The London-based financial newspaper (and competitor to The Wall Street Journal, which, like this website, is owned by News Corp.) saw both its main website and several Twitter accounts attacked, according to a report by another British newspaper, the Telegraph.

As of 10:30 am ET, Twitter accounts belonging to the FT’s Lex column, its tech news section and a few others were all suspended.

But this attack was a little different from the more recent moves by the pro-Assad group. Lately, they’ve stuck to attacking the Twitter accounts of Western media organizations including CBS, the BBC, the Guardian and the Onion. This time, they actually attacked the main website, as well, and left headlines announcing that they had visited.

Zach Seward of Quartz.com nabbed a screenshot, which he shared on Twitter:

Syrian Electronic Army appears to have hacked the Financial Times tech blog http://t.co/M2RAVhgDP3 @fttechnews http://t.co/A3r2JVuZWm

May 17, 2013 5:03 am via webReplyRetweetFavorite

@zseward

Zach Seward

The U.K.’s Telegraph has a story today on a report in a British academic journal, arguing that the Stuxnet malware used to attack and sabotage Iranian nuclear enrichment sites in 2010 may have had the net effect of helping Iran get better at enriching uranium.

Stuxnet, you’ll recall, is the most famous of a series of cyber weapons said to have been used by the U.S. and Israel in a series of joint operations meant to sabotage and delay the ability of Iranian nuclear scientists to enrich uranium and eventually build a nuclear bomb.

Never officially acknowledged by either the U.S. or Israel, the Stuxnet source code was taken apart by computer-security researchers who determined that only a motivated government could have the resources to build it. And the only motivated governments in the world with sufficient know-how are the U.S. and Israel, their argument went. The New York Times finally all but proved them right.

Using data gathered from the International Atomic Energy Agency, King’s College researcher Ivanka Barzashka concluded that the Stuxnet attacks exposed weaknesses in Iranian systems that would otherwise have gone undetected, and which have since been patched. Since then, she said, Iran has regrouped and actually boosted its capacity to enrich uranium.

The story goes that the Stuxnet worm was introduced in 2009 via a series of USB drives dropped by intelligence operatives near a targeted facility at Natanz. The worm penetrated computers running pretty much any variant of Microsoft’s Windows, looking for a specific set of machines hooked up to a series of Siemens programmable logic controllers — computers that sit between desktop PCs and industrial equipment like, say, nuclear centrifuges.

What it did was show operators a screen depicting centrifuges running normally, while at the same time issuing commands to those centrifuges to spin too fast. Ultimately, several of them exploded. The estimate at the time was that Iran’s nuclear efforts had been set back by two years. It has now been four years since that attack was alleged to have taken place. If Barzashka’s findings are confirmed — and that’s admittedly not going to be easy — it would raise some serious questions about whether or not the Stuxnet attacks were such a good idea in the first place.

They also sparked a high-stakes legal battle over whether a federal agency can use its consumer-protection powers to police cyber security practices at American companies.

Read the rest of this post on the original site »

In case you missed anything, here’s a quick weekend roundup of the news that powered AllThingsD this week:

1. Wondering just how much your new S4 costs? Market research firm IHS pegs the cost of Samsung’s new flagship smartphone at just above $237 per unit.
2. It planned to do so originally, but Google will not roll out a physical credit card later this month to bolster its “Google Wallet” commerce project.
3. Everyone who works in Web advertising seems to be talking about the same video ad lately, and here it is: A three-minute-28-second mini-documentary from McDonald’s Canada.
4. The Onion is best known for its prowess at disseminating false information. But it performed an “awesome” public service this week when it explained in detail just how it got hacked by the Syrian Electronic Army.
5. Brace yourselves: Windows Blue is coming. Yes, Microsoft confirmed this week that an update to the “no compromise” PC-mobile hybrid OS Windows 8 is on the way.
6. In other Microsoft-related news, BlueStacks’ software that lets you emulate Android apps inside of Windows has been downloaded more than 10 million times. And it’s still in beta.
7. Mobile videogames currently cater to easily distracted players, but is there room for more thoughtful strategy games? Firaxis Games’ Sid Meier (a.k.a. the Civilization guy) says yes.
8. Two new iPad apps claim that they can teach children programming skills directly on the tablet. But can they? Lauren Goode puts Hopscotch and Kodable to the test.
9. It hasn’t made a formal bid, but Yahoo has joined the gang of companies meeting with wanna-sell execs at Hulu.
10. Social video startup Viddy is returning most of its Series B round to investors and moving people in and out of its board.

To stay on top of the latest, follow AllThingsD on Twitter and Facebook, and subscribe to our daily email newsletter.

In a detailed post, the site’s tech team has published a fairly thorough tick-tock on how the attack was carried out.

This is the opposite of what companies usually do when they experience a security breach. The pro-Assad Syrian Electronic Army has been attacking the Twitter accounts of many Western media organizations in recent weeks, including CBS News, the BBC, Associated Press, and others). None of those organizations have followed up with any significant disclosure about what happened.

When companies and organizations suffer a computer breach of any kind, the impulse is to keep the details of how it was carried out close to the vest. There are many legitimate reasons for this, not the least of which is that it’s embarrassing. And the details can shed light on internal processes and procedures that might be of value to competitors.

In addition, there’s a public relations consideration. Stories about hacking attacks are negative. If there’s any media coverage, there’s an understandable desire for the coverage to stop. Disclosures about how it happened yield another round of coverage that would otherwise be unwanted. In cases like this, the desire for no coverage wins out.

