies, there were also significant differences, like the use of different types of software in intrusions. At one high-profile Silicon Valley company, investigators found evidence of intrusions going back more than two years, according to the person involved in Google’s inquiry.
In Google’s case, the intruders seemed to have precise intelligence about the names of the Gaia software developers, and they first tried to access their work computers and then used a set of sophisticated techniques to gain access to the repositories where the source code for the program was stored.
They then transferred the stolen software to computers owned by Rackspace, a Texas company. Rackspace, which had no knowledge of the transaction, offers Web-hosting services. It is not known where the software was sent from there. The intruders had access to an internal Google corporate directory known as Moma, which holds information about the work activities of each Google employee, and they may have used it to find specific employees.
A version of this article appeared in print on April 20, 2010, on page A1 of the New York edition.
Bridge,The SP of SYMC has been stagnant for a long time!In the last 5 years it has traded in a range from just over $22 to today's closing of $16.93.It is dead money!
HP faces raft of complaints in China
By Kathrin Hille in Beijing
Published: March 10 2010 00:03 | Last updated: March 10 2010 00:03
Chinese lawyers have filed a complaint on behalf of more than 170 consumers against Hewlett-Packard, requesting that the Chinese government order a recall of allegedly faulty notebook computers.
The move is the first time the world’s largest PC brand has faced organised action from overseas consumers.
EDITOR’S CHOICE
The dotcom bubble: 10 years on - Mar-09
Video: 10 years after the dotcom bubble - Mar-10
Techs reflect on decade since dotcom boom - Mar-09
Short View: Nasdaq’s crash - Mar-09
How today’s killer apps died first time round - Mar-09
It is a sign that shoppers in the world’s most populous market are increasingly aware of their consumer rights and more willing to fight for them.
The complaint, seen by the Financial Times, was delivered to the General Administration for Quality Supervision, Inspection and Quarantine (AQSIQ) on Monday.
It requests that the quality watchdog investigate the quality of HP notebooks and order the company to buy back or exchange allegedly faulty machines bought by the plaintiffs and to compensate them for losses. It also calls for AQSIQ to request a recall of the notebooks.
Laweach, a not-for-profit website that helped organise laptop users for the case, said Chinese buyers of certain HP laptop computers sold since 2007 had faced malfunctioning screens and overheating problems on a massive scale.
The complaint said the problems were due to faulty graphics cards produced by Nvidia, a chipmaker which supplies several PC makers with this component.
In July 2008, Nvidia publicly acknowledged quality problems with some graphics cards and announced it was paying PC makers to deal with resulting problems.
The complaint said that although HP had offered an extension of warranty periods for some notebook models, that was not a thorough solution to the problem.
“We have also noticed that HP in the US offered consumers extended warranty periods for even more models and compensated them for transport costs, but in China, it has not made a statement or offered services, and openly discriminated against Chinese consumers,” the complaint said.
Jiang Suhua, a lawyer at Yingke Law Firm in Beijing, said the group was not taking HP to court because the absence of class action in China meant the prospects for such action were dim. He said he hoped AQSIQ would order a recall, and consumers could then negotiate compensation with HP.
AQSIQ has increasingly muscled in on consumer rights. So far this year, in the car market alone, the quality watchdog ordered recalls of two Mitsubishi models, two Peugeot models, one Citroën model and one Chrysler model.
A decision in the HP case would set a new precedent, however, as Chinese law so far has clear rules only for recalls of cars, food products, drugs and toys.
“We hope we can set a precedent and help strengthen the protection of consumer rights in China,” said Mr Jiang.
HP said it was not able to comment by the time of going to press. AQSIQ declined to comment.
The issue has come to light just as HP announced it would sue MicroJet Technology, a Taiwanese maker of printer ink cartridges, and three other companies, alleging their products infringed its patents.
Copyright The Financial Times Limited 2010. Y
OT...Google CEO: Mobile Computing Reshaping Internet
By THE ASSOCIATED PRESS
Published: March 10, 2010
Filed at 8:54 a.m. ET
ABU DHABI, United Arab Emirates (AP) -- Google's CEO says mobile smartphones are transforming the Internet, and defended his company's growing dominance over information on the Web.
Eric Schmidt told an Arab media conference Wednesday he has been ''struck by the explosion of mobile computing'' and says the devices are ''clearly going to win'' the battle with traditional computers.
He also defended his company's growing influence against complaints it is becoming too powerful, saying that Google's ''competitors have an incentive for us not to be successful.''
Schmidt is speaking at a media summit in the Emirati capital Abu Dhabi. The Arab world is one of the fastest growing Internet markets in the world.
SIGN IN TO E-MAIL
PRINT
Times Reader 2.
P & F.....Many thanks for your neutrality and insight!
Since the stock had a big run it seems as the traders have taken over our Board. We should focus on DD and corporate fundamentals.I am sure that the majority of WAVE holders are interested in the long term and not the day to day gyrations and pump and dump tactics.
We need to pay attention to the more sober and serious minds that post here.We know who they are.I would not pay attention or respond to the traders and fear mongerers!
GLTA....WAVX will make us plenty of $ but TTT!Do not trade and do not buy on Margin.
Lockheed Seeks to Predict Cybersecurity Threats
By REUTERS
Published: March 1, 2010
Filed at 1:57 p.m. ET
GAITHERSBURG, Maryland (Reuters) - Lockheed Martin Corp, the No. 1 information technology provider to the U.S. government, is working hard to better predict and protect against increasingly sophisticated and stealthy cyber attacks.
Lockheed, also the Pentagon's biggest contractor, is opening a second internal security intelligence center in Denver this week to complement the one it opened in May 2008 in Gaithersburg, Maryland, north of Washington.
Some analysts and software developers at the Gaithersburg center starred in a video Lockheed recently posted on YouTube, (
New Banking Trojan Discovered Targeting Businesses' Financial Accounts
Bugat Trojan spread via the Zbot/Zeus botnet, say SecureWorks researchers
Feb 09, 2010 | 04:27 PM
By Kelly Jackson Higgins
DarkReading
The infamous Zbot botnet that spreads the pervasive Zeus Trojan has been seen distributing a brand-new banking Trojan -- one that researchers say could serve as a lower-cost alternative to the popular Zeus and Clampi malware for cybercriminals.
The new Bugat Trojan, which was discovered by researchers at SecureWorks, appears to be aimed at mostly business customers of large and midsize banks. It's built for attacks that hack automated clearinghouse (ACH) and wire transfer transactions for check and payment processing -- attacks in which U.S.-based SMBs and state and local governments are losing an average of $100,000 to $200,000 per day, according to data from Neustar.
To date, Zeus and Clampi Trojans have mostly been used for stealing financial credentials. But Jason Milletary, security researcher with SecureWorks' Counter Threat Unit (CTU), says Bugat has some of the same features as other banking Trojans, but with a few twists: It uses an SSL-encrypted command and control (C&C) infrastructure via HTTP-S, and also goes after FTP and POP credentials via those encrypted sessions. Milletary says SecureWorks has witnessed around 1,200 to 3,000 Bogat attack attempts during the past week against its clients. "We saw in the wild that it was being distributed from a specific Zeus botnet," he says. "Oddly enough, its purpose is the same as Zeus ... but it's something not as recognizable as Zeus or that's cheaper [to purchase] in the long term."
Bugat's main targets so far are business financial accounts. "Small and medium-sized businesses get infected ... and then criminals utilize their [stolen] business credentials to initiate payments on wire transfers," he says.
Zeus, which is associated with Zbot botnet, has been notoriously difficult to kill. The powerful Trojan lets attackers wage man-in-the-browser attacks, where the victim is unaware that the attacker has hijacked his Web session, posing as a legitimate bank Website. There, the victim is duped into giving sensitive and valuable credentials and other information.
The Bugat Trojan has some similar attributes, including the ability to grab forms from Internet Explorer and Firefox browsers; steal and delete IE, Firefox, and Flash cookies; browse and upload files from the victim's machine; and download and execute code. It can also delete system files and reboot the infected machine so Windows is unable to boot up.
Because it uses SSL for its C&C pipe, it's more difficult to detect on the network. The botnet is also using the RC4 symmetric key stream cipher embedded in the malware, SecureWorks' Milletary says.
As of now, only about 20 of 51 antivirus scanners are able to detect the new banking Trojan, according to SecureWorks. Bugat's C&C Web server sends it commands and siphons the stolen information. The Trojan also gets a list of targeted URLs in order to monitor the victim's browsing. "These target strings indicate a strong interest in Websites used for business banking and wire transfers," Milletary said in a blog post late yesterday.
Bugat also appears to have some Russian roots: "There are certain indicators that it has Russian-speaking [connections]," he says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
CM,
Great overview!Having been in the Corporate world and being a Harvard MBA I truly believe in our tremendous creativity.However, we are driven by short term gains and we are blind to the negative consequences. I truly hope that we wake up in time!
Helpful and New Wave,
Thanks much!It looks like we have our hands full and we(USA)better start moving fast.One question:With our nation's critical security at stake why have we slept when our enemies were planning and stealing our secrets....worse laying Trojan Horses for future attacks? It truly is a shame.
Intelligence Chief Says Cyberattack Threat Is Growing
By MARK MAZZETTI
Published: February 2, 2010
WASHINGTON — The threat of a crippling attack on computer and telecommunications networks is growing, America’s top intelligence official told lawmakers on Tuesday, as an increasingly sophisticated group of enemies has “severely threatened” the sometimes fragile systems undergirding the country’s information systems.
Enlarge This Image
Stephen Crowley/The New York Times
Dennis Blair, center, director of national intelligence, with Arthur House, left, his communications director, at a Senate Intelligence committee hearing on threats to the U.S. Leon Panetta, director of the Central Intelligence Agency, is at right.
Blog
The Caucus
The latest on President Obama, his administration and other news from Washington and around the nation. Join the discussion.
More Politics News
“Sensitive information is stolen daily from both government and private sector networks, undermining confidence in our information systems, and in the very information these systems were intended to convey,” Dennis C. Blair said in his prepared remarks to a Senate committee.
“Malicious cyber activity is occurring on an unprecedented scale with extraordinary sophistication,” he said.
The decision by Mr. Blair to begin his annual testimony before Congress with the cyber threat points up the concerns among American intelligence officials about the potentially devastating consequences of a coordinated attack on the nation’s technology apparatus, sometimes called a “Cyber Pearl Harbor.”
The spy chief’s assessment of the terrorism threat was somewhat starker than last year’s testimony, when he cited considerable progress in the campaign to debilitate al Qaeda and its affiliates. Last February, Mr. Blair reported that the global economic meltdown, rather than the prospect of a major terrorist attack, was the “primary near-term security concern of the United States.”
