Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Hey Barge, so this is your big Wave turnaround catalyst?:
May 7, 2013, 9:30 AM ET
A Humbled Microsoft Outlines How It’s Rebooting Windows 8
By Shira Ovide and Ian Sherr
A Microsoft executive is acknowledging what many tech-watchers already knew: The company’s Windows 8 software hasn’t gone off without a hitch, and Microsoft is turning itself inside out to respond.
Reuters
Last fall’s launch of the new operating system was supposed to be a milestone to catapult Microsoft and its allies into the market for new kinds of computing devices–including tablets and convertible products–and help generally get consumers more interested in buying new PCs. Six months after the operating software’s debut, it isn’t yet a hit by the accounts of some PC executives and research firms.
One market-research firm, IDC, went so far as to say that Windows 8 did more than fail to revive the PC market–it actually turned off users with changes to basic elements of the widely used operating system.
In an interview with The Wall Street Journal last week, Windows co-head Tami Reller was more candid than other Microsoft executives in saying Windows 8 hasn’t come on like gangbusters, though she said the company is seeing steady if not steep sales progress. She said Microsoft has sold more than 100 million Windows 8 licenses.
Without offering many details yet, Ms. Reller outlined how Microsoft is working on changing software features, helping people overcome obstacles to learning the revamped software, altering the shopping experience for consumers, getting more of people’s favorite apps available for Windows 8 and making sure a wider array of Windows 8 computing devices will be on sale.
Ms. Reller said Windows 8 was built to be ready to “evolve” to changing demand. “We didn’t get everything we dreamed of done,” she said in a meeting at Microsoft’s San Francisco offices.
She said Microsoft executives will make two sets of relevant disclosures in coming weeks. They will focus on Windows Blue, which Ms. Reller confirmed is both the codename for a coming update to Windows 8–with additional features and improved services–as well as a name for a broader strategy shift to provide faster changes to its key software than the typical pattern of providing new version once every three years or so.
First up soon will be details about pricing, packaging and an official name. (The “Blue” name will give way to an official brand, just as Microsoft’s Web-search engine was dubbed “Kumo” internally before it was launched as Bing.) The updated software will be available later this year in time for the holiday season, Ms. Reller said.
Ms. Reller said a second Blue update is expected before late June explaining the technical vision, addressing user gripes about Windows 8, and outlining options for new Windows 8 devices. Microsoft previously has acknowledged it is working to make Windows 8 available to power the suddenly popular smaller tablets, in the mold of the 7-inch Google Nexus.
Ms. Reller declined to discuss Microsoft’s plans for more homegrown computing devices in addition to two models of its Surface tablet-style computer introduced since October. The Wall Street Journal has reported Microsoft’s is working on a new lineup of devices including a 7-inch version of the Surface.
Ms. Reller said people shouldn’t expected the company to discuss its Surface roadmap in coming weeks, dousing expectations of some analysts who had expected the company might do so at a June conference for software developers.
Ms. Reller also said what Windows 8 users and retailers have said for many months–Windows 8 is a better experience on touchscreen computers–and vowed that Microsoft will put all its weight behind touchscreen devices. She said Microsoft is spreading the message to retailers that if they want help from Microsoft’s marketing and promotional muscle, they will need to offer more and more variety of touchscreen Windows 8 machines.
Ms. Reller said by the fall, and certainly by the holiday shopping season, Microsoft expects there will be a wider array of touchscreen Windows 8 PCs at many different screen sizes, types and prices. She said Microsoft’s marketing push behind the updated Windows 8 will rival the hundreds of millions of dollars the company spent on TV commercials and other promotions around the fall Windows 8 launch.
Still, Ms. Reller acknowledged Windows 8 device sales would have been better if Microsoft and its allies had gotten a better mix of touchscreen devices last year. “If we could have done a better job accomplishing that in the holiday launch or [the] selling season following, that certainly would have made a positive difference,” Ms. Reller said.
Since the November departure of Steven Sinofsky, who had led Windows 8 development at Microsoft, Ms. Reller has overseen the Windows division with Julie Larson-Green. In their power-sharing role, Ms. Reller is responsible for the business functions of Windows, while Larson oversees engineering and other technical aspects of Windows software and hardware.
It remains to be seen whether Ms. Reller will stick around long enough to see Windows 8 through its changes. Microsoft Chief Financial Officer Peter Klein recently said he plans to step down from his post and leave the company at the end of June, and Microsoft-watchers have speculated Ms. Reller’s professional experience seems to make her a good fit as his replacement.
Ms. Reller said, “I do love my current job,” but demurred when asked whether she might take the CFO post.
And a willingness to discuss Windows 8’s faults didn’t mean Ms. Reller was willing to concede to all the critics of Windows 8. She said she disagreed with IDC’s conclusions that Windows 8 was responsible for the first-quarter dropoff in PC shipments.
She said it is difficult for IDC and others to measure PC shipments at times of transition in the computing market. Ms. Reller showed a PowerPoint slide of weekly Windows 8 sales since its Oct launched that showed a slow trend of increasing sales.
Related: George Stahl has details on MoneyBeat.
You just open a fortune cookie or something?
Oh yeah, and just one more example of how things should be. And if this last point doesn't sway the cheerleaders that something is very wrong here, not much hope left for these folks then...
'Pay for Performance' No Longer a Punchline
Shift Highlights Growing Role of Investors in Shaping Compensation
By SCOTT THURM
Company directors say they pay CEOs based on performance. Now the numbers show they mean it.
More than half of the compensation awarded to 51 CEOs last year was tied to their companies' financial or stock-market performance, according to a preliminary review of proxy statements by consulting firm Hay Group and The Wall Street Journal. In most cases, the companies must hit specified targets for the CEO to receive the promised money or equity.
By comparison, three years earlier, in 2009, 35% of the compensation for CEOs at the same companies carried performance conditions, Hay says. The rest of their pay came from salaries and grants of stock and stock options with no performance hurdles.
The shift in how CEOs are paid highlights the growing role of investors in shaping executive compensation—and their push to align pay more closely with corporate results.
Longstanding Pay Practices Under Attack By Activists
Since 2011, big companies have had to offer shareholders a periodic non-binding vote on executive compensation. Fewer than 5% of companies fail to win majority support, but the fear of a poor showing has prodded companies to alter executive-pay plans, consultants and executives say.
"Investors have more influence over pay than ever," adds David Wise, a vice president at Hay, which analyzes proxy statements for the Journal. "In this environment, the only way companies are increasing pay is by clearly tying it to performance."
The 50 companies included in the survey all had annual revenue exceeding $6.7 billion and filed proxy statements after May 1, 2012. One company has two CEOs. The Journal will report the full survey of 300 companies in May.
At the 40 companies in the preliminary survey where the CEO has been in place at least two years, compensation more closely mirrored corporate results last year.
Median total direct compensation rose 6.9%, to $9 million, close to the median 7.6% shareholder return posted by the companies. Total direct compensation includes salary, all bonuses, and the value of equity at the time it was granted. Shareholder return includes share-price changes and the value of dividends.
As was true in 2011, bonuses generally tracked the companies' annual financial results. Median net income at the 40 companies fell 3.9%, and the annual bonuses of their CEOs fell 7.6%.
Consider Air Products & Chemicals Inc. Earnings per share at the Allentown, Pa., maker of industrial gases fell far short of the company's target of 9% growth, excluding certain costs, in the fiscal year ended Sept. 30, 2012. CEO John McGlade paid the price, with a 65% cut in his annual bonus, to $898,000, from $2.5 million the prior year. Mr. McGlade's grants of stock and stock options shrank as well, reducing his total direct compensation 19%, to $9.1 million.
In a statement, Air Products said "economic trends and slow manufacturing growth" hurt its results and Mr. McGlade's pay. "Our executive compensation is linked to performance against metrics that drive shareholder value, specifically earnings growth, return on capital and stock performance," the company said.
At Smithfield Foods Inc., net income fell 31% in the fiscal year ended April 29, 2012, and shareholders suffered an 11% loss. Directors also changed CEO C. Larry Pope's bonus formula, making it less lucrative. As a result, Mr. Pope's cash bonus fell 64%, to $4.7 million, contributing to a 31% drop in his total direct compensation, to $12.9 million.
Like many companies, Smithfield is also making other changes in its executive-pay plan. The Smithfield, Va., pork producer, which is under pressure from a big shareholder that wants to split the company, won't grant Mr. Pope stock options this year and will tie some of his stock awards to how Smithfield stock fares compared with rivals.
A Smithfield spokeswoman referred to the company's proxy statement, which says Mr. Pope's compensation "moves up and down in proportion to the company's profitability."
The trend toward performance-based pay has been building for a decade and extends beyond the 50 companies in the Journal/Hay Group survey. Pay consultant Farient Advisors says that 64% of the companies in Standard & Poor's 1500-stock indexes attached performance criteria to equity grants in 2011, up from 20% in 2002.
Last week,Johnson & Johnson said it had sliced 2012 bonuses for top executives by 10% to reflect "mixed" results, and Nabors Industries Ltd. rewrote its CEO's contract to eliminate lucrative bonus and severance clauses.
"Companies in the past few years have spent a lot of time trying to align performance and pay," says Rose Marie Orens, senior partner at Compensation Advisory Partners LLC, a New York pay consultant.
The Journal's preliminary survey measures the value of compensation when it's granted. It still isn't certain that the increased use of performance hurdles will reduce actual payouts to executives. At some companies, though, there are hints of smaller paydays.
Applied Materials Inc., which makes machines that make semiconductors, awarded CEO Michael R. Splinter 575,000 shares of restricted stock, valued at $6.7 million, in the fiscal year ended Sept. 30, 2012, accounting for nearly three-fourths of his annual compensation.
But Mr. Splinter won't receive the shares unless Applied outpaces peers' operating-profit margins and shareholder returns through 2015. Applied missed the target last year, so Mr. Splinter hasn't received any shares. He has three more tries. If he does get some, he'll have to wait up to three additional years to sell the shares.
"Applied Materials has pay-for-performance practices that align a significant majority of executive compensation with robust performance objectives," says Mary Humiston, senior vice president, global human resources.
Aecom Technology Corp., a Los Angeles engineering-consulting firm, took this concept one step further. CEO John Dionisio agreed to add an earnings target to the $2.4 million in stock and options he was granted in 2011. Aecom posted a loss in the fiscal year ended Sept. 30, 2012, so it missed the target, and Mr. Dionisio forfeited the earlier grants.
Directors also cut Mr. Dionisio's annual bonus roughly in half, to $1.5 million, and trimmed the value of his equity grants by 4%. In all, Mr. Dionisio's compensation fell 17%, to $8.1 million.
In its proxy statement, Aecom said the earnings targets were added "to strengthen the pay-for-performance linkage." In a news release, the company said, "Our executive-compensation programs are designed to support our long-term success and embrace the pay-for-performance philosophy."
There are exceptions to the trend, including the highest-paid CEO in the preliminary survey, Oracle Corp.'s Larry Ellison. Mr. Ellison received compensation valued at $94.6 million in the fiscal year ended May 31, 2012, the vast majority through seven million stock options valued at $90 million.
The options carry no performance targets. But in its proxy statement, Oracle says the options align Mr. Ellison's pay with company performance because they will have value only if Oracle's stock rises. "When our stockholders are rewarded, our executive officers are also rewarded," the company says.
With more pay linked to performance targets, some investors are turning their attention to the rigor of the targets, says Robin Ferracone, chief executive of Farient, the pay consultant. "The next frontier is not only honing the measurement system but also the goal setting," she says.
