December II 2007

Fredric Morris
Editor-In-Chief
Connect-World

“Comes the storm…”- winning or losing the cyber-security battle

Trying to keep track of the cyber-security question is a bit like watching a ball game where no one, even the players, knows the score. The security companies all huff and puff about the difficult battle they are winning, but the bad guys just don’t seem to stay down – they get flattened into pancakes by the steamroller, get up, and keep coming. It’s Looney Tunes all over again.

Surfing the web, I came across some predictions by Symantec’s Director of Emerging technologies, Oliver Friedrichs, concerning the biggest security problems for the coming year. The scary list includes:

* Bot evolution – decentralised, peer-to-peer hacker networks built from co-opted PCs exemplified by the so-far undefeated Stormbot network;

* Web threats: known trusted websites infected with malware – malicious code that attacks site visitors;

* Mobile threats – Hackers and crackers will certainly target mobile threats. The Apple iPhone, Google’s ‘GPhone’ Android software, Microsoft Windows Mobile and other platforms that offer kits to applications developers will be hit. Financial services, such as online banking, auctions and funds transfer applications will certainly be among the targets;

* Virtual Worlds, especially those with virtual property that can be sold for real money and sites where personal information can be obtained from unwary users will be especially sought out by hackers;

* Presidential elections – According to Mr Freidrichs, during the last US presidential elections, there were phishing attacks and denial of service attacks aimed at certain candidate’s sites. This election, according to statements on the Web, he expects a number of ‘typo-domain sites’ will mimic the candidate’s sites. If someone mistypes the official site address they might accidentally open a false, look-alike, site. Some will donate money to the campaign through the false sites, so, “when contributions come in, they’re either pocketed or contributed to someone else’s campaign.”

The director of antivirus research for F-Secure, Mikko Hypponen, according to ZDNet UK, claims that the database of malicious code it has built over the last 20 years has doubled since the beginning of this year. That is an astounding number; I am sure they have not been sleeping for 20 years.

Spending an hour checking security-related sites on the Web is enough to convince one that the crooks are getting bolder, more sophisticated, stronger, richer and harder to find. Companies and individuals alike are being taken in, used and abused.

What happened to the nerds who hacked for fun and prestige and the geeks who cared only about their technical prowess and their membership in the elite hacker community?

The malware industry is more daring, audacious and commercial than ever. Those that know where to look can buy enough malware software and services online to go into business for themselves. Some hacker software is sold as legitimate tools, to find vulnerabilities and check the security of a user’s own system – and some people actually use them for this purpose; many others, though, use these tools as weapons for less innocent ends. Really nasty stuff, I’m told – I didn’t find, or at least recognize, any of this myself – is also available online.

A lot of effort goes into hiding the traces of illegal activity, so the hacker/cracker and malware sector of the economy is not easily measurable, but it seems obvious that it is growing by leaps and bounds and is siphoning significant amounts of cash into its coffers.

The site of the CSI Computer Crime & Security Survey for 2007, states: “The average annual loss reported more than doubled, from US$168,000 in last year’s report to US$350,424 in this year’s survey. Reported losses have not been this high in the last five years. Financial fraud overtook virus attacks as the source of the greatest financial loss. Virus losses, which had been the leading cause of loss for seven straight years, fell to second place. Of respondents who experienced security incidents, almost one-fifth said they’d suffered a ‘targeted attack’, i.e. a malware attack aimed exclusively at a specific organization or targeted group.”

An acquaintance of mine who claims to be an old-time ‘do it for the glory’ hacker who has even tipped off software manufacturers about vulnerabilities in their systems, says that “virus and Trojan kits” often come from the developing regions of the world. He assures me that, despite their dubious origin, some even sell technical assistance contracts for their products. Much of this business is conducted via Internet relay chats (IRCs) and forums where boasts abound. Spammers are a big market for the hackers’ services. They need all the help they can get to sneak past the increasingly sophisticated anti-spam defences deployed in recent years.

Spammers can buy or even rent, so I’m told, a wide variety of sophisticated software to torment us all. The Internet-based malware supermarket has a variety of services and tools for botnets, phishing, denial of service attacks, Trojans, worms, anti-detection software and much else besides. Indeed, you can find just about anything you need to intrude, take-over, borrow, trick, or steal can be found, bought or hired on the Net or through the IRCs. Russians hackers are said to be the scourge of the Net; they offer everything, often at very low prices. There is also an open market in stolen credit card details. Credit card details, according to several Web reports about the ‘industry’, cost very little – less than one dollar per card in bulk quantities. Enough information to get away with identity theft costs less than US$100.

Organised crime, it is said, is often involved in online schemes; it can be more profitable and less risky than traditional crime.

