Denial of Service Attacks Spread in Web’s First InfoWar

December 9, 2010

Nearly 20 years ago, when promoting a book called Secrets of a Super Hacker by an author named “The Knightmare,” I got a wake-up call about how vulnerable the Internet was. This week, many companies have learned how vulnerable they are after being shut down by hackers related to the WikiLeaks drama.

Yesterday, MasterCard’s website was shut down for hours by a group of hackers angry that the credit card company had ceased processing payments to WikiLeaks. Andy Greenberg has been following this story minute-by-minute on The Firewall, his computer security column for Forbes:

MasterCard, which cut off services to WikiLeaks Tuesday, became the latest victim of a loose group of hackers known as Operation: Payback Wednesday morning, when its website went down under a flood of junk traffic sent by the group’s volunteer army… PayPal has already come under two cyberattacks after its decision to cut off its services to WikiLeaks last Friday night… And now PayPal may be back on its target list, followed by Twitter.

The technique being used in these attacks is a “Distributed Denial of Service” attack, or DDoS. The idea is to temporarily take control of thousands of computers on the Internet and direct them to a single Web address, causing the site to falter and eventually shut down. This technique was used by a hacker named “Jester” to shut down WikiLeaks in November. It’s the same technique being used by “Operation: Payback” and a group of hackers named “Anonymous” (a.k.a. “4Chan”) to retaliate against companies such as Amazon, PayPal, Visa, and others who have severed support services to WikiLeaks.

If you’re wondering what it’s like enduring a DDoS attack, Bill Brenner, the information security expert for CSO Magazine, provides a minute-by-minute account of the July 4, 2009, cyberattack that took out the Federal Trade Commission’s website, along with the Department of Transportation, and many private companies:

In that onslaught, a botnet of some 180,000 hijacked computers hammered U.S. government websites and caused headaches for businesses here and in South Korea.

This is the infamous attack that caused Google to publicly blame Chinese hackers, leading Google to eventually move its servers out of mainland China. By way of comparison, the attack on WikiLeaks last week was estimated at nine times larger than the infamous Fourth of July attack. Ironically, one of the 250,000 diplomatic cables recently released by WikiLeaks implicates the Chinese government in the Fourth of July attacks.

In a tweet on December 3 related to the WikiLeaks hackathon, Electronic Frontier Foundation co-founder John Perry Barlow uttered the syllables many a CIO has feared: “The first serious infowar is now engaged.” Barlow was one of the experts I approached in 1993 to review the book, Secrets of a Super Hacker.

The promotion for that book included a contest offering a prize to the first person who could hack my email account and send an email from my own account claiming the prize. When I first proposed the contest, the publisher’s Internet Service Provider (ISP) immediately notified all their subscribers, resulting in such an outcry that we decided to move the contest. Next, I approached The WELL, the cybercommunity in San Francisco where Barlow and many now famous members of the digerati hung out.

The WELL wanted no part of our contest, either, and threatened to suspend our account if we tried to run it there. I thought they would be pleased to have this benign test of their security systems. Instead, The WELL and several other ISPs I approached wanted no part of our hacking contest. Why?

After discussing the situation with several ISP administrators, I realized that security was not a priority for many of them. Most of them were using whatever weak protection came standard with the software they bought. They did not want their systems tested. If they had any extra money, they spent it on marketing: sprucing up the front door, not patching up the back door.

Our little contest served as a wake-up call for several service providers at the dawn of the Internet era. The infowar between WikiLeaks’ opponents and defenders should act as a loud wake-up call to online organizations everywhere to check their defenses. Cyber warfare has come of age, and the stakes now are higher than anyone imagined.

STEVE O’KEEFE
News Editor, Minitrends Blog

Source: “MasterCard Taken Down By WikiLeaks Supporters, Twitter Next?,” Forbes, 12/08/10
Source: “What it’s like to get hit with a DDoS attack,” CSO Magazine, 12/08/10
Source: JPBarlow on Twitter
Image: Book cover of Secrets of a Super Hacker is used under Fair Use: Reporting.

What’s On TV? Amazon, Netflix, Apple, Google…

December 7, 2010

Last week, we wrote about the growing trend of consumers “cutting the cord” and switching from watching broadcast or cable television to watching streaming TV through the Internet from the likes of Netflix and Hulu. This week, things are getting ugly. Broadcast and cable companies are fighting back while Amazon and other competitors prepare to enter the couch-potato war.

Let’s start with what some are calling “The Death of Net Neutrality.” At the end of November, Comcast looked at the amount of Netflix data it was sending to Comcast subscribers and decided it wasn’t being paid enough to handle it. Comcast insisted on a surcharge from Level 3, a company that processes Netflix streams.