Write to Scott Thurm at scott.thurm@wsj.com
Corrections & Amplifications
The chief executive of Air Products & Chemicals Inc. is John McGlade. An earlier version of this article incorrectly gave Mr. McGlade's first name as Joseph.
A version of this article appeared March 21, 2013, on page B1 in the U.S. edition of The Wall Street Journal, with the headline: 'Pay for Performance' No Longer a Punchline.
Such is called a "relief rally"
I have NO doubt, that if SS was replaced by a credible figure as CEO, the share price would likely instantly double, at the least...
For any of you out there still supportive of SS's leadership abilities, just ask yourselves how he stacks up to the measures described below? (And I do strongly support the idea of shareholders voting out the BoD, as I believe that may really be the only chance of salvaging this sinking ship)
World's Best CEOs
By ANDREW BARY
Shareholder return is the mark of a great CEO. Shares of the companies run by this year's top managers have all beat the market during their tenure. From LVMH's Arnault to Lenovo's Yang.
Warren Buffett bluntly tells shareholders in his recent annual letter that if he can't increase Berkshire Hathaway's intrinsic value at a faster clip than the gain in the Standard & Poor's 500 index over a long stretch, there's little point in owning Berkshire stock. A low-cost index fund would be a better investment. As usual, Buffett is on to something, and he has delivered in a big way during 48 years as Berkshire's CEO. His stock is up 8,000-fold, turning many original investors into billionaires.
Shareholder returns are a key criterion for inclusion in our ninth annual list of the 30 best CEOs in the world. We look for innovative and financially savvy leaders who can motivate employees and develop products that resonate with customers. But if they can't translate that into consistent profit growth and market-beating shareholder gains, they ultimately aren't adding a lot of value.
All 30 of the CEOs on our list for 2013 meet the Buffett test. The share prices of their companies have outstripped the S&P 500's return during their tenures. Some even have better annualized numbers than Buffett, although none can match Berkshire's total gain since 1965.
Under Larry Fink, BlackRock's total return since its 1999 initial public offering has averaged 25.3% annually, versus 21% for Berkshire during Buffett's tenure. Even more impressive is what Amazon.com has done with Jeff Bezos at the helm since its 1997 initial public offering. The stock has risen to $253 from a split-adjusted $1.50, a 39% annualized return.
Other CEOs whose shares have produced 25%-plus yearly total returns are Oracle's Larry Ellison, Monsanto's Hugh Grant, and three overseas chiefs: Pablo Isla of Inditex, which owns the Zara clothing retailer; Ma Huateng of Tencent, one of China's top Internet companies; and Yang Yuanqing of Lenovo, the fast-growing maker of personal computers that is giving fits to Dell and Hewlett-Packard .
For the second straight year, there's a lot of turnover in our list, as 13 new CEOs are joining our shrine. Yang is among the newcomers, along with Leslie Moonves of CBS, Bernard Arnault of LVMH Moët Hennessy Louis Vuitton, David Cote of Honeywell, and Carol Meyrowitz of TJX .
We try to set a high bar for keeping CEOs on our list. We removed 13 from last year's list. Some deletions were an easier call than others. Rex Tillerson of ExxonMobil is gone because the oil giant's production and returns are under pressure. Joe Tucci of EMC is out because revenue growth is slowing at the maker of data-storage systems. Lew Frankfort of Coach is off, as his firm's profit growth has slowed and the stock price has slumped. It's contending with competitive pressure in handbags and other accessories from hot brands like Michael Kors and Kate Spade.
Our group is global. Sixteen CEOs come from the U.S., eight from Europe, four from Asia, and one each from Canada and Mexico. For profiles of the 30 leaders in alphabetical order click here.
We don't rely on any formula to draw up this list. It's based on the views of Barron's reporters and editors, and reflects insights from investors, analysts, and industry executives.
We like to see CEOs on the job for at least three years before we consider them, and we prefer a five-year minimum. It takes time to have an impact on a large organization, and developments in the initial year of a CEO's tenure often have more to do with what the predecessor did than any new initiatives. We made an exception for Google's Larry Page, who became CEO in 2011, because he's a co-founder of the company along with Sergey Brin and has played a key role in building the Internet giant into the country's third-largest company, with a market value of $270 billion.
THERE ARE NO EASY JOBS at the helm of large companies, but some businesses are particularly hard due to narrow "moats" around their markets. A longtime member of our list, Michael O'Leary, heads Ryanair, the no-frills European airline that has thrived in a brutal industry. The outspoken O'Leary last week inked a huge order for Boeing 737s and defended the aircraft maker, saying "regulatory crap" was behind the grounding of its 787s amid concerns about battery fires.
The pressures are unrelenting in retailing, and the CEOs of Japan's Fast Retailing and Spain's Inditex have done especially good jobs. Fast Retailing's Uniqlo chain and Inditex's Zara aren't well known in the U.S., but they have become two of the leading clothing retailers in the world.
TJX has built a business with a $33 billion market value -- double that of Macy's -- by selling designer labels at sharp discounts in its T.J. Maxx and Marshalls stores. Shoppers like the treasure-hunt aspect of the stores and the ability to get a Michael Kors handbag for $150 that supposedly once retailed for $350. TJX somehow manages to regularly source enough designer stuff to fill almost 2,000 domestic stores. Credit CEO Carol Meyrowitz with that feat.
You probably won't find Louis Vuitton bags at T.J. Maxx. CEO Arnault of LVMH zealously protects the image of his company's most important brand and insists that slow-selling items be destroyed rather than marked down or sold to off-price retailers. That attitude has helped create the world's top luxury-goods company.
Moonves has generated strong returns through superior management of an old-media portfolio that was deemed to be inferior to that of Viacom, with its cable networks, at the time of the two companies' split in 2005. CBS is the longtime leader in prime-time ratings, and Moonves has pushed hard to get paid for its costly content, wresting sizable annual "retransmission" revenue from cable operators.
Sometimes we make mistakes in jettisoning CEOs. Warren East of ARM Holdings and Grant of Monsanto return to our pantheon this year.
East, who announced last week that he would retire in July, has fended off larger competitors, notably Intel, to dominate the processor market for mobile devices. He goes out on a high note, with ARM Holdings shares at a record. Since we removed Grant in 2010, Monsanto has cemented its hold on the market for genetically modified seeds, and profits have rebounded. We welcome them back.
We realize that readers may disagree with some of our selections or want to see other CEOs on the list. If you have any ideas, please write to editors@barrons.com. We look forward to your suggestions.
Copyright 2013 Dow Jones & Company, Inc. All Rights Reserved
This copy is for your personal, non-commercial use only. Distribution and use of this material are governed by our Subscriber Agreement and by copyright law. For non-personal use or to order multiple copies, please contact Dow Jones Reprints at 1-800-843-0008 or visit www.djreprints.com
You're absolutely correct in saying it is not the "key" to success, and neither I nor the research suggests that it is THE key.
Rather this article is suggesting it is a frequent component that people perceive as being related to performance. And this mismanagement of weight or self-appearance in a position of leadership leads to questions of competitiveness, and can have people even unconsciously tying negative notions to abilities and either the cause or the effect of some other negative underlying issues/qualities.
Certainly Gov Chris Christie's weight does not work in his favor typically, as it is common fodder heard in the media about him with negative connotations, but then which he is able to overcome with his articulate, commanding, and clear presentation and projection of himself and his ideas.
Certainly if SS could do the same and had management abilities with a proven track record of selling and being a winner, it would not be an issue. But when he ends up appearing like a bumbling, lying, careless fool, quarter after quarter, year after year, decade after decade, you better believe it will have an impact on his ability to sell Wave to the big boys!
Let’s put this argument to rest quickly here, regarding swipes at his weight and how unprofessional it really may be. With the gross mismanagement that has led to hundreds of dollars in losses, of which my money was a part, it does open SS up to all kinds of fair criticism and discussions of cause and effect relationships, especially when there is research to support this. If you want to step into the position of public scrutiny in a CEO role at a publicly traded company, your appearance very much does matter.
Please see the WSJ article below, and then you tell me, is it not fair to bring in SS’s weight in light of his performance and something bordering criminal company mismanagement?
Want to Be CEO? What's Your BMI?
Being fit matters.
New research suggests that a few extra pounds or a slightly larger waistline affects an executive's perceived leadership ability as well as stamina on the job.
While marathon training and predawn workouts aren't explicitly part of a senior manager's job description, leadership experts and executive recruiters say that staying trim is now virtually required for anyone on track for the corner office.
"Because the demands of leadership can be quite strenuous, the physical aspects are just as important as everything else," says Sharon McDowell-Larsen, an exercise physiologist who runs an executive-fitness program for the nonprofit Center for Creative Leadership.
Executives with larger waistlines and higher body-mass-index readings tend to be perceived as less effective in the workplace, both in performance and interpersonal relationships, according to data compiled by CCL. BMI, a common measure of body fat, is based on height and weight.
While weight remains a taboo conversation topic in the workplace, it's hard to overlook. A heavy executive is judged to be less capable because of assumptions about how weight affects health and stamina, says Barry Posner, a leadership professor at Santa Clara University's Leavey School of Business. He says he can't name a single overweight Fortune 500 CEO. "We have stereotypes about fat," he adds, "so when we see a senior executive who's overweight, our initial reaction isn't positive."
Vote
CCL staff detected the correlation after collecting hundreds of peer-performance reviews and health-screening results from the CEOs and other senior-level managers who participate in its weeklong leadership workshops in Colorado Springs. A pair of university researchers, using data from 757 executives measured between 2006 and 2010, found that weight may indeed influence perceptions of leaders among subordinates, peers and superiors.
Tim McNair, a general manager at Nazareth, Pa.-based guitar maker C.F. Martin & Co., says he was inspired to make some changes after spotting his "gut" on camera during a recent public-speaking exercise while attending the CCL workshop.
He wondered whether his colleagues had the same reaction to his appearance, he says, adding: "Would they think, 'If he can't keep his hand out of the cookie jar, how can he do his job?'"
So the 44-year-old, who says his peers' evaluations were somewhat harsh, recently rejoined the local gym, where he heads after work at least three days a week to run on the treadmill, cycle or stretch. He has also given up double cheeseburgers, steak, ice cream, Coca-Cola and Tastykakes, opting for a healthier diet of grains and vegetables. In four months, he has shed about 25 pounds.
The fitness imperative for executives is relatively new, says Ana Dutra, the CEO of Korn/Ferry Leadership and Talent Consulting. Time was, a company chief spent every waking minute at work, sacrificing exercise, vacation and kids' soccer games in the service of the firm. Employees were expected to admire and emulate this devotion. Now, executives are expected to take time off to "revitalize themselves," Ms. Dutra says.
She pegs the shift to the sudden deaths of high-profile CEOs, including McDonald's Corp. chief Jim Cantalupo, who died of a heart attack in 2004, 16 months after taking the post. His successor, Charlie Bell, died less than a year later of cancer at the age of 44. In 1997, Coca-Cola Co. Chairman Roberto Goizueta, a smoker, died weeks after being diagnosed with lung cancer.
The CEOs of today are also more visible than their forebears and must be camera-ready at a moment's notice, composed while courting investors and ready to respond in a company emergency. Excess weight can convey weakness or a "lack of control," says Amanda Sanders, a New York-based image consultant who has worked with senior executives at Fortune 500 firms.
"It's the leadership image you project," says Mark Donnison, 47, a senior executive director at Canadian Blood Services who has lost 25 pounds since starting an early-morning workout rotation of cardio, weights and yoga last summer. "Folks do see how you live."