As one media organization after another has fallen for the Syrian Electronic Army’s tricks, there seemed to be a common thread that ran through the circumstances of each incident. All appear to have fallen prey to some kind of “phishing” attack. These are spoofed emails that look legitimate but which contain attachments or links that are used to gather information like usernames and passwords to carry out the attack.

What The Onion has disclosed is that the attackers in this case used a sophisticated multilayered attack, using information gleaned in the first round to then launch a second that gathers more information, and so on, until at last they had penetrated the target: The Onion’s Twitter account, with a healthy five million followers.

This is by far the most detailed account of any of these attacks that I’ve read. And the more people who read it the better, because eventually the methods used will stop working.

I’ve long thought that there ought to be more transparency from private companies in these matters, especially from media organizations that have a certain amount of accountability to the public that they serve. When hackers thought to be based in China attacked several media organizations, including The Wall Street Journal (which, like this website, is owned by News Corp.) and the New York Times, the apparent intent was to monitor communications about reporting what those organizations were doing about Chinese officials and companies.

In the case of the Syrian Electronic Army, the intent was to take advantage of the Twitter followers these organizations have attracted and hijack their accounts to spread political propaganda. The attacks do some short-term damage to reputations and result in some embarrassing press coverage for a day or so. Usually, no one ever learns anything useful, because the details remain obscured. Yesterday, The Onion changed that. It’s an example we can all learn from.

I did just that this morning. (And you can, too, right here.) One section I found especially interesting is headlined “Role of Electronic Warfare in Future Conflict.” It details the Pentagon’s current assessment of how China’s People’s Liberation Army looks at action in the digital realm, and if nothing else, it’s certainly worth thinking about.

It’s pretty well understood that if the U.S. and China found themselves in a shooting war tomorrow, the U.S. would hold a significant military advantage. Its land forces, planes and ships and surveillance technologies are all more advanced. But much of that advantage comes from the ability to quickly share information on the battlefield, and to see everything that’s going on.

China, the Pentagon says, sees electronic warfare as a way to “reduce or eliminate” those technological advantages. How? China’s military doctrine calls for making its enemy blind, deaf and dumb by disrupting its ability to communicate and share information. “Effective EW is seen as a decisive aid during military operations and consequently the key to determining the outcome of war,” the Pentagon writes. “Potential Chinese adversaries, in particular the United States, are seen as ‘information dependent,’” the report says elsewhere.

If you’ve been paying attention to China’s numerous alleged intrusions against many, many computer systems and networks owned by U.S. government agencies and companies like Google and Intel that have disclosed attacks in the past, it’s not surprising. But when cast in the light of an overarching military philosophy, it’s more troubling.

Earlier this year, the world learned about the existence of a division of the People’s Liberation Army called Unit 61398. This unit is thought to be responsible for a series of cyber attacks against no fewer than 141 distinct companies or organizations since 2006.

The role of these attacks, the Pentagon says, is pretty straightforward: Spying and information in preparation for a day when a potential conflict might come. “China is using its computer network exploitation capability to support intelligence collection against the U.S. diplomatic, economic, and defense industrial base sectors that support U.S. national defense programs,” the report says. It could also give China’s leaders insight into the planning and capabilities of U.S. forces and into how leaders might respond, and that information could be “exploited during a crisis.”

China’s military thinkers, the report says, see electronic and information warfare as a “preemption weapon,” one that can be used to achieve “information dominance.” The ultimate aim: “Preclude the need for conventional military action.”

Come to think of it, that sounds a lot like the Chinese philosopher Sun Tzu, who I’ve quoted before. But the quotation I have in mind bears repeating: “The supreme art of war is to subdue the enemy without fighting.”

The Syrian Electronic Army, the pro-Assad propaganda group known for attacking Twitter accounts operated by numerous Western media outlets including National Public Radio, the BBC, CBS, the Associated Press and numerous others, has notched another paragon of journalistic virtue on its belt: The Onion.

The satire news site, known best for occasionally confusing other media organizations and public people who aren’t in on the joke, has, in a sinister way, been subjected to a taste of its own medicine.

“UN retracts report of Syrian chemical weapon use: Lab tests confirm it is Jihadi body odor,” one message said, according to a report by the New York Times. The attack appears to have been in response to an only partially satirical Onion essay, written by a fake Bashar al-Assad, that carried the headline, “Hi, In The Past 2 Years, You Have Allowed Me To Kill 70,000 People.”

Following the tried-and-true rule of not letting a heckler have the last word, The Onion responded with a story about the attack. Datelined from the Syrian capital of Damascus, it opens:

“After hacking into The Onion’s Twitter account earlier today, members of the Syrian Electronic Army confirmed that the organization simply wanted to have a little fun before soon dying at the hands of rebel forces.”

Briefly suspended, The Onion’s Twitter account is back online. Its first few tweets: Security tips, naturally.

The Onion’s Tips On How To Prevent Your Major Media Site From Being Hacked http://t.co/Q3wftX8yAc

May 6, 2013 1:35 pm via webReplyRetweetFavorite

@TheOnion

The Onion

Move site to a new web address every few minutes http://t.co/Eek3OIqDBW #HackPreventionTips

May 6, 2013 1:38 pm via webReplyRetweetFavorite

@TheOnion

The Onion

Onion Twitter Password Changed To OnionMan77 | ‘That Ought To Do It,’ Company Sources Confirm http://t.co/iYrV4JQxYJ

May 6, 2013 12:42 pm via webReplyRetweetFavorite

@TheOnion

The Onion

Install a shit-ton of firewalls http://t.co/Eek3OIqDBW #HackPreventionTips

May 6, 2013 1:45 pm via webReplyRetweetFavorite

@TheOnion

The Onion

What’s not funny is what’s going on in Syria right now. Over the weekend, a rocket attack widely believed to have been carried out by Israel’s air force caused some huge explosions in the real Damascus. (See the video below, via Reuters.) The attack targeted some weapons said to be destined for the Iranian-backed militant group Hezbollah. And of course it’s taking place against the backdrop of the ongoing civil war against the Assad regime, in which some 75,000 people are said to have died. That part is no joke.

