Such a moment has come again, and with a choice prize: Investing in start-ups. The House has already passed crowdfunding legislation, by a whopping majority. The president supports it. Senators on both sides of the aisle (Merkley, Bennet, and Brown) have agreed on a version. Entrepreneurs are signing petitions to support it. And there is speculation that the Senate Majority Leader Harry Reid may push for passage of the House bill as-is. This could be law overnight.

What would this mean? It would mean start-ups can “go public” from the get-go. Fasten your seatbelts. This is Kickstarter on jet fuel. Under the House rules, any start-up can publicly announce that it’s raising capital (on Facebook, or even in the local paper), and can raise up to $1M each year. That’s enough for lean start-ups to go many times around the track. Individual investors can invest up to 10 percent of their income. And there is very little paperwork required.

Everybody likes the innovation and jobs that this could propel. Detractors are understandably concerned about fraud.

Here’s how this is going to play out: Intermediaries (the future eBays of this space) will spring forward to handle the paperwork, do background checks on issuers (required), ensure that offerings are well described and enforce balanced investment terms. The House version allows start-ups to do this without an intermediary, but that’s not going to happen in practice (it would be like trying to sell your item on the Web without eBay). And fraud? Crowdfunding is already legal in the U.K. The leader there, Crowdcube, is reporting zero fraud. U.S. crowd-lending site Prosper.com and accredited-investor-only U.S. crowdfunding site AngelList also report zero fraud. Lots of data here for the curious.

This could be big. “Locavesting” author Amy Cortese points out that if Americans diverted one percent of their long-term savings to this kind of investment, that sum would be 10 times the total annual VC investment in the U.S.

Up next? The race to be the eBay of this space.

Tim Rowe is the founder and CEO of Cambridge Innovation Center, which houses approximately 450 start-up companies in a large office tower in Kendall Square, Cambridge, Massachusetts. More than $1.5B dollars have been invested in these companies to date, and CIC has been a launch pad for several well-known companies, including Google Android and Great Point Energy.

While they are usually much less voluble than the chatty Web execs of Silicon Valley, the execs who run China’s fast-growing Internet companies seem to be keeping up just fine of late.

On Friday, for example, the Alibaba Group’s Jack Ma was positively effusive about wanting to buy all of Yahoo, a company which actually owns 40 percent of Alibaba. “We are very, very interested,” said Ma at an event at Stanford University.

Now, in an interview with Bloomberg, Renren CEO Joe Chen decided to take a smack at Ma over his disputed spinoff of its Alipay payments unit, which caused a high-profile ruckus with Yahoo earlier this year.

“It’s quite unfortunate,” Chen said to Bloomberg about disagreement, which has since been settled. “It caused a lot of uncertainty about Chinese Internet companies.”

Them’s fightin’ words, and a source close to Alibaba reacted with, well, reaction.

“Yeah, it shook confidence so badly that Silver Lake and DST [Global] just decided to put in billions to back Jack Ma,” referring to a recent funding deal by the large investors. “People shouldn’t try to blame their own lack of performance on others.”

Ouch!

Actually, Renren has bigger problems than Alibaba.

According to a substantive report in The Wall Street Journal yesterday, what’s really hurting Chinese Internet companies is the declining stocks caused by recent accounting scandals there, which may have attracted scrutiny from U.S. regulators.

Wrote the Journal: “A series of alleged accounting frauds this year at little-known Chinese companies listed in the U.S. has triggered a sharp shift in sentiment among investors, who are now worried about hidden business risks or financial problems.”

Hence possible investigations by the Securities and Exchange Commission that will surely drag Chinese stocks on U.S. exchanges down more.

And indeed, the stock of Renren — which had its own controversial issue with accurate data reporting at the time of the IPO of the social networking site earlier this year — declined 13 percent Friday, along with other Chinese companies listed here.

That’s not easy. Given what it does — develop software that essentially helps government intelligence agencies root out and track terrorists and other criminals with sophisticated data analysis technology — it’s generally known for keeping its mouth shut. Its name is taken from the mystical seeing stones in the “Lord of the Rings” novels.