Companies seek leaders with physical endurance, the better to manage global businesses and solve complex problems, says Mr. Posner, who advised Dow Chemical Co. on training high-potential global leaders in 2010 and 2011. Those leaders were instructed to build in regular time for exercise to help them withstand the constant travel and the demands of an overseas role. The training even incorporated such classes as Zumba, Pilates, tai chi and yoga, says Dawn Baker, Dow's global director of talent management.
Panera Bread Co. founder and co-CEO Ron Shaich says he began working with a trainer about five years ago, in part to stay energized while running a growing company. Two to three times a week, he gets up for a 5:30 a.m. appointment with his trainer, and on Sundays he opts for a 90-minute run. The workouts have boosted his energy levels and helped him focus, he says.
In general, the executives in the Center for Creative Leadership study were healthier than the average American. They drank and smoked less and were more likely to exercise regularly. About half were considered overweight or obese, defined as having a BMI of more than 25. By contrast, more than 60% of Americans fit this description, according to a Gallup-Healthways Well-Being Index last year.
The sample's leaner executives, defined as having a BMI under 25, were viewed more favorably by peers, averaging 3.92 for task performance on a five-point scale; heavier leaders averaged 3.85. Similarly, members of the leaner group rated higher on interpersonal skills.
The study controlled for factors such as age, race, gender, job level and personality traits. Results were similar across industries, says Eden King, one of the study's researchers and an associate professor of psychology at George Mason University.
To be sure, the perception of competence isn't the same as measurable leadership success. Executives who were part of the study say it's difficult to say how much of the perceived bias stems from their physical weight and how much from their own projected insecurity.
Weight Watchers International Inc. CEO David Kirchhoff, 46, recalls feeling painfully self-conscious when his weight was at its peak a decade ago, around the time he first took up the post. At six-foot-two and 245 pounds, he tried to hide his girth with oversize sweaters and pleated pants.
"I sucked in my gut a lot," says Mr. Kirchhoff, who has since lost 40 pounds. Now, he says, "I probably carry myself with more confidence and authority.
Write to Leslie Kwoh at leslie.kwoh@wsj.com
A version of this article appeared January 16, 2013, on page B1 in the U.S. edition of The Wall Street Journal, with the headline: Want to Be CEO? What's Your BMI?.
Jo-Jo, according to SS's business card that I got from him 2-3 years ago, his direct # is 413.243.7011, and his cell # is 413.441.2173.
Don't know if these are still active, but would be happy if you, or any one of you shareholders out there, gives Tubs a call and voices your "concerns"!!!
Would be happy to hear if and how that all goes or works out.
Best!
When I hear that TCG Group members/companies begin adopting/utilizing Wave technology in mass, that would be a good sign that Wave is indispensable, and I would consider re-visiting.
You clearly must not have watched the video, or worse yet, you just have no clue about what it and I are insinuating
These kinds of measures are terribly overdue, just watch this brief interview on bloomberg:
http://www.bloomberg.com/video/is-antivirus-protection-effective-MWj8ShLiTVetLo34hneJdA.html
TPM use should've already been going through the roof...doesn't change my view of Wave and it's leadership one bit
Please see "The Worst Ceo" article I just posted. It should shed some light on how and what CEOs are judged on, at "real" companies.
Not even insisting necessarily that SKS needs to leave Wave, as his talents and expertise may come in very handy in a CTO or CIO role or something, but please, CEO??? He never even had ANY training for this role. This is just reality!!
The Worst CEOs of 2012
Posted by: Louis Lavelle on December 13, 2012
http://www.businessweek.com/articles/2012-12-13/the-worst-ceos-of-2012
Who are the absolute worst chief executives of 2012? Sydney Finkelstein thinks he knows. The longtime professor at Dartmouth College’s Tuck School of Business is the author of 11 books with such titles as Why Smart Executives Fail and Think Again: Why Good Leaders Make Bad Decisions, so he knows a thing or two about utter failure. He’s been putting out his list for three years now, and last year it included the chief executives of Netflix (NFLX), Research in Motion (RIM), and Hewlett-Packard (HPQ). Here’s the list (except where noted the companies didn’t respond to a request for comment):
1. Brian Dunn, who resigned as chief executive of Best Buy (BBY) in April after allegations surfaced that he had an inappropriate relationship with a much younger subordinate. That’s not why he’s on the list, though. Declining stock price, cratering same-store sales, loss of market share to more nimble competitors, and an addiction to share buybacks that cost the company $6.4 billion with little to show for it—that’s why he’s on the list.
2. Aubrey McClendon, the CEO of Chesapeake Energy (CHK) who apparently has trouble keeping his company’s finances and his own apart. According to Reuters, McClendon borrowed as much as $1.1 billion over three years in undisclosed loans against his stake in thousands of company wells and ran a $200 million oil-and-gas hedge fund on the side, an “obvious conflict of interest,” Finkelstein says. Use of the company jet (and company employees) for personal purposes and a corporate sponsorship deal for Oklahoma City Thunder while McClendon was an owner of the basketball team also didn’t help. Jim Gipson, a spokesman for Chesapeake Energy, declined to comment.
3. Andrea Jung, who stepped down as chief executive of Avon (AVP) in April but remains as chairman through the end of this year. Jung has been unable to fix the company’s operational problems, failed to groom a successor, and turned down a $10.7 billion offer from the beauty-care company Coty that, in retrospect, it should have leaped at. Since 2004, the company’s market value has fallen under her watch from $21 billion to $6 billion. And the company has had to spend $300 million in legal expenses related to allegations that it violated the Foreign Corrupt Practices Act, which bars bribery of foreign officials.
4. Mark Pincus, the CEO of Zynga (ZNGA), the mobile gaming company that brought the world Farmville, among other online distractions. Zynga stock is down 75 percent so far this year, and the company is losing top executive talent. Pincus has a fairly illustrious pedigree—he got a bachelor’s degree in economics from Wharton in 1988 and his MBA from Harvard Business School in 1993. But Finkelstein says he’s made some rookie mistakes, including hitching his company’s wagon much too securely to Facebook (FB), which Zynga relies on for a big chunk of revenue. And he hardly expressed confidence in the company’s prospects with his move to unload 16 million shares after the IPO lockup period ended. Joe Libonati, a spokesperson for Zynga, declined to comment.
5. Rodrigo Rato, who resigned as chairman of the Spanish lender Bankia (BKIA) in July. Rato is one of Spain’s former finance ministers and a former managing director of the IMF. He’s under investigation for fraud, price-fixing, and embezzlement in connection with Bankia’s spectacular collapse and bailout by the Spanish government. Rato has an MBA from the UC-Berkeley Haas School of Business. In 2011, Bankia announced profit of €309 million; after Rato resigned, it was restated to a €3 billion loss. Carmen de Miguel Hombria, a spokesperson for Bankia, declined to comment.
Two other executives—Mark Zuckerberg at Facebook and Andrew Mason at Groupon (GRPN)—almost made the list. The rap on Zuckerberg is his “massive ego,” while both men get demerits for immaturity and shares that move in only one direction, and not the right one. Says Finkelstein: “There’s no reason to believe they have the management skills to run a major public company.”
And don’t get him started on the hoodie.
Join the discussion on the Bloomberg Businessweek Business School Forum, visit us on Facebook, and follow @BWbschools on Twitter.
I said it then, and I'll say it again. This company is dead in the water with its current "leadership". I will not invest in Wave no matter what without a major and promising change in management.
If they are currently such a big disaster in steering the company, it would only get worse if there is even suddenly a huge inflow of money. One of the biggest challenges for a CEO and a small company to handle, is actually being able to manage sudden and very swift growth successfully.
And this is much simpler than rocket science actually. Just look up my post from several years ago, where I drew an analogy to Ford and their previously incompetent family run operations. Well at least Bill Ford the III was smart enough to hand the reigns over to Allan Mullaloy, a world class CEO that previously turned Boeing around...
Perfectly said Telstar. But to take this even a step further, this managerial fiasco is crystal clear to real investors, especially big corporate ones or investment firms, and will actually serve as a major roadblock to progress.
No professionals will entrust their funds to such a amateurish and sophomoric management team, to say the least, and so what you have is potentially a good technology whose benefits are outweighed by the negatives of a wholly incompetent management team.
My Ol Man and I decided to fully pull the plug on this misadventure after deciding that the chances of absolute loss far outweighed the possibility of success, because of the management.
As MyMoney points out, over the long term, 15-20 years, whether I sold at upper 60's (cents) or $2, makes very little difference at this point. I actually began selling piecemeal more than 2 years ago, with my remaining "few" shares sold at about $1. It's much more my old man I'm concerned about, whose been in this the longest, who sold out in pretty much a few lump sums at about 79cents in quick succession.
He's a good man, honest, has been hard working all his life, and was sold the "Wave dream" long ago...and sadly, the only silver lining in this, JD, is being able to harvest the tax losses. Good luck to you guy!
Obama acts to toughen computer security
February 3, 2013 7:45 pm
By Stephanie Kirchgaessner in Washington
The White House is set to order stronger cybersecurity measures by the end of this month as a rash of unprecedented cyber attacks against financial institutions and energy companies are prompting some big companies to rethink the need for government intervention.
The executive order will call for information sharing and co-operation between the private sector and government and create a new – but voluntary – set of standards for companies that operate critical US infrastructure.
Big business lobbyists quashed an effort to pass a comprehensive cybersecurity law on Capitol Hill last year, but the attacks – some reportedly orchestrated by Iran – have caused companies to reconsider, some experts said.
“We tried to do cybersecurity legislation pre- and post-9/11 and what was challenging was that the private sector was reluctant to share information and so was the government,” says Kiersten Todt Coon, a former senior staff member of the Senate homeland security committee and now president of Liberty Group Ventures.
But after a slew of attacks that Ms Todt Coon said were committed with a level of “diligence and intensity” that the financial sector in particular had never experienced before, there was a new sense of “we need your help and we need to work together”.
The executive order does not target routine attacks against private companies by hackers. Rather, it is an effort to prevent catastrophic attacks and build more resilient systems for operators of critical infrastructure. The exact definition of what will be included have yet to be determined, but it is expected to include the electrical grid, financial services, chemical companies, oil and gas groups, and the water supply.
Some groups who have worked with the White House say the order could be released as early as this week and anticipate that President Barack Obama could mention it in his State of the Union address on February 12 as a sign of the gravity of the issue. The White House declined to comment on the order.
A November draft of the executive order that has circulated among lobbyists called for new procedures to be written within 120 days for companies to voluntarily participate in an “Enhanced Cybersecurity Services” initiative to address cybersecurity concerns.
The order also calls for the expedited provision of security clearances to operators of critical infrastructure, a proposal that responds to concerns in the business community that the government does not share enough classified information about potential threats.
Although the new standards will be voluntary, people who have worked with the White House on the executive order say it could open the door to new cybersecurity legislation.
In depth
Cyberwarfare
As online threats race up national security agendas and governments look at ways of protecting their national infrastructures a cyber arms race is causing concern to the developed world
Groups like the Business Roundtable and US Chamber of Commerce, big business lobby groups, are also pushing for the passage of a law to protect the private sector from litigation from shareholders and others in the event of a cyber attack, which they argue would facilitate the sharing of private company information with the government and other companies facing similar threats.
Liz Gasster, a vice-president at the Business Roundtable, says cybersecurity is viewed by chief executives as a significant priority and that companies are seeking “actionable” and “real-time” information from government intelligence sources to protect their assets but are resistant to a “checking the boxes” regulatory approach that they see as ultimately ineffective.
“Companies are concerned about the focus on standards as a panacea and they are afraid that it doesn’t solve the problem,” says Ms Gasster. She added that companies were eager to “let the executive order work” before Congress gets to work on new legislation that could make the voluntary standards mandatory. There is also concern that the White House or Congress could pass incentives for companies to agree to the voluntary standards that would, in effect, give companies little choice but to adopt them.
