Denial of Service Attacks Spread in Web’s First InfoWar

December 9, 2010

Secrets of a Super HackerNearly 20 years ago, when promoting a book called Secrets of a Super Hacker by an author named “The Knightmare,” I got a wake-up call about how vulnerable the Internet was. This week, many companies have learned how vulnerable they are after being shut down by hackers related to the WikiLeaks drama.

Yesterday, MasterCard’s website was shut down for hours by a group of hackers angry that the credit card company had ceased processing payments to WikiLeaks. Andy Greenberg has been following this story minute-by-minute on The Firewall, his computer security column for Forbes:

MasterCard, which cut off services to WikiLeaks Tuesday, became the latest victim of a loose group of hackers known as Operation: Payback Wednesday morning, when its website went down under a flood of junk traffic sent by the group’s volunteer army… PayPal has already come under two cyberattacks after its decision to cut off its services to WikiLeaks last Friday night… And now PayPal may be back on its target list, followed by Twitter.

The technique being used in these attacks is a “Distributed Denial of Service” attack, or DDoS. The idea is to temporarily take control of thousands of computers on the Internet and direct them to a single Web address, causing the site to falter and eventually shut down. This technique was used by a hacker named “Jester” to shut down WikiLeaks in November. It’s the same technique being used by “Operation: Payback” and a group of hackers named “Anonymous” (a.k.a. “4Chan”) to retaliate against companies such as Amazon, PayPal, Visa, and others who have severed support services to WikiLeaks.

If you’re wondering what it’s like enduring a DDoS attack, Bill Brenner, the information security expert for CSO Magazine, provides a minute-by-minute account of the July 4, 2009, cyberattack that took out the Federal Trade Commission’s website, along with the Department of Transportation, and many private companies:

In that onslaught, a botnet of some 180,000 hijacked computers hammered U.S. government websites and caused headaches for businesses here and in South Korea.

This is the infamous attack that caused Google to publicly blame Chinese hackers, leading Google to eventually move its servers out of mainland China. By way of comparison, the attack on WikiLeaks last week was estimated at nine times larger than the infamous Fourth of July attack. Ironically, one of the 250,000 diplomatic cables recently released by WikiLeaks implicates the Chinese government in the Fourth of July attacks.

In a tweet on December 3 related to the WikiLeaks hackathon, Electronic Frontier Foundation co-founder John Perry Barlow uttered the syllables many a CIO has feared: “The first serious infowar is now engaged.” Barlow was one of the experts I approached in 1993 to review the book, Secrets of a Super Hacker.

The promotion for that book included a contest offering a prize to the first person who could hack my email account and send an email from my own account claiming the prize. When I first proposed the contest, the publisher’s Internet Service Provider (ISP) immediately notified all their subscribers, resulting in such an outcry that we decided to move the contest. Next, I approached The WELL, the cybercommunity in San Francisco where Barlow and many now famous members of the digerati hung out.

The WELL wanted no part of our contest, either, and threatened to suspend our account if we tried to run it there. I thought they would be pleased to have this benign test of their security systems. Instead, The WELL and several other ISPs I approached wanted no part of our hacking contest. Why?

After discussing the situation with several ISP administrators, I realized that security was not a priority for many of them. Most of them were using whatever weak protection came standard with the software they bought. They did not want their systems tested. If they had any extra money, they spent it on marketing: sprucing up the front door, not patching up the back door.

Our little contest served as a wake-up call for several service providers at the dawn of the Internet era. The infowar between WikiLeaks’ opponents and defenders should act as a loud wake-up call to online organizations everywhere to check their defenses. Cyber warfare has come of age, and the stakes now are higher than anyone imagined.

STEVE O’KEEFE
News Editor, Minitrends Blog

Source: “MasterCard Taken Down By WikiLeaks Supporters, Twitter Next?,” Forbes, 12/08/10
Source: “What it’s like to get hit with a DDoS attack,” CSO Magazine, 12/08/10
Source: JPBarlow on Twitter
Image: Book cover of Secrets of a Super Hacker is used under Fair Use: Reporting.