In another departure from last year’s testimony, Admiral Blair is appearing alongside other top intelligence officials, including the heads of the C.I.A., F.B.I. and Defense Intelligence Agency. Last year, the intelligence director sat alone before the committee, a partly symbolic gesture intended to demonstrate the authority of the Director of National Intelligence, an office that has long been criticized for commanding little power over America’s 16 intelligence agencies.
The decision was interpreted by some lawmakers as hubris, as Mr. Blair had only been in the job a matter of weeks.
Sign in to RecommendMore Articles in US »
E-MAIL
PRINT
REPRINTS
Xbox Takes On Cable, Streaming TV Shows and Movies
By BRIAN STELTER
Published: January 18, 2010
Executives at Microsoft are fond of saying that its subscription gaming service, Xbox Live, should be thought of as a cable channel.
Enlarge This Image
The Xbox 360 offers on-demand movies like “Coraline,” which can be watched at a virtual party.
Add to Portfolio
Microsoft Corp
SONY Corporation
Go to your Portfolio »
Enlarge This Image
The game show “1 vs. 100” is no longer on NBC but is in its second season on Microsoft’s subscription gaming service, Xbox Live.
They want Xbox to be seen not merely as a gaming machine for teenagers, but as a media portal for parents and grandparents, too. The company is even producing shows for users: it is in the middle of the second season of “1 vs. 100,” an interactive version of a game show that was on NBC.
The content ambitions do not end there. Microsoft has held in-depth talks with the Walt Disney Company about a programming deal with ESPN, according to people close to the talks, who requested anonymity because the talks were intended to be private.
For a per-subscriber fee, ESPN could provide live streams of sporting events, similar to the ones available through ESPN 360, a service that is available from some high-speed Internet providers. Microsoft could also create some interactive games in association with ESPN, the people said. One of the people said the deal was not imminent. The companies declined to comment.
Already, video game consoles are putting a new emphasis on the video, rather than the game.
The roughly 20 million monthly members of Xbox Live can surf Facebook, browse an online mall of movies and TV episodes and, if they pay, watch Netflix.
“It’s 20 million connected living rooms,” said Marc Whitten, the general manager of Xbox Live.
Similarly, users of the Sony PlayStation can tune into BBC shows and see Weather Channel updates, as well as stream Netflix. Last week, Netflix extended its streaming service to the Nintendo Wii.
Among the many companies that want to transport the on-demand qualities of the Internet into the living room — the over-the-top model, in industry parlance — the console makers have a significant head start. Nearly 60 percent of American homes now have at least one console, according to the consulting firm Deloitte, up from 44 percent three years ago.
“For both of the big guys, it’s about extending the value of the hardware platform,” said Mike McGuire, a vice president for the research firm Gartner, referring to Microsoft and Sony. “The devices are hooked to TVs and have broadband connections, and there are more and more opportunities to license movies and TV shows and deliver them in over-the-top models.”
Microsoft said this month that it had sold 39 million Xbox 360 consoles around the world. About half sign into Xbox Live each month. At that size, “it starts to feel like a cable network,” said Mark Kroese, who oversees Xbox advertising sales for Microsoft. The company does not specify how many members pay for access to premium services like Netflix; basic functions of Xbox Live are free.
The company says it regularly counts more than a million concurrent users — and topped out at 2.2 million at one point during Christmas week last month. That compares favorably to some of the top channels on cable, like TBS and the Cartoon Network, which reach about one million viewers at any given time, according to the Nielsen Company.
The comparisons are crude at best because many of Xbox Live’s users are playing games rather than watching video. No third-party measurement exists, because ratings companies like Nielsen do not yet track the service fully.
But there is no doubt that consoles are expanding their domain, something that is evident in Mr. Whitten’s vision of the service: “The entertainment you want, the people you care about, wherever you are.”
The addition of Netflix in late 2008 was an important step into the entertainment arena for Xbox, and perhaps a precursor to Microsoft’s current talks with Hollywood producers.
Without releasing specific numbers, Mr. Whitten said the streaming movies and TV service were “very, very popular,” including in his own household.
Mr. Whitten said Microsoft wanted to be a bigger player in television and film viewing. He declined to comment on the conversations with Disney but said more than once that “there’s going to be a ton of experimentation around business models and rights.”
“Our goal is, really, how can we get as much content there as possible,” he said.
Disney is not alone in showing an interest in the console market. Many companies sell TV episodes and film rentals through Microsoft’s online store, and Web video ventures are clamoring to have a place on the service.
Console makers have a long way to go to be considered replacements for cable subscriptions, but, at the very least, they could put a dent in the time spent viewing traditional TV.
The interactive game show “1 vs. 100” drew well over 100,000 concurrent users at times during its first season last year, according to Microsoft’s internal data. During the second season, which began in November, two-hour TV-style trivia competitions are scheduled on Tuesday and Friday nights. A voice-over announcer, shown onscreen as an avatar, provides live color commentary.
Like the defunct NBC show, the game has a contestant, “The One,” and a “Mob” of 100 other players. Members of the audience can watch passively or play along, improving their odds of being picked to play for prizes. Unlike on the live-action TV show, every player on Xbox is represented by a cartoonish avatar.
Dave McCarthy, a general manager at Microsoft Game Studios, said the scheduled TV-style shows provided a guarantee that “you’re a part of something bigger.”
Beyond the game show realm, Microsoft also exclusively shows “The Guild,” a sitcom that it bills as “Seinfeld” meets video game culture. It stars its creator, the actress Felicia Day, and is sponsored by Sprint.
For advertisers like Sprint, online communities like Xbox Live are another arena to pursue consumers. Within “1 vs. 100” there are 15- and 30-second commercial breaks like on TV. Those spots account for about 15 percent of the service’s advertising revenue; most of the rest comes from ads on Xbox Live navigation pages, like display ads on Web sites.
In November, Nielsen started to track “1 vs. 100” play and ad views. The pilot program “is the tip of the iceberg,” said Gerardo Guzman, a director for Nielsen Games; eventually, he hopes to generate TV-style ratings.
Mr. Kroese said Xbox advertisers were “very interested in being able to compare the media buy on Xbox to other media buys they do.”
Microsoft says nearly half of Xbox Live members use its entertainment content; the rest mostly play multiplayer games. But it expects that more of its users will try the entertainment side and the line between them will blur further.
“I don’t think there’s a real difference between a game and ‘Lost.’ Or a game and ‘American Idol.’ They’re all ways we spend our leisure time,” Mr. Whitten said.
Over time, he predicted, “these narrow swim lanes — games, music, movies, etc. — will dissolve.”
Cellphone code breaking could be great for the Smartphone from Dell (hehe!)
Code That Protects Most Cellphone Calls Is Divulged
By KEVIN J. O'BRIEN
Published: December 28, 2009
BERLIN — A German computer engineer said Monday that he had deciphered and published the secret code used to encrypt most of the world's digital mobile phone calls, in what he called an attempt to expose weaknesses in the security of the world’s wireless systems.
The action by the encryption expert Karsten Nohl aimed to question the effectiveness of the 21-year-old GSM algorithm, a code developed in 1988 and still used to protect the privacy of 80 percent of the world's mobile calls.
“This shows that existing GSM security is inadequate,” Mr. Nohl, 28, told about 600 people attending the Chaos Communication Congress, a four-day computer hacker’s conference that runs through Wednesday here. “We are trying to push operators to adopt better security measures for mobile phone calls.”
The GSM Association, the industry group based in London that devised the algorithm and represents wireless operators, called Mr. Nohl’s efforts illegal and said they overstated the security threat to wireless calls.
“This is theoretically possible but practically unlikely,” said Claire Cranton, a GSM spokeswoman, noting that no one else had broken the code since its adoption. “What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me.”
Some security experts disagreed. Stan Schatt, a vice president for health care and security at the technology market researcher ABI Research in New York, said companies and governmental organizations should take the same steps to ensure the security of their wireless conversations, as they do with anti-virus software for computer files.
“Organizations must now take this threat seriously and assume that within six months their organizations will be at risk unless they have adequate measures in place to secure their mobile phone calls,” Mr. Schatt said.
Mr. Nohl, who has a PhD. in computer engineering from the University of Virginia, is a widely consulted encryption expert who waged a similar campaign this year that prodded the DECT Forum, a standards group based in Berne, Switzerland, to upgrade the security algorithm for 800 million cordless home phones.
Mr. Nohl has now set his sights on GSM, whose second-generation digital technology is still the world’s most widely used wireless communication standard. About 3.5 billion of the world’s 4.3 billion wireless connections use GSM; it is used by about 299 million consumers in North America.
In August, at a hackers’ forum in Amsterdam, Mr. Nohl challenged other computer hackers to help him crack the GSM code. He said about 24 people, some members of the Chaos Computer Club, based in Berlin, worked independently to generate the necessary volume of random combinations until they reproduced the GSM algorithm’s code book — a vast log of binary codes that could theoretically be used to decipher GSM phone calls.
The code book, Mr. Nohl said, contains the equivalent of about two terabytes, or 2,000 gigabytes, of digital information, the equivalent of 100 high-definition films.
In an interview, Mr. Nohl said he took precautions to remain within legal boundaries, stressing that his efforts to crack the GSM algorithm were purely academic, kept within the public domain and the information was not used to decipher a digital call.
“We are not recommending people use this information to break the law,” Mr. Nohl said. “What we are doing is trying to goad the world's wireless operators to use better security.”
Mr. Nohl said the algorithm’s code book was available on the Internet through services like BitTorrent, which some people use to download massive quantities of data like films and music. He declined to provide a Web link to the code book, for fear of the legal implications, but said its location had spread by word of mouth through the hackers’ community.
The GSM algorithm, technically known as the A5/1 privacy algorithm, is a binary code — which is made exclusivel of 0’s and 1’s — that has kept digital phone conversations private since the GSM standard was adopted in 1988.
But the A5/1 algorithm is a 64-bit binary code, the modern standard at the time it was developed, but simpler compared with the 128-bit codes used today to encrypt calls on third-generation networks.
In 2007, the GSM developed a 128-bit successor to the A5/1, called the A5/3 encryption algorithm, but most network operators have not yet invested to make the security upgrade.
* 1
* 2
Next Page »
Sign in to Recommend Next Article in Technology (1 of 27) »
Interesting his involvement with Trustworthy Computing!
Many thanks!
Obama to Name Chief of Cybersecurity
By JOHN MARKOFF
Published: December 21, 2009
Nearly seven months after highlighting the vulnerability of banking, energy and communications systems to Internet attacks, the White House on Tuesday is expected to name a technology industry veteran to coordinate competing efforts to improve the nation’s cybersecurity in both military and civilian life.
Skip to next paragraph
Enlarge This Image
White House photo by Lawrence Jackson
President Obama last week with Howard A. Schmidt, who is expected to be named on Tuesday to lead efforts to improve security in the nation’s business and military computing systems.