Stewart Baker, who formerly served as the first assistant secretary for policy for the Department of Homeland Security for the Bush administration, said the executive order would cement the role of the department as an interlocutor between regulatory agencies and the private sector, and that industry would be “under pressure” to adopt the new standards in co-ordination with DHS.
“There really hasn’t been a thoughtful discussion about what the information sharing provisions ought to be. Now the business community is going to be at the table,” Mr Baker says.
James Lewis of the Center for Strategic and International Studies, said that while companies are more open to government collaboration, “we need the Iranians to whack us over the head a few more times before the ball starts to roll”, referring to media reports of alleged Iranian cyber attacks that Tehran has denied.
Copyright The Financial Times Limited 2013.
Looks like this going down to Wave investor cage fight? lol
Unfortunately, it usually is...
That's what real CEOs/Executives at real companies do!! Wake up techies!
Hackers Linked to China’s Army Seen From EU to D.C.
By Michael Riley and Dune Lawrence - Jul 26, 2012
The hackers clocked in at precisely 9:23 a.m. Brussels time on July 18 last year, and set to their task. In just 14 minutes of quick keyboard work, they scooped up the e-mails of the president of the European Union Council, Herman Van Rompuy, Europe’s point man for shepherding the delicate politics of the bailout for Greece, according to a computer record of the hackers’ activity.
Over 10 days last July, the hackers returned to the council’s computers four times, accessing the internal communications of 11 of the EU’s economic, security and foreign affairs officials. The breach, unreported until now, potentially gave the intruders an unvarnished view of the financial crisis gripping Europe.
And the spies were themselves being watched. Working together in secret, some 30 North American private security researchers were tracking one of the biggest and busiest hacking groups in China.
Observed for years by U.S. intelligence, which dubbed it Byzantine Candor, the team of hackers also is known in security circles as the Comment group for its trademark of infiltrating computers using hidden webpage computer code known as “comments.”
During almost two months of monitoring last year, the researchers say they were struck by the sheer scale of the hackers’ work as data bled from one victim after the next: from oilfield services leader Halliburton Co. (HAL) to Washington law firm Wiley Rein LLP; from a Canadian magistrate involved in a sensitive China extradition case to Kolkata-based tobacco and technology conglomerate ITC Ltd. (ITC)
Gathering Secrets
The researchers identified 20 victims in all -- many of them organizations with secrets that could give China an edge as it strives to become the world’s largest economy. The targets included lawyers pursuing trade claims against the country’s exporters and an energy company preparing to drill in waters China claims as its own.
“What the general public hears about -- stolen credit card numbers, somebody hacked LinkedIn (LNKD) -- that’s the tip of the iceberg, the unclassified stuff,” said Shawn Henry, former executive assistant director of the FBI in charge of the agency’s cyber division until leaving earlier this year. “I’ve been circling the iceberg in a submarine. This is the biggest vacuuming up of U.S. proprietary data that we’ve ever seen. It’s a machine.”
Exploiting a hole in the hackers’ security, the researchers created a digital diary, logging the intruders’ every move as they crept into networks, shut off anti-virus systems, camouflaged themselves as system administrators and covered their tracks, making them almost immune to detection by their victims.
Every Move
The minute-by-minute accounts spin a never-before told story of the workaday routines and relentless onslaught of a group so successful that a cyber unit within the Air Force’s Office of Special Investigations in San Antonio is dedicated to tracking it, according to a person familiar with the unit.
Those logs -- a record of the hackers’ commands to their victims’ computers -- also reveal the highly organized effort behind a group that more than any other is believed to be at the spear point of the vast hacking industry in China. Byzantine Candor is linked to China’s military, the People’s Liberation Army, according to a 2008 diplomatic cable released by WikiLeaks. Two former intelligence officials verified the substance of the document.
Hackers and Spies
The methods behind China-based looting of technology and data -- and most of the victims -- have remained for more than a decade in the murky world of hackers and spies, fully known in the U.S. only to a small community of investigators with classified clearances.
“Until we can have this conversation in a transparent way, we are going to be hard pressed to solve the problem,” said Amit Yoran, former National Cyber Security Division director at the Department of Homeland Security.
Yoran now works for RSA Security Inc., a Bedford, Massachusetts-based security company which was hacked by Chinese teams last year. “I’m just not sure America is ready for that,” he said.
What started as assaults on military and defense contractors has widened into a rash of attacks from which no corporate entity is safe, say U.S. intelligence officials, who are raising the alarm in increasingly dire terms.
In an essay in the Wall Street Journal July 19, President Barack Obama warned that “the cyber threat to our nation is one of the most serious economic and national security challenges we face.” Ten days earlier, in a speech given in Washington, National Security Agency director Keith Alexander said cyber espionage constitutes “the greatest transfer of wealth in history,” and cited a figure of $1 trillion spent globally every year by companies trying to protect themselves.
Harvesting Secrets
The networks of major oil companies have been harvested for seismic maps charting oil reserves; patent law firms for their clients’ trade secrets; and investment banks for market analysis that might impact the global ventures of state-owned companies, according to computer security experts who asked not to be named and declined to give more details.
China’s foreign ministry in Beijing has previously dismissed allegations of state-sponsored cyberspying as baseless and said the government would crack down if incidents came to light. Contacted for this story, it did so again, referring to earlier ministry statements.
Private researchers have identified 10 to 20 Chinese hacking groups but said they vary significantly in activity and size, according to government investigators and security firms.
Group Apart
What sets the Comment group apart is the frenetic pace of its operations. The attacks documented last summer represent a fragment of the Comment group’s conquests, which stretch back at least to 2002, according to incident reports and interviews with investigators. Milpitas, California-based FireEye Inc. alone has tracked hundreds of victims in the last three years and estimates the group has hacked more than 1,000 organizations, said Alex Lanstein, a senior security researcher.
Stolen information is flowing out of the networks of law firms, investment banks, oil companies, drug makers, and high technology manufacturers in such significant quantities that intelligence officials now say it could cause long-term harm to U.S. and European economies.
’Earthquake Is Coming’
“The activity we’re seeing now is the tremor, but the earthquake is coming,” said Ray Mislock, who before retiring in September was chief security officer for DuPont Co., which has been hacked by unidentified Chinese teams at least twice since 2009.
“A successful company can’t sustain a long-term loss of knowledge that creates economic power,” he said.
Even those offline aren’t safe. Y.C. Deveshwar, 65, a businessman who heads ITC, India’s largest maker of cigarettes, doesn’t use a computer. The Comment hackers last year still managed to steal a trove of his documents, navigating the conglomerate’s huge network to pinpoint the machine used by Deveshwar’s personal assistant.
On July 5, 2011, the thieves accessed a list of documents that included Deveshwar’s family addresses, tax filings, and meeting minutes, as well as letters to fellow executives, such as London-based British American Tobacco Plc (BATS) chairman Richard Burrows and BAT chief executive, Nicandro Durante, according to the logs. They tried to open one entitled “YCD LETTERS” but couldn’t, so the hackers set up a program to steal a password the next time his assistant signed on.
Keeping Quiet
When Bloomberg contacted the company in May, spokesman Nazeeb Arif said ITC was unaware of the breach, potentially giving the hackers unimpeded access to ITC’s network for more than a year. Deveshwar said in a statement that “no classified company related documents” were kept on the computer.
Companies that discover their networks have been commandeered usually keep quiet, leaving the public, shareholders and clients unaware of the magnitude of the problem. Of the 10 Comment group victims reached by Bloomberg, those who learned of the hacks chose not to disclose them publicly, and three said they were unaware they’d been hacked until contacted for this story.
This account of the Comment group is based on the researchers’ logs, as well as interviews with current and former intelligence officials, victims, and more than a dozen U.S. cybersecurity experts, many of whom track the group independently.
Private Investigators
The researcher who provided the computer logs asked not to be named because of the sensitivity of the data, which included the name of victims. He was part of a collaborative drawn from 20 organizations that included people from private security companies, a university, internet service providers and companies that have been targeted, including a defense contractor and a pharmaceutical firm. The group included some of the top experts in the field, with experience investigating cyberspying against the U.S. government, major corporations and high profile political targets, including the Dalai Lama.
Like similar, ad hoc teams formed temporarily to study hackers’ techniques, the group worked in secret because of the sensitivities of the investigation aimed at state-sponsored espionage. A smaller version of the group is continuing its research.
As the surge in attacks on businesses and non-government groups over the last five years has pulled private security experts into the hacker hunt, they say they’re gradually catching up with U.S. counterintelligence agencies, which have been tackling the problem for a decade.
Espionage Tools
One Comment group trademark involves hijacking unassuming public websites to send commands to victim computers, turning mom-and-pop sites into tools of foreign espionage, but also allowing the group to be monitored if those websites can be found, according to security experts. Sites it has commandeered include one for a teacher at a south Texas high school with the website motto “Computers Rock!” and another for a drag racing track outside Boise, Idaho.
Adding a potentially important piece to the puzzle, researcher Joe Stewart, who works for Dell SecureWorks, an Atlanta-based security firm and division of Dell Inc. (DELL), the computer technology company, last year uncovered a flaw in software used by Comment group hackers. Designed to disguise the pilfered data’s ultimate destination, the mistake instead revealed that in hundreds of instances, data was sent to Internet Protocol (IP) addresses in Shanghai.
Military Link?
The location matched intelligence contained in the 2008 State Department cable published by WikiLeaks that placed the group in Shanghai and linked it to China’s military. Commercial researchers have yet to make that connection. The basis for that cable’s conclusion, which includes the U.S.’s own spying, remains classified, according to two former intelligence specialists.
Lanstein said that although the make-up of the Comment group has changed over time -- the logs show some inexperienced hackers in the group making repeated mistakes, for example --the characteristics of a single group are unmistakable. The code and tools used by Comment aren’t public, and anyone using it would have to be given entre into the hackers’ ranks, he said.
By October 2008, when the diplomatic cable published by WikiLeaks outlined the group’s activities, the Comment group had raided the networks of defense contractors and the Department of State, as well as made a specialty of hacking U.S. Army systems. The classified code names for China’s hacking teams were changed last year after that leak.
Cybersecurity experts have connected the group to a series of headline-grabbing hacks, ranging from the 2008 presidential campaigns of Barack Obama and John McCain to the 72 victims documented last year by the Santa Clara, California-based security firm McAfee Inc., in what it called Operation Shady Rat.
Nuclear Break-In
Others, not publicly attributed to the group before, include a campaign against North American natural gas producers that began in December 2011 and was detailed in an April alert by the Department of Homeland Security, two experts who analyzed the attack said. In another case, the hackers first stole a contact list for subscribers to a nuclear management newsletter, and then sent them forged e-mails laden with spyware.
In that instance, the group succeeded in breaking into the computer network of at least one facility, Diablo Canyon nuclear plant, next to the Hosgri fault north of Santa Barbara, according to a person familiar with the case who asked not to be named.
Last August, the plant’s incident management team saw an anonymous Internet post that had been making the rounds among cybersecurity professionals. It purported to identify web domains being used by a Chinese hacking group, including one that suggested a possible connection to Diablo plant operator Pacific Gas & Electric Co., according to an internal report obtained by Bloomberg News.
Partial Control
It’s unclear how the information got to the Internet, but when the plant investigated, it found that the computer of a senior nuclear planner was at least partly under the control of the hackers, according to the report. The internal probe warned that the hackers were attempting “to identify the operations, organizations, and security of U.S. nuclear power generation facilities.”
The investigators concluded that they had caught the breach early and there was “no solid indication” data was stolen, according to the report, though they also found evidence of several previous infections.