The group, the Syrian Electronic Army, has claimed responsibility for some of the latest high-profile account hacks, taking over the official Twitter handles of NPR and CBS and, most recently, sending a false tweet from the Associated Press’s Twitter account that sent U.S. stock markets into a tailspin for a few brief moments last week.

“We are aware that a number of Guardian Twitter accounts have been compromised and we are working actively to resolve this,” a Guardian spokesperson told AllThingsD.

Update 3:15 PST: Twitter has sent out e-mail notices to a number of journalists who user Twitter, urging them to take extra security measures with their accounts in light of the recent hacks. A portion of the email, obtained by AllThingsD reads as follows:

“These incidents appear to be spear phishing attacks that target your corporate email. Promoting individual awareness of these attacks within your organization and following the security guidelines below is vital to preventing abuse of your Twitter accounts.”

And also worth noting from the email:

“We believe that these attacks will continue, and that news and media organizations will continue to be high value targets to hackers.”

In this the most recent hack, the SEA tweeted out advertisements for its movement from the Guardian’s smaller, vertical-based Twitter accounts such as @GuardianBusiness and @GuardianFilm, according to the Naked Security Blog, which first noted the attack.

“Follow the Syrian Electronic Army … Follow the truth! @Official_SEA12 #SEA #Syria,” the messages read.

It is possible, as noted by Guardian staffer James Ball, that the SEA used a similar email phishing attack employed last week on members of the Associated Press, in which the hacker cohort sent out well-crafted false emails that tricked staff members into handing over their email account information.

As of mid-morning Monday, a number of the Guardian Twitter accounts had been suspended.

After the spate of recent high-profile hacking incidents — including one on Twitter itself that potentially compromised 250,000 user accounts — Twitter has come under heavy scrutiny for its security practices.

The guys doing the Guardian phishing attack I mentioned yesterday (it’s SEA) are really very good: sustained, changing, mails today.

— James Ball (@jamesrbuk) April 29, 2013

Rumors circulated that the microblogging service would eventually introduce two-factor security authentication, essentially a way of verifying a user’s identity when trying to log in to an account.

It’s worth noting, however, that these rumors floated around last time Twitter was hacked, and we haven’t seen anything yet. Surmise what you will from that.

Representatives from Twitter did not respond to a request for comment.

In case you missed anything, here’s a quick weekend roundup of the news that powered AllThingsD.com this week:

1. Daily-deals site LivingSocial was hacked, compromising the names, emails, birthdates and encrypted passwords of 50 million users.
2. In an essay, Reed Hastings laid out his predictions for the future of streaming video, which includes not just his company, Netflix, but also HBO, ESPN and anyone else transitioning from a channel to an app.
3. Walt Mossberg reviewed the Galaxy S 4, Samsung’s new flagship smartphone, and concluded that “while I admire some of its features, overall, it isn’t a game-changer.”
4. What are Google’s plans for its high-speed Internet project, Google Fiber? Theories abound, but good luck divining an answer from CEO Larry Page’s words.
5. According to multiple sources, Twitter is testing local discovery features that will help you better understand what’s happening not just around the world, but also down the block.
6. Android’s seemingly inexorable ascension over the iPhone may not be inexorable, after all. A new report says customer loyalty will let Apple overtake Google in smartphone market share by 2015.
7. On the 10-year anniversary of its sale to Google, Applied Semantics co-founder Eytan Elbaz explained what he and his partners learned from starting up and getting acquired.
8. For the first time, Yahoo CEO Marissa Mayer publicly commented on the controversy created after Yahoo banned its employees from working from home.
9. Speaking of Mayer, she’s officially joined the board of wireless gadget maker Jawbone, and it’s likely to be a good fit.
10. Apple needs some new hit products to drive growth, and CEO Tim Cook says they’re on the way… just not until this fall.

To stay on top of the latest, follow AllThingsD.com on Twitter and Facebook, and subscribe to our daily email newsletter.

The case offers a rare look at the use of so-called “offensive” computer security tools by the U.S. government. Most past such legal requests by government investigators appear to have been sealed, as have been the judges’ rulings.

Read the rest of this post on the original site »

But even so, for all the talk about cyberwar, it didn’t come close to eclipsing the amount of financially motivated crime that took place in the digital realm, a new study by telecom giant Verizon has found.

In its ninth annual survey of data breach investigations, which will be formally released tomorrow, Verizon found that old-fashioned financial motivations accounted for 75 percent of computer security incidents. State-sponsored attacks accounted for 20 percent. And, as you might expect, the victims are the organizations that move or hold a lot of money: Financial organizations were targets 37 percent of the time, followed by retailers (24 percent) and manufacturing, transportation and utilities (20 percent).

The study’s sample size included 621 confirmed data breaches and more than 47,000 reported computer security incidents in 27 countries and territories. Verizon has been gathering the data for nine years, and now has records encompassing 2,500 data breaches and 1.2 billion compromised records.