The decision to appoint Howard A. Schmidt, an industry executive with government experience who served as a cybersecurity adviser in the Bush administration and who also has a military and law enforcement background, is seen as a compromise between factions. Government officials and industry executives say there has been a behind-the-scenes dispute over whether strict new regulations are necessary to protect the network that increasingly weaves together the vast majority of the world’s computers.
Mr. Schmidt will report to the National Security Council — not both to the council and to the National Economic Council, as previously planned, an administration official said on Monday. Mr. Schmidt will also “have access to the president,” said the official, who spoke on the condition of anonymity because he had not been authorized to talk publicly about the appointment.
Cybersecurity has taken on new urgency this year in the face of a growing range of cyberattacks and reports of vulnerabilities in business and military computing systems. Indeed, at the May 29 announcement of his administration’s decision to create the position of cybersecurity coordinator, Mr. Obama described how during his presidential campaign computer intruders had “gained access to e-mails and a range of campaign files, from policy position papers to travel plans.”
“It was,” he said, “a powerful reminder: in this information age, one of your greatest strengths — in our case, our ability to communicate to a wide range of supporters through the Internet — could also be one of your greatest vulnerabilities.”
After reviewing the nation’s cybersecurity preparedness, the White House said that it would create the position of cybersecurity coordinator to harmonize the nation’s various efforts to “deter, prevent, detect and defend” against cyberattacks.
The administration’s decision to appoint Mr. Schmidt was slowed by a tug of war among political, military, intelligence and business interests, said people with direct knowledge of the selection process. Industry officials, for example, have expressed concern that new regulations would dampen innovation.
In recent months the administration has been criticized by lawmakers and others for not moving more quickly to fill the position. Experts on the issue had questioned how effective a cybercoordinator could be if forced to report to two governmental councils without direct access to the president.
“I’ve come away with a strong sense that Vivek Kundra, chief information officer, and Aneesh Chopra, the chief technology officer, and participants at the N.S.C. are aligned on this effort,” said Vinton Cerf, a co-author of the original Internet standards who has been consulted by the administration in choosing a “cyberczar.”
The White House official also said that criticisms that the administration had been frozen on cybersecurity policies while waiting for the appointment of a cybersecurity chief were inaccurate, citing a range of initiatives now under way at various agencies to improve cybersecurity. In November the White House met with a Russian delegation of cybersecurity officials in an effort to build cooperation on international law enforcement issues.
One significant difference in the Obama administration’s approach to cybersecurity and that of the previous administration has been the degree of secrecy about strategy and policy issues. In the Bush administration, cybersecurity decisions were made in a highly classified fashion. What remains unclear, however, is how the new administration will balance cybersecurity decisions between military and civilian organizations.
In May the administration’s cybersecurity review was not specific about transforming the administration’s goals into practical realities. At the time Mr. Obama did not explain how he planned on going about resolving the running turf wars among the Pentagon, the National Security Agency, the Department of Homeland Security and other agencies over the conduct of defensive and offensive cyberoperations.
Mr. Schmidt is the chief executive officer of the Information Security Forum, a nonprofit computer security trade association based in London. He has served as chief information security officer at eBay and chief security officer at Microsoft. In the Bush administration, he was the vice chairman of the president’s Critical Infrastructure Protection Board and a special adviser for cyberspace security.
He also served in the Air Force and Army in computer security roles and led a computer forensics team for the Federal Bureau of Investigation at the National Drug Intelligence Center.
Sign in to Recommend More Articles in Technology »
GOOGLE!
IT WOULD NOT SURPRISE ME ONE IOTA IF EVENTUALLY WE ARE TAKING OVER BY GOOGLE AT A HUGE PRICE WITH GOOGLE SHARES!Let the GAMES begin!!!
Barge, It is truly amazing that the acorns that were planted some time ago are or about to bear fruit!I believe that the Smartphone of Dell will open so many doors that it will act as a catalyst for Dell/Perot/Wave to have major market share in many enterprise and consumer markets.It will open the doors overseas in a major way!
Given the potential revenue streams that are in the making this investment will be flying by the end of the 2nd or at the latest the 3rd Quarter of 2010!A buyout or a stock split is inevitable after that! The buyout will be at a huge premium and with a major company with very deep pockets.
Keep up the great research on the consumer side!
November 13, 2009, 12:46 pm
Dell’s Out-of-Town Tryout for Smartphones
By SAUL HANSELL
Dell Mini 3 Dell Mini 3
Dell has finally confirmed what has been bouncing around the market for some time, that it is entering the smartphone business.
It’s not saying very much about its strategy, other than that it is using Google’s Android operating system. (That, in itself, confirms what is becoming clear about Android: That it is now the Windows of cellphones, the operating system for hardware companies that don’t write their own operating systems.)
What Dell is doing is not starting by fighting head-to-head with Samsung, HTC, Motorola (not to mention Apple and Research in Motion) in the United States. Rather it debuting its products in two big developing markets where, presumably, its core strength in delivering generic technology cheaply will be valued.
Dell said it will distribute its first Android handset, the Mini 3, through China Mobile, the largest phone company in the world, with half a billion customers. In Brazil, the phone will be sold through Claro, the Brazilian wireless outpost of América Móvil, a big chain of wireless companies controlled by Carlos Slim Helu, the Mexican financier.
The company did not release any specifications for the Mini 3 handset. It released a few photos that make it clear that the phones are thin touch-screen models with no physical keyboards.
Windows 7 May Help Kickstart Delayed Corporate Spend
By REUTERS
Published: October 21, 2009
Filed at 11:41 p.m. ET
SAN FRANCISCO (Reuters) - Computer makers hoping for Microsoft Corp's new Windows 7 operating system to free up a long-awaited corporate spending spree may have to wait until the second half of next year.
As the world's top software maker prepared for its biggest product launch in a decade on Thursday, analysts said PC vendors already stood to benefit from a hardware refresh cycle next year. Microsoft's new, supposedly more stable platform should serve as further impetus to upgrade aging machines.
Industry watchers say Windows 7 may also have a short-term impact on PC sales to consumers -- potentially a slight benefit to consumer-oriented players such as Hewlett-Packard and Acer Inc.
But many large businesses will look to 2010 and beyond to buy, preferring to wait and see.
"Vista was so bad that nobody moved to it," said Needham & Co analyst Richard Kugele.
"Now, with the operating system no longer being a stumbling block, you can actually deal with the hardware problem and be comfortable that the OS isn't an issue."
The expected refresh cycle that is being touted by the likes of HP and Dell Inc would likely take place regardless of Microsoft's new offering, analysts say. That's because of a pent-up need to replace old hardware -- a cycle put off as budgets shrank in the downturn.
But no one knows how robust it will be.
Research group Gartner expects commercial PC sales to rise 10 percent in 2010 and an additional 13 percent in 2011, as businesses replace 4- and 5-year-old computers. Early, positive reviews for Windows 7 should give businesses a further nudge.
As Vista ends its nearly three years of life on the shelf, only 10-15 percent of enterprises have migrated, analysts say. The rest remain on the 8-year-old Windows XP.
The entire computer food chain, from chipmakers like Intel Corp and Advanced Micro Devices to disk drive makers like Seagate Technology, stands to benefit from a robust push by companies to replace PCs.
"They have to replace these aging machines," said Gartner analyst Mikako Kitagawa, adding that Windows 7 might accelerate the upgrade cycle for corporations.
GOING UP THE FOOD CHAIN
HP's shares are up more than 30 percent this year and Dell's nearly 50 percent, as the PC market recovery takes hold and investors anticipate a bump in corporate spending on computers next year.
Goldman Sachs expects IT spending to rise 4 percent in 2010 to 320.4 million units, reversing an estimated 8 percent slide this year. It sees PC unit growth of 9 percent in 2010.
Windows 7 is getting a big welcome from PC vendors eager to forget the much-maligned Vista platform.
Acer, whose rise to No. 2 in the global PC rankings has been fueled in part by cheap netbooks, sounded an upbeat note.
"We are expecting double-digit growth (both worldwide and in the United States) in this holiday quarter," said Ray Sawall, senior manager of product marketing for Acer America.
HP, the No. 1 PC maker, said it was impressed by Microsoft's willingness to collaborate on products and ideas.
"We're very happy with Windows 7, and we're happy with the progress Microsoft has made," said Carlos Montalvo, HP's vice president of product experience.
Dell CEO Michael Dell said recently that if you buy a good new PC with Windows 7 and Office 2010, "you will love your PC again."
In the consumer market, Windows 7 should provide a marginal boost. Analysts say buyers do not prioritize operating systems while PC shopping, focusing more on hardware and price.
"I don't think people will go out and buy a new PC because they want Windows 7. It will help, but it won't be a primary factor," said Jay Chou, an analyst with research firm IDC.
While Toshiba said it expects fairly rapid adoption of Windows 7 on the consumer side, the world's 5th-largest computer maker said it will still ship laptops with the aging Windows XP to commercial customers for a while.
"We're going to be monitoring the business customers fairly closely to see how rapidly they're preparing to transition over to Windows 7," said Chris Casper, group manager of product marketing for Toshiba America Information Systems.
(Editing by Ian Geoghegan)
Sign in to Recommend More Articles in Technology »
Big-Box Breach: The Inside Story of Wal-Mart’s Hacker Attack
* By Kim Zetter Email Author
* October 13, 2009 |
* 7:00 am |
* Categories: Breaches, Crime, Cybersecurity
*
walmart_f
Wal-Mart was the victim of a serious security breach in 2005 and 2006 in which hackers targeted the development team in charge of the chain’s point-of-sale system and siphoned source code and other sensitive data to a computer in Eastern Europe, Wired.com has learned.
Internal documents reveal for the first time that the nation’s largest retailer was among the earliest targets of a wave of cyberattacks that went after the bank-card processing systems of brick-and-mortar stores around the United States beginning in 2005. The details of the breach, and the company’s challenges in reconstructing what happened, shed new light on the vulnerable state of retail security at the time, despite card-processing security standards that had been in place since 2001.
In response to inquiries from Wired.com, the company acknowledged the hack attack, which it calls an “internal issue.” Because no sensitive customer data was stolen, Wal-Mart had no obligation to disclose the breach publicly.
Wal-Mart had a number of security vulnerabilities at the time of the attack, according to internal security assessments seen by Wired.com, and acknowledged as genuine by Wal-Mart. For example, at least four years’ worth of customer purchasing data, including names, card numbers and expiration dates, were housed on company networks in unencrypted form. Wal-Mart says it was in the process of dramatically improving the security of its transaction data, and in 2006 began encrypting the credit card numbers and other customer information, and making other important security changes.
“Wal-Mart … really made every effort to segregate the data, to make separate networks, to encrypt it fully from start to finish through the transmission, ” says Wal-Mart’s Chief Privacy Officer Zoe Strickland. “And not just in one area but across the different uses of credit card systems.”