Blair Jones, a spokesman for PG&E, declined to comment, citing plant security.
Around the time the hackers were sending malware-laden e- mails to U.S. nuclear facilities, six people at the Wiley Rein law firm were ushered into hastily called meetings. In the room were an ethics compliance officer and a person from the firm’s information technology team, according to a person familiar with the investigation. The firm had been hacked, each of the six were told, and they were the targets.
Lawyers’ Files
Among them were Alan Price and Timothy Brightbill. Firm partners and among the best known international trade lawyers in the country, they’ve handled a series of major anti-dumping and unfair trade cases against China. One of those, against China’s solar cell manufacturers, in May resulted in tariffs on more than $3 billion in Chinese exports, making it one of the largest anti-dumping cases in U.S. history.
Dale Hausman, Wiley Rein’s general counsel, said he couldn’t comment on how the breach affected the firm or its clients. Wiley Rein has since strengthened its network security, Hausman said.
“Given the nature of that practice, it’s almost a cost of doing business. It’s not a surprise,” he said.
E-Mails to Spouses
Tipped off by the researchers, the firm called the Federal Bureau of Investigation, which dispatched a team of cyber investigators, the person familiar with the investigation said. Comment hackers had encrypted the data it stole, a trick designed to make it harder to determine what was taken. The FBI managed to decode it.
The data included thousands of pages of e-mails and documents, from lawyers’ personal chatter with their spouses to confidential communications with clients. Printed out in a stack, the cache was taller than a set of encyclopedias, the person said.
Researchers watching the hackers’ keystrokes last summer say they couldn’t see most of what was stolen, but it was clear that the spies had complete control over the firm’s e-mail system. The logs also hold a clue to how the FBI might have decrypted what was stolen. They show the simple password the hackers used to encrypt the files: 123!@#. Paul Bresson, a spokesman for the FBI in Washington, declined to comment.
Following the Crisis
In case after case, the hackers’ trail crisscrossed with geopolitical events and global headlines. Last summer, as the news focused on Europe’s financial crisis, with its import for China’s rising economic power, the hackers followed.
The timing coincided with an intense period for EU Council President Van Rompuy, set off by the failure July 11 of the EU finance ministers to agree on a second bailout package for Greece. Over the next 10 days, the slight and balding former Belgian prime minister presided over the negotiations, drawing European leaders, including German Chancellor Angela Merkel, to a consensus.
Although the monitoring of Van Rompuy and his staff occurred during those talks, researchers say that the logs suggest a broad attack that wasn’t timed to a specific event. It was the cyber equivalent of a wiretap, they say -- an operation aimed at gathering vast amounts of intelligence over weeks, perhaps months.
’Big Implications’
Richard Falkenrath, former deputy homeland security adviser to President George W. Bush, said China has succeeded in integrating decision-making about foreign economic and investment policy with intelligence collection.
“That has big implications for the rest of the world when it deals with the country on those terms,” he said.
Beginning July 8, 2011, the hackers’ access already established, they dipped into the council’s networks repeatedly over 10 days. The logs suggest an established routine, with the spies always checking in around 9 a.m. local time. They controlled the council’s exchange server, which gave them complete run of the e-mail system, the logs show. From there, the hackers simply opened the accounts of Van Rompuy and the others.
Week of E-Mails
Moving from one victim to the next, the spies grabbed e- mails and attached documents, encrypted them in compression files and catalogued the reams of material by date. They grabbed a week’s worth of e-mails each time, appearing to follow a set protocol. Their other targets included then economic adviser and deputy head of cabinet, Odile Renaud-Basso, and the EU’s counter-terrorism coordinator. It’s unclear how long the hackers had been in the council’s network before the researchers’ monitoring began -- or how long it lasted after the end of July last year.
There’s no indication the hackers penetrated the council’s offline system for secret documents. “Classified information and other sensitive internal information is handled on separate, dedicated networks,” the council press office said in a statement when asked about the hacks. The networks connected to the Internet, which handle e-mail, “are not designed for handling classified information.”
What the EU did about the breach is unclear. Dirk De Backer, a spokesman for Van Rompuy, declined to comment on the incident, as did an official from the EU Council’s press office. A member of the EU’s security team joined the group of researchers in late July, and was provided information that would help identify the hackers’ trail, one of the researchers said.
“No Knowledge”
Zoltan Martinusz, then principal adviser on external affairs and one of two victims reached by Bloomberg who would address the issue, said, “I have no knowledge of this.” The other official, who wasn’t authorized to discuss internal security and asked not to be identified, said he was informed last year that his e-mails had been accessed.
The logs show how the hackers consistently applied the same, simple line of attack, the researchers said. Starting with a malware-laden e-mail, they moved rapidly through networks, grabbing encrypted passwords, cracking the coding offline, and then returning to mimic the organization’s own network administrators. The hackers were able to dip in and out of networks sometimes over months.
The approach circumvented the millions of dollars the organizations collectively spent on protection.
Security Switched Off
As the spies rifled the network of Business Executives for National Security Inc., a Washington-based nonprofit whose advisory council includes former Secretary of State Henry Kissinger and former Treasury Secretary Robert Rubin, the logs show them switching off the system’s Symantec anti-virus software. Henry Hinton Jr., the group’s chief operations officer, said in June he was unaware of the hack, confirming the user names of staff computers that the logs show were accessed, his among them.
The records show the hackers’ mistakes, but also clever tricks. Using network administrator status, they consolidated onto a single machine the computer contents of the president and seven other staff members of the International Republican Institute, a nonprofit group promoting democracy.
220 Documents
With all that data in one place, the hackers on June 29, 2011, selected 220 documents, including PDFs, spreadsheets, photos and the organization’s entire work plan for China. When they were done, the Comment group zipped up the documents into several encrypted files, making the data less noticeable as it left the network, the logs show.
Lisa Gates, a spokeswoman for the IRI, confirmed that her organization was hacked but declined to comment on the impact on its programs in China because of concern for the safety of staff and people who work with the group. A funding document describes activities including supporting independent candidates in China, who frequently face harassment by China’s authorities.
As a portrait of the hackers at work, the logs also show how nimbly they could respond to events, even when sensitive government networks were involved. The hackers accessed the network of the Immigration and Refugee Board of Canada July 18 last year, targeting the computer of Leeann King, an immigration adjudicator in Vancouver.
King had made headlines less than a week earlier when she temporarily freed Chinese national Lai Changxing in the final days of a long extradition fight. Chinese authorities had been chasing Lai since he fled to Canada in 1999, alleging that he ran a smuggling ring that netted billions of dollars.
Cracking Court Accounts
Monitoring by Cyber Squared Inc., an Arlington, Virginia- based company that tracks Comment independently and that captured some of the same activity as the researchers, recorded the hackers as they worked rapidly to break into King’s account. Beginning only with access to computers in Toronto, the hackers grabbed and decrypted user passwords, gaining access to IRB’s network in Vancouver and ultimately, the logs show, to King’s computer. From start to finish, the work took just under five hours.
Melissa Anderson, a spokeswoman for the board, said officials had no comment on the incident other than to say that any such event would be fully investigated. Lai was eventually sent back to China on July 23, 2011 after losing a final appeal. He was arrested, tried, and in May of this year, a Chinese court sentenced him to life in prison.
Controlling the Networks
In case after case, the hackers had the run of the networks they were rifling. It’s unclear how many of the organizations researchers contacted, but in only one of those cases was the victim already aware of the intrusion, according to one member of the group. Halliburton officials said they were aware of the intrusion and were working with the FBI, one of the researchers said.
Marisol Espinosa, a spokeswoman for the publicly traded company, declined to comment on the incident.
The trail last summer led to some unlikely spots, including Pietro’s, an Italian restaurant a couple of blocks from Grand Central station in New York. In business since 1932, guests to the dim, old-fashioned dining room can choose linguine with clam sauce (red or white) for $28. The Comment group stopped using the restaurant’s site to communicate with hacked networks sometime last year, said FireEye’s Lanstein, who discovered that the hackers had left footprints there. Traces are still there.
’Ugly Gorilla’
Hidden in the webpage code of the restaurant’s site is a single command: ugs12, he said. It’s an order to a captive computer on some victim’s network to sleep for 12 minutes, then check back in, he explained. The ”ug” stands for “ugly gorilla,” what security experts believe is a moniker for a particularly brash member of Comment, a signal for anyone looking that the hackers were there, said Lanstein.
“We’re so good even hackers want us!” joked Bill Bruckman, the restaurant’s co-owner, when he was told his website had been part of the global infrastructure of a Chinese hacking team. “Hey, put my name out there -- any business is good business,” he said.
Bruckman said he knew nothing about the breach. A few friends reported trouble accessing the site about six months ago, though he said he’d never figured out what the problem was.
Outside a moment later, smoking a cigarette, Bruckman added
a more serious note.
“Think of all that effort and information going down the drain. What a waste, you know what I mean?”
To contact the reporters on this story: Michael Riley in Washington at michaelriley@bloomberg.net; Dune Lawrence in New York at dlawrence6@bloomberg.net
To contact the editor responsible for this story: Melissa Pozsgay at mpozsgay@bloomberg.net; Michael Hytha at mhytha@bloomberg.net
I've also been to SHAPE more than a decade ago, and worked at NATO Hdqrtrs as well as the Pentagon. I do believe that these latest developments are extremely positive, the NATO news more so than even the Lenovo news, positive for the ultimate direction TCG and TPMs are going, and even WAVE. This bodes well for Wave's ultimate success, in some incarnation, just not convinced that present day shareholders will be on that winning side.
The NATO news is particularly good because of what Blue Fin has already highlighted, and speaks about the extremely arduous validation process that a gov contractor has to go through to be come accredited, and especially on this scale. But, what this and all the other announcements simply say is that Wave has earned the right to bid for sales, not that they've actually gotten the sales. Now that's a pretty big disconnect still.
And contrary to Barge's assertion that the "street is stupid", well let me tell you something. Those "idiots' on the "Street" are currently earning leveraging their investments to actually get a return on their capital, while we genious oids have seen a 90%+ collapse in our value...now, maybe we should reconsider how we phrase that, no?
Well this would be the penultimate development and vindication we've all been waiting for...if this were the case, anybody have any ideas on approximately when something like this could be announced publicly, whoever that third party might be, Wave or not?? Anyone? Barge?
Thank you Lugan for the grammatical catch and for you reply as well as for others', and I welcome the positive and adamant rebuttal of such a hypothesis. It's just very difficult for me to rationalize this 'sponsorship' when everything else has come at such a huge cost, to me and all the shareholders, burning through cash that hasn't been realized yet, I have to consider everything.
I guess the other way of looking at it is that if they did spend whatever amount of sponsor money, large or small, they must be confident that something very real will be materializing shortly to bring in cash. If nothing changes, either their rate of expenditure or their revenue stream, even money they bring in via the ATM won't last them long enough to survive.
The de-listing notice is coming up quickly, and 2nd Qtr earnings don't seem too promising by the sound of things; neither portend well for share price obviously, but after all, this has been and continues to be a speculative investment...
What this amounts to is a wholly flagrant and egregious violation of any kind of fiduciary responsibility and an utter disdain or concern for the shareholder. I would even go so far as to now say that it is not at all beyond the realm of possibilities that the Spragues’ are now planning for the bankruptcy of WAVX. And this would actually be much more profitable for them. And here’s the basis for these premises and easy logic from which to draw this conclusion:
First off, and just in case anyone’s missed this, but here is KleenTechnologies Team website: http://www.kleenspeed.com/team/
Peter Sprague — Director
Peter was instrumental in the turnaround of Aston Martin, leading it out of bankruptcy. He was the Chairman of National Semiconductor for 30 years, and is also the Founder of Wave Systems. Peter is a corporate liaison involved with KleenSpeed’s automotive strategy.