Attacks by outside entities accounted for the majority of breaches, while only 14 percent were attributed to insiders and 1 percent to business partners; 71 percent of breaches targeted user devices and 54 percent were aimed at servers. Perhaps most troubling: Two thirds of the breaches reported required a month or more to discover.

The benefit of a study like this is that it happens at all. Since most large companies and organizations aren’t usually willing to disclose when they’ve been attacked — most have — and suffered a breach that actually cost them some money, it’s rare to see this sort of trend data gathered up in one place.

One interesting thing I noted as I scanned the report. For all the security-related anxiety that seems to have arisen during the two years or so around the “bring your own device” trend in the enterprise — where employers let workers use their personal smartphones or tablets or notebooks to access corporate networks — there seem to have been practically no BYOD-related security incidents. As one sidebar in the report put it:

“The Bring Your Own Device (BYOD) trend is a current topic of debate and planning in many organizations. Unfortunately, we don’t have much hard evidence to offer from our breach data. We saw only one breach involving personally-owned devices in 2011 and a couple more in 2012. We’ll keep watching.”

Options include trade sanctions, diplomatic pressure, indictments of Chinese nationals in U.S. courts and cyber countermeasures — both attack and defense, officials said.

Read the rest of this post on the original site »

It’s a band of digital activists and hackers who support the beleaguered government of Syrian President Bashar al-Assad. The group, which claimed credit for the attacks via a statement on its website, has a history of attacking the websites and social media accounts of various western media organizations.

On April 16, it attacked websites and some Twitter accounts belonging to NPR. Last month, it attacked the website of Human Rights Watch, as well as its Twitter account. Also in March, it breached a Twitter account belonging to the BBC. And last year it gained access to a blog belonging to Reuters, and posted a fake story, detailing a retreat by Syrian rebels that hadn’t happened.

CBS experienced at least one more attack last night after the initial one. The Verge captured images of three more tweets from the account belonging to its high-profile Sunday night magazine show “60 Minutes,” presumably sent by hijackers. Today, as of 8:15 am PT, the “60 Minutes” Twitter account and that of another CBS show, “48 Hours,” were suspended.

Matt Polevoy, a social media producer at CBS News, announced the suspension:

Update: We’ve suspended the 60 Minutes account while we investigate with Twitter.

April 20, 2013 7:59 pm via Tweetbot for iOSReplyRetweetFavorite

@CBSMatt

Matthew Polevoy

Obviously, those messages posted did NOT come from 60 Minutes staff. This is serious matter and we’re treating it as such.

April 20, 2013 8:09 pm via Tweetbot for iOSReplyRetweetFavorite

@CBSMatt

Matthew Polevoy

A Twitter account belonging to the Syrian Electronic Army has also been suspended, but, in what appears to be a rolling battle with Twitter, the group appears to have created a new one. It seems to be doing the same thing with Facebook, creating new accounts every time an old one is shut down. A message posted to the current Twitter account contained the following video that appeared to take credit for the attacks against CBS:

No comment yet from Twitter. Since it’s a Sunday night, it will be interesting to see if there’s any mention of the incident on “60 Minutes” tonight.

Of course, this is all taking place against the backdrop of a quickening of events with regard to the U.S. and Syria, so it’s no surprise that pro-Assad hackers would seek to make a statement of some kind and get attention. And while most of our attention has been focused on Boston, there’s been a lot going on.

Last week officials from the United Kingdom told the United Nations about concerns that chemical weapons had been used by the Assad regime. And that’s important because President Obama has often referred to that as a “red line,” though he hasn’t exactly spelled out what crossing it means. Presumably, it could mean military intervention.

Also this week, the Pentagon ordered 200 people into neighboring Jordan to help that country deal with the potential use of chemical weapons, and to prevent the fighting from spilling over its borders. Separately, the U.S. said it would double the amount of nonlethal aid that is going to the rebels.

So you can see why pro-Assad sympathizers might want to get your attention right now.

Some 75,000 people have been killed in the three-year-old civil war, and many thousands more have been displaced. It has effectively become a military stalemate, and a bloody one at that.

Lookout Mobile Security said yesterday that it has detected a significant outbreak of malware lurking inside 32 different apps that it says have been downloaded a combined two million to nine million times. (It’s unclear why that range is so large.)

Google was notified and the company removed the affected apps and killed the developer accounts associated with them. And Lookout’s product, the company says, gives its customers protection against it.

It’s called BadNews, and Lookout says it masquerades as “an innocent, if somewhat aggressive advertising network.” The network would initially serve up only ads, but later on, after having passed security scrutiny, it would start pushing malware to affected devices. Among other things, the servers controlling the apps were caught pushing AlphaSMS, a well-known app that creates fraudulent text messages.

One key takeaway is that apps need to be vetted and re-vetted more than once. “Enterprise security managers must assume that even very well-designed app-vetting processes will not be able to detect malicious behavior that hasn’t happened yet,” Lookout says. The delay in the bad behavior allowed it to be distributed pretty widely before the problems were detected.

About half of the naughty apps are in Russian, and AlphaSMS is intended to commit SMS fraud in Russia and neighboring countries, including Ukraine, Belarus, Armenia and Kazakhstan, Lookout says.

The folks at Lookout do happen to know a thing or two about hacking phones. In fact, its CEO, John Hering, appeared onstage at D: Dive Into Mobile earlier this week to show AllThingsD’s Liz Gannes just how easy it can be to hack a phone. It certainly doesn’t seem to be getting any harder.

