Tag: US

US more likely to hack you than the Chinese

1220aTwo security experts, Jordan Robertson and Greg Martin set up an online honey pot to see which country was more  like to attack it and was surprised to discover that the US was more likely to be an aggressor than the Chinese.

Writing for Bloomberg, the pair  wanted to find a way to show the global nature of attacks against industrial-control systems used in electrical grids, water systems and manufacturing plants. For obvious reasons, attacks against critical infrastructure are among the biggest concerns in cyber-security.

Martin and Robertson  configured the honeypot to look like an enticing industrial-control computer to hackers and traced who attacked it.

The fake control systems were made to look like they were located in the U.S., the U.K., Amsterdam, Brazil, Tokyo and Singapore. The pair wanted a variety of locations to show that systems everywhere are under attack.

Over a three month period, the US was by far the biggest source of attack traffic, trying to hit the honeypot more than 6,000 times, nearly double China with 3,500, Russia, more than 2,500.

The Dutch and France were also carrying out statistically significant amounts of attacks on the honeypot.

The attacks were mostly reconnaissance missions, in which hackers often use less obfuscation, Martin said. However, it does mean that the idea of China being the leading hacking country is a myth and that crown belongs to the United States, which appears to have a policy of hacking everyone.

US confirms Chinese government behind hacks

1220aA US Senate panel has ruled that hackers associated with the Chinese government have repeatedly infiltrated the computer systems of US airlines, technology companies and other contractors involved in the movement of US troops and military equipment.

The Senate Armed Services Committee’s year-long probe found the military’s US Transportation Command, or Transcom, was aware of only two out of at 20 such cyber intrusions within a single year.

It found gaps in reporting requirements and a lack of information sharing among US government bodies which left the US military oblivious to the computer compromises of its contractors.

Democratic Senator Carl Levin of Michigan, the committee’s chairman was keen to focus on the Chinese hackers rather that the big defence industry’s cock-ups.

He said that the peacetime intrusions into the networks of key defence contractors are more evidence of China’s aggressive actions in cyberspace.

But cybersecurity expert Dmitri Alperovitch, chief technology officer with the security firm Crowdstrike, said that China had for years shown a keen interest in the logistical patterns of the U.S. military.

While its military uses secret or top-secret networks that are not on the Internet, but the US private companies hired by the US do not.

In the year beginning June 1, 2012, there were about 50 intrusions or other cyber events into the computer networks of Transcom contractors, the 52-page report stated.

At least 20 of those were successful intrusions attributed to an “advanced persistent threat,” a term used to designate sophisticated threats commonly associated with attacks against governments. All of those intrusions were attributed to China.

Senator Jim Inhofe of Oklahoma, the committee’s top Republican, called for a “central clearinghouse” that makes it easy for contractors to report suspicious cyber activity.


Comcast declares war on Tor

Newspaper Seller, 1939The most popular telco in the US, famous for its happy customers and commitment to a positive future for an open internet, Comcast has declared war on the encrypted system Tor.

Comcast agents have contacted customers using Tor and instructed them to stop using the browser or risk being cut off.

According to Deep Dot Web one Comcast agent named Jeremy insisted Tor an “illegal service” and was against usage policies. The Comcast agent then repeatedly asked the customer to tell him what sites he was accessing on the Tor browser. Of course the customer told him to go forth and multiply.

What is scary is that Comcast knew that any customer was using Tor. This would mean that Comcast is spying on the online activities of its users.

There is some bad blood between Tor and Comcast. The Tor project has listed Comcast as a Bad ISP. The Tor project cited Comcast’s Acceptable Use Policy for its residential customers which claims to not allow servers or proxies.

A Comcast spokesperson insisted that the outfit did respect customer privacy and security and would only investigate the specifics of a customer’s account with a valid court order.

However, this did not happen in the case of Comcast’s treatment of Ross Ulbricht, alleged Dread Pirate Roberts.

Comcast previously collaborated with the FBI by providing information on alleged Silk Road mastermind Ross Ulbricht’s internet usage. Ulbricht was most certainly never given a warning by Comcast or given time to contact a lawyer before he was arrested in a San Francisco library last October.