Wal-Mart uncovered the breach in November 2006, after a fortuitous server crash led administrators to a password-cracking tool that had been surreptitiously installed on one of its servers. Wal-Mart’s initial probe traced the intrusion to a compromised VPN account, and from there to a computer in Minsk, Belarus.
The discovery set off an investigation that swept in outside security consultants and corporate attorneys to determine what the hackers had touched, and whether the company was required to report the intrusion, and to whom, the documents show. Wal-Mart says it notified federal law enforcement agents, who were working on other ongoing investigations involving similar breaches.
At the time, attacks featuring a similar MO were occurring at TJX, Dave & Buster’s restaurants and other companies, which ultimately resulted in more than 100 million cards being compromised. Albert Gonzalez, a 28-year-old Miami man, pleaded guilty this month to carrying out many of those breaches with other hackers, and is facing unresolved charges for the remainders.
The Wal-Mart intrusion began unraveling on Nov. 5, 2006, when the company’s IT security group was brought in to investigate the server crash.
Wal-Mart has thousands of servers nationwide, and any one of them crashing would ordinarily be a routine event. But this one raised a red flag. Someone had installed L0phtcrack, a password-cracking tool, onto the system, which crashed the server when the intruder tried to launch the program.
Investigators found that the tool had been installed remotely by someone using a generic network administrator account. The intruder had reached the machine through a VPN account assigned to a former Wal-Mart worker in Canada, which administrators had failed to close after the worker left the company. The day the server crashed, the intruder had been connected to Wal-Mart’s network for about seven hours, originating from an IP address in Minsk, the documents show.
The security team disabled the compromised VPN account, but the intruder, who should have realized the jig was up, came back in through another account belonging to a different Canadian employee. When that VPN account was closed, the intruder grabbed yet a third account while Wal-Mart workers were still scrambling to get a fix on the scope of the breach.
When Wal-Mart reviewed its VPN logs, it found that the activity had begun at least as early as June 2005, according to memos written by Wal-Mart employees during the initial stage of the investigation. The company’s server logs recorded only unsuccessful log-in attempts, not successful ones, frustrating a detailed analysis.
Wal-Mart declined to respond to questions about the initial date of the attack, the server logging or the conclusions it reached in its final report, which Wired.com has not seen.
Nonetheless, Wal-Mart’s security team was able to identify “over 800 machines that the attacker either tried to brute force or actually made a successful connection,” according to a Nov. 10, 2006 e-mail summarizing the early investigation.
Many computers the hackers targeted belonged to company programmers, the documents show. Wal-Mart at the time produced some of its own software, because the company couldn’t find off-the-shelf applications that scaled to its size, the investigator says. One team of programmers was tasked with coding the company’s point-of-sale system for processing credit and debit card transactions. This was the team the intruders targeted.
“They weren’t port scanning, they weren’t ping tracing, they weren’t groping blindly in the dark trying to find a nugget,” says the investigator. “They knew what they were going for and they were all over it — point-of-sale.”
The intruders’ interest in Wal-Mart’s point-of-sale system is consistent with large data breaches that occurred at other companies around the same time. In the spring of 2005, associates of TJX hacker Albert Gonzales hacked into the point-of-sale system of a Marshall’s clothing store in Minnesota. The hackers pointed an antenna at the store to grab data as it streamed over the store’s vulnerable Wi-Fi network, then used the data to gain access to the central transaction database of TJX, Marshall’s parent company.
Similarly, in mid-2007, Gonzalez’s gang gained access to point-of-sale servers at Dave & Buster’s restaurants and installed packet sniffers to siphon card data as it was transmitted to corporate computers and others for authorization. According to court documents, the hackers’ MO included doing reconnaissance of retailers to determine the point-of-sale systems they used and map their network setups. (There’s no evidence Wired.com has seen linking Gonzalez to the Wal-Mart breach.)
In the case of Wal-Mart, one of the documents that flew off to Minsk from a programmer’s machine was titled “POS Store Systems Technical Specifications TLOG Encryption and Financial Flows Draft 03/04/2006″ – essentially a flow chart that would have mapped out Wal-Mart’s transaction process, the source says, from the moment a customer swipes his credit or debit card in a store’s card reader, to the point the digital data crosses the network to be authenticated by a card issuer.
The hackers also stole or accessed files containing point-of-sale source code and executables, as well as additional proprietary documentation detailing the company’s transaction processing network. A partial list seen by Wired.com includes documentation on a company database, a file connected to a point-of-sale simulator, debugging files, a telnet capture, a bash history file and a sign-on log.
The documents show no evidence that files containing customer information were breached in the attack.
At the time Wal-Mart discovered the breach, it had been encrypting its transaction data for at least three months. It began to do so after a security audit performed for the company in December 2005 found that customer data was poorly protected.
Wal-Mart commissioned the probe from security auditors at CyberTrust as part of its efforts to become compliant with Payment Card Industry (PCI) security standards that were established in 2001. Enforced by credit card issuer Visa, top-tier companies such as Wal-Mart were theoretically required to be in compliance with the standards by mid-2004. Wal-Mart says it received a number of deadline extensions.
CyberTrust examined networks at five Wal-Mart locations: three Wal-Mart stores in Missouri and Oklahoma, and two other Wal-Mart-owned businesses — a Sam’s Club store in Missouri and a Neighborhood Market in Arkansas, according to a report the auditors wrote.
The assessment lasted six days, during which CyberTrust found numerous problems. Each of the five stores, for example, housed complete backup copies of transaction logs on network-connected UNIX servers, which included at least four years’ worth of unencrypted credit card numbers, cardholder names and expiration dates from purchases at the stores.
The auditors also discovered that servers, transaction processing systems, and other network-connected devices handling sensitive information used the same usernames and passwords across every Wal-Mart store nationwide. In some cases, the passwords could be easily guessed. A hacker or malicious insider who compromised a point-of-sale controller or in-store card processor at one store, could “access the same device at every Wal-Mart store nationwide,” CyberTrust wrote.
Finally, CyberTrust found sensitive customer information stored unencrypted on pharmacy computers at four of the stores, including customer names, home addresses, Social Security numbers, genders, credit card numbers and expiration dates. “A long-term, undetected compromise of Wal-Mart RXP system could allow a virtually endless supply of customers’ names, addresses, and Social Security numbers – the basic ingredients for identity theft,” CyberTrust wrote in its report. “Wal-Mart runs the risk of … losing not only the sensitive information, but also their customers’ hard earned trust,” the auditors added.
The report was dated Jan. 9, 2006, 10 months before Wal-Mart discovered the breach.
Strickland says the company took the report to heart and “put a massive amount of energy and expertise” into addressing the risks to customer data, and became certified as PCI-compliant in August 2006 by VeriSign.
After it discovered the breach in November 2006, the company turned over memory dumps and at least 31 forensic images of machines and servers to Stroz Friedberg, a forensic investigations firm, for further analyses. E-mails exchanged by team members eight days after the intrusion was detected show the company furiously searching firewall and intrusion detection logs for suspicious activity. The e-mails also discuss shutting down the entire Nortel VPN network the intruder used, ordering RSA security tokens to authenticate users to the network, and increasing logging retention on servers.
On Nov. 16, one team member sent an unencrypted e-mail update to other employees and was harshly rebuked by a senior security manager who warned them to communicate only through e/pop, a secure instant messaging system.
“Guys…. time out here,” he wrote. “What was the first thing I discussed in our meeting about communications protocol concerning this project? Get Epop up, installed, and running today!”
The company’s internal investigators found evidence potentially linking the attack to a suspected breach at a Wal-Mart division a year earlier. The forensic trail showed that the machine in Belarus that breached Wal-Mart’s VPN had tried to log on to a machine belonging to Sam’s Club, Wal-Mart’s membership store chain, in 2005.
This finding was potentially significant, because Sam’s Club had been suspected in 2005 of spilling credit card data in a breach. Late that year, MasterCard and Visa informed Wal-Mart about a cluster of fraudulent charges on credit cards that had been used at Sam’s Club gas stations. A press release issued by Sam’s Club at the time warned that intruders might have gained access to 600 cards used at the pumps between Sept. 21 and Oct. 2, 2005. But the company assured consumers that “the electronic systems and databases used inside its stores and for samsclub.com are not involved” and now says that after investigating the issue, it never found any evidence of a breach at its gas pumps or in its stores.
The company also says the Sam’s Club investigation and the 2006 breach are not connected.
“The Sam’s Club matter has been closed for some time and is not related to the other matter you’re asking about,” said Wal-Mart spokeswoman Michelle Bradford.
Internal documents show that Sam’s Club suffered the same types of vulnerabilities as the rest of Wal-Mart’s empire, and that logging was inadequate to completely rule out a breach. An audit by VeriSign at the time found that Sam’s Club’s firewall and intrusion-detection logs were configured to record only “spotty and inconsistent” data, and that operating systems lacked the latest security patches.
“The level of vulnerability identified . . . would leave these systems open to compromise from a number of different attacks,” wrote VeriSign in a report. But “due to the level of logging enabled on these systems, which did not capture much information, it was not possible to determine if any of these vulnerabilities were attacked.” In the report, which Wal-Mart submitted to the Federal Trade Commission in February 2006, nine months before it discovered the breach in its main network, VeriSign concluded that although it had found no point of compromise in the Sam’s Club system, the company’s logs didn’t contain sufficient information “to identify or rule out a specific point of compromise.”
Wal-Mart says that the security issues raised in all of these reports have been addressed and that since the company became PCI compliant in August 2006, it has been commissioning PCI audits every six months — twice the frequency required by PCI standards.
“Every item [in the reports] that had a PCI vulnerability was remediated,” says Strickland.
PCI certification doesn’t guarantee the security of bank card data — numerous companies that experienced serious bank card breaches in recent years were certified PCI compliant at the time they were breached. There is no evidence, however, that Wal-Mart suffered a sizable breach of credit or debit card data from either Sam’s Club in 2005 or from its main network in 2006.
(AP Photo/Robert E. Klein)
See also:
Oct. 13 (Bloomberg) -- Dell Inc. founder Michael Dell, who announced a $3.9 billion takeover of Perot Systems Corp. last month, said his company is “rapidly developing” merger expertise and will seek more deals as part of a turnaround plan.
“You will see us be reasonably active,” Dell, the company’s chief executive officer, said in an interview yesterday. He said Dell will look at acquisitions that bolster sales to corporate customers and will consider more purchases in the health-care industry.
“We have a talented team of people that includes people who have been at Dell a long time and understand the Dell culture in the transactions that we’ve done and know why those have succeeded or not,” said Dell, 44. “We are rapidly developing that, and we’ve added some talent to help us do that.”