-- So Peter S. clearly has experience and understands the benefits of bankruptcy, and operating under bankruptcy protection law. This eliminates obligations to bondholders and shareholders, and since WAVX doesn’t have any debt, this becomes even more convenient since bondholders actually do walk away with something from the company, depending on the tier of debt they hold. Shareholders on the other hand, well, they pretty much are screwed entirely.
But then, additionally, a company gets to restructure and make itself competitive and efficient, and can exit from bankruptcy with practically all of the company’s remaining assets in the hands of the Spragues and gang. They would have options of doing this as a private venture, or can go public again and issue new shares. (Now everybody knows this from recent examples, et al GM, Chrysler, the big Banks, etc.) If the new Wave can show real income, which Samsung could very likely provide substantively to at that point, in addition to extremely streamlined operations focused solely on their core competencies, they should even probably be able to issue debt. (Debt is not necessarily a bad thing, a matter of fact, it is typical and normal for a company to include it as a part of its financing structures...problems arise when companies over-leverage their debt, and on overly optimistic projections)
If Wave could and actually did issued debt, and it they might have been able to if they hit B/E and showed continuous growth, mounting revenue streams, and assured cash flow in the future, then Wave would’ve actually had to have been far more accountable on how it spends its money. They would have been accountable because the yields on their debt would’ve dictated what they have to pay to borrow, which would’ve also been a good indicator of their performance..(aka, investable grade vs. junk ratings) and, bond holders would actually stand to collect on some percentage of company assets. Where as shareholders get squat!
When you have this additional scrutiny and actual obligations, you have the company’s executive board; CEO, CFO, CIO, CTO… all coming together to squeeze out the very best ROI (return on investment) and especially ROIC (return on investment capital) that keeps borrowing costs low, the company a going concern, and shareholder/market happy and supportive of stock price.
Now here we have WAVX sponsoring KleenTechnologies, of which Peter Sprague is the Director, and sponsoring it(him) via SCRAMBLS (which doesn’t even have a revenue generating capability/model) rather than through WAVE products which actually do have some marketable and real world solutions that hold some sort of tangible market value. So when a company is continuing to operate at a loss of $1-$2 million per month, but which then is reflected in its ongoing detrioration of share price, which it in turn relies on to fund its continuing loss making operations (via ATM), then no company executive in his right mind would spend even a dollar if it doesn’t help to bolster the companies immediate cash or operating position e.g., ROIC.
WAVX stated in its last 10-K, “Wave estimates that its total cash expenditures to fund operations for the year ending December 31, 2012 will be approximately $51,200,000, including research and development, acquisition of capital assets, sales and marketing, general corporate expenses and overhead.” Now if they have, lets just say an overly generous assumption of $20 million in ATM financing left in the most optimistic scenario imaginable, that barely gets them to a year from now when Samsung should begin to generate some revenue.
Now what I do know is that Samsung will only begin to sell its products by mid-year 2013 that will have some sort of wave products bundled or be able to generate some sort of revenue stream for wave. I have no idea what kind of ramp up period to expect then, but otherwise can almost safely bet that no additional substantial sums will come from that until at least for another year. Am I to rely on SKS’s repeated falsifications of coming contracts and revenue projections, and to pray that I don’t lose what’s left of my money in this so-called investment?
Under this scenario, WAVX continues as it has, and drives the company share price, and its ability to finance future operations by the end of the year or shortly after to zero and at that point declares bankruptcy. Under bankruptcy Wave continues its core operations and execution as agreed with its clients like Dell and Samsung. It cuts millions of dollars annually in wasteful and unnecessary spending, and then re-emerges as a mean and lean TC company. It possesses the patents, rights, and at that point far accelerated income streams, all at the hands of the Sprague Crew with practically no obligations, within approximately 6-9 months. This would place the conclusion of this scenario right around the end of 2013-early 2014, when income generation for Wave could actually amount to something big. Somebody, anybody, tell me it ain’t so!!!
Unless some of these large contracts hit and provide operating dollars by the end of this year, and consequently an elevated share price, bankruptcy declaration is certainly eminent.
Last Qtr CC transcript is post 225834, created by Barge
This is the kind of press Windows 8 is getting?? Really??? WTF!!
WSJ: CIOs Should Wait to Migrate to Windows 8
by Clint Boulton
Windows 8, scheduled for release this fall, will be a radical reimagining of Microsoft’s traditional operating system — so radical, in fact, that CIOs are being advised to wait as long as a year before they deploy it across their networks. Analysts at Gartner and IDC told CIO Journal Tuesday that early corporate adopters will face two major hurdles, including a lack of security software and other support applications, which won’t be available right away. CIOs also will need time to adjust to the tablet-oriented interface before they introduce it to their companies.
Microsoft, under pressure as Google’s Android and Chrome operating systems and Apple iOS gain acceptance in the corporate world, appears to be moving ahead with Windows 8. A consumer preview was launched three months ago, and a more polished, final, pre-release version was launched on Friday.
Windows 8 will replace the familiar Start menu with touch-style tiles, a key part of the “Metro” user interface, designed to appeal to tablet users. But unlike static app icons, the tiles will feature live data feeds and update automatically. The popularity of Apple’s iPad and Google Android devices paved the way for this mobile-centric Windows 8, which could appear in desktops, laptops and tablet computers as soon as September or October.
Gartner analyst Michael Silver said virtual private network applications, anti-malware software, and management software won’t work with Windows 8 at launch. This means CIOs who do plan to migrate to Windows 8 this year could find themselves struggling to protect and manage their employees’ computers. “Enterprises need to consider that it often takes a good year until they can start to putting in a new operating system once Microsoft ships it,” he said. He doesn’t expect Windows 8 to become entrenched in the enterprise for a few years.
Microsoft did not respond to a request for comment at the time of publication.
IDC analyst Al Gillen agreed that it might not be wise for organizations, many of which are still in the midst of a Windows 7 roll-out, to switch gears and further diversify their Windows environment. “This is classic adoption behavior for a new Windows operating system; precious few organizations rush into a new Windows release, no matter how good it may be,” he said. He also said that until business applications start taking advantage of Metro, there is less incentive for enterprises to shift quickly.
Microsoft will offer Windows 8 in both Intel x86 and ARM processor architectures. X86 is the traditional architecture for Windows computers. ARM, which consumes less power, is the preferred chip platform for the iPad and other mobile devices. However, the ARM version of Windows 8 won’t be backward compatible with Windows 7, which means applications and hardware designed for x86 machines won’t work on Windows 8 ARM machines. CIOs need to keep those limitations in mind as they consider when to adopt to Windows 8, and which version to use.
IT leaders are fans of Windows 8 because the platform will provide new tablet options. Bob Pick, senior executive director for technology infrastructure at Conde Nast, said Windows 8 creates the “most substantial bridge between tablet and desktop [operating systems] yet.” Terex CIO Greg Fell, who oversees IT for 23,000 employees and tests Microsoft software before it launches, said he was waiting on a Windows 8 tablet to see how he likes it.
Silver and Gillen said that Windows 8 will have at least one potential advantage for CIOs who have held off on providing tablets to their work forces, because the devices are too difficult to manage. Window 8 tablets can be managed by their existing Windows infrastructure, which enables upgrades. It’s a challenge to manage such tasks with the iPad and Android tablets, which employees bring into workplaces and account for more than 90% of the enterprise tablets in use today. Windows 8 devices could be easier for CIOs to manage.
Weby, I've also watched the World Trade Freedom Tower going up, and rise to now be the tallest building in New York while still not fully complete. But the fact is, much of the space in the tower has already been leased out to companies. And so in essence, the tower has already booked revenue, from companies like Conde Naste, Bank of America, and entities like the Port Authority. Sorry, but you couldn't have picked a worse analogy.
Alea, great post,thanks for helping to expain Wave's egregious failures to it's main source of funding, us shareholders, to those don't see it as clearly.
I've been tossing the Wave idea and concept around among some finance buddies, and have explained the position that Wave has menuevered itself into, and what it can provide to the market once TPMs begin to be turned on en masse that nobody else can. It begins to sounds like Wave has the market cornered, but yet we can't seem to understand the disconnect with share price. The market has some very smart participants, and Adam Smith's invisible hand by this point should've firmly been supporting value, and yet it hasn't. Something just ain't right. We even had to consider the radical conspiratorial concept that the Spragues are driving down the value to take the company private because THEY know something, but concluded that's not likely. But the notion that we even have to consider this is just another testament to Wave's gross failures.
With just about everything in place, and Cisco finally joining the TCG, it would seem the moment of truth is almost here...and so is the general consensus that if something should happen with Wave, one way or the other, it would be by the end of this calendar year?
Titlewave, I completely understand and feel you on your post, but I also think we've just begun making some progress here following the explanation Wavedreamer provided.
I've been following this message board (and I guess even space you might be able to say at this point)long enough that I actually understand and know most of, if not all, the things that wavedreamer wrote TPMs are capable of doing, at least in general terms. I haven't had the time to become a tech expert to understand the mechanics of how the TPM works and interoperates within the network and devices and such (nor should I have to be I don't think), but I certainly understand the principles. As an investor, I should be able to rely on a company's quarterly earnings statements, the associated guidance provided by the CEO, and financial analysts who follow and analyze this space and can offer additional reports (of which there are non on wave, at least not by any independent and highly credible establishments).
And Titlewave, you're absolutley correct in saying that by reading all the posts over the last weeks and months, and even years, it is like Wave was certainly a direct partner of all these other companies and partners and developments such as Trusted Logic and was most certainly going to be mentioned in all the accompanying releases as a partner. And once again it was shown to be to the contrary.
However, after reading Wavedreamer's last post, in which he laid out all those things that Wave can enable the TPM to do and the other OEMs and companies cannot, like MS's bitlocker, it was a step in the right direction in helping to explain how Wave differentiates itself and the value it CAN bring. I think this may be a step in a productive direction, shame though I have to ween this information out of investors/posters who much more thouroughly understand this field, rather than from the company and its leadership itself...
Thank you Barge and Wavedreamer for your replies. I do want to dig deeper here though to be able to understand how Wave is going to be able to monetize its position and leverage, and then also not be circumvented.
I do realize that many of these topics have likely already been discussed and explained in the past, but I think perhaps in disparate posts and in tech speak, which doesn’t provide the bulk of investors that are non-tech specialists with a level of understanding and comfort that they are able to judge true progress, nor have the ability to assess the odds of success given the information know or provided.
Wavedreamer, you write, “What Wave has shown with Trusted Logic is the ability to leverage the MTM/TPM functionality as they do with a TPM discrete chip found in a PC.” Can you please explain, and in more plain language, perhaps using examples or analogies, how this ‘leverage’ works, how it can be monetized, and what the odds of circumvention by different OEMs are and in what ways?
Barge, similarly, this extends to your quote in your last post where it says, “Trusted platform modules provide the industry standard solution for it and Wave benefits from that growth of the market.” Sure Wave can be used as their ‘driver’ software to manage the TPM, but if MS bitlocker can already handle some of the core features, and google Chrome there’s, and so forth, I’m still trying to see the proof that WAVX is in some way an essential component for TPM activation and their explosive growth is all but assured in the near future. Does wave’s value lie in its central drive management capability, or a combination, and then how does the ability to leverage the MTM/TPM functionality factor into revenue growth? I’m almost looking for some sort of Pythagoras Proof Theorem here rather than general speak or dot-connecting..