US begins McCarthyite purge of scientists

mccarthyism-3The US’s obsession with imaginary terrorists has resulted in what appears to be a McCarthy style purge of academics.

According to Science the latest to be purged is Valerie Barr who, in 1979, when she was 22, handed out leaflets, stood behind tables at rallies, and baked cookies to support two left-wing groups, the Women’s Committee Against Genocide and the New Movement in Solidarity with Puerto Rican Independence.

In a few years, she had become a top software academic and found herself too business for such causes and a quarter-century later, she’s a tenured professor of computer science at Union College in Schenectady, New York, with a national reputation for her work improving computing education and attracting more women and minorities into the field.

In August 2013 she took a leave from Union College to join the National Science Foundation (NSF) as a program director in its Division of Undergraduate Education and that is when she found herself in trouble with the terror police.

The FBI insists that Barr lied during a routine background check about her affiliations with “a domestic terrorist group” that had ties to the two organisations to which she had belonged in the early 1980s.

On 27 August, NSF said that her “dishonest conduct” compelled them to cancel her temporary assignment immediately, at the end of the first of what was expected to be a two-year stint.

Behind all this craziness is an obscure agency within the White House called the Office of Personnel Management (OPM) it has huge control over hiring workers because it is supposed to arrange background checks.

Ironically labelling her a terrorist and booting her off the progamme is a security own goal. Barrs job was to help the US combat cyberterrorism.

So how much of a security threat was she?  Well the two groups she was involved with were affiliated with a third, the May 19 Communist Organization (M19CO), that carried out a string of violent acts, including the killing of two police officers and a security guard during a failed 1981 robbery of a Brink’s truck near Nyack, New York.

When she was asked if she had ever been a member of an organization “dedicated to the use of violence” to overthrow the U.S. government or to prevent others from exercising their constitutional rights she had said no.

But since in the mind of the FBI the three groups were all linked she must have known that she was a member of the M19CO/

“I found out about the Brink’s robbery by hearing it on the news, and just like everybody else I was shocked,” she recalls.

Barr says she was casually acquainted with two of the convicted murderers, Judith Clark and Kuwasi Balagoon (née Donald Weems) but had no prior knowledge of their criminal activities.

Barr also has some ammunition in the form of the fact that the FBI investigator into her case was, according to his own blog, somewhat of a conservative who likes to tell stories about thumping atheist academics. Barr is a feminist and a lesbian.

All this calls into question whether the US government is hiring scientists on the basis of their ability to do a job or shooting itself in the foot following the same McCarthest mindset which paralysed the US for years.

Basically it means that it does not matter how good a scientist or computer security expert you are, if you are a woman, a lesbian or belonged to groups when you were a kid which we think might have been left wing extremists, we don’t want you working for our government.


US tech companies rally against China

55_Days_at_Peking-633098393-largeUS companies are moaning that Chinese regulators are ganging up on Western tech outfits in a bid to shut them out.

The American Chamber of Commerce in China is fuming about a series of investigations scrutinising at least 30 foreign firms, as China enforces its 2008 anti-monopoly law.

According to the Chamber, multinational firms are under “selective and subjective enforcement” using “legal and extra-legal approaches,” the Chamber said in a report.

A survey of 164 members showed 49 percent of respondents felt foreign companies were being singled out in recent pricing and anti-corruption campaigns, compared to 40 percent in a late 2013 survey of 365 members. Twenty-five percent said they were uncertain, or did not know, and 26 percent said no.

Lester Ross, vice chairman of the chamber’s policy committee, said the expansion of the enforcement was welcome in principle, but regulators were using “extra-legal” means to conduct investigations.

“They have taken what are, in many instances, vague or unspecified provisions in the law and moved to enforce them, and sought to enforce those means through processes that do not respect the notion of due process or fairness,” Ross said.

The Chamber wrote to Secretary of State John Kerry and Treasury Secretary Jacob Lew and asked them to get tough with Beijing on its use of anti-competition rules.

China is using competition law to advance industrial policies that nurture domestic companies, the U.S. Chamber, based in Washington, said in the letter.

It is not just the Americans who are concerned. The European Union Chamber of Commerce in China in August expressed its concern over the antitrust investigations, saying China was using strong-arm tactics and appeared to be unfairly targeting foreign firms.