The acquisition of Perot Systems is the largest purchase in Dell’s 25-year history and follows the takeover of storage- computer maker EqualLogic Inc. for $1.4 billion in 2008. Dell, the world’s second-largest personal-computer maker, also hired International Business Machines Corp.’s top dealmaker, David Johnson, in May. Johnson, who didn’t work on the Perot deal, has a team working on “plenty of other things,” Dell said.
Perot Systems will expand Dell’s reach into the computer- services market, especially in the health-care industry, while lessening the company’s reliance on PCs. The combined company stands to benefit from a U.S. economic stimulus package that will pour about $20 billion into health-care information technology. Perot Systems gets about half of its sales from hospitals, physicians’ practices and health-insurance companies.
‘Promising for Growth’
“When you look at the health-care space, it’s the one sector of the economy that has the least amount of IT, and we see it as very promising for growth,” Dell said. “There’s usually more technology at the grocery store than there is at your doctor’s office.”
Dell spent two years courting Perot Systems and talking to other services providers. The company decided against pursuing a deal earlier because “it didn’t feel earlier was the right time,” Michael Dell said. Meanwhile, IBM, the leader in computer services, expanded in the market and Hewlett-Packard Co. spent $13.2 billion to buy services provider Electronic Data Systems Corp.
“Perot is a bit of a catch-up deal,” said Ben Reitzes, an analyst with Barclays Capital in New York. “It would have been better if they had done it earlier.”
Dell fell 1 cent to $15.41 at 9:37 a.m. New York time in Nasdaq Stock Market trading. The shares had climbed 51 percent this year before today. Perot Systems, based in Plano, Texas, rose 2 cents to $29.86 on the New York Stock Exchange.
College Dorm
Dell, who founded the Round Rock, Texas-based company from his college dorm room in 1984, returned as CEO in 2007 after the company lost the PC market lead to Hewlett-Packard. He has shuffled executives, fired employees, shifted away from a model of only selling over the phone and Internet, and outsourced manufacturing. He’s made about 10 acquisitions to help bolster sales and profit since 2007.
Microsoft Corp.’s release of the Windows 7 operating system on Oct. 22 should drive consumer PC purchases this year, with corporate buyers expected to follow later, Dell said.
As the economy improves, technology companies are poised to benefit from any pickup in spending, he said.
“There has been a faster-than-people-expected improvement in the broader economy, but it might be a little early to get out the celebration horns,” Dell said. “For the technology sector, the prospects are pretty good. Fundamentally we sell productivity, and if there’s anything you need in an economy that’s not that robust, it’s productivity.”
Dell also is expanding in the mobile-computing market. The company said in August that it’s developing a wireless device for China Mobile Ltd., the world’s biggest mobile-phone company by users.
“You could see us in the next year in the U.S. with some of the major carriers as well,” Dell said.
To contact the reporter on the story: Connie Guglielmo in San Francisco at cguglielmo1@bloomberg.net.
Last Updated: October 13, 2009 09:40 EDT
New IRS Scam E-mail Could Be Costly
The Department of Homeland Security's Computer Emergency Readiness Team is warning Internet users to be on guard against a convincing e-mail virus scam disguised as a message from auditors at the Internal Revenue Service. According to one victim interviewed by Security Fix, falling for the ruse could cost you or your employer tens of thousand of dollars.
uscertbanner.JPG
An alert issued Monday by the U.S.-CERT states: "The attacks arrive via an unsolicited email message and may contain a subject line of 'Notice of Underreported Income.' These messages may contain a link or attachment. If users click on this link or open the attachment, they may be infected with malicious code, including the Zeus Trojan."
The Zeus Trojan is exceptionally good at stealing sensitive data, and it is especially interested in online banking credentials. This fake IRS/Zeus campaign has been ongoing for several weeks now, according to Gary Warner, director of research in computer forensics at the University of Alabama, Birmingham. Still, it's nice to see a high-profile government agency issuing an alert about this threat, as it appears to be hitting quite a large number of businesses (the virus portion of my Postini inbox has been filled with little else these past few days -- click the screen shot below to see what I mean).
irsscan.JPG
A recent victim of the scam is Landfill Service Corp., a solid waste company based in Apalachin, NY. Last week, the firm discovered that thieves had used Zeus to steal the company's Internet banking credentials, after the attackers transferred $150,000 from its online bank account in a series of sub-$10,000 payments to 20 so-called money mules, co-conspirators around the country hired in job scams.
Landfill's President, Joel Lanz, said the company has recovered some of the funds, though he said it appears the firm may end up losing at least $92,000 from the incident.
Later, Lanz said, the firm's technology manager found the culprit: a file called "sdra64.exe," -- the engine behind the Zeus keystroke logging Trojan - on the PC of an employee with access to Landfill's online bank accounts.
Lanz said he recalls receiving the bogus IRS e-mail last week, and then forwarding it on to another employee, who evidently opened the attached file. Still, Landfill may have gotten off easy: Attackers using a custom form of Zeus known as JabberZeus used it to steal the online banking credentials -- and some $415,000 -- from Bullitt County, Ky. earlier this summer.
A word to the wise: Do not click on attachments included in unsolicited e-mails, especially those that encourage you to act quickly or else suffer some scary fate: These are almost universally scams or attempts to plant malicious software on your computer. Also, note that the IRS has stated emphatically that it does not communicate with citizens via e-mail.
By Brian Krebs | September 28, 2009; 5:10 PM ET
DuPont Alleges Second Insider Breach In Two Years
Chemical giant claims former employee was headed to China with company secrets
Sep 09, 2009 | 05:47 PM
By Tim Wilson
DarkReading
Just two years after discovering an insider breach that might have cost it $400 million, DuPont is alleging theft of trade secrets by another one of its employees
According to an article in DuPont's home state of Delaware, DuPont has filed a lawsuit against -- and fired -- a Chinese-born employee who was allegedly about to leave Delaware and return to China with company trade secrets.
The suit, filed in late August in the Delaware Court of Chancery, accuses Hong Meng of breach of contract and misappropriation of trade secrets -- specifically, research into a paper-thin computer display technology called an "organic light-emitting diode," or OLED.
The suit alleges Meng was planning to take the proprietary information to his alma mater, Peking University in Beijing, which is involved in research on OLED technology, the report says.
DuPont issued a brief statement Friday, indicating Meng, a Chinese national with permanent residency status in the United States, was fired after an internal investigation, and the lawsuit was filed "to ensure that he not use or disclose DuPont trade secrets," according to the report.
"As a science company, DuPont acts to protect our unique and confidential technologies," the statement said. "These events underscore our unwavering commitment to protect the integrity of our proprietary science and technology for the benefit of DuPont shareholders, employees and customers."
DuPont says it spotted Meng's actions when it reviewed his hard drive prior to transferring him to China. Meng had downloaded a number of proprietary files about the OLED, the company alleges.
The chemical giant faced a similar problem two years ago, when former employee Gary Min was found to be in possession of thousands of files relating to the company's trade secrets. The estimated value of the information was assessed at around $400 million.
In that case, Min -- who also has ties to China -- downloaded thousands of documents without authorization from company systems. He also made paper copies of thousands more documents and stored them in an apartment he had rented for that purpose.
Min received a sentence of 18 months in jail and a $30,000 fine.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Discuss This
I remember the MOU with NTT!Some voices stated that it was another example of SKS folly.Things take TIME!
Newly Discovered Vulnerability Could Threaten Cisco Wireless LANs
Flaw in Cisco Over-The-Air-Provisioning could allow attackers to gain control of wireless access points, AirMagnet researchers say
Aug 24, 2009 | 06:05 PM
By Tim Wilson
DarkReading
A flaw in the provisioning system used by Cisco wireless LANs could allow attackers to collect data about users' wired networks or even gain access to WLAN-attached systems, researchers said today.
Researchers at AirMagnet's Intrusion Research Team say they have uncovered a security vulnerability in Cisco's Over-The-Air-Provisioning (OTAP), a feature that helps users deploy wireless access points (APs). The potential exploit -- which AirMagnet has dubbed SkyJack -- makes it possible for others to gain control of a Cisco AP, intentionally or unintentionally.
The Cisco OTAP feature allows a Cisco AP to "listen" to traffic from nearby Cisco APs and use that information to quickly locate a nearby WLAN controller on the network. However, this feature may cause unintentional exposure or leakage of network information in all lightweight Cisco APs, AirMagnet says.
If the OTAP feature is not turned off, it is possible for APs to be incorrectly assigned to an outside Cisco controller -- a.k.a. SkyJacked -- either by accident or at the direction of a potential hacker, AirMagnet says.
"We haven't seen any definite exploits yet, but the feature has been available for some time," says Wade Williamson, director of product management at AirMagnet. "We can envision a situation where an attacker could set up a rogue AP in an empty office near a bank, and collect data for a long period of time."
Under OTAP, Cisco APs generate an unencrypted multicast data frame that travels over the air and includes a variety of information in the clear, AirMagnet says. From these frames, a hacker listening to the airwaves could determine the MAC address of the wireless controller that the AP is connected to, the IP address for that controller, and a variety of AP configuration options. The hacker could even collect information on wired devices attached to the WLAN, Williamson says.
The Cisco OTAP frames are always unencrypted, regardless of the encryption scheme used in the network (e.g., WPA), and are always sent, regardless of whether the OTAP feature is turned on, AirMagnet says.
"At the very least, this allows anyone listening to the network to easily find the internal addresses of the wireless LAN controllers in the network and potentially target them for attack," AirMagnet says. All lightweight Cisco deployments are subject to this exposure.
If the OTAP feature is turned on, a newly deployed Cisco AP will listen to the multicast data frame to determine the address of its nearest controller, AirMagnet explains. This means that a Cisco AP may "hear" multicast traffic from a neighboring network and incorrectly connect to a neighbor or an unapproved Cisco controller.
This same mechanism could be exploited intentionally by a hacker to SkyJack APs and take control of an enterprise's access point, AirMagnet says. "You could gain access to the network over a semi-permanent connection and collect data over a long period of time," Williamson says.
AirMagnet has informed Cisco about this vulnerability and potential exploit, and Cisco is working on a fix, Williamson says. In the meantime, AirMagnet recommends that Cisco customers turn off the OTAP feature because it could actively put new sensors in danger of being SkyJacked.
The vulnerability also points up the advantages of having a wireless network monitoring system, such as AirMagnet's, Williamson says. "With wireless, you need to be able to detect activity on the edges of the network in ways that you didn't have to do with wired networks," he says.
By PHILIP ELLIOTT, Associated Press Writer Philip Elliott, Associated Press Writer – Thu Aug 20, 7:07 am ET
WASHINGTON – Vice President Joe Biden plans to announce Thursday nearly $1.2 billion in grants to help hospitals transition to electronic medical records.