Facebook’s P/E ratio is something like 150-to-1, and that’s insane for their valuation given they don’t really have a plan publicly of monetizing their relationship with the 100’s of millions of its users yet…it may look promising, but if that relationship can’t be harnessed,to generate profit, then the Facebook IPO will be a collosal failure…
Barge, ok, let’s just say that MS is in fact about to unleash the floodgates of activated TPMs as you say; is the only evidence that the uptake for Wave software circumstantial, and predicated on the now old adage that it is the only software that will allow the interoperability between different devices and platforms?
In one of your recent posts its states, “The Trusted Execution Environment (TEE) is joint venture between ARM (40%), Gemalto (30%) and Giesecke & Devrient (30%) which is currently in the process of getting approval from the European Commission for European Wide mass adoption as the default secure mobile authentication system.”
This post was presented as what appeared to be supporting evidence that WAVX was a certain component in this development, and would equally benefit/profit should the European Commission approve this as standard? But then didn’t SKS dispel this theory by acknowledging that Wave was not involved here, again showing this as pure speculation and conjecture, not even an equal to circumstantial evidence?
The fact that many board members here are trying to understand what relationships may exist and attempting to extrapolate evidence of involvement and growth based on public information, logic, and everything else other than the guidance that should be issued by a CEO and other executives is stark evidence that the CEO in fact is NOT doing one of his key jobs. One of these is issuing guidance to one of the key pillars of a public company, and that’s to the shareholders so they can definitively calculate their income while being able to also assess and gauge their risk of exposure.
The majority of investors in this company fall into 2 major categories roughly speaking: investors and tech folk, and then there’s also the combination. Investors need guidance issued to have reason to keep their money in a company, thus supporting it, but which shows growth projections. Otherwise they logically pull their money and put it into something that earns them income or growth, or both. This type of guidance comes from CEOs and company statements, that include numbers and forecasts based on facts and statistics typically. CEOs are held accountable if their forecasts if they’re off or incorrect, and share price moves accordingly.
This company has stayed afloat miraculously despite a lack of correct guidance, to include on earnings, growth and definitive involvement with ventures where growth can be shown or projected. Moreover, SKS and other of the company heads’ statements have been misleading, wrong, and ambiguous for as long as I can remember. The share price has moved accordingly, and moreover has been supported by exuberance, reminiscent of the tech bubble days, without showing profitability quarter after quarter, year after year.
Now, similar to a jury in a court of law, which usually consists of layman folks that need the prosecutors or defense attorneys, to prove to them beyond a reasonable doubt, a case built on concrete evidence or proof and based on something more than circumstantial evidence, what do we have to go on? What definitive evidence can prove to me and all the other investors that in the case that MS does unleash the floodgates of TPM activation, that Wave IS involved, and will with 100% certainty be in a position to monetize?
Here Here!! My anger and disgust has boiled over at this point as well, have been selling off bit by bit over the last few years, but unfortunately it has been because of difficult times and resulting necessesaties. Was hoping however of recouping even some of the massive losses I've encurred long ago, and continued to average down as the value continued on it's mostly downward trajectory. I, along with others, on this board who have at least a little business sense, have seen a long time ago now that SKS and his team are incompetent in roles of anything but maybe tech strategists and engineers, certainly not CEOs, CFOs, and CIOs. I was extremely bitter and understood the extent of incompetence when I was at the annual shareholders meeting when that clown Sweeney blurted out that Wave was going to finish the quarter at break even, leading me to even more losses...
I contemplated even reporting this to the SEC but knew I would only be hurting myself since I was still heavily invested, and continued hoping as the Trusted Computing Group seemed to be gaining traction and kept believing Wave was somehow surely involved and ready to monetize. I continued hoping, as I lsitened to all the continued "knowledgeable" speculation from those who understand the technical specs far better than I ever will, but nevertheless, it has always been dot connecting, and pure speculation...none of which has been based on CEO guidance, and nothing that has come to fruition;...people en masse are facing financial ruin these days, days when individuals have to show and prove thier value in order to earn a paycheck, and these company jacks continually increase their oversized pay from my money? The money I've given them, but which they hold hostage because of the staggering losses and which they continue to dissolve...pathetic, only wish I would have had the balls to sell even a few months ago when the stock was at least 3X its current value...people need to wake up and smell the coffee, quit your speculating and daydreaming...go ahead prove me wrong, show me some tangible evidence, factual, that shows that Wave IS in fact positioned to monetize...but no, all I have seen year after year is pure speculation, and no clear guidance from SKS to really determine conclusively that there is any realy traction for wavx as trusted computing adoption ensues..Any hope of this happening would require a change of BOD and even the CEO...if he's such a genious, it could only be in the role of Chief Strategic Officer or technical consultant or something similar..it's time for major change, and perhaps even an opportunity to salvage this mess.
There, that's my rant!! I've pretty much thrown in the towel at this point...hope does die last
(A must-read & fwd'd to SKS)China-Based Hacking of 760 Firms Reflects Global Cyber War
By Michael Riley and John Walcott - Dec 13, 2011 Google Inc. (GOOG) and Intel Corp. (INTC) were logical targets for China-based hackers, given the solid-gold intellectual property data stored in their computers. An attack by cyber spies on iBahn, a provider of Internet services to hotels, takes some explaining.
iBahn provides broadband business and entertainment access to guests of Marriott International Inc. and other hotel chains, including multinational companies that hold meetings on site. Breaking into iBahn’s networks, according to a senior U.S. intelligence official familiar with the matter, may have let hackers see millions of confidential e-mails, even encrypted ones, as executives from Dubai to New York reported back on everything from new product development to merger negotiations.
More worrisome, hackers might have used iBahn’s system as a launching pad into corporate networks that are connected to it, using traveling employees to create a backdoor to company secrets, said Nick Percoco, head of Trustwave Corp.’s SpiderLabs, a security firm.
The hackers’ interest in companies as small as Salt Lake City-based iBahn illustrates the breadth of China’s spying against firms in the U.S. and elsewhere. The networks of at least 760 companies, research universities, Internet service providers and government agencies were hit over the last decade by the same elite group of China-based cyber spies. The companies, including firms such as Research in Motion Ltd. (RIM) and Boston Scientific Corp., range from some of the largest corporations to niche innovators in sectors like aerospace, semiconductors, pharmaceuticals and biotechnology, according to intelligence data obtained by Bloomberg News.
‘Stealing Everything’
“They are stealing everything that isn’t bolted down, and it’s getting exponentially worse,” said Representative Mike Rogers, a Michigan Republican who is chairman of the Permanent Select Committee on Intelligence.
China has made industrial espionage an integral part of its economic policy, stealing company secrets to help it leapfrog over U.S. and other foreign competitors to further its goal of becoming the world’s largest economy, U.S. intelligence officials have concluded in a report released last month.
“What has been happening over the course of the last five years is that China -- let’s call it for what it is -- has been hacking its way into every corporation it can find listed in Dun & Bradstreet,” said Richard Clarke, former special adviser on cybersecurity to U.S. President George W. Bush, at an October conference on network security. “Every corporation in the U.S., every corporation in Asia, every corporation in Germany. And using a vacuum cleaner to suck data out in terabytes and petabytes. I don’t think you can overstate the damage to this country that has already been done.”
Foreign Governments
In contrast, U.S. cyberspies go after foreign governments and foreign military and terrorist groups, Clarke said.
“We are going after things to defend ourselves against future attacks,” he said.
Such accusations intensified when a Nov. 3 report by 14 U.S. intelligence agencies fingered China as the No. 1 hacker threat to U.S. firms. While the Obama administration took the unprecedented step of outing China by name, the White House, U.S. intelligence agencies and members of Congress are struggling to assess how much damage is being done during such attacks and what to do to stop them beyond public rebuke.
For now, the administration is concentrating on raising awareness among company executives and seeking a commitment to improve security against such attacks. Rogers has a bill pending in the House that would permit the government to share secret information that would help companies spot hacker intrusions, such as signatures of malicious Chinese software.
Consistently Denied Responsibility
China has consistently denied it has any responsibility for hacking that originated from servers on its soil. Geng Shuang, a spokesman for the Chinese embassy in Washington, didn’t respond to several e-mails and phone calls requesting comment. Wang Baodong, another Chinese government spokesman in Washington, also didn’t respond to requests for comment.
Based on what is known of attacks from China, Russia and other countries, a declassified estimate of the value of the blueprints, chemical formulas and other material stolen from U.S. corporate computers in the last year reached almost $500 billion, said Rogers, a former agent for the Federal Bureau of Investigation.
Stolen Information
U.S. officials are grappling with how stolen information is being used, said Scott Borg, an economist and director of the U.S. Cyber Consequences Unit, a non-profit research institute. Calculating the damage depends on hard-to-know variables, such as how effectively and quickly thieves can integrate stolen data into competing products, the senior intelligence official said.
While a precise dollar figure for damage is elusive, the overall magnitude of the attacks is not, Borg said.
“We’re talking about stealing entire industries,” he said. “This may be the biggest transfer of wealth in a short period of time that the world has ever seen.”
The public evidence against China now being rolled out by the Obama administration, Rogers and others in Congress has been collected by the intelligence community over several years. Many of the details remain classified.
The hackers who attacked iBahn are among the most skilled of at least 17 China-based spying operations the U.S. intelligence community has identified, according to a private security official briefed on the matter who asked not to be identified because of the subject’s sensitivity.
Massive Espionage Ring
The hackers are part of a massive espionage ring codenamed Byzantine Foothold by U.S. investigators, according to a person familiar with efforts to track the group. They specialize in infiltrating networks using phishing e-mails laden with spyware, often passing on the task of exfiltrating data to others.
Segmented tasking among various groups and sophisticated support infrastructure are among the tactics intelligence officials have revealed to Congress to show the hacking is centrally coordinated, the person said. U.S. investigators estimate Byzantine Foothold is made up of anywhere from several dozen hackers to more than one hundred, said the person, who declined to be identified because the matter is secret.
“The guys who get in first tend to be the best. If you can’t get in, the rest of the guys can’t do any work,” said Richard Bejtlich, chief security officer for Mandiant Corp., an Alexandria, Virginia-based security firm that specializes in cyber espionage. “We’ve seen some real skill problems with the people who are getting the data out. I guess they figure if they haven’t been caught by that point, they’ll have as many chances as they need to remove the data.”
Secretive Companies
U.S. and other companies have been secretive about the details of their computer security. When Google announced in 2010 that China-based hackers had raided its networks, it was a rare example of a U.S. company publicly revealing a cyberburglary aimed at its intellectual property -- in this case, its source code.
Mountain View, California-based Google, the world’s largest search-engine firm, said at the time that at least 34 other major companies were victims of the same attack. However, only two -- Intel and Adobe Systems Inc. (ADBE) -- stepped forward, and they provided few specifics.
Google vastly underestimated the scope of the spying. Intelligence documents obtained by Bloomberg News show that China-based hackers have hunted technology and information across dozens of economic sectors and in some of the most obscure corners of the economy, beginning in 2001 and accelerating over the last three years. Many of the victims have been hacked more than once.
Byzantine Foothold
One victim of Byzantine Foothold, Associated Computer Systems, a division of Xerox Corp. (XRX), provides back-office services such as accounting and human resources for thousands of multinational firms and government agencies in more than 100 countries. According to its website, ACS’s expertise includes digitizing and storing documents, a potential treasure-trove of information on the firm’s corporate clients, including carmakers and computer companies.
Other targets of the group include large companies such as Hewlett-Packard Co. (HPQ), Volkswagen AG (VOW) and Yahoo! Inc. (YHOO) Smaller firms in strategic sectors were also hit, such as iBahn and Innovative Solutions & Support Inc. (ISSC), which manufactures flight-information computers; as were Massachusetts Institute of Technology, the Italian Academic and Research Network and the California State University Network.