CBS News confirmed via its primary Twitter account that various accounts operated by its high-profile news magazine shows “60 Minutes” and “48 Hours” have been compromised. The links are said to be serving up malware, so, again, don’t click on them.

Also confirmed to have been hacked is @CBSDenver, the Twitter account associated with the news division of the local affiliate in Denver, Colo.

We have experienced problems on Twitter accounts of #60Minutes & @48Hours; We apologize for the inconvenience; Twitter is resolving issues

April 20, 2013 12:57 pm via Seesmic twhirlReplyRetweetFavorite

@CBSNews

CBS News

PLEASE NOTE: Our Twitter account was compromised earlier today. We are working with Twitter to resolve.

April 20, 2013 1:13 pm via webReplyRetweetFavorite

@60Minutes

60 Minutes

PLEASE NOTE: A message that was posted earlier to this account was not written or sent by @60Minutes or its staff.

April 20, 2013 1:32 pm via webReplyRetweetFavorite

@60Minutes

60 Minutes

Since the offending tweets will probably disappear within the hour, here are some screen grabs. (Update: They already vanished.)

Asa Mathat / AllThingsD.com

It’s been a long, hectic week for news — so it’s understandable if you’ve missed a couple stories on the technology side of things. Here’s a quick weekend roundup of the news that powered AllThingsD this week:

1. In an essay in AllThingsD Voices, Jan Chipchase writes that Google Glass is the company’s “unintentional public service announcement on the future of privacy … it threatens surreptitious, unexpected or continuous recording from the perspective of the human-eye/ear view.”
2. At D: Dive Into Mobile, WhatsApp CEO Jan Koum announced that his messaging app is now bigger than Twitter, which officially claims 200 million monthly active users.
3. Also announced at our mobile conference were Facebook’s updates to its iPhone and iPad apps to incorporate the “Chat Heads” from Facebook Home. As of Wednesday, those changes have started rolling out to users.
4. In an interview with Arik Hesseldahl, Workday co-CEO and Greylock Partner Aneel Bhusri said, “it’s the most disruptive time in 25 years” for enterprise, and that landing HP as a customer at Workday “gives people more comfort that the cloud is real.”
5. Peter Zatko, a computer hacking expert better known as Mudge, is leaving his post at DARPA, where he was tasked with helping government agencies fend off cyber attacks. Mudge’s next stop? Google.
6. If the netbook wasn’t dead already, it will be soon. New data from research house IHS iSuppli say shipments of the mini-computers will fall to zero by 2015.
7. Maybe you’ve heard of this small company called Microsoft? Windows Phone head Terry Myerson is casting his division as an underdog and going on the offensive against Google: “[there is] clearly mutiny in the Starship Android,” he said.
8. Facebook would love to put its new Home overlay on Apple’s iPhone and iPad. Apple almost certainly doesn’t want it there. In this interview, Kara Swisher asked Facebook CTO Mike Schroepfer and mobile head Cory Ondrejka to explain the two companies’ complicated relationship.
9. If you haven’t heard of Chinese smartphone company Xiaomi yet, you will soon. With 7.19 million handsets sold in 2012, Xiaomi president Bin Lin said the company expects to sell twice as many this year.
10. And finally, one of readers’ favorite quotes of the week came from AllThingsD’s own Walt Mossberg. He kicked off Dive Into Mobile by asking Mozilla CEO Gary Kovacs about Firefox’s mobile operating system: “So … what the f**k?”

To stay on top of the latest, you should follow AllThingsD on Twitter and Facebook, and subscribe to our daily email newsletter.

Asa Mathat / AllThingsD.com

And that’s a wrap! After Monday’s half-day kickoff to D: Dive Into Mobile — Global Edition, Tuesday saw a full day of great speakers on topics ranging from messaging to activism to driverless cars. In case you missed it, here’s a good place to start:

1. Starting at the end: “We’re big believers that this [phone] screen is the first screen,” said Bob Bowman, president of Major League Baseball’s Advanced Media, in the conference’s final interview. “Anybody that doesn’t believe that is living on another planet or doesn’t have children. Reality is the second screen.”
2. “Our goal with Android is to reach everyone,” Google chairman Eric Schmidt said. “We’ll cross one billion Android devices in six to nine months. In a year or two, we’ll hit two billion.” Schmidt also talked about Google’s self-driving cars and the company’s new gadgets.
3. Intel said it is getting the hang of mobile — which is good, because the company also reported bleak Q1 earnings today, with a 25 percent drop in profit as demand for PCs declines.
4. WhatsApp CEO Jan Koum said his messaging app is now bigger than Twitter, which officially claims 200 million monthly active users. WhatsApp has eight billion inbound and 12 billion outbound messages per day, Koum said.
5. Meanwhile, Snapchat CEO Evan Spiegel said his photo- and video-messaging app has grown by three times in four months, and that users are now sharing 150 million ephemeral photos per month, versus 40 million permanent pictures per month on Instagram.
6. A mobile app called Better launched onstage, promising to provide 24/7 concierge medical care to paying users. Better’s offerings include the ability to directly contact doctors and nurses, through a partnership with the Mayo Clinic.
7. Twitter’s VP of Product Michael Sippey said the site is heavily investing in and focusing on improvements to Twitter’s once-poor search and discovery experience.
8. Microsoft’s Terry Myerson said Windows Phone is a global competitor, because it has had stronger momentum in markets where carriers do not subsidize phones. He also aimed more than a few potshots at the likes of Android and Facebook.
9. Nonprofit activism organization DoSomething’s Nancy Lublin announced that the company had reached one million teens via weekly text messages, with a 97 percent open rate.
10. And lastly — mobile security provider Lookout demonstrated how phones can be hacked via phishing emails with phony app-download links, urging users to be wary of unfamiliar download sources.