The company takes huge reams of data and subjects it to analysis to find connections between people and entities, and to find patterns that aren’t obvious. It has been used to track suicide bombers in Iraq and to sniff out abuse of government stimulus money in the U.S., and naturally most of its business is with the government, though banks, always on the lookout for fraud, are also said to be enthusiastic customers.

Yesterday, Palantir reported in a filing with the U.S. Securities and Exchange Commission that it had just raised $68 million in funding, though, as is usually the case with Form D, the filing doesn’t say who it came from. This, of course, would come on top of $50 million that TechCrunch reported it had raised in May, and another $90 million it raised in June.

The idea for what became Palantir emerged out of antifraud work at PayPal, but then grew into something bigger. PayPal alum and Facebook investor Peter Thiel talked Alex Karp (pictured) into the idea of building it into something that could root out terrorists. Thiel and his Founder’s Fund led a $12 million funding round in 2006, some of which came from the CIA’s In-Q-Tel. Thiel led another round in 2008.

I’ve got a call in to Palantir and hope to find out more behind the details in this filing, and will update the post if I hear from them. Until then you can watch Karp’s interview on “Charlie Rose” from 2009, and a Peter Thiel interview with The Wall Street Journal from last month.

The verdict by the 12-member jury, following 11 days of deliberation, capped a blockbuster trial that started in early March featuring 45 recorded calls showing how the hedge-fund executive trafficked in insider tips provided to him by a web of contacts at the top tier of American business.

The widely watched trial exposed the behind-the-scenes dealings of a once-prestigious hedge fund that gained access to highly sensitive information about, among other things, Goldman Sachs Group Inc. at the height of the financial crisis. The government put at $63.8 million the amount in illegal profits and avoided losses Galleon realized through the scheme.

Read the rest of this post on the original site »

On some level of journalism, I guess anything could happen.

At least that’s according to a recent article by Business Insider’s Henry Blodget about an alleged “mole” at Twitter who was allegedly spying for Google, specifically about an exec the microblogging service was trying to poach from the Silicon Valley search giant.

In a decidedly splashy, hello-traffic, ALL-CAPs headline–THE SEARCH FOR THE “TWITTER MOLE”: All Eyes On John Doerr“–Blodget pointed his J’accuse finger at the legendary venture capitalist as the culprit.

Based on…

Well, based on nothing, it appears, except rank speculation and what appears to be no attempt to get Doerr to comment.

And, while it’s not my cup of tea, whatev, I suppose.

Except when I read down to the bottom and landed on this gem:

We have talked to several sources familiar with aspects of the situation. Thus far, we have not been able to confirm either assertion.

First, no one has even confirmed that Google was tipped off in advance of Twitter’s poaching effort, much less by a Twitter mole.

This doesn’t mean it didn’t happen.

And later still:

So we haven’t been able to confirm the “high-level mole at Twitter” story. And we think there’s a good explanation for why there might not be a mole at all.

Secondly, we have talked to no one who has any evidence other than the logic above that, even if there is a Google mole at Twitter, the mole is John Doerr. One insider we spoke to, in fact, dismissed the idea out of hand.

Say what?

It’s kind of like thinking that a sparkly Civil War-era vampire falling in love with a moody chick in the Pacific Northwest and flying through the pines all day and mooning over their cruel fate was real.

Okay, that was a Hollywood movie called “Twilight,” but that doesn’t mean it didn’t happen!

Thus, Doerr–a tough customer to be sure, capable of all kinds of sharp-elbowed behavior–is guilty until proven innocent?

Or just not guilty at all, but let’s just say he might be anyway, without a shred of evidence, because it could have happened!

(Courtroom confession: It was All Things Digital‘s Liz Gannes, who did it on the blog with scoop on the Twitter talent raid effort of Sundar Pichai!)

Speaking of evidence, less than a week later, Javert–oops, I mean, Blodget–was back in another kangaroo court performance with another terrifically loud headline:

“The Guy Who Says He Owns 50% Of Facebook Just Filed A Boatload Of New Evidence–And It’s Breathtaking.”

Breathtaking, I guess, if you are in that fantasy teenaged girl mode, but deeply suspect if you are anyone with a modicum of journalistic responsibility.