Of all the threats in hacker/crackerdom, the ‘Stormbot’ is possibly the most nefarious. Named after the subject of the email it was first sent out with, “230 dead as storm batters Europe“, thousands of variations of the same ‘bot’ have been sent out since it was first launched in the beginning of 2007.

A Botnet is a network of sorts comprised of software robots – the ‘bots’, which are bits of software that travel automatically through the Internet carrying out their own programmes. Hackers normally use groups of ‘Zombie’ computers to disseminate the bots. The Zombies have been taken over, without their owners’ knowledge, by malware programmes call Trojan Horses, backdoors, worms and such, and can be remotely controlled by the hacker to spread and control a great variety of viruses, spam and bots. The use of Zombie computers makes the source of the attacks they spread devilishly difficult to spot.

The Storm botnet supposedly consist of more than one million co-opted computers tied together in dynamically changing configurations. Since the servers that control ‘Storm’ constantly change their names and location within the botnet’s peer-to-peer network, they are exceedingly difficult to find and stop. The botnet’s commanders have launched denial of service attacks against security experts that have tried to find and neutralise (kill) the bot’s control centres.

The bot’s controllers are very sophisticated – some of the communications with the bots use encryption and they can generate hundreds of functionally different versions per day. Security vendors and law enforcement agencies have not yet been able to get a fix on the ‘Storm’.

While writing about the ‘Storm’ just now, I recalled one of my professors dramatically quoting a line from an anonymous Anglo-Celtic poem. I checked the only words I remembered – “When comes the storm”, on Google and found it at once. The poem is bad, even worse than I had remembered, but – when comes a Stormbot – it can be far worse.

Still, the complete line from which the words I remembered came is strangely prophetic: “When comes the storm of rain, and gusty air / your secrets close are scattered everywhere.”

____________________________________________________

Our next Connect-World Asia Pacific issue will be published later this month. The issue will be widely distributed to our reader base and, as well, at shows where we are one of the main media sponsors such as: PTC, Hawaii, USA, 13-16 January 2008 and Carriers World, Hong Kong, 11-13 March 2008.

The theme of this issue of Connect-Word Asia Pacific will be: Broadband – network strategy for core and access.

Broadband is the game, the future of telecommunications – wired and wireless alike. What are the today’s best growth strategies? How do you pay for the buildout? How do you fill the pipes later? How do equipment manufacturers, the software developers, content providers, regulators and, yes, the users, fit into the new environment?

Asia-Pacific I 2008 Media Pack; Click here

December I 2007

Fredric Morris
Editor-In-Chief
Connect-World

Mobile telephony, open platforms and telegraphy – Google that!

The Mobile Web is the World Wide Web accessed via a mobile phone or PDA instead of a computer. The screen is small, but it is always with you when you need it. It is spawning a great number of new services such as SMS, entertainment, cell phone payment and fund transfer systems, location-based services and the like – it’s a very long list.

The Mobile Web even has its own sponsored, ICANN sanctioned, top-level domain name – .mobi, dedicated to mobile phone sites. Not impressed? Well, its financial backers (Google, Microsoft, Nokia, Samsung, Ericsson, Vodafone, T-Mobile, Telefónica Móviles, Telecom Italia Mobile, Orascom Telecom, GSM Association, Hutchison Whampoa, Syniverse Technologies, and VISA) are.

A lot of thought and effort is going into new and better services. The goal of the W3C’s Mobile Web Initiative, for example, is to develop Mobile Web-related best practices and technologies to make mobile Web browsing easier and more reliable. A good idea, but I suspect that Google’s recently announced ‘Android’ platform will do more to promote mobile Web use than any other recent initiative.

Google, through the Open Handset Alliance, allied itself with 33 other companies – including many giants in the sector such as Sprint-Nextel, eBay, Motorola and Intel – that will integrate the Android with their own software and hardware and with third party applications to guarantee Android’s impact and staying power.

Although some major telephone operators around the world are part of the Alliance – China Mobile, KDDI, NTT DoCoMo, Sprint Nextel, T-Mobile, Telecom Italia, Telefónica – not all major operators agree with Google’s forays into the wireless market. Verizon, which either cripples or replaces the software bundled with mobile handsets to limit and lock features to control its customers, did not join the Android alliance and AT&T executives have been openly disdainful of Google’s plans to enter the bidding for 700MHz wireless spectrum in the USA.

Google is so convinced that wireless is the way to go that it has vowed to commit at least US$ 4.6 billion to the auction – enough money to scare away some players and enough to make the incumbent wireless players nervous. The Google war chest stuffed with billions upon billions of idle dollars and their promise to put up ‘at least’ US$ 4.6 billion of their hoard must be sending shivers up and down a number of corporate spines as they wonder how to get a few extra billions to increase their bids.