What’s On TV? Amazon, Netflix, Apple, Google…

December 7, 2010

FightLast week, we wrote about the growing trend of consumers “cutting the cord” and switching from watching broadcast or cable television to watching streaming TV through the Internet from the likes of Netflix and Hulu. This week, things are getting ugly. Broadcast and cable companies are fighting back while Amazon and other competitors prepare to enter the couch-potato war.

Let’s start with what some are calling “The Death of Net Neutrality.” At the end of November, Comcast looked at the amount of Netflix data it was sending to Comcast subscribers and decided it wasn’t being paid enough to handle it. Comcast insisted on a surcharge from Level 3, a company that processes Netflix streams.

Level 3 cried “foul,” and squealed about the surcharge to all who would listen, including the feds, who are currently evaluating Comcast’s proposed takeover of NBC Universal. Comcast then issued a “wait just one minute” statement telling its side of the story. Both Level 3′s punch and Comcast’s counterpunch are covered crisply by Mark Huffman at ConsumerAffairs.com. Within days, Level 3 issued a “clarification” of its position. An apology? No! A rebuttal of Comcast and a repeat that this is a stickup on the information superhighway.

For the lowdown on this shakedown, you couldn’t ask for a better guide than Scott Woolly, who covered technology for Forbes before becoming a contributing editor at Fortune. Covering the fracas for M.I.T. Technology Review, Woolly says:

The history of fights between big networks indicates that one of two things will soon happen in the Comcast-Level 3 fight. Either the two companies will privately settle their differences, or they will start an all-out war that balkanizes the Internet — what is known in the trade as ‘depeering.’

But the Comcast surcharge means little to Netflix compared to the bomb dropped in Monday’s Wall Street Journal, where reporters Nick Wingfield and Sam Schechner came out of nowhere with this scoop:

Amazon.com Inc. is developing a Netflix-like subscription service that would offer TV shows and movies, according to people familiar with the matter.

This comes just two weeks after Netflix moved onto Amazon’s cloud, which is a little roomier now that Amazon has booted WikiLeaks off the cloud. And if that isn’t bad enough, over the weekend, Google purchased Netflix supplier Widevine, a digital video management company. Widevine optimizes the streaming of Netflix videos over the Internet. The acquisition will help Google TV in its battle against Apple TV, Netflix, and, coming soon, Amazon TV.

Just when you thought it was safe to cut the cord, you look around and realize everyone has a knife in this fight. Right now, most of them are pointed at Netflix.

STEVE O’KEEFE
News Editor, Minitrends Blog

Source: “Netflix Supplier Complains About Comcast Fees,” ConsumerAffairs.com, 11/30/10
Source: “Level 3 ‘Clarifies’ Position On Comcast Fees,” ConsumerAffairs.com, 12/06/10
Source: “Peer Pressures Could Strain the Web,” M.I.T. Technology Review, 12/06/10
Source: “No Longer Tiny, Netflix Gets Respect — and Creates Fear,” The Wall Street Journal, 12/06/10
Source: “Google buys Widevine to beef up DRM offering,” Fortune, 12/06/10
Photo by Mark Robinson (me’nthedogs), used under its Creative Commons license.

Trend of the Year: Social Shopping

November 29, 2010

ShoppingIn case you hadn’t noticed, this Thanksgiving marked the tipping point of a major new technology trend: Social Shopping. When you combine the spread of social networking, the market penetration of mobile phones, the desperation of retailers to capture more business, and consumers’ love of the deal, you wind up with Social Shopping.

Richard MacManus, the founder and CEO of ReadWriteWeb, which is consistently one of the best blogs covering Internet technology trends, recently kicked off a series looking back on the top tech trends of 2010. He begins the series by looking at Social Shopping.

In 2010, we’ve seen the rise of so-called ‘social shopping’ services. They rely heavily on technologies such as social networking, crowdsourcing and smart phone scanners. Here we present five of the main social shopping developments of 2010.

MacManus doesn’t just pick five companies to profile, but five different types of Social Shopping technologies. Who knew there were so many? Here are his top picks, along with examples of companies that have been using these technologies to attract consumers:

1. Daily Deals: Companies that send one or more “deal of the day” messages to subscribers. Examples: Groupon, LivingSocial.