It is perfectly fine for Blodget to dredge up the copious emails from a man named Paul Ceglia–who alleges he possesses a contract that he struck with Facebook co-founder Mark Zuckerberg at the time of its creation–and analyze them.

And it is certainly notable that a credible law firm, DLA Piper, has taken on the case for Ceglia and it does seems unlikely that it would have done so without doing some level of due diligence.

In fact, in an interview with Am Law Daily, DLA partner Robert Brownlie, international co-chair of the firm’s securities litigation, said: “At first I shrugged it off as incredible. I would not have gotten involved and DLA would not have gotten involved if we had any doubts about the facts or evidence in the case.”

That was, of course, countered by Facebook’s lawyer Orin Snyder at Gibson, Dunn & Crutcher, who said in a statement that the Ceglia allegations were part of “a fraudulent lawsuit brought by a convicted felon.”

By the way, in fancy-lawyer parlance, that translates to a liar-liar-pants-on-fire defense.

So, microwave the popcorn and get ready for the drama, because no question, it is clearly going to be juicy all around with a whole lot of social networking poking!

In fact, such a case is tailor-made for Blodget, who has always been a very gifted writer with a nose for sharp-edged analysis.

It’s too bad, then, that he did not hone his knife to such an edge when it comes to Ceglia, giving him much too much credibility based on what could be fake emails, especially since they come from a man with a history of fraud.

History, in fact, that Ceglia is depending on in this case, since Zuckerberg most definitely has one in regards to partnerships gone bad.

Thus, Zuckerberg has been sneaky before, ergo he’s sneaky here.

That’s no surprise as a legal tactic, of course, and I threw in the “ergo,” since I too want to play Perry Mason in a blog.

But. More to the point, while Facebook was certainly hard-nosed in dealing with both protracted and high-profile legal challenges from the Winklevoss twins and also Eduardo Severin, I don’t think I have ever seen the company explicitly say evidence was completely fabricated, as it is alleging Ceglia’s emails are.

As I said, I have no idea if they are or they’re not, but I do know this: While those emails are certainly bombshell in nature, they are designed to be so precisely because it is a lawsuit in which the principal is trying to shame Facebook into settling.

None of that seems to concern Blodget, who concludes at the end of the post:

“In short, to us at least, the emails don’t read ‘fake.’”

In short, to me at least, that’s for fake-email experts and the courts to decide.

The real fact of the matter is, who knows? I certainly don’t, although I do know it’s terrifically easy to file a lawsuit and claim just about anything you like.

And the same seems to be true–more and more these days and not for the good–for blogs too.

As for me, I need to get back to my goal of proving that sparkly vampires do exist.

Alibaba.com, whose business e-commerce site has shown strong growth, said it will work to identify and remove listings for additional suppliers it believes have a high risk of fraud and to ensure proper checks and balances inside the company.

Alibaba.com Chief Executive David Wei and Chief Operating Officer Elvis Lee resigned last month after an internal investigation found more than 2,300 sellers on the site committed fraud, sometimes with the help of Alibaba sales staff. The company named Jonathan Lu, chief executive of Alibaba Group’s retail website Taobao.com, to replace Mr. Wei.

Alibaba.com is the listed unit of Alibaba Group, in which Yahoo Inc. owns a roughly 39 percent stake.

Read the rest of this post on the original site

In response, Square’s CEO Jack Dorsey said the claims weren’t “fair or accurate,” and that VeriFone was overlooking all of the protections already built into your credit card.

VeriFone’s awareness campaign may be considered a little unconventional.

The company went as far as to launch a web site, record a video, and develop a mock-iPhone app that demonstrates how easy it was to use Square’s dongle to skim information off of a credit card.

Reactions to VeriFone’s approach largely sided with Square.

In comments on our site and on other venues, including Twitter, respondents mostly waived off the concerns, saying that VeriFone was feeling threatened by Square’s progress in the market.

In an exclusive interview, VeriFone’s CEO Doug Bergeron explained why the company felt it was necessary to launch the campaign.