Reports of the Android announcement quote Google CEO Eric Schmidt – responding to questions about how their bid for the 700 MHz spectrum is related to their plans for Android – as saying: “We think the 700 MHz network auctions are a matter of public policy and for public benefit, but Android will run well on it.” How nice, such a marvelous coincidence!

Android, states Google, is an open, ‘comprehensive’, mobile platform with a set of tools that make it easy for any programmer to develop applications for mobile devices. The Open Handset Alliance’s effort resulted in a completely open, Linux-based, operating system for mobile devices. All the current operating systems are closed, proprietary, platforms. Google is engaged in an effort to change the mobile world’s technological ecology and turn wireless into an open environment similar to the Internet itself. Android is the opening round of a revolutionary battle.

Phones that use Android will be truly open; operators, for example, will no longer be able to block functions such as WiFi reception – a truly frightening thought for companies such as Verizon and AT&T that have inherited all of the Bell Telephone monopoly genes. Android will, no doubt, run a full set of the growing list of free Google applications including a browser, email (sorry, Gmail), Google Earth and Google maps (complete with its location-based advertising opportunities and social network-like comments function). In short, Android’s starts the game with a handful of cards a poker player could die for.

Other companies such as Apple, Palm, RIM, Symbian, even Microsoft with its Windows Mobile, already have a stake in mobile software and all are threatened by Android’s open platform. Early reports indicate that Android’s code – until the inevitable software bloat sets in – is relatively compact and efficient. This is especially promising for the low-end phone market. There are many more cell phones in the world than computers and, especially in developing economies, many more low-end than high-end handsets. Android, if it lives up to its promise, will make it possible to deliver a satisfactory Internet experience even with low-cost mobile devices. This could lead to explosive growth in Internet access by people in developing regions.

The arrival of a new, heavily backed, free, open, low operating overhead, mobile platform is a truly significant event for many reasons. Competing platform developers are digging in for a do-or-die battle, but the biggest battle will be elsewhere!

Traditional operators must quake at the thought of fully open, unblocked, phones using Google controlled spectrum, with free – or really inexpensive – access based upon an advertising-financed business model. Should Google win the bidding, a nationwide wireless network in the USA will add to its ad revenues and, inevitably steal a significant number of subscribers from the likes of Verizon and AT&T. We may be seeing the end of an era controlled by the heirs of the Bell system in the USA – and incumbents everywhere – and the beginning of a new one, controlled by the leading Internet powers.

The incumbent operators will be tough to fight. Their existing customer base is enormous, they already have spectrum and are willing to fight to the end in courts and legislative hallways. They have weapons and will use them.

We can count on Verizon and AT&T, for instance, to do everything in their power to keep Google from getting a piece of the spectrum and to keep Android-powered ‘Gphones’ off their networks. Nevertheless, Android is an open platform, and someone is bound to develop software that will let Android access just about any network, Even so, Google might have trouble competing against the operator-subsidised handsets that account for most of the sales in many markets.

Google, on the other hand, has cash, a powerful list of allies to match its powerful list of enemies and, perhaps most important, it may have history on its side. The Internet has spawned an open culture, an expectation of free access, that has great social and economic momentum on its own. The idea of essentially free, ad-driven, communications will resonate far beyond the boarders of the USA where the first great battles of this high-tech Armageddon are likely to be fought.

Whatever happens in the opening skirmishes the sector will never be the same. In the end all technologies and business models have their day and go the way of the telegraph.

____________________________________________________

Our Connect-World Global Visionaries 2007 issue will be published later this month. The issue will be widely distributed to our reader base and, as well, at shows where we are one of the main media sponsors such as: International CES (7-10 January 2008, Las Vegas), CTIA Wireless 2008 (April 1-3, 2008, Las Vegas), and the National Association of Broadcasters (NAB) event (April 11-17, 2008, Las Vegas).

The theme of this issue of Connect-World Global Visionaries 2007 will be – The world’s on a string – using ICT to tie it together.

Information and communications technologies (ICTs) are powerful tools, they are changing the way we work and the way we play. The global economy and the lives of many people have changed dramatically as a result of ICTs, and there is a broad consensus – almost faith – in the ability of ICT to solve many, if not all of the world’s problems. The United Nations’ World Summit on the Information Society (WSIS) concentrated upon the use of ICTs to create an information society and move forward to meet the Millennium Development Goals. Not a day passes without some new notion about how ICT will create a better world.

What is lacking in much of this talk is a hard-headed notion of some of the practical steps we must take to actually have some impact upon the major challenges that humanity faces.

We have all heard the old saying, “a journey of a thousand miles starts with a single step”. I suspect mankind’s journey to solve the major global challenges needs thousands, if not millions, of small, practical, steps. There is an old saying that, ‘every complex problem has a simple answer, but it is probably wrong!’ Complex problems need many simple answers.

We have asked leading decision makers from around the globe to give us a few of their own answers.