These 10 blurbs only scratch the surface, though. For more, please check out our full list of stories from D: Dive Into Mobile.

Zatko joined DARPA, the research arm of the U.S. Department of Defense in 2010 and was a program manager in its Strategic Technologies Office, where he oversaw research intended to help government agencies fend off cyber attacks.

Here’s the original tweet:

Given what we all pulled off within the USG, let’s see if it can be done even better from outside.Goodbye DARPA, hello Google!

April 12, 2013 8:28 pm via Twitter for iPadReplyRetweetFavorite

@dotMudge

.mudge

Zatko first came to fame as a member of the Cambridge, Mass.-based hacking group The L0pht, a sort of unofficial think tank for hackers whose members at the time included people who went on to distinguished careers in computer security, like Chris Wysopal, Joe Grand, and Christien Rioux. He was also a member of The Cult of the Dead Cow, another hacker collective known for mixing hacking prowess with an ability to get media attention.

In the mid-1990s he did some of the early fundamental research on a type of computer security vulnerability known as a buffer overflow, and published some of the first papers on the topic. He later was the principal creator of some important security tools, including L0phtcrack . In 1998 he and other members of L0pht testified before the U.S. Senate, a session in which the group famously proclaimed that with its combined expertise, it could “bring down the Internet in about 30 minutes.”

After that, he and other L0pht members were occasionally summoned to Washington whenever senior officials, including President Clinton (he’s the long-haired guy in the picture), wanted to be seen discussing computer security issues.

In 1999, L0pht went legit and joined with the Cambridge-based computer security firm @Stake, which in 2004 became part of Symantec. In 2005 Zatko joined BBN Technologies as a research scientist.

Inside DARPA, an agency known more for its secrecy and occasionally for the cool things it does, Zatko created a Cyber Fast Track Program, through which hackers working outside government with good security ideas could get funding to work on projects that could help secure Defense Department systems.

Zatko didn’t specify what he’ll be doing at Google, and he didn’t immediately answer an email from me asking for a little more detail, though its a pretty sure bet it will involve doing some kind of research on security. I’ll add more if I hear back from him.

He’ll be the second high-profile DARPA manager to join Google in recent memory. Last year the agency’s former director, and D9 speaker Regina Dugan, joined the search giant.

“Hack” is not always a four-letter word.

It’s Facebook’s unofficial slogan, pasted all over the company’s campus walls. And, for a day at least, “hack” will have something of a charitable connotation.

That’s because on Tuesday, Facebook will play host to a hackathon at its Menlo Park, California headquarters, inviting more than 150 developers, nonprofit organizations and ed-tech specialists to create education-focused apps in a marathon coding session. The creators of the top apps across three categories (social learning, college-going and out-of-school study) will split $15,000 in cash prizes.

It’s the second leg of a project started with the Bill and Melinda Gates Foundation, originally kicked off in September of last year, when more than 20 groups competed for cash prizes by building educational apps.

“We started looking at social apps and the social networking space after seeing how students used it specifically around college-going preparation and their schoolwork,” said Emily Dalton Smith, program officer for next-gen learning at the foundation.

Facebook plans to host another event at its London office this month, again where smaller groups will compete for a cash prize. And at its Menlo Park campus, a number of all-female teams from the HackBright academy — an organization that offers a 10-week training program for aspiring women developers — will also participate at the event.

The foundation has already awarded more than $5 million in prizes over the past year, including $2.5 million donated in the “College Knowledge” challenge last year.

To be sure, social apps aren’t the only type of educational initiatives the foundation is focused on. “There is a lot of support in our school-focused initiatives, looking to help provide structures inside of schools,” Dalton Smith said. The foundation also has separate teams focused on massive open online courses — or MOOCs — like those offered by increasingly larger numbers of universities and colleges in the U.S. (not to mention the many startups in the MOOC space).

The foundation, however, wanted to get in on the massive wave of teens using the social Web, offering an educational, productive outlet alongside all the cat memes and YouTube clips. One statistic the foundation was eager to tout: Of the 97 percent of American teens who are online today, approximately 93 percent of them are Facebook account holders, according to a study conducted by the Pew Internet and American Life Project.

“For us, the focus is always on getting kids what they need, including peer-to-peer and outside-of-school learning,” Dalton Smith said. That apparently includes a healthy dose of hacked-together Facebook apps.

According to a pretty detailed report from Reuters, a provision of the government’s latest spending law requires three federal agencies — NASA and the departments of Justice and Commerce — to buy gear only after performing a cyber-security risk assessment carried out in consultation with law-enforcement agencies. Part of the assessment includes consideration of the fact that the equipment or its components may have been manufactured in China.

It’s the latest expression of official hand-wringing about China, and the fact that that country is proving not only to be a permanent and overpowering fixture in the world of tech manufacturing is complicated by the fact that it is also proving to be an adept and aggressive player in the ongoing digital cold war between the countries. It’s also a shot across the bow of China’s large tech equipment providers, like Lenovo and Huawei.

Last month, a U.S.-based research firm claimed to have traced numerous cyber attacks to a specific unit of China’s People’s Liberation Army, one operating within a particular building in Shanghai.