Biden and Health and Human Services Secretary Kathleen Sebelius were set to detail in Chicago how that piece of the $787 billion economic stimulus plan would help Americans when they go to the hospital or their doctors. It also is a what's-in-it-for-me way for the White House to illustrate how it is spending parts of the massive amount of taxpayer dollars.
"With electronic health records, we are making health care safer, we're making it more efficient, we're making you healthier and we're saving money along the way," Biden said in remarks provided to The Associated Press ahead of delivery. "These are four necessities we need for health care in the 21st century."
Meanwhile, a top aide at the Health and Human Services Department planned to send people who signed up to receive health care communications from the administration an e-mail heralding medical information technology as a way to improve care. Jeanne Lambrew, the director of HHS' Office of Health Reform, sought to explain the spending program to anyone who has had to fill out the same form at doctor's offices over and over again.
"All that paperwork is more than just annoying. It wastes time, prevents quick and accurate diagnoses and makes our health care system less efficient," she wrote. "And it simply doesn't make sense in today's digital age."
HHS also launched an online video touting Sebelius' trip to Omaha, Neb., earlier this year to look at how one facility was using electronic records.
"Electronic health records can help reduce medical errors, make health care more efficient and improve the quality of medical care for all Americans," Sebelius said in her remarks prepared for Chicago. "These grants will help ensure more doctors and hospitals have the tools they need to use this critical technology."
Of the money set aside, $589 million would establish centers to help hospitals and clinics with technical aspects of choosing systems for electronic health records. Another $564 million would be set aside to help hospitals share patients' information with each other.
The grants are not be available until Oct. 1, when the new federal fiscal year begins.
Sebelius, whose father was governor of Ohio, plans to visit Ohio State University Medical Center on Friday to discuss electronic medical records there.
___
On the Net:
Indictment of Card Hacker Unlikely to End Thefts
* Sign in to Recommend
* Sign In to E-Mail
* Print
Article Tools Sponsored By
By THE ASSOCIATED PRESS
Published: August 18, 2009
Filed at 8:52 p.m. ET
SAN FRANCISCO (AP) -- This week's indictment of a hacker believed responsible for the biggest retail-store data breaches in U.S. history doesn't necessarily make shoppers safer from having their credit card numbers plundered.
Accomplices to the crimes are believed to be on the loose in Russia or other countries where U.S. authorities are less likely to get them. And the underlying security holes mined by the hackers still exist in many payment networks.
Albert Gonzalez, a Miami hacker who once worked as a government mole tracking down identity thieves, is accused of playing a critical role in all the largest credit-card heists on record.
With Monday's indictment of Gonzalez on conspiracy charges in U.S. District Court in New Jersey, the Justice Department says he helped steal 130 million card numbers from payment processor Heartland Payment Systems, 4.2 million card numbers from East Coast grocery chain Hannaford Bros. and an undetermined number of cards from 7-Eleven. He was previously charged in other computer break-ins, most significantly at TJX Cos., the chain that owns discount retailers T.J. Maxx and Marshalls, in which as many as 100 million accounts were lifted.
Gonzalez is in jail and awaiting trial next month in New York for allegedly helping to hack the computer network of the Dave and Buster's restaurant chain. Attorneys for Gonzalez did not comment to The Associated Press.
The fact that hundreds of millions of card numbers could be stolen from retailers illustrates the flaws in a payment system that's built more for speed than security, as an Associated Press investigation found this year. For instance, credit and debit card numbers are not always encrypted as they move from retail stores to banks for approval.
Consumers don't directly pay the costs of most fraud. Banks and retailers eat those charges. But consumers bear it indirectly, in the form of higher prices.
According to prosecutors, Gonzalez and his associates exploited vulnerabilities that remain widespread. Among them: flaws in the way retailers' computers handle requests in the so-called Structured Query Language (SQL), which is used to manage data -- such as credit card information -- stored in databases. Hackers who detect these holes can trick databases into coughing up more information than they should.
The vulnerability sometimes can be exploited as simply as entering a specially crafted command into, say, a search box on a badly configured Web site. Instead of returning normal search results, the site would surrender confidential information or allow a hacker to place malicious programs on the site.
Authorities allege Gonzalez and the others infiltrated the Heartland, Hannaford and 7-Eleven computer networks using SQL-based attacks.
In a statement Tuesday, 7-Eleven Inc., which hadn't commented on its breach before, said the attack affected ATMs operated by a third party inside its stores and lasted for 12 days in 2007. That is likely referring to an attack in which criminals infiltrated Citibank's network of ATMs inside 7-Eleven stores and stole the mother lode in the ID theft world: customers' PIN codes. Neither 7-Eleven nor Citibank would elaborate Tuesday.
Security experts also noted that Gonzalez's latest indictment charges two unnamed co-conspirators who live ''in or near Russia'' and allegedly helped with the attacks.
Dan Clements, president of CardCops, which tracks stolen credit card data online, called it a ''cleverly written indictment'' that suggests the government might be trying to squeeze its former informant for more information about Hacker 1 and Hacker 2. However, extraditing those suspects is unlikely, Clements added.
''We are not safe,'' Clements said. Gonzalez is ''here on U.S. soil. That was his big flaw. If he were anywhere else, he's not going to jail.''
Ori Eisen, founder of Scottsdale, Ariz.-based security firm 41st Parameter and previously worldwide fraud director for American Express, added that Gonzalez is ''most likely not the kingpin. The kingpin would not risk being in the United States. They operate out of the Ukraine or Russia, and they're former militants or ex-KGB who know their way around just enough not to get caught.''
As for Gonzalez, ''by no means will catching him stop what's going on out there,'' Eisen said.
Consumers don't have many options for monitoring whether the stores they frequent are good at protecting their card numbers. Stores aren't given public grades on their computer security, like the scores restaurants get on their cleanliness in some places. The best advice: Regularly check your credit reports for suspicious activity, and set free fraud alerts with the credit-reporting agencies.
In this case, the thieves might have failed by being too successful. It's hard to unload hundreds of millions of stolen credit card numbers on the black market.
Clements said criminals usually sell stolen card numbers in batches of 10,000 or less. That helps avoid drawing the attention of law enforcement and the card providers, which might replace cards pre-emptively if they see a mound of them being fenced. Many of the card numbers stolen in the breaches cited in the Gonzalez indictment have already been canceled and replaced.
Sign in to Recommend More Articles in Business »
By SIOBHAN GORMAN
WASHINGTON -- Russian hackers hijacked American identities and U.S. software tools and used them in an attack on Georgian government Web sites during the war between Russia and Georgia last year, according to new research to be released Monday by a nonprofit U.S. group.
In addition to refashioning common Microsoft Corp. software into a cyber-weapon, hackers collaborated on popular U.S.-based social-networking sites, including Twitter and Facebook Inc., to coordinate attacks on Georgian sites, the U.S. Cyber Consequences Unit found. While the cyberattacks on Georgia were examined shortly after the events last year, these U.S. connections weren't previously known.
The research shows how cyber-warfare has outpaced military and international agreements, which don't take into account the possibility of American resources and civilian technology being turned into weapons.
Identity theft, social networking, and modifying commercial software are all common means of attack, but combining them elevates the attack method to a new level, said Amit Yoran, a former cybersecurity chief at the Department of Homeland Security. "Each one of these things by itself is not all that new, but this combines them in ways we just haven't seen before," said Mr. Yoran, now CEO of computer-security company NetWitness Corp.
The five-day Russian-Georgian conflict in August 2008 left hundreds of people dead, crushed Georgia's army, and left two parts of its territory on the border with Russia -- Abkhazia and South Ossetia -- under Russian occupation.
The cyberattacks in August 2008 significantly disrupted Georgia's communications capabilities, disabling 20 Web sites for more than a week. Among the sites taken down last year were those of the Georgian president and defense minister, as well as the National Bank of Georgia and major news outlets.
Taking out communications systems at the onset of an attack is standard military practice, said John Bumgarner, chief technical officer at the USCCU and a former cyber-sleuth at the National Security Agency and the Central Intelligence Agency.
The USCCU assesses the economic and national-security implications of cybersecurity threats and briefs top U.S. officials, officials in key industries and international institutions.
"U.S. corporations and U.S. citizens need to understand that they can become pawns in a global cyberwar," said Mr. Bumgarner, who wrote the report.
The White House completed a review of cybersecurity policy in April. Among the issues Obama administration officials are now studying is how laws of war and international obligations need to be reworked to account for cyberattacks.
Homeland Security department spokeswoman Amy Kudwa said she couldn't comment on a report that she hadn't seen and hadn't been released yet.
Last year was the first time such cyberattacks were known to have coincided with a military campaign.
The Georgian attacks, according to the group's findings, were perpetrated by Russian criminal groups and had no clear link to the Russian government. However, the timing of the attacks, just hours after the Russian military incursion began, suggests the Russian government may have at least indirectly coordinated with the cyberattackers, Mr. Bumgarner's report concluded.
"Russian officials and the Russian military had nothing to do with the cyberattacks on the Georgian Web sites last year," said Yevgeniy Khorishko, a spokesman at the Russian Embassy in Washington.
The USCCU plans to release a nine-page report on the attacks to the public on Monday.
Mr. Bumgarner traced the attacks back to 10 Web sites registered in Russia and Turkey. Nine of the sites were registered using identification and credit-card information stolen from Americans; one site was registered with information stolen from a person in France.
The 10 sites were used to coordinate the "botnet" attacks, which harnessed the power of thousands of computers around the world to disable the Georgian government sites as well as those of large Georgian banks and media outlets. The botnet attack commandeered thousands of other computers and instructed them to try to access the target Web sites all at once, overwhelming them.
The Russian and Turkish computer servers used in the attacks had been previously used by cybercriminal organizations, according to the USCCU.
Early reports last year pinned the attacks on the cyber equivalent of the Russian mafia, known as the "Russian Business Network." Mr. Bumgarner said it wasn't possible to connect the attacks directly to that group. Security experts disagree on whether the group still exists.
Some of the software used to carry out the attacks was a modified version of Microsoft code commonly used by network administrators to test their computer systems, Mr. Bumgarner found. The code remains freely available on Microsoft's Web site, he said, declining to name it.
A Microsoft spokesman declined to comment on the finding because he hadn't seen the report.
Once the botnet attacks had launched, Mr. Bumgarner said, other would-be attackers noticed them and started to collaborate on various Web forums, including Twitter and Facebook.
Mr. Bumgarner used data-mining tools to review Facebook pages (which some people don't keep private) and Twitter for certain Russian words that indicated they were likely involved in the attack. He saw users on those sites and others swapping attack code and target lists, and encouraging others to join.
"It's a difficult problem to handle," said Facebook spokesman Barry Schnitt, because it is impossible to detect such collaboration without monitoring conversations. Facebook has mechanisms to verify user identities and users can report inappropriate activities on the site, he said, but it doesn't monitor communications of its users.