Actually, the interview was positioned as a way to “clear the air,” although as you’ll see, those were not his words, but rather the phrase his public relations people chose to use in pitching us.

Here is our conversation, which has been edited for length and some context, but is largely as it happened.

Duryee: I was told you want to “clear the air” about VeriFone’s actions last week.

No, I don’t think that’s the way I would put it.

I believe that’s a direct quote from your PR person.

Well, I can’t help what they say.

But this is a very interesting time in mobile commerce. There’s a lot of things happening, and a lot of innovation that is happening, and yet, and yet a lot of historical issues that haven’t gone away.

[Skipping ahead in the interview] How is your smartphone product different than Square’s?

We’ve been selling PAYware Mobile for about a year, and it is selling well. Square is the only one that I know of that doesn’t encrypt their data.

We don’t use a dongle. We use a sleeve, or basically it’s a small cradle that the phone sits in. What’s different is that we encrypt the data, which means it costs $25 to $35 more to provide that technology. We aren’t creating fraud. We want consumers to be able to accept credit cards. But if you cut corners it causes problems.

We’ve been mentioning it for awhile, but we thought we needed to be heard.

Did you approach Square directly?

We’ve been in several conversations–not just with Square–but with the industry, and not just about Square, but about hypothetical devices.

We don’t want an industry that’s been moving toward simplicity, which we think is good, to move toward technology that’s allowing fraud. We don’t want it to go in wrong direction.

Did you give Square a heads-up that you were going to do what you did?

I don’t know who our PR folks talked to or didn’t.

Your PR folks told me that you had a meeting with Square’s CEO Jack Dorsey the week before.

I did see him in New York. We were at a similar meeting. I brought up the security issue, and asked him how are you addressing security? The answer was still, the networks will take care of it.

That’s not the way the rest of the world is treating this.

Networks have programs that monitor transactions, and they’ll call you if you are traveling, and there’s systems that can identify things post-facto, but that’s after the fact. The rest of the world has used smart cards and other mechanisms to stop fraud where it happens.

So, the networks can take care of it?

It’s not good enough. We should be joined arm-and-arm to make sure customers trust these systems and make sure that fraud goes down. I don’t think retailers like paying the highest interchange rates in the world, that’s not fair.

Was your open letter fair to Square?

[He laughs.] Listen it’s a competitive world. We take our role as a leader in the industry seriously. We gave them a heads up and free advice that you shouldn’t be allowing systems out there, unencrypted. If that’s fair or not, it’s not the issue here. We collectively need to create new technology to reduce fraud, whether you are a venture-backed business or a big businesses. We are both responsible for our own decisions and should be able to fend for ourselves.

Were you worried they were gaining traction in the market?

No, not at all. We don’t know what traction they’ve seen. We might be doing more than them. I have no idea. It is worth noting that we do less than a couple of million dollars a year with micro-merchants, such as garage sales or Girl Scout cookies. But that’s not the essence of VeriFone. This is not our massive attempt to protect two million in revenue. If that’s what you think, you are missing the point.

We are not worried about competition in one of our $2 million segments, but we are worried about the industry not being concerned about the third rail of skimming, which is smartphones not using encrypted data.

Still, a lot of the feedback in the comments on our site and on Twitter was that you felt threatened by Square.

I notice Verizon and AT&T advertise whose systems don’t work. Oracle advertises against HP, by saying their systems have more processing power. I’m not quite sure how this is different. We have a solution that encrypts data and reduces fraud. If that’s not worthy of identifying and knowing, what’s wrong with that?

Well, maybe you went too far by making the faux iPhone application available for download on the site?

If we didn’t, we would have been accused of blowing smoke. The fact that we could do it [build one] in an hour demonstrates how serious of a problem it is.

[NOTE: PR jumps into the conversation, adding that the application on its site was only for demonstration purposes. No one could actually download it and skim credit card information with it. It was only to show it was possible, but there was no actual risk.]

You really believe that the Square dongle will be used for harm?

They certainly could. It’s a skimmer that doesn’t look like a skimmer. You might be using a merchant that you trust, and they are skimming right in front of you and don’t even have to go in the back room.

Now that you’ve voiced your concerns, what happens?