Before that, suspicions about China and its intentions, capabilities and actions in the cyber arena led to a White House-ordered review of claims of spying by the Chinese telecom firm Huawei. This followed a report by the House Intelligence Committee saying that Huawei and another Chinese telecom-equipment concern, ZTE, pose sufficient security risks that government agencies should avoid buying their equipment. This amendment, inserted into a continuing resolution intended to keep the government running through the end of September, essentially puts those worries into force with regard to those three agencies.

But, as I argued at the time, at least some of the federal worry has as much to do with what China might do as it does with what the U.S. is known to have already done. The joint U.S.-Israeli cyber campaigns against Iran using malware weapons like Stuxnet, Gauss and Flame say a great deal about the potential real-world damage that a cyber weapon might do. Stuxnet, you’ll recall, is said to have caused some of Iran’s nuclear centrifuges to spin out of control and explode in an attempt to set back that country’s nuclear research efforts.

Huawei in particular has had a difficult time proving that its links to China’s military establishment are sufficiently severed, and that in the event of open conflict its gear wouldn’t be turned into a surveillance and espionage tool against the U.S. Though, as Reuters notes in its story, Huawei doesn’t believe the bill applies to it. We’ll see.

This one comes courtesy of the BBC’s official weather account, which a few hours ago was putting out innocuous stuff like this:

There’s an amber warning for #rain in south west England now. Keep up to date with this & all our weather news here: bbc.in/ce0V

– BBC Weather (@bbcweather) March 21, 2013

But about an hour ago someone claimed the account in the name of the “Syrian Electronic Army,” with this tweet:

Syrian Electronic Army Was Here via @official_sea #SEA #Syria

– BBC Weather (@bbcweather) March 21, 2013

And since then things have gotten more … interesting.

Tsunami alert for Haifa: Residents are advised to return to Poland.

– BBC Weather (@bbcweather) March 21, 2013

Saudi weather station down due to head on-collision with camel

– BBC Weather (@bbcweather) March 21, 2013

Scandal: Edinburgh storm warning station decommissioned after maintenance fund diverted to arming Syrian opposition

– BBC Weather (@bbcweather) March 21, 2013

(Image courtesy of Radoslaw Lecyk/Shutterstock.com)

Servers at three TV stations, a number of commercial banks, including Shinhan Bank and Nonghyup, and two insurance companies were either shut down or severely disrupted from around 2 pm local time, police and government officials said. Some systems were still down in late evening.

Read the rest of this post on the original site »

When the final book on HP is written (and, win or lose, you know there will be books), one of the primary characters will be John Hinshaw. A CIO by experience — his last job was as CIO at the defense and aerospace giant Boeing — Whitman hired him in late 2011 with the title of executive vice president of technology and operations. At any other company he would still carry the title of CIO, but in this case he has the CIO reporting up to him because his portfolio of responsibilities is wider. Not only is it his role to make HP’s fundamental decisions around IT, but also to reengineer internal processes for how HP does things.

Often you’ll hear Whitman talk about how she’s aiming to simplify how HP engages its customers, and about speeding up how decisions are made. Hinshaw is the man making that happen. He’s the one who has shifted HP to using many cloud-based software products like Salesforce.com, Workday and Docusign. And there will be more cloud deployments coming.

But he also sees his role as showing HP customers, both existing and potential, how IT can be done at a large scale, mixing cloud services with other approaches into something of a showcase, one that he intends to show off. I sat down with Hinshaw recently at HP headquarters in Palo Alto, and my first question was about his portfolio of responsibilities.

AllThingsD: John, I know it’s not your title, but I tend to think of you as HP’s CIO, in the sense that you’re the one who has been digging through the operational trenches looking for ways to improve operations and trim costs. And you did the deals with Salesforce.com and Workday. But my understanding of your portfolio of responsibilities stops there, so could you explain more?

Hinshaw: Sure. Most of my career I was in a CIO role with Boeing and Verizon. So it’s fun to see what’s going on at those companies now. During those years I was a huge HP customer, and so I bought billions worth of HP products and services over the years, and I knew the company pretty well before I came in. The thing that really attracted me to the job was that it would be well beyond what a typical CIO does. It was Meg’s idea for me to go hire a CIO — and I hired Ramon Baez — and for my job to cover a much broader operational portfolio.

So you have a CIO reporting up to you. Can you draw your lines of responsibility for me?

In addition to the CIO function, I run the Global Business Services Group, which is really shared services on steroids. It’s all the internal operations and processes, from executing payroll to marketing collateral to all the shared services across the company. It’s 18,000 people, and there’s a very global portfolio. Then I have global procurement for the entire company. That’s $32 billion of procurement. Then I have global real estate. And then I have global security, which is physical security, brand security and cyber security. Finally, there’s sales operations — all the invoicing, sales compensation work, everything that happens behind the scenes in sales. Meg’s idea was to marry up the IT function with all the other functions that keep the company going. And they’re fundamentally linked. So, let’s take the Salesforce deal. A lot of companies have deployed Salesforce, but if the IT organization is trying to do that, they are looking at it from the point of view of changing their systems and managing their data. When we did it, we looked at it from a process perspective. We designed our sales process, and then the system followed that. So we did the fastest rollout of Salesforce implementation ever. It was 30,000 employees and that made it the biggest ever, too. That’s the unique thing about what we’re doing at HP. I’ve never seen anywhere else that can move that fast at scale. Usually you have one or the other, but we have both.

What did moving to Salesforce, as a practical matter, do for you? What did you use before Salesforce and Workday? Did you see a big operational savings or cost savings?