2. Real-Time Shopping: These deep discounts might last for only a few minutes or hours or until supplies run out. Example: Woot.

3. Location Check-In Services: These services offer rewards to people who check in frequently or on certain days. Examples: Foursquare, Yelp.

4. Facebook Shopping: MacManus credits Facebook with enabling Social Shopping through deals with Amazon.com and other retailers.

5. Barcode Scanning: Phone apps that allow you to take a picture of a barcode or QR code with your phone, then search for reviews, deals, or other information on the Internet. Examples: RedLaser, ScanLife.

Last week, we wrote about how Google CEO Eric Schmidt revealed a new feature for Android phones that will allow you to skip the barcode photo and just wave your phone near an NFC chip to learn about deals on a product.

If those aren’t enough leads for you to explore the new world of Social Shopping, then take a look at Mashable’s list of 18 Sites for Social Shopping — and don’t forget to look in the comments for another 18 or so!

Happy Holidays!

STEVE O’KEEFE
News Editor, Minitrends Blog

Source: “Top Trends of 2010: Social Shopping,” ReadWriteWeb, 11/15/10
Source: “SHOPPING SPREE: 18 Sites for Social Shopping & Deals,” Mashable, 08/08/07
Photo by Jenelle/Thriving Ink, used under its Creative Commons license.

New Employment Trend: No Employment

November 19, 2010

A pair of stories in The Wall Street Journal on Friday, November 19, illustrate a growing trend for startup companies: avoiding hiring any employees.

Pulitzer-Prize winning journalist, Mark Whitehouse, who recently joined the Journal‘s New York office as a senior economics correspondent after years working in Russia, profiled financial analysis startup, MCAP Research, in Montclair, New Jersey, which epitomizes the lean, new startup environment by eschewing any significant capital investments or hiring employees.

The firm was started two years ago by Efrem Meretab, a native of Eritrea, who gave up his job as a stock analyst to open the ultra-lean company. Whitehouse says,

His experience demonstrates how advances in technology and communications are allowing some small companies to sell products world-wide without creating many jobs in the U.S. or spending much money on things made in the U.S.

Whitehouse cites two main factors driving the company’s lean profile: outsourcing programming to the Ukraine and Pakistan while taking advantage of Amazon’s cloud instead of purchasing servers. We have discussed the trend toward cloud computing in many posts on this blog, but never for the solopreneur.

A related story also written by Mark Whitehouse with Justin Lahart, a former CNN/Money correspondent who covers economics for the Journal, reports that startups are not contributing to the growth in employment usually associated with periods of economic recovery.

The number of companies with at least one employee fell by 100,000, or 2%, in the year that ended March 31, the Labor Department reported Thursday. That was the second worst performance in 18 years, the worst being the 3.4% drop in the previous year.

Startups were first hammered by the recession, with more closing that opening since 2008, then strangled by tight capital markets. Angel investing still has not recovered, according to the Center for Venture Research at the University of New Hampshire, which reports that less has been invested in the first half of 2010 than during the recession years of 2008 and 2009.

In their new book, MINITRENDS, John and Carrie Vanston devote a significant portion of the book to new business opportunities serving a growing work-at-home workforce. In a previous post on this blog, we discussed how cloud computing has enabled temp agencies to apply the same just-in-time inventory to the workforce that auto companies have brought to manufacturing.

Without capital to grow their businesses, and with access to a global marketplace of contract workers, companies have learned to prosper by renting rather than buying assets and outsourcing services. If the Vanstons are correct — and their track record (PDF) on such predictions is excellent — the solopreneur will no longer be a trend coming out of this recession but the new standard operating procedure.

We welcome your thoughts about this ultra-lean method of bootstrapping high-tech businesses.

STEVE O’KEEFE
News Editor, Minitrends Blog

Source: “Starting a Global Business, With No U.S. Employees,” The Wall Street Journal, 11/19/10
Source: “Few Businesses Sprout, With Even Fewer Jobs,” The Wall Street Journal, 11/19/10
Photo courtesy of psd (Paul Downey), used under its Creative Commons license.