An informal working group of private-sector cybersecurity experts and government investigators identified the victims by tracing information sent from hacked company networks to spy group-operated command-and-control servers, according to a person familiar with the process. In some cases, the targets aren’t aware they were hacked.
People’s Liberation Army
Such tracing is sometimes possible because of sloppiness and mistakes made by the spies, said another senior intelligence official who asked not to be named because the matter is classified. In one instance, a ranking officer in China’s People’s Liberation Army, or PLA, employed the same server used in cyberspying operations to communicate with his mistress, the intelligence official said.
Many of the cyberattacks have been linked to specific China-related events, a pattern noted by secret diplomatic cables published by WikiLeaks, the anti-secrecy website. During the five-year period beginning in 2006, a second group of China- based hackers ransacked the networks of at least 71 companies, government entities, think-tanks and non-profit groups, said McAfee Inc. (MFE), which analyzed information from servers used in the attacks.
‘Operation Shady Rat’
Details of those intrusions were originally published in an August report by the cybersecurity firm dubbed “Operation Shady Rat.” The report didn’t name the country where the hackers were based or identify the private-sector victims. The report’s principal author, Dmitri Alperovitch, who now heads his own firm, Asymmetric Cyber Operations, confirmed the country was China.
In one of the earliest attacks on a company, cyberspies hacked into the computer networks of POSCO, the South Korean steel giant, in July 2006, Alperovitch said. The intrusion took place the same month that the steelmaker, the third largest in the world, initiated a takeover of a large steel mill in eastern China, according to the U.S.-based Epoch Times, founded by supporters of the dissident Falun Gong spiritual sect, which first noted a link between the two events.
Earthquakes and Satellites
Two years later, Chinese rescue workers were using satellite communications equipment made by the Danish technology firm Thrane & Thrane AS (THRAN) following a major earthquake in Sichuan province. China Daily, the quasi-official newspaper, had praised the Danish equipment’s performance. Alperovitch said the Danish firm was hacked by the Shady Rat crew three months later.
“With fans like those, who needs enemies?” he said.
John Alexandersen, a spokesman for the Lundtofte, Denmark- based Thrane & Thrane, said although he couldn’t “rule out” that hackers breached their networks, no confidential data was taken. POSCO (005490) said hackers didn’t access critical networks or intellectual property.
The approval of China’s most recent five-year economic plan provides another possible link between Chinese government policy and cyber-espionage. The plan, approved by the National People’s Congress in March, identifies seven priority industries that mirror the most prominent targets of China-based cyberspies, according to the two senior U.S. intelligence officials who have knowledge of the victims.
KMPG International, the auditing firm, said the five-year plan’s priorities include clean energy; biotechnology; advanced semiconductors; information technology; high-end manufacturing, such as aerospace and telecom equipment; and biotechnology, including drugs and medical devices.
Same Shopping List
In many cases, the iBahn hackers appear to be working off the same shopping list, according to intelligence documents.
In the biotechnology sector, their victims include Boston Scientific, (BSX) the medical device maker, as well as Abbott Laboratories (ABT) and Wyeth, the drug maker that is now part of Pfizer Inc. (PFE)
The hackers also rifled networks of the Parkland Computer Center in Rockville, Maryland, according to documents provided to Bloomberg News by a person involved in government tracking of the cyberspies, who declined to be identified because the matter isn’t public. Parkland is the computing center for the Food and Drug Administration, which has access to drug trial information, chemical formulas and other data for almost every important drug sold in the U.S.
Manufacturing Sector
In the manufacturing sector, San Jose, California-based Cypress Semiconductor Corp. (CY), which makes advanced chips for telecommunications equipment, was a victim, as were Aerospace Corp., which provides scientific research on national security- related space programs, and Environmental Systems Research Institute, a Redlands, California-based company that develops mapping software.
In China, those industries are developing rapidly. Chinese companies were involved in 10 of the 13 global technology initial public offerings in the third quarter of 2011, according to PricewaterhouseCoopers LLP, the global auditing firm. The Chinese firms specialized in information technology, semiconductors and clean energy, like solar power, the PwC report said.
Driving China’s spike in cyberspying is the reality that hacking is cheaper than product development, especially given China’s vast pool of hackers, said a fourth U.S. intelligence official. That pool includes members of its militia, who hack on commission, the official said. They target computing, high technology and pharmaceutical companies whose products take lots of time and money to develop, the official said.
Byzantine Hades
U.S. counterintelligence authorities have been tracking China’s cyberspies for years under the classified codename Byzantine Hades, which a March 27, 2009, secret State Department cable published by WikiLeaks calls “a group of associated computer network intrusions with an apparent nexus to China.”
Byzantine Foothold, Byzantine Candor and Byzantine Anchor represent subsets, or various groups, of the overall Chinese cyber espionage threat, the person familiar with the secret tracking effort said.
Many of the companies hacked by Byzantine Foothold are Internet service providers, which can be used as platforms to hack other victims and disguise spying activity. An Oct. 30, 2008, State Department cable described China-based hackers accessing several computer networks of a commercial Internet provider in the U.S. They used the company’s systems to extract “at least 50 megabytes of e-mail messages and attached documents, as well as a complete list of usernames and passwords from an unspecified” U.S. government agency, according to the cable.
PLA’s Third Department
The cable stated that the hackers were based in Shanghai and linked to the PLA’s Third Department, a unit of the Chinese military that, according to a 2009 report by the U.S.-China Economic and Security Review Commission, is responsible for cyber operations.
Fifteen of the companies and universities identified as hit by the iBahn hackers and contacted by Bloomberg News either declined to comment, said they had no knowledge of the attack, or didn’t respond to requests for comment. Erik Fallis, a spokesman for the California State University Network, said that following an investigation, “no evidence was found to suggest that this event compromised CSU assets.”
Obama administration officials seeking to forge a robust policy and diplomatic response are facing few good options, said Clarke, the former White House cyber security official.
UN Security Council
China, a member of the UN Security Council, has the power to veto multilateral initiatives aimed at the country that pass through that body.
Sanctions on Chinese goods in sectors that have been heavily targeted by cyberspies -- green energy, semiconductors and pharmaceuticals -- would be a problematic solution, probably sparking a trade war, said James Lewis, a cyber security expert at the Center for Strategic and International Studies in Washington.
U.S. government officials considering whether major corporate networks should be protected as a national security asset face opposition even from some victims protective of the Internet’s laissez-fair culture, said Richard Falkenrath, a senior fellow for counterterrorism and national security studies at the Council on Foreign Relations.
“The situation we are in now is the consequence of three decades of hands-off approach by government in the development of the Internet,” Falkenrath said.
Lack the Leverage
For now, administration officials have correctly assessed that they lack the leverage to compel China to change its alleged criminal behavior, he said.
“The Cold War is a pretty good analogy,” Falkenrath said. “There was never any serious effort to change the internal character of Soviet state.”
At a minimum, the November intelligence agency report does throw down a marker in that conflict, said Estonian Defense Minister Mart Laar. Estonia, which suffered a massive cyber attack in 2007 it said originated from Russia -- is pushing for a NATO cyber defense alliance.
“I remember how the Cold War was changed, and you could for the first time feel the Soviet defeat coming when Ronald Reagan called the Evil Empire evil,” Laar said.
To contact the reporters on this story: Michael Riley in Washington at michaelriley@bloomberg.net; John Walcott in Washington at jwalcott9@bloomberg.net.
To contact the editor responsible for this story: Michael Hytha at mhytha@bloomberg.net.
Look, gentlemen, I am not a techie by any means. In fact I rely on the many brilliant minds that contribure here, and on the other boards to give me an idea, in my own layman terms of what this technology has to offer. And because of these really technical geniuses like Awk, and many others, I'm able to believe in this technology and develop a vision, and continue to contribute my funds!
Like many others here, I wish for the greatest success, but I do come from the corporate and investment background, where I have been trained to see successful performance and execution of a business plan, translated into profit; that's just how a company is ideally run.
Wave has done an incredible job of building its position, and place with the possibility to prosper off the seeds that is has sown. But folks,please undersand me, I do clearly see an inadeqaucy in corporate governance! SKS is genius, in his development and vision of this space; but it is not that engineer genious that guides the company throught the many tribulations that large companies go through!!
what I am saying, and I am not one to push personal attacks on to people, but having been to 2 annual shareholder meetings, and having been exposed to corporate structures prior, I stand behind my assertion, that the face of WAVE can be vastly improved, if even in terms of presnetation. This comapny has positioned itself incredbly, through the knowlege of this space, but I don not believe it has the skill to meneuver through the financial world's pitfalls. It will continue to require these guy's brilliance, but I am not as sure about their experience in dealing with the gorillas. Please, lets consider the notion of bringing on a corporate guru!
Buckner, 100% agreed! But furthermore, am I reading this Sec Form 4 correctly? SKS sold $114K (35K shares @$3.26) in shares on April 26, 2011,and Mcconneghy sold about $135K worth of shares on 4/20/2011? So as I, and probably quite a few others, were taking heart to Feeney's BE statement the previous cc and SKS's guidance that this was their best qrtr yet depending on strong results, these guys sell stakes shortly before a much worse than expected report?
Almost sounds like something the SEC might be interested in looking into.
ExPat, I am right with you in your drive to make this management team and BoD begin to be accountable, but am concerned even this initial first step could be a it too little too late. This company has made monumental gains since its inception, in terms of positioning itself; but lots of this could now easily be squandered because the right corporate leadership does not exist here that is able to transfer its achievements into monetary wins!
Lots of you here talk about the next phase, the mobile space, and how that is what will bring us our fortunes. But ask yourselves this: Does Wave not currently have a solution for a massive everyday problem? What makes you think that Wave will be able to capitalize on any mobile solutions, if it can barely make sales in this current environment!
What I am proposing is a step further than ExPats; for shareholders to begin thinking about a much greater Wave management shake-up that's akin to my much earlier analogy of William Ford bringing on Allan Mullalay, and replacing himself as CEO and president while remaining chairman of the board, to run the most successful of the big 3 US automakers!
http://www.secform4.com/insider-trading/919013.htm
Waveway, but even EBITDAS was again negative Q1, and with a bigger loss per share than the previous several qtrs. And I'm still not clear what's "not the same" from the time of the last call that would undermine their claims. Was not investing in the future part of their strategy for quite a bit longer?
The company is on the other hand reaching a point where its relevancy is becoming more substantial; only the more reason to bring in seasoned executives to navigate the treacherous waters in the corporate world where the gorillas swim...this cannot be overstated!!
Something certainly has to be done to shake up the board/management. I have been growing more and more skeptical about their ability to deliver on guidance and consistent growth for some time now, but really took heed from the last call where Sweeney laid claim to BE Q1.
Uttering something like that, and then having results with a greater loss than at least several previous qrts gravely damages management's credibility in the eyes of any professional and/or serious investors. And I'm sorry guys, serious and professional investors are needed to make the reason for our investment in this company in the first place come to fruition. You cannot have real investments based on hope; it has to be based on results.
Now I still believe in this company's ability and position, but there is clearly a disconnect between vision and financial results. And especially after being at a couple annual shareholders meeting, I can safely say that the Wave team does not instill a sense of confidence in me that a company's managment team should that wants to run with the gorillas.
My patience has run out! Didn't one of those clowns yell out that we would hit BE this qtr last earnings call? This is not how you run a company, not at my expense for over a decade. Sell debt for crying out loud, and start making sales, but we, the shareholders should not be shouldering the burden for this long for these crap results, particulalry in an environment that begs for a solution that WAVX supposedly provides. This company needs new board members and executives, not new promises!!