I don’t know. We all continue to go along our paths and try to improve paying at the pumps, and paying at the table, and try to continue to promote that smartphones are great and that the data should be encrypted…

We have a competitive reason to do so, and we believe we have a differentiated product. This can be solved. This isn’t rocket science. They can add encryption and they’d be done.

There is no next step. We’ll continue to sell the most robust in the industry, and reduce fraud and feel good about it, and they’ll continue to do what they do.

[From earlier in the interview. Bergeron provided the company's historical context in the industry, which led them to the decision to write the open letter last week.]

Without the benefit of 30 years of watching historical issues, it’s easy to see how our campaign last week was considered unconventional. But the reality is we are speaking to a very seirous issue here.

The first has to do with the ongoing concern–even worry–that retailers large and small are having with conventional card brands.

It plays out like this: I see you give me a lot of value to accept debit and credit because customers like it, but this notion that I’m paying the highest interchange rates in the world in America–15 to 25 percentage points of my revenue. Whereas, the rest of the world on average pays 10 percent. As a retailer, I’d say I’m just not getting how the 25 percent that I’m giving up to the card ecosystem is valuable.

The response is: The reason you pay the highest interchange rates in the world is because there’s a lot of fraud in the system.

Some of it goes to profits and managing the network, but a big piece of it is a pooled risk to cover the fraud in the system. The reason European retailers pay significantly less is because there’s a lot less fraud in the system. Ditto Canada and Australia.

Every other country has taken technology to eliminate or reduce the incidence of fraud and skimming. Therefore there’s less fraud and interchange rates come down.

Every day of the week, I hear them [retailers] complaining about interchange. I defend it. We are what we are, and there’s fraud in the system–that is what it is. We have made it our mission to go after the sources of fraud.

There’s two big areas of fraud, and the unregulated smartphone dongle is creating the third.

What are the two big sources?

The two biggest sources, which Forrester, IDC and NPD would all agree, is gas pumps and restaurants.

And there’s a reason for that.

Gas pumps received a waiver from Visa and other card companies.

They were leaned on by the oil companies, which claimed that meeting PCI compliance at each gas pump would have been really painful for the gas stations. And therefore at the 800,000 pumps today, unlike most stores you go to which use compliant technology sold by VeriFone or others, there’s nothing protecting your data there.

These pumps are serviced in the middle of the night by independent operators. It turns out that there’s a few master keys running around, which open up hundreds of thousands gas pumps, and then skimmers are inserted in the pumps and the data is captured.

Fraud gets created, and interchange has to stay high.

I thought gas stations experienced high fraud because the credit card has already been stolen, and can easily be used at the pump?

No, the signature doesn’t act as a deterrent. There’s a lot of unattended systems, where there’s not a person there, and they are all compliant and are encrypted. Only in America do these pumps exist.

And, what about restaurants?

The second area where there is a lot of fraud happening is in restaurants. You give your card up to the waiter, and they copy it. We agree [with Square] that copying cards down is a form of skimming.

Restaurants are the last frontier. Restaurants are the only place, where you give your card to a stranger and they go in the back room. So much happens in restaurants. They can get the number on the back, or run it through a skimmer, which are commonly available.

We have tech solutions to solve the two big problems, which would go a long way to reducing fraud, and probably reducing interchange.

Which leads us to how you believe Square is creating a new unencrypted point of sale?

We fear it is the third place, where data is being transmitted through a non-payment device without encrypting it before it goes in.

We have an iPhone product called PAYware Mobile.

We are on a mission here to reduce interchange for retailers by increasing the use of technology at the point of sale. We’ve been telling the story to card associations, customers and major retailers for the past year…It’s not just about reducing interchange for retailers when customers get their identity stolen, it’s a major pain in the you-know-what.

We think we are on the cusp of mobile payments, and there’s going to be more and more done with the phone. We want to make sure it is done securely because if there’s a major pandemic of fraud using cellphones, it’s going to slow the adoption.

We not only support mobile payments fully, we were great proponents of the use of smartphone as credit cards and acceptance systems–our point is let’s be consistent with the rest of the industry.