The Chinese argue that some business operators in China have not adjusted their practices in accordance with the anti-monopoly law.  Others have a clear understanding of the laws, but they take the chance that they may escape punishment.

Anti-trust watchdogs have bitten Qualcomm’s local subsidiary after it said in February the company was suspected of overcharging and abusing its market position in wireless communication standards.  Yesterday Microsoft was given 20 days to reply to queries on the compatibility of its Windows operating system and Office software suite.

The internet belong US

pressieThe US government has ruled that if data is on the internet, anywhere in the world, it has to be turned over to one of its spying organisations for processing.

President Barack Obama’s administration is insisting that that any company with operations in the United States must comply with valid warrants for data, even if the content is stored overseas.

This means that anyone who uses an iPhone anywhere in the world will see their data inside a US government database.

Microsoft and Apple insist that enforcement of US law stops at the border, but the government seems to think that it rules the world.

A magistrate judge has already sided with the government’s position, ruling in April that “the basic principle that an entity lawfully obligated to produce information must do so regardless of the location of that information.”

Microsoft appealed   and the case is set to be heard in two weeks.

The US government said that content stored online is not protected by Fourth Amendment protections as data stored in the physical world. It quoted a law put out by President Ronald Reagan called the  Stored Communications Act (SCA).  This said that overseas records must be handed over domestically when a valid subpoena, order, or warrant forces them. No one thought that the SCA stuffed up the Fourth Amendment so there is no need to change the laws.

However Microsoft said Congress has not authorised the issuance of warrants that reach outside US territory. It points out that the government cannot issue a warrant allowing federal agents to break down the doors of Microsoft’s Dublin facility.

Microsoft said that consumer trust in US companies is low in the wake of the Edward Snowden revelations and the government will make overseas operations impossible.

It has the backing of Apple, AT&T, Cisco, and Verizon agree. Verizon said if the government wins, it would produce “dramatic conflict with foreign data protection laws.” Apple and Cisco said (PDF) that the tech sector would be blacklisted by foreign governments.

Recently the senior counsel for the Irish Supreme Court wrote in a recent filing that a US-Ireland “Mutual Legal Assistance Treaty” was a way for the US government to obtain the e-mail held on Microsoft’s external servers.


US Senate committee approves company snooping

Despite fears about personal data, the US Senate Intelligence Committee approved a bill to encourage companies to exchange information with the government.

The move is supposed to help share information on hacking attempts and cybersecurity threats, the only problem is that you have to trust the US government not to misuse the situation.

Experts see the bill as the best chance for the current congress to pass some type of legislation to encourage better cooperation between the government and private companies to boost the cyber defences of critical industries.

It is a serious problem as cyber-attacks by a determined enemy could be the greatest threat to US national and economic security.

However, comprehensive cyber bills have been delayed by rows over liability and concerns about privacy. In the middle of it, came the news of the government surveillance programmes.

The bill must be approved by the full Senate and reconciled with similar legislation that passed the House of Representatives in April.

There are already signs that the measure has bipartisan support in the House. The Republican chairman and top Democrat on the House Intelligence Committee issued a statement on Tuesday backing the measure and urging the full Senate to vote quickly.

Under the bill, companies and individuals can monitor their own and consenting customers’ networks for hacking and voluntarily share cyber threat data, stripped of personally identifiable information, with the government and each other for cybersecurity reasons.

In return, the US director of national intelligence to increase the amount of information the government shares with private firms and the Department of Homeland Security to set up and manage a data-sharing portal.

The bill offers liability protections to companies that appropriately monitor their networks or share cyber threat data and limit the government’s ability to use data it receives.

However, privacy advocates are worried about giving companies any form of immunity and the long history of abuse of consumer data by both the private sector and the government.

US arrests Russian hacker

skullkThe US has arrested a Russian national and charged him with hacking.

The Department of Homeland Security said Roman Valerevich Seleznev hacked into American retailers’ computer systems to steal credit card data from 2009 to 2011.

It has taken the Secret Service a while to find Seleznev, who was indicted in Washington state in March 2011 on charges including bank fraud, causing damage to a protected computer, obtaining information from a protected computer and aggravated identity theft.