Level 3 cried “foul,” and squealed about the surcharge to all who would listen, including the feds, who are currently evaluating Comcast’s proposed takeover of NBC Universal. Comcast then issued a “wait just one minute” statement telling its side of the story. Both Level 3′s punch and Comcast’s counterpunch are covered crisply by Mark Huffman at ConsumerAffairs.com. Within days, Level 3 issued a “clarification” of its position. An apology? No! A rebuttal of Comcast and a repeat that this is a stickup on the information superhighway.

For the lowdown on this shakedown, you couldn’t ask for a better guide than Scott Woolly, who covered technology for Forbes before becoming a contributing editor at Fortune. Covering the fracas for M.I.T. Technology Review, Woolly says:

The history of fights between big networks indicates that one of two things will soon happen in the Comcast-Level 3 fight. Either the two companies will privately settle their differences, or they will start an all-out war that balkanizes the Internet — what is known in the trade as ‘depeering.’

But the Comcast surcharge means little to Netflix compared to the bomb dropped in Monday’s Wall Street Journal, where reporters Nick Wingfield and Sam Schechner came out of nowhere with this scoop:

Amazon.com Inc. is developing a Netflix-like subscription service that would offer TV shows and movies, according to people familiar with the matter.

This comes just two weeks after Netflix moved onto Amazon’s cloud, which is a little roomier now that Amazon has booted WikiLeaks off the cloud. And if that isn’t bad enough, over the weekend, Google purchased Netflix supplier Widevine, a digital video management company. Widevine optimizes the streaming of Netflix videos over the Internet. The acquisition will help Google TV in its battle against Apple TV, Netflix, and, coming soon, Amazon TV.

Just when you thought it was safe to cut the cord, you look around and realize everyone has a knife in this fight. Right now, most of them are pointed at Netflix.

STEVE O’KEEFE
News Editor, Minitrends Blog

Source: “Netflix Supplier Complains About Comcast Fees,” ConsumerAffairs.com, 11/30/10
Source: “Level 3 ‘Clarifies’ Position On Comcast Fees,” ConsumerAffairs.com, 12/06/10
Source: “Peer Pressures Could Strain the Web,” M.I.T. Technology Review, 12/06/10
Source: “No Longer Tiny, Netflix Gets Respect — and Creates Fear,” The Wall Street Journal, 12/06/10
Source: “Google buys Widevine to beef up DRM offering,” Fortune, 12/06/10
Photo by Mark Robinson (me’nthedogs), used under its Creative Commons license.

FTC Advocates Do-Not-Track; Advertisers Upset

December 3, 2010

On December 1, the U.S. Federal Trade Commission presented a preliminary report (PDF) outlining a “framework for privacy” that endorses a “Do-Not-Track” option for Web browsers similar to the agency’s popular “Do-Not-Call” service for telephones.

Unlike the Do-Not-Call program, which creates one central place where individuals can easily add their phone numbers to the list, with reprisals for companies that violate their preferences, the Do-Not-Track mechanism (“DNT”) will be built into the Web-browsing software and other applications used to access the Internet from computers, tablets, and smartphones. Each piece of software or app would have to include a DNT feature. Currently, there are no proposed guidelines for consistently implementing that feature, nor any real authority to enforce it.

Forbes‘ new privacy blogger, Kashmir Hill, says, “At the end of the day, this report isn’t going to change anything.” Kevin Fogarty, the highly opinionated blogger for ITworld‘s “CoreIT” blog, is blunt in his assessment, calling the FTC report:

[...] a set of recommendations with roughly the same clarity, credibility and impact of a strongly worded letter from the U.N. to this year’s evil dictator asking him to please not kill and eat so many villagers.

At The Huffington Post, consumer rights activist Jamie Court threatens a privacy initiative in California: “If Congress doesn’t act, we will go to the ballot.”

While Internet giants, including Google and Microsoft, have learned to tame their public pronouncements and pay lip service to the FTC’s recommendations, they let the trade groups they fund do the barking for them. Mike Zaneis, senior vice president and general counsel of the Interactive Advertising Bureau (IAB), is quoted by The New York Times media reporters Edward Wyatt and Tanzina Vega as saying that the DNT mechanism will cause “significant economic harm” if it has “a high participation rate similar to that of do not call.”

The IAB is recommending voluntary measures where sites place prominent “opt-out” buttons that disable tracking, rather than a central registry or browser build-ins. The organization touts its AboutAds.info site, where you can opt out of being tracked by a very small group of sites that participate.

