Hunt for Deep Panda intensifies in trenches of U.S.-China cyberwar | Reuters

My piece on what Deep Panda looks like in action: Hunt for Deep Panda intensifies in trenches of U.S.-China cyberwar | Reuters:

Security researchers have many names for the hacking group that is one of the suspects for the cyberattack on the U.S. government’s Office of Personnel Management: PinkPanther, KungFu Kittens, Group 72 and, most famously, Deep Panda. But to Jared Myers and colleagues at cybersecurity company RSA, it is called Shell Crew, and Myers’ team is one of the few who has watched it mid-assault — and eventually repulsed it.

Myers’ account of a months-long battle with the group illustrates the challenges governments and companies face in defending against hackers that researchers believe are linked to the Chinese government – a charge Beijing denies.

‘The Shell Crew is an extremely efficient and talented group,’ Myers said in an interview.Shell Crew, or Deep Panda, are one of several hacking groups that Western cybersecurity companies have accused of hacking into U.S. and other countries’ networks and stealing government, defense and industrial documents.The attack on the OPM computers, revealed this month, compromised the data of 4 million current and former federal employees, raising U.S. suspicions that Chinese hackers were building huge databases that could be used to recruit spies.

China has denied any connection with such attacks and little is known about the identities of those involved in them.  But cybersecurity experts are starting to learn more about their methods.

Researchers have connected the OPM breach to an earlier attack on U.S. healthcare insurer Anthem Inc (ANTM.N), which has been blamed on Deep Panda.

RSA’s Myers says his team has no evidence that Shell Crew were behind the OPM attack, but believes Shell Crew and Deep Panda are the same group.

And they are no newcomers to cyber-espionage.CrowdStrike, the cybersecurity company which gave Deep Panda its name due to its perceived Chinese links, traces its activities to 2011, when it launched attacks on defense, energy and chemical industries in the United States and Japan. But few have caught them in the act.

    SHELL CREW IN ACTION

In February 2014 a U.S. firm that designs and makes technology products called in RSA, a division of technology company EMC (EMC.N), to fix an unrelated problem. RSA realized there was a much bigger one at hand: hackers were inside the company’s network, stealing sensitive data. 

‘In fact,’ Myers recalls telling the company, ‘you have a problem right now.’Myers’ team could see hackers had been there for more than six months. But the attack went back further than that.

For months Shell Crew had probed the company’s defenses, using software code that makes use of known weaknesses in computer systems to try to unlock a door on its servers. Once Shell Crew found a way in, however, they moved quickly, aware this was the point when they were most likely to be spotted.        SPEARPHISHING

On July 10, 2013, they set up a fake user account at an engineering portal. A malware package was uploaded to a site, and then, 40 minutes later, the fake account sent emails to company employees, designed to fool one into clicking on a link which in turn would download the malware and open the door. 

‘It was very well timed, very well laid out,’ recalls Myers.

Once an employee fell for the email, the Shell Crew were in, and within hours were wandering the company’s network. Two days later the company, aware employees had fallen for the emails – known as spearphish – reset their passwords. But it was too late: the Shell Crew had already shipped in software to create backdoors and other ways in and out of the system. 

For the next 50 days the group moved freely, mapping the network and sending their findings back to base. This, Myers said, was because the hackers would be working in tandem with someone else, someone who knew what to steal.

‘They take out these huge lists of what is there and hand it over to another unit, someone who knows about this, what is important,’ he said. 

Then in early September 2013, they returned, with specific targets. For weeks they mined the company’s computers, copying gigabytes of data. They were still at it when the RSA team discovered them nearly five months later. 

Myers’ team painstakingly retraced Shell Crew’s movements, trying to catalogue where they had been in the networks and what they had stolen. They couldn’t move against them until they were sure they could kick them out for good. 

It took two months before they closed the door, locking the Shell Crew out.  But within days they were trying to get back in, launching hundreds of assaults through backdoors, malware and webshells.

Myers says they are still trying to gain access today, though all attempts have been unsuccessful.  

‘If they’re still trying to get back in, that lets you know you’re successful in keeping them out,’ he said.

(Additional reporting by Joseph Menn; Editing by Rachel Armstrong and Mark Bendeich)”

Moleskines Redux

Moleskin ® redux

Of course, I claim a lot of the credit for this decade-long trend Why Startups Love Moleskines: 

“The notion that non-digital goods and ideas have become more valuable would seem to cut against the narrative of disruption-worshipping techno-utopianism coming out of Silicon Valley and other startup hubs, but, in fact, it simply shows that technological evolution isn’t linear. We may eagerly adopt new solutions, but, in the long run, these endure only if they truly provide us with a better experience—if they can compete with digital technology on a cold, rational level.”

I have returned to Moleskines recently, partly because I realised I have a cupboard full of them, and partly because of exactly this problem: there’s no digital equivalent experience. 

  • easier to conceptualise on paper
  • you can doodle when the speaker is waffling; those doodles embellish, even turn it into Mike Rohde’s sketchnotes
  • you can whip it out in places where an electronic device would be weird, or rude, or impractical;
  • there’s a natural timeline to your thoughts
  • there’s something sensual about having a pen in your hands and holding a notebook
  • pen and moleskine focus your thoughts and attention
  • the cost of the book acts as a brake on mindless note taking (writing stuff down without really thinking why) 
  • no mindmap software has ever really improved the mindmapping experience. 
There’s probably more to it. But maybe the point is that this isn’t a fad. People have been using these in the geeky community for more than a decade, suggesting that they have established themselves as a viable tool. Being able to easily digitise them — for saving, or processing, as I did this morning with a chart I sketched out which my graphics colleague wanted to poach from — is a bonus, and saves us from the fear of losing our work. 