At that time it was suggested that Seleznev hacked into websites ranging from those run by the Phoenix Zoo, a branch of Schlotzsky’s Deli and many other small restaurants and entertainment venues.

Secretary of Homeland Security Jeh Johnson implied that the hacks were the work of organised crime and that Seleznev was probably working for the Russian mafia.

“This important arrest sends a clear message: despite the increasingly borderless nature of transitional organized crime, the long arm of justice – and this Department – will continue to disrupt and dismantle sophisticated criminal organizations,” Johnson said.




Genii gives SecureIT to new US masters

idreamofjeannie1-300x193Genii Capital has sold the Multi-Tier Datacenter service provider SecureIT to a US real estate fund manager.

Genii funded and started SecureIT in 2003 on the back of the acquisition of a datacenter building to be developed.  The company remained solely funded by Genii Capital until its sale.

Eric Lux, CEO of Genii Capital said that when his company bought the building that would became SecureIT’s first datacenter, it just inherited a mini datacenter and a few racks. “We had no idea this small operation would become so successful but we knew there was a niche for us,” Lux said.

Initial demand came from new players like Skype who were considering setting up part of their infrastructure in Luxembourg.

This transaction underlines Genii Capital’s capabilities in the growing cloud and datacenter industry, he said.

Tesco profits flag

tescoTesco is facing the same fate as many other businesses, reporting the first annual profit loss in nearly 20 years.

The supermarket giant said pre-tax profits were down 51 percent to £1.96 billion, while post-tax profits including the cost of its £1.2 billion US exit were £120 million, marking a decrease of 95.7 percent.

The company confirmed that it would be backing out of the US after its investment in 190 Fresh and Easy stores failed to make it a profit.

In Blighty the company has also announced a property write down of £804 million. This was as a result of a review by the company, which uncovered more than 100 sites, scooped up five years ago for potential stores, now lying dormant.

In a blog post, head honcho Philip Clarke said: “Much of this property was bought more than five years ago, some more than 10 years ago.

“That is before the 2008 financial crisis, before the iPhone, social media, tablet computers, before we knew how profoundly technology would change both how we and our customers live and shop.

“Technology has changed much that we all took for granted and it is still changing. The last five years have shown that change in retail can be disruptive and come in sharp steps, not a steady trend. We must anticipate change and act decisively so we looked hard at the land we own and conclude that although we have a strong and attractive network of stores, we will never develop some of this land, mostly the very large mixed-use developments.”

The past three months have also not been favourable to the company, with Tesco claiming its sales, not including petrol, only rose by 0.5 percent. This was a decrease from the growth the company faced in six weeks to 5 January when the company marked a 1.8 percent rise as a result of Christmas shopping.

IT services market was poor last year

rubbish-tip1Beancounters at Ovum have officially ruled 2012 as bad for the IT services market.

Ed Thomas, Senior Analyst in the Ovum IT Services team said that 2012 was the worst for IT services contract activity since 2002.

He wrote that performance in the three months to the end of December 2012 fell well below the levels seen in the same period of 2011. This makes IT services contract activity the lowest than it has been for more than a decade.

In Ovum’s latest analysis, deals in the IT services market was only $20.8 billion, down 34 per cent on the same period of the previous year.

The number of deals fell 17 per cent in the same period and there was a notable lack of big deals. While the fourth quarter was slightly better than the beginning of the year, that really does not make things better across the year.

Thomas blamed the ongoing economic uncertainty afflicting key markets for IT services such as the US and Europe as a major factor behind the weak performance of the industry in 2012.

His research suggests that many enterprises remain wary of committing to major projects, with issues such as the Eurozone crisis having a particularly significant impact.

In addition, public sector activity has reduced as many governments come under pressure to cut public spending in the face of high debt levels, Thomas said.

Enterprises were just as bad, where the number of deals announced fell by 50 per cent. In healthcare contract volumes were down 39 percent and in the financial services market they fell 18 percent. The only industries in which contract activity was up on the previous year were telecommunications and technology sectors.

Europe was the leading market for private sector contract activity in 2012 but the number of contracts generated by European enterprises actually declined sharply during the year, falling 31 percent to $16.7 billion.

Private sector contracts in America slumped dramatically in 2011, rebounded in 2012, finishing the year up 48 percent at $10.5 billion.