John and Carrie Vanston devote a major section of their new book, MINITRENDS, to business opportunities arising from increasing interest in privacy. They predict that the U.S. will strengthen its privacy laws, opening up profitable new business lines for entrepreneurs:

The federal government of the United States has adopted only limited formal legislation to protect privacy compared to Canada and most European countries.

Among the businesses that will profit from strengthening privacy laws are software developers, training firms, and the new field of online reputation management companies.

Certainly, someone needs to come up with a solution better than the IAB’s “opt-out” site. When this reporter visited the site to test the opt-out features, I was advised I would have to enable cookies in order to install the software (see screen capture, above). While enabling cookies would protect me from being tracked by few dozen sites participating in the IAB’s program, it would open me to tracking by the millions of sites that not only don’t participate, but sometimes use methods that are much more intrusive than those of IAB’s supporters — methods which remain, unfortunately, virtually unregulated.

STEVE O’KEEFE
News Editor, Minitrends Blog

Source: “Protecting Consumer Privacy in an Era of Rapid Change” (PDF), Federal Trade Commission, 12/10
Source: “Brief Takeaways — and a Pretty Diagram — from the FTC’s Online Privacy Recommendations,” Forbes, 12/01/10
Source: “FTC becomes aware there is an Internet,” ITworld CoreIT Blog, 11/17/10
Source: “Will We Get a ‘Do Not Track Me’ List for Our Personal Information Online?” The Huffington Post, 12/01/10
Source: “F.T.C. Backs Plan to Honor Privacy of Online Users,” The New York Times, 12/01/10
Source: MINITRENDS How Innovators & Entrepreneurs Discover & Profit From Business & Technology Trends, p. 97.
Image from AboutAds.info, the Interactive Advertising Bureau’s “opt-out” site, screen capture recorded 12/02/10. Used under Fair Use: Commentary.

Blackbaud Videos Reveal Trends in Nonprofit Technology

November 15, 2010

Last week, I broached the topic of how nonprofits are capitalizing on trends in technology to reach constituents through social networking. Today, I’m going to take the discussion up a notch and look at the fountainhead of many tech trends for nonprofits: Blackbaud, Inc.

Blackbaud was founded in 1981 with the purpose of providing technological support to nonprofit organizations. The company’s growth since has been phenomenal. Headquartered in Charleston, South Carolina, Blackbaud now employs more than 2,000 people worldwide. The company went public in 2004 and is traded on the NASDAQ exchange under ticker symbol BLKB.

Shortly after going public, Blackbaud hired Marc Chardon, a former CFO for Microsoft and manager of Microsoft France, as the company’s new president and CEO. Just last week, Blackbaud was named one of Forbes 100 Best Small Companies in America, a ranking based largely on exceptional financial performance.

Blackbaud has become an enormous driver of technology trends in the nonprofit sector. Last month, the company held its annual conference on nonprofit technology, drawing more than 2,200 people to Washington, D.C., for an action-packed program dominated by seminars on social networking.

This month, Blackbaud has made many of these programs available for free viewing on its BlackbaudTV channel on YouTube. These videos are both inspiring and educational for anyone interested in technology trends. Here are some of the highlights:

Global Trends and What They Mean to You
Marc Chardon, President and CEO of Blackbaud

Becoming a Networked Nonprofit: The Road to Effective Use of Social Media
Allison Fine & Beth Kanter, authors of The Networked Nonprofit

Social Media for Nonprofits
Claire Williams Diaz, Social Innovation at Twitter
Noah Everett, Founder of TwitPic
Matthew Mahan, Vice President of Impact at Causes
Geoff Livingston, Co-Founder of Zoetica
Brian Dresher, Mashable (formerly with USA Today)

Social Media: Paint by the Numbers
Holly Ross, Executive Director, NTEN: The Nonprofit Technology Network

The Nonprofit Trust Agent
Chris Brogan, New York Times bestselling co-author of Trust Agents

Most of the videos are an hour long, except for the Chris Brogan interview, which is a five-minute ambush video in the hallway of the conference center. The first video with Marc Chardon is a panel that covers such trends as social media, radical transparency, and the need for nonprofits to demonstrate ROI. The panel on social media for nonprofits is terrific, with presenters limited to five minutes to take their best shots, followed by the audience Q&A.

For access to all the BlackbaudTV videos — including a five-minute interview with Mark Zuckerberg’s engaging and articulate sister, Randi, about five things nonprofits can do to supercharge their Facebook pages — visit the BlackbaudTV page on YouTube.

STEVE O’KEEFE
News Editor, Minitrends Blog

Source: “Blackbaud Conference 2010: 5 Must-See Presentations,” Social Media 4 Nonprofits, 10/24/10
Source: “Reflections from Independent Sector and Blackbaud Conferences,” Beth’s Blog, 10/26/10.