We used Siebel and PeopleSoft. The big thing is that our sales teams can sell faster. They can now generate a quote right out of Salesforce.com, and could not do that before. They have a comprehensive view of the customer when they are in that product — whether selling software, hardware, services, it’s all right there. Their efficiency has gone up. Their satisfaction with their own work has gone up significantly. It was 7 percent. It’s now 70 percent. The second thing is the speed at which we can implement new functionality. We’ve done four releases so far, and we have a fifth one coming up. We can implement them much faster in Salesforce than we could before. We’re going to have this be the dashboard for the sales team, where they have everything in there. Contacts, contracts, commissions, everything in one spot. We’ve also licensed a product enterprise-wide called Docusign. When we would sign up a new reseller, it used to take five weeks in the whole transaction process. Now it’s five days. HP Financial Services would take two or three days of paperwork back and forth. Now it’s 10 minutes.

Let’s talk about security. We’ve all been hearing the chatter about hacking coming out of China, the warnings from the administration and other companies complaining about being attacked by China. We can only assume that HP has a lot of intellectual property, and would thus be another presumed target. Your networks are probably always being probed, if not overtly attacked. What are you doing about it?

Cyber security is a fascinating space. I learned a lot about it at Boeing. It’s extremely important when you’re dealing with aerospace and governments. The great news about HP is that we have the most comprehensive set of products and services designed for it, and internally I’m the biggest user of all those products and services. ArcSight records 20 billion events a day. We test that at scale before other customers get to use it. We scan all our code through Fortify to be sure there are no back doors and no issues. We’re the biggest user of that product, as well. We use Tipping Point to keep track of how well our network traffic is flowing, and we’ve got that standardized across HP. So my job in protecting HP is easier than it would be at other companies, because I have all these internal products at my disposal. And then we have a services business that also offers security, and they share information. We recently hired a new guy, Art Gilliland, from Symantec, to run HP’s security products. And Brett Whalen is our chief information security officer, and they’re linked up to make sure they’re building security into all our products, as well.

So let’s talk about 2013. Meg has called it the repair-and-rebuild year. What does that mean to you?

I think we are laying the operational foundation for the turnaround. Each unit has plans and strategies that they’re going to execute on. And they need technology and processes to make it happen. From the sales processes to, say, in our Enterprise Services business, to get the right sales tools to be able to execute there. For example, there’s a new matching tool that more effectively matches the labor force to what is needed in new contracts. So when you have a contract that is winding down, with 100 great security professionals, and there’s another contract over here that is similar, we can quickly match them up and go. That has really helped. We’re doing a lot as well in subcontracting. So when we win a contract we staff it with HP people, and then staff it with subcontractors, and there wasn’t a real automated process for that. So we’re implementing a tool called Fieldglass, a cloud-based product. From the moment a manager needs a subcontractor, to timekeeping and invoicing, it’s all in the cloud. Similar for our software business.

You must have had a lot of resistance, shaking things up as you did. HP is an older company with a lot of ingrained processes. What did you do about that? What was the biggest assumption you had to blow up?

It’s interesting. Because I think of the open communication style that Meg has created, there hasn’t really been a lot of resistance. I would have expected it. In fact, I think people were hungry for change, and more automated processes. If you look at the previous five or six years, there was less investment in IT, even though we’re the world’s largest IT company. It was more focused on cutting costs in the IT function than investing in tools. People were pretty excited about a new sales process and a new HR process. The area that required the most collaboration was in sales. You had to get all four business units on board with the same process, one view of the customer. That took a lot of upfront work to get that right, and everyone was used to doing it in a certain way. But we got there. Now we’re the largest Salesforce customer ever. We’re the largest Workday customer ever. We’re the largest Fieldglass customer ever. We’re the largest DocuSign customer ever.

Will you do more cloud deployments? Is there anything you won’t put on the cloud?

We will. We’re going to put all our travel booking on the cloud completely with a third-party provider. There will be more procurement. Right now, we’re using SAP’s Ariba. We’re implementing Hana, which will help us close our books faster. Workday will take us through the end of the year. Today, I think manufacturing and financials in the ERP and MRP space at this scale isn’t ready for the cloud yet. If you look at our SAP implementation today, manufacturing for financials, it’s running very well. So that’s running in-house on HP servers. I think in a few years it will be ready for the cloud. Right now, it’s about the complexity and scale, and the number of transactions that have to be processed at scale. I think it’s just a matter of time, but today the workloads are too large to run on the cloud.

You can read the original indictment below. But federal authorities say that in late 2010 in a chat room, Matthew Keys helped a member of Anonymous working under the chat room name “Sharpie” obtain the user name and password to that company’s content management system.

That person then vandalized an existing story on the website of the Los Angeles Times, authorities said.

Their chat transcripts suggest that Sharpie had bigger plans and intended to replace the Web front page of either the Chicago Tribune or the Los Angeles Times with a page of his own making.

For allegedly helping with that, Keys faces as much as 10 years in prison and a fine of $250,000.

Chances are that pressure will be brought to bear on Keys to help the FBI track down more members of Anonymous — that is, to the extent that he can. Don’t expect much.

Keys, who tweeted for Reuters under the name @TheMatthewKeys, appears to be nothing more than a bit player who was sympathetic to Anonymous and was a former employee of a TV station owned by Tribune. He’s unlikely to know how to go about finding the people who constitute the inner core of Anonymous.

For something like that, you need a much more strategically placed confidential informant. Someone like Hector Xavier Monsegur, who worked under the handle Sabu. He’s the one who, from an apartment on Manhattan’s Lower East Side, helped authorities in the U.S., U.K. and Ireland collar a few allegedly higher-ranking members of Anonymous.

Matthew Keys Indictment