This was mostly boosted by a couple of big contracts from Procter & Gamble and it is too early to tell whether or not this represents a significant shift in approach by enterprises in the region, Thomas said.

Brits lag behind US in mobile commerce

us-revolutionary-warAlthough British retailers seem to have an upper hand in European mobile commerce, a new report indicates that they are lagging behind their American counterparts in m-commerce.

The study was carried out by multi-touch retail technology provided Skava, and it found that only half of Britain’s top 100 retailers have optimized their websites for mobile devices. In contrast, all of the top US retailers have already done so.

The study found that revenue from mobile accounts for about one percent of all online sales in Europe. However, it is growing at a compound rate of 43.1 percent. Forrester estimated mobile revenue will account for 6.8 percent of European online revenue by 2017. That amounts to 19 billion euro.

Forrester analyst Martin Gill stressed that UK retailers have to adopt mobile tech if they hope to move forward. However, he also believes they will face plenty of challenges.

“A number of factors encourage and inhibit the adoption of mobile commerce… consumer trust, the convenience and value proposition of mobile shopping, the ease of payment and the availability of products at the right price,” said Gill. “European eBusiness executives in many countries have been slow to provide mobile-optimized experiences and these factors — both supply and demand — will continue to limit the opportunities.”

The study found that smartphone and tablet users tend to interact with their devices quite a bit differently than PC users. Hence, retailers’ websites must be optimized to cater to new platforms. They also need to respond quickly to new market trends and devices, which is easier said than done due to the mind boggling pace of progress in the mobile industry.

Ingram embraces Cisco partners

Jay MileyIngram Micro’s North America Services Division has made its Hosted Collaboration Solution (HCS) available to qualified Cisco channel partners across the US and Canada.

Powered by Cisco, the cloud service has already been available in beta with select Ingram Micro channel partners for several months. It is now set to be demonstrated live at Ingram Micro’s 2013 Cloud Summit April 7-10 in Scottsdale, Ariz.

Featured on the Ingram Micro Cloud Marketplace, the Ingram Micro HCS is, it is said,  an end-to-end system that lets partners make subscription-based, “as-a-service” offerings around Cisco Collaboration technologies including Cisco Unified Communications, Cisco Customer Collaboration and Cisco WebEx.

The service is also said to include the full range of Cisco Collaboration functions along with the tools to deliver these to the end customer in an automated, standardised and efficient manner.

Ingram Micro is also taking advantage of the Cisco Advanced Services team to help its channel partners provision and deploy the service, as well as offering round the clock service management, monitoring and Level 2 and Level 3 technical support.

Jay Miley, vice president and general manager, Advanced Technology Division, Ingram Micro US said that by engaging Ingram Micro, and utilising its dedicated Cisco Business Unit and growing Cloud Marketplace to offer HCS-as-a-service, Cisco channel partners could “establish a new recurring revenue stream without having to invest in the upfront capital to get the business moving.”

Sophos about to shake up its channel again

sophos-HQNew broom at insecurity outfit Sophos, Michael Valentine, has warned that he plans to shake up the company’s channel, just 24 hours after he first put his bottom on his seat.

Valentine has just started his job as Sophos’ senior veep and will manage the global channel programme. He wants to apply his own philosophy to the company’s channel, with subtle changes aimed at reigniting business, particularly in the US and Canada.

He thinks that Sophos needs to attract new partners, particularly if it wants to get money out of the US which has been a lacklustre market.

Talking to CRN in the US, Valentine said that the North American space is where Sophos was doing the least amount of business, and the gap is absolutely huge. Sophos has the product set and the new management allowed to run it and it needs an enriched channel program, he claimed.

In addition to antivirus software, Sophos’ endpoint security platform provides software for encryption, vulnerability monitoring, data loss prevention and mobile device management. It also has unified threat management appliances and firewalls to sell following the acquisition of Astaro in 2011.

Valentine said it was too early to provide any details on changes to the Sophos partner program, but he wants to strengthening Sophos’ three-tiered program with additional support and attention to partners.

This will be yet another shake-up for the Sophos Solution Provider Partner Programme which was rejigged under Emmanuelle Skala, vice president of global channels. There is also a new redesigned partner portal also provides deal registration, product and promotion information.