The company added in a statement that an investigation found that neither the two executives nor other members of senior management were involved in the activity, though nearly 100 of the company’s 14,000 employees are suspected of abetting the fraud, some intentionally. Alibaba said it found a noticeable increase in fraud claims by buyers against certain suppliers on its business-to-business platforms starting in late 2009 and through much of 2010.

Jonathan Lu, CEO of sister site Taobao.com, China’s largest domestic e-commerce website, will now separately run Alibaba.com as well, said John Spelich, spokesman for parent company Alibaba Group. The e-commerce conglomerate, roughly 40 percent owned by Yahoo Inc., also operates online payment system Alipay.

Read the rest of this post on the original site

The latest to be arrested is Winifred Jiau, 43, of Fremont, Calif. Like others charged or arrested on Dec. 16, she has ties to Primary Global Research. She’s accused of providing inside information to Primary Global clients who were portfolio managers at hedge funds of Nvidia and Marvell Technology during a period from 2006 to 2008. Prosecutors say she collected $200,000 during that time. She’s facing charges of conspiracy and securities fraud.

In August of 2008, the complaint says, she provided managers of two hedge funds with detailed numbers for quarterly revenues, per-share earnings and gross margins for the quarter ending that month. The complaint says that in the conversations she made it clear she had obtained the information directly from an employee of Marvell. The funds in question–they were not named in the complaint–allegedly made $820,000 on trades from the information.

On Aug. 8, 2008, the complaint says, Jiau provided the hedge fund managers with an early look at Nvidia’s quarterly revenue and told them it planned to announce a stock buyback, which it did four days later.

I’ve embedded the complaint below.

Jiau, Winifred Complaint

The suit was filed on Thursday by the law firm KamberLaw on behalf of Jonathan Lalo, a Los Angeles County resident, in federal court in San Jose, California. It seeks class-action status.

The suit was filed less than a week after the Wall Street Journal published an article raising privacy concerns over the transmission of personal information based on a study of 101 mobile apps on Apple’s iPhone and phones that run Google’s Android operating system. The complaint, which sites the Journal investigation, names app developers Pandora, Dictionary.com, The Weather Channel and Backflip Studios, the maker of the Paper Toss app, as well as Apple.

Read the rest of this post on the original site »

Criminals, who have a powerful incentive to remain anonymous, learned long ago to thwart cookies–small text files associated with their Web browser. So anti-fraud companies began searching for more persistent identifiers.

Some firms hide other small files in several places on a person’s machine. The technology is known as a “supercookie” or “evercookie,” a term popularized by programmer Samy Kamkar this fall when he created a program that stores more than 10 such identifiers.

One anti-fraud company, California-based ThreatMetrix Inc., touts its “evercookie” approach in detecting criminals. The company does not disclose every place that it stores identifiers but says it uses browser cookies, files associated with Adobe Systems Inc.’s Flash player and local storage in HTML5, the newest version of the language used to code Web pages, said ThreatMetrix CEO Reed Taussig.

Read the rest of this post on the original site

Merchants that sell digital goods lost 1.9 percent of all revenue to fraud in 2009, compared with a 1.1 percent fraud rate for companies that sell physical goods online, according to CyberSource Corp., which processes credit cards for online merchants.

Such percentages seem small, but can translate into sizeable sums of money as social networks like Facebook Inc. expand the market for virtual goods, which have long been associated with games like Second Life and World of Warcraft, where players buy items like virtual gold and clothes for avatars.

Read the rest of this post on the original site

Google has long claimed that the server log data it collects are a critical driver of innovation. Over the years, to appease privacy advocates, the company has tweaked its treatment of those data and the length of time it stores them. Google continues to collect IP addresses, though it makes them anonymous after nine months (it used to do so only after 18-24 months).

This may soon change. And not because of any initiative on Google’s (GOOG) part but because of one by Microsoft (MSFT).

Responding to Article 29 Working Party guidelines for protecting users’ personal data online, Microsoft this morning said its new search engine, Bing, will purge all the data it collects on users after six months. Not make the data anonymous, but purge.