Twitter didn't respond to requests to comment.
—Jessica E. Vascellaro contributed to this article.
Write to Siobhan Gorman at siobhan.gorman@wsj.com
US steps up ‘naked short-selling’ crackdown
Posted by Gwen Robinson on Aug 06 04:57.
The crackdown on ‘naked short-selling’ intensified on Wednesday as the SEC brought its first enforcement cases against the practice. In a filing, the SEC said options traders at Hazan Capital Management and TJM Proprietary Trading had improperly claimed to be exempt from rules requiring them to locate the stocks they had been shorting and then had used options transactions to avoid settling their trades. The firms and their employees agreed to pay a total of $4.7m in fines. See detail at FT Alphaville.
SAN FRANCISCO — You might think your password protects the confidential information stored on Web sites. But as Twitter executives discovered, that is a dangerous assumption.
Skip to next paragraph
Related
Times Topics: Twitter
Bits Blog: The Debate Over Publishing Stolen Twitter Documents
The Web was abuzz Wednesday after it was revealed that a hacker had exposed corporate information about Twitter after breaking into an employee’s e-mail account. The breach raised red flags for individuals as well as businesses about the passwords used to secure information they store on the Web.
On Web sites containing personal information like e-mail, financial data or documents, there is usually just a user name and password for protection. More individuals are storing information on Web servers, where it is accessible from any online computer through services offered by Google, Amazon, Microsoft, social networks like Facebook or back-up services like Mozy.
But password-protected sites are growing more vulnerable because to keep up with the growing number of passwords, people use the same simple ones on numerous sites across the Web. In a study last year, Sophos, a security firm, found that 40 percent of Internet users use the same password for every Web site they access.
The attack on Twitter highlights the problem. For its internal documents, the company uses the business version of Google Apps, a service that Google offers to individuals free. Google Apps provides e-mail, word processing, spreadsheets and calendars over the Web.
The content is stored on Google’s servers, which can save time and money and enable employees to work together on documents at the same time. But it also means that the security is only as good as the password. A hacker who breaks into one person’s account can access information shared by friends, family members or colleagues, which is what happened at Twitter.
The Twitter breach occurred about a month ago, Twitter said. A hacker calling himself Hacker Croll broke into an administrative employee’s e-mail account and gained access to the employee’s Google Apps account, where Twitter shares spreadsheets and documents with business ideas and financial details, said Biz Stone, a Twitter co-founder.
The hacker then sent documents about company plans and finances, confidential contracts, and job applicants to two tech news blogs, TechCrunch, in Silicon Valley, and Korben, in France. There was also personal information about Twitter employees including credit card numbers.
The hacker also broke into the e-mail account of the wife of Evan Williams, Twitter’s chief executive, and from there accessed several of Mr. Williams’ personal Internet accounts, including those at Amazon and PayPal, Mr. Stone said.
TechCrunch revealed documents showing that Twitter, a private company that so far has no revenue, projected that it will reach a billion users and $1.54 billion in revenue by 2013. Michael Arrington, TechCrunch’s founder, said in an interview that the hacker had also sent him detailed strategy documents about potential business models, the competitive threat from Facebook and when the company might be acquired.
Some analysts say the breach highlights how dangerous it can be for people and companies to store confidential documents on Web servers, or “in the cloud.”
But Mr. Stone said that the attack “isn’t about any flaw in Web apps,” but rather about a bigger issue that affects individuals and businesses alike. “It speaks to the importance of following good personal security guidelines such as choosing strong passwords,” he said.
Instead of circumventing security measures, it appears that the Twitter hacker managed to correctly answer the personal questions that Gmail asks of users to reset the password.
“A lot of the Twitter users are pretty much living their lives in public,” said Chris King, director of product marketing at Palo Alto Networks, which creates firewalls. “If you broadcast all your details about what your dog’s name is and what your hometown is, it’s not that hard to figure out a password.”
Security experts advise people to use unique, complex passwords for each Web service they use and include a mix of numbers and letters. Free password management programs like KeePass and 1Password can help people juggle passwords for numerous sites.
Andrew Storms, director of security operations for nCircle, a network security company, suggested choosing false answers to the security questions like “What was your first phone number?” or making up obscure questions instead of using the default questions that sites provide. (Of course, that presents a new problem of remembering the false information.)
For businesses, Google allows company administrators to set up rules for password strength and add additional authentication tools like unique codes.
The Twitter hacker claims to have wanted to teach people to be more careful. In a message to Korben, the hacker wrote that his attack could make Internet users “conscious that no one is protected on the Net.”
Goldman May Lose Millions From Ex-Worker’s Code Theft (Update1)
Share | Email | Print | A A A
By David Glovin and Christine Harper
July 7 (Bloomberg) -- Goldman Sachs Group Inc. may lose its investment in a proprietary trading code and millions of dollars from increased competition if software allegedly stolen by a former employee gets into the wrong hands, a prosecutor said.
Sergey Aleynikov, an ex-Goldman Sachs computer programmer, was arrested July 3 after arriving at Liberty International Airport in Newark, New Jersey, U.S. officials said. Aleynikov, 39, who has dual American and Russian citizenship, is charged in a criminal complaint with stealing the trading software. Teza Technologies LLC, a Chicago-based firm co-founded by a former Citadel Investment Group LLC trader, said it suspended Aleynikov, who started there on July 2.
At a court appearance July 4 in Manhattan, Assistant U.S. Attorney Joseph Facciponti told a federal judge that Aleynikov’s alleged theft poses a risk to U.S. markets. Aleynikov transferred the code, which is worth millions of dollars, to a computer server in Germany, and others may have had access to it, Facciponti said, adding that New York-based Goldman Sachs may be harmed if the software is disseminated.
“The bank has raised the possibility that there is a danger that somebody who knew how to use this program could use it to manipulate markets in unfair ways,” Facciponti said, according to a recording of the hearing made public yesterday. “The copy in Germany is still out there, and we at this time do not know who else has access to it.”
‘Preposterous’
The prosecutor added, “Once it is out there, anybody will be able to use this, and their market share will be adversely affected.”
The proprietary code lets the firm do “sophisticated, high- speed and high-volume trades on various stock and commodities markets,” prosecutors said in court papers. The trades generate “many millions of dollars” each year.
Defense attorney Sabrina Shroff said in court that the government’s allegations are “preposterous.” The firm was aware that Aleynikov, who is the father of three young girls, was downloading programs to his personal computer to do work at home and that he hasn’t disseminated the code, the lawyer said.
“If Goldman Sachs cannot possibly protect this kind of proprietary information that the government wants you to think is worth the entire United States market, one has to question how they plan to accommodate every other breach,” she said.
Michael DuVally, a spokesman for Goldman Sachs in New York, declined to comment.
$750,000 Bail
U.S. Magistrate Judge Mark Fox ordered Aleynikov, who earned $400,000 a year, to be held by on $750,000 bail, after prosecutors claimed he posed a threat to the community. Aleynikov planned to earn three times his salary by joining a startup company and engaging in high-volume automated trading, prosecutors said. Aleynikov posted bail yesterday and was released.
Aleynikov didn’t speak at the hearing, except to say that he understood the conditions of his bail.
Teza, co-founded by former Citadel trader Misha Malyshev, said in an e-mailed statement that it first learned of the allegations on July 5 and suspended Aleynikov without pay following an investigation.
The firm “was not aware of the alleged misconduct” and offered to cooperate with the government, according to the statement.
Reverse Engineering
“Someone stealing that code is basically stealing the way that Goldman Sachs makes money in the equity marketplace,” said Larry Tabb, founder of TABB Group, a financial-market research and advisory firm. “The more sophisticated market makers -- and Goldman is one of them -- spend significant amounts of money developing software that’s extremely fast and can analyze different execution strategies so they can be the first one to make a decision.”
Someone could use the code “to implement the same strategies and maybe on certain stocks they can be faster and, in effect, take away money that would normally be Goldman’s,” Tabb said in a phone interview. “The second thing that they can do is actually analyze the code so that they know what Goldman’s going to do before Goldman does it and kind of reverse engineer Goldman’s strategies and make money basically at the expense of Goldman.”
‘Wake-Up Call’
Harvey Pitt, former chairman of the U.S. Securities and Exchange Commission, said proprietary electronic data poses significant risks for all financial institutions.
“This is a wake-up call to all financial institutions to review their security systems, not just with respect to trading codes, but with respect to all proprietary information,” said Pitt, now chief executive officer of Kalorama Partners LLC in Washington.
Goldman appeared to have taken some steps to prevent the theft of its code, Pitt said. “The real question is whether, in light of this outrageous conduct on the part of one of its employees, it should have taken more steps,” Pitt said.
Aleynikov spent four hours with a Federal Bureau of Investigation agent after his July 3 arrest, Shroff said. He told the agent that he’d done nothing wrong, authorized prosecutors to seize his personal computers, and said he hadn’t known the server he was using was in Germany, she said.
32 Megabits
Only 32 of 1,024 megabits of the software code was transferred, Shroff said.
“It is not disseminated,” she said of the code.
Facciponti said at the hearing that Aleynikov could disseminate the code “in 10 minutes” using a cell phone. Once the government obtains access to the German server, prosecutors will see if Aleynikov transferred other confidential data as well, he said. It’s logical to conclude that Aleynikov planned to use the code at his new company, the prosecutor said.
“This is the most substantial theft that the bank can remember ever happening to it, in the sense the entire platform has been taken from it,” Facciponti said. “There has been no breaches anywhere on this magnitude at the bank.”
Aleynikov worked at Goldman from 2007 until June, the government said in the complaint. He was part of a team of workers responsible for improving the computer platform. His alleged transfer of computer codes ran from June 1 to June 5, according to prosecutors.
Moscow, Rutgers
Aleynikov studied applied mathematics at the Moscow Institute of Transportation Engineering before transferring to Rutgers University, where he received a bachelor’s degree in computer science in 1993 and a master’s of science degree, specializing in medical image processing and neural networks, in 1996, according to his profile on the social-networking site LinkedIn.
Before joining Goldman Sachs, he worked for about eight years at IDT Corp., the U.S. vendor of prepaid calling cards, where he led the team responsible for developing routing systems, according to the profile.
His profile on LinkedIn describes him as a vice president in equity strategy at Goldman Sachs and includes two recommendations from colleagues at the firm.
Goldman Profit
Goldman was the world’s biggest and most profitable securities firm until it converted to a bank in September following the bankruptcy of smaller rival Lehman Brothers Holdings Inc. Goldman earned $2.3 billion last year, down from a record $11.6 billion in 2007, as market turmoil caused it to report a fourth-quarter loss, its first in a decade as a public company.
Goldman’s equities business generated $2 billion of revenue in the first three months of 2009, down 20 percent from the first quarter of 2008, the company reported in April. Second-quarter results are due to be reported next week.
Goldman rose $2.97, or 2.1 percent, to $146.46 in New York Stock Exchange composite trading yesterday.
The case is U.S. v. Aleynikov, U.S. District Court, Southern District of New York (Manhattan).
June 29, 2009, 4:10 pm
How Health Records Could Promote Job Growth
By Patrick McGeehan
The push for doctors to convert their patient files to electronic records could spur the creation of dozens of health information technology companies and create thousands of jobs in New York City, according to a study released Monday by a research organization based in Manhattan.
The research organization, the Center for an Urban Future, argues that the city could become a hub for the industry, which is still young and scattered around the country. Its growth is expected to accelerate now that the Obama administration is offering nearly $20 billion in incentives to doctors and hospitals to digitize their records, said Jonathan Bowles, the center’s director, who is a co-author of the study.
“I don’t think any other city is better positioned to capitalize on this than New York,” Mr. Bowles said. “With 65 hospitals, 1,300 outpatient clinics and 30,000 doctors, this is a huge boon waiting to happen. The potential is huge for economic development.”
Mr. Bowles said the city’s Economic Development Corporation should add the health information sector to its short list of industries that could grow significantly and help to achieve the Bloomberg administration’s goal of diversifying the city’s economy. Unlike biotechnology, one of the industries city officials are trying to develop, health information technology does not require expensive laboratories or a lot of space, Mr. Bowles said.
He cited a national study that estimated that the stimulus plan could create as many as 212,000 jobs in health information nationwide. His center’s study found that New York was second only to Chicago as a home base for companies providing these services to hospitals. Chicago has 47 of these companies and New York has 43, while there were only 14 in the San Francisco area, according to the study.
“Silicon Valley does not have a stranglehold on health information technology as it does in so many other sorts of technology,” Mr. Bowles said.
“There’s so much business to be had. But it’s not clear that New York is going to realize its full potential with health I.T. There are some large and influential companies in this industry that are based outside New York.”
Many thanks to all who reported!It has taken a lot of patience but I truly believe that this stock could be a GUSHER!
GLTA
Very interesting and predictive! I have been watching the SP of Symantec and it is enduring a slow bleed....others are on top of what is going on,,,that is 2 years after Gilder!
Keep this guy on the WAVX board.
Any news on the upcoming ASM? If not when do they usually take place?
TIA
Dethroning cash
Published: April 9 2009 03:00 | Last updated: April 9 2009 03:00
As ever, the gadget-mad Japanese have been doing it for years. But today Visa announces its first commercial launch of a scheme that enables consumers to make payments by waving their phones at readers next to cash registers. Malaysians can now buy a Nokia phone equipped with a Near Field Communication chip, link it up to their Maybank account, and start spending in 1,800 retailers across the country. The world has inched closer to the cashless economy.
Admittedly, the 3,000 NFC-equipped phones initially available represent innovation rather than revolution. But the launch follows years (if not decades) of discussion and pilot schemes. Malaysia goes first thanks to a youthful population, high mobile phone penetration and a public transport system that uses a "tap-and-go" card-reader technology familiar to London commuters . If it is popular, Visa will roll out the system in other countries within 12 months.
The attraction for the company is twofold. Visa's electronic payment network, which serves the credit and debit cards issued by banks bearing its brand, serves 1.7bn accounts worldwide. It is eyeing the 4bn people connected to mobile phone networks round the globe, particularly in emerging nations where banking systems are less well developed.
Second, Visa - for which debit card transactions now represent more than two-thirds of total volume - increasingly competes with cash. Tap-and-go payment is intended to replace notes and coins for low-value purchases, such as a skinny lattes, and so push electronic payments' share of consumer spending up from the current 24 per cent. Growing this way also avoids the need to compete aggressively with MasterCard for market share. Mobile phones, meanwhile, continue their transformation into personalised electronic valets. They absorbed the alarm clock, camera, music player and diary - the wallet is next.
Very Interesting!!!!!Last night a comment was made on Fast Money that Dell sat on mucho cash......they thought that Dell could make a play for Palm,,,,,Ah,Sooooooo
Government Needs To Get Its Cybersecurity In Gear, Experts Tell Congress
Security industry leaders agree that White House should lead revamped cybersecurity effort
Mar 10, 2009 | 06:17 PM
By Tim Wilson
DarkReading
Some of the nation's top cybersecurity experts today told a congressional subcommittee that the United States isn't ready for a major online attack, and called on the White House and the rest of the federal government to get their acts together.
In a hearing held by the House Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology, four top IT security officials expressed concern about the government's slow movement in developing a defense for its own agencies and for the nation's critical infrastructure. All four said the White House should lead the effort with the creation of a civilian agency dedicated to cyberdefense.
"We need to face the fact that we are already dealing with cyberwar, both from criminal elements and from hostile governments," said Dave Powner, director of IT management issues at the Government Accountability Office. "We're constantly under attack."
"We're facing the same sort of attack we faced on 9/11, only on a virtual level," said Amit Yoram, CEO of NetWitness and a former White House cybersecurity official. "And without the right defenses, we'll be just as vulnerable."
The experts said that the White House should lead the effort to swiftly build up the nation's defenses against cyberattack. Jim Lewis, project director at the Center for Strategic and International Studies, said the White House is the only part of the government that has the budget and power to drive the initiative, and that only the president can make the decision as to when a cyberattack constitutes an act of war.
Mary Ann Davidson, CSO at Oracle, called on the federal government to develop an analog to the target="new">Monroe Doctrine that would clearly establish a U.S. "cyberturf" and a commitment to defend it with both offensive and defensive cyberweapons.
All of the experts, as well as some members of the subcommittee, expressed concern that the National Security Agency should be given the primary authority over U.S. cybersecurity initiatives. "Intelligence-gathering efforts often work at cross purposes with agencies that are developing defensive strategies," Yoran said.
Rod Beckstrom, the former director of the National Cybersecurity Center who resigned last week in a turf battle with the NSA, was present at the hearing, but did not speak.
The White House is currently conducting a 60-day review of the cybersecurity situation; the review is expected to result in organizational recommendations for the Obama administration. The GAO has not yet met with the review committee, but Powner said his organization is recommending the formation of a White House office responsible for cybersecurity. The GAO also is recommending the creation of a "board of directors" to monitor cybersecurity initiatives and an "accountable" cyberorganization that will speed the development of online defenses.
The members of the congressional subcommittee said they had many more questions for the experts, but they generally favored the recommendations made by the experts.
"The cybersecurity effort has been plagued by ineffective leadership," said Bennie Thompson, chairman of the subcommittee. "We were optimistic about the capabilities of Rod Beckstrom, but it became clear that he did not have experience in working miracles. He did not have the budget or the authority to get the job done. This committee believes, as he does, that there should be a civilian agency that interfaces with, but is not controlled by, the NSA."
Reports: Security Pros Shift Attention From External Hacks To Internal Threats
Majority of IT and security execs say insider vulnerabilities worry them most
Mar 09, 2009 | 08:08 AM
By Tim Wilson
DarkReading
It's official: Today's security managers are more worried about insiders leaking sensitive corporate data than they are about outsiders breaking in to steal it.
In a soon-to-be-published survey of more than 400 IT and security professionals conducted by Dark Reading and sister publication InformationWeek, 52 percent of respondents said they are more concerned about the possibility of internal data leaks -- both accidental and malicious -- than they are about external threats.
Meantime, 44 percent of respondents said they are more worried about external attacks than about internal threats. The remaining 4 percent said they are more concerned about androids taking over the planet than about either external or internal breaches, but we're pretty sure that most of them were kidding.
The survey data bucks a long-standing trend in security that began when the World Wide Web was in its infancy and viruses and worms ruled the earth. After being burned multiple times by bugs with names like Love and Slammer -- and more recently botnets like Storm and Szribi -- most security professionals have spent the majority of their careers fighting attacks that originated from outside of their organizations.
The new poll, however, suggests this trend may now be shifting inward. Some 59 percent of respondents said their organizations were either "likely" or "bound to" be infected in the next 12 months by malware that is unintentionally introduced by internal employees or business partners. Another 52 percent said it is likely that an employee will accidentally expose sensitive data to outsiders. Thirty-six percent said it is likely that their organizations' sensitive data will be exposed due to the loss or theft of a laptop or portable storage device. Twenty-nine percent expect their IT employees to be caught abusing their access privileges to "snoop" sensitive data that they are not authorized to see.
This sea change has been coming for some time, as evidenced by reports and studies from a wide range of sources. According to Computer Security Institute's 2008 enterprise security survey, 44 percent of all organizations experienced insider abuse of computer systems last year, making such incidents second only to viruses as the most frequently reported security event in the enterprise. Forty-two percent of organizations reported laptop theft -- an "insider" threat that is now the third most common security event overall -- and 17 percent reported loss or theft of customer data, either from inside or outside the organization.
Most "insider breaches" are unintentional, according to "Understanding The Insider Threat," a second Dark Reading report, published today. "Employees often break internal security policies or circumvent tools and practices designed to protect corporate systems, networks, and data from compromise," the report states.
About 20 percent of users said they've altered the security settings on company-issued devices so that they could access unauthorized Websites, according to a study conducted by Insight Express and Cisco Systems in September. Twenty-four percent admitted sharing sensitive corporate information with others, and 44 percent have allowed others to use their company-issued devices without supervision.
In other cases, insider breaches are caused by common user errors, such as falling for phishing scams or losing a laptop, according to "Well-Intentioned Employees -- And How To Stop Them," another new report published by Dark Reading today. "Employees can cause breaches in multiple ways without even realizing it," the report states.
A recent report from Ponemon Institute indicates that negligence accounts for 88 percent of insider breaches, while malicious acts account for only 12 percent.
But intentional disregard of company security policies is also growing, according to some sources. In an analysis published in September, firewall vendor Palo Alto Networks said virtually all large enterprises show traffic from peer-to-peer applications, which have been the source of several recent high-profile security breaches and generally are not authorized for use in the enterprise.
And the likelihood of malicious insider attacks increases with each day of economic bad news. According to a study released by Cyber-Ark Software in December, nearly 60 percent of U.S. workers say they have already downloaded sensitive corporate data in anticipation of a future layoff. Approximately the same percentage of terminated employees do, indeed, take that data with them when they leave, according to another survey published last month by Ponemon Institute.
Whether the insider threat is malicious or unintentional, however, most IT and security professionals seem to agree that its growth is outpacing that of the external attack. In Dark Reading's forthcoming survey about IT security concerns, 37 percent of security pros said that "employees or business partners unintentionally damaging or exposing business data" is among the top three most potentially dangerous events that could occur in their organizations. Thirty-five percent cited another unintentional event -- the loss or theft of a laptop or portable storage device -- as one of the most potentially damaging events that could occur.