“Today we sent a letter to the Article 29 Working Party notifying them of our intention to make a change to Bing’s data retention policy,” Bing Privacy Manager Reese Solberg wrote in a post to the Bing blog. “Specifically, we are reducing the amount of time we store IP addresses from searchers to 6 months. Currently we keep that information for 18 months before we delete it.”

Elaborating, the letter continues, “Generally, when Bing receives search data we do a few things: first, we take steps to separate your account information (such as email or phone number) from other information (what the query was, for example). Then, after 18 months we take the additional step of deleting the IP address and any other cross session IDs associated with the query.”

In conclusion, the letter describes Microsoft’s initiative succinctly: “Under the new policy, we will continue to take all the steps we applied previously–but now we will remove the IP address completely at 6 months, instead of 18 months.”

Microsoft’s move leaves Google in the uncomfortable position of being far less a friend to privacy than Microsoft. And hard as the company might argue in favor of storing user data, it will likely have to match Microsoft.

It’s difficult to claim that server log data are “a crucial arm in the battle to protect the security of our services against hacks and fraud” when a prominent rival is essentially claiming exactly the opposite.

And it turns out that people still care about John, Paul, et al.

EMI says it has sold a staggering 10 million copies of the band’s remastered albums since September. The total includes the giant box sets of the band’s work (if you bought the stereo set, that accounted for 14 albums in one purchase; if you went with the mono discs, that counted for 11), as well as downloads for the sort-of successful Beatles Rock Band game.

And, of course, nada from iTunes. Sidebar: If and when the band finally starts selling its music on Apple’s (AAPL) digital storefront, will there be anyone left to buy it?

But back to EMI, which has much more unpleasant news to deal with, namely that owner Terra Firma seems to be at the end of its rope. The private equity firm is now suing Citibank (C), which lent it the billions it needed to buy the music company in 2007, for fraud.

And Terra Firma is reportedly looking for investors to lend it another $1.6 billion to keep the company afloat, in large part because it fears it will default on the money it has already borrowed from Citi.

The conventional wisdom, meanwhile, is that all of this is simply a precursor to an eventual combination between EMI and Warner Music Group (WMG)–a deal the two companies have been trying to pull off for close to a decade.

Terra Firma’s complaint, via the New York Times’s Dealbook, makes for fascinating reading, in large part because of the cognitive dissonance created by Terra Firma’s description of itself.

The company describes itself as a clueless investor duped by Citigroup into buying the music company in an auction with no other bidders and as a savvy manager that has turned around the ailing music company.

Can both descriptions be true?

Terra Firma’s Lawsuit Against Citi Over EMI

(Also, some free fact-checking for Terra Firma’s attorneys: The iTunes Store launched in 2003, not 2005.)

But first the company needs to figure out who the culprits are.

Microsoft (MSFT) has filed five so-called “John Doe” civil suits against the hackers, whom it can’t identify yet. Redmond accuses the unknown attackers of a variety of crimes, from fraud to copyright infringement; it says it hopes the filings will “deter malvertising in the future.” (See full text of the complaint below.)

There’s a decent chance that the Microsoft bad guys are, in fact, the same guys who hijacked the Times last weekend. The methodology they used to get the ads onto Redmond’s MSN publishing network seems similar, and so does the fake “virus detected” warning the ads use to confuse surfers.

And, intriguingly, online ad monitor Click Forensics says it thinks it has identified a link between the malware that the Times served up and the stuff that the Microsoft attackers were trying to distribute. The company also thinks the two attacks are connected to a click fraud ring it has dubbed the “Bahama Botnet.”

Even if Microsoft does end up getting its hands on these guys, I think we’ll be seeing more of this stuff. Since the Times story broke last weekend, I’ve been talking to a variety of ad tech experts about the incident. And it sounds as if the technique the hackers used to compromise the paper–essentially, passing themselves off as legitimate advertisers–will be very difficult to stop if someone is determined to use it.

The best solution I’ve heard so far: Monitoring systems that can quickly detect an attack and warn publishers that they’re running malvertisements. It’s unclear how long the bogus Times ad stayed up, but the fact that it got switched on over the weekend indicates that the attackers assumed the paper would be slow to react.

Microsoft Malware complaint –