(Via.Newley Purnell)

Connected cows, cars and crockery prod chip mega mergers

My Reuters piece attempting to place the recent chip mergers in a longer timeline. Yes, I hate the term internet of things too. 

Connected cows, cars and crockery prod chip mega mergers | Reuters:

SINGAPORE/TAIPEI | BY JEREMY WAGSTAFF AND MICHAEL GOLD

Chip companies are merging, signing $66 billion worth of deals this year alone in preparation for an explosion of demand from all walks of life as the next technological revolution takes hold: the Internet of Things.

As cars, crockery and even cows are controlled or monitored online, each will require a different kind of chip of ever-diminishing size, combining connectivity with processing, memory and battery power.

These require makers to pool resources and intellectual property to produce smaller, faster, cheaper chips, for a market that International Data Corp said would grow to $1.7 trillion by 2020 from $650 billion last year.

By comparison, chip markets for personal and tablet computers are stagnant or in decline, and even smartphones are near peaking, said Bob O’Donnell, a long-time consultant to the chip industry.

‘We’re very much done in terms of growth of those traditional markets,’ said O’Donnell. ‘That’s why they are looking at this.’

Last month saw the biggest-ever chip merger with Avago Technologies Ltd agreeing to buy Broadcom Corp for $37 billion. That eclipsed the $17 billion Intel Corp agreed last week for Altera Corp, and the $12 billion NXP Semiconductors NV offered in March for Freescale Semiconductor Ltd.

On Friday, Lattice Semiconductor Corp said it was open to a sale.

 

CONNECTED COWS

The Internet of Things relies on chips in devices wirelessly sending data to servers, which in turn process the data and send results to a user’s smartphone, or automatically tweak the devices themselves.

Those devices range from a light bulb to a nuclear power plant, from a smartwatch to a building’s air-conditioning system. This range presents both opportunity and a challenge for semiconductor companies: their potential customer base is huge, but diverse, requiring different approaches.

Qualcomm Inc, for example, is used to selling chips to around a dozen mobile phone manufacturers. The Internet of Things has brought it business from quite different players, from makers of water meters to street lights that sport modems and traffic-monitoring cameras. All have their own needs.

‘You can’t think the new market is just like the old one,’ Qualcomm Vice President of Marketing Tim McDonough said in an interview.

Qualcomm estimates that the Internet of Things will bring in more than 10 percent of its chip revenue this business year.

And then there are those cows. Instead of monitoring herds by sight, farmers in Japan have tagged them with Internet-connected pedometers from Fujitsu Ltd and partner Microsoft Corp, to measure when they might be ready for insemination. Cows in season, it turns out, tend to pace more.

SPECK OF CHIP

This new business is pushing chip companies together in part to consolidate their expertise onto one chip, a trend forged by mobile phones.

The Avago-Broadcom deal, for instance, brings together motion control and optical sensors from Avago with chips from Broadcom that specialize in connectivity via wireless technologies such as Bluetooth and Wi-Fi.

In the past ‘if you wanted to build a board that has all the components, then you needed to buy three different chips,’ said Dipesh Patel of ARM Holdings PLC, which licenses much of the technology inside mobile phones – and, increasingly, in the Internet of Things.

‘Now you only need to buy one chip. But you’re trying to get more of the same system on the same chip.’

As chips get smaller, they could be tiny enough to ingest, according to Vital Herd Inc. The Texas-based startup’s pill-like sensor, once a cow swallows it, can transmit vital signs, warning farmers of illness and other problems.

Jen-Hsun Huang, co-founder and chief executive officer of graphics chips maker Nvidia Corp, predicts chips will shrink to the size of a speck of dust and find their way into almost anything, from shoes to cups.

‘Those little tiny chips, I think they’re going to be sold by the trillions,’ Huang said in an interview. ‘Maybe even sold by the pound.’

PROCESSING

Installing chips into end products is only one side of the equation. The more things connect, the bigger the number and capability of servers needed to process the vast amount of specialized data those chips transmit.

To meet the demand, Intel could employ chips for its servers designed by new purchase Altera that analyze streams of similar data – specializing in one function, as opposed to multiple functions like chips inside personal computers – industry consultant O’Donnell said.

Combining such strengths is going to be vital, said Malik Saadi of ABI Research, because consolidation is not over yet.

More chip companies ‘will have to make that radical decision to merge,’ said Saadi. ‘This is just the starting point.’ 

(Additional reporting by Liana Baker in New York; Editing by Christopher Cushing)”

Deja Vu or New Dawn? Microsoft’s Acquisition Binge

I’m not quite sure what to make of these acquisitions. It reminds me of Yahoo’s binge 10 years ago: After del.icio.us, a Directory of Other Things Yahoo! Should Buy. They snagged up a lot of my favourite stuff back then, and Microsoft is doing the same thing with Sunrise etc: 

Welcome 6Wunderkinder! Microsoft acquires Wunderlist – The Official Microsoft Blog: “What’s better than completing that last important task on your to-do list? Doing so with a beautiful and useful productivity app. Today, I am thrilled to announce that Microsoft has acquired 6Wunderkinder, the creator of the highly acclaimed to-do list app, Wunderlist.

The addition of Wunderlist to the Microsoft product portfolio fits squarely with our ambition to reinvent productivity for a mobile-first, cloud-first world. Building on momentum for Microsoft Office, OneNote and Skype for Business, as well as the recent Sunrise and Acompli acquisitions, it further demonstrates Microsoft’s commitment to delivering market leading mobile apps across the platforms and devices our customers use – for mail, calendaring, messaging, notes and now tasks.”

One Microsoft person told me when I complained about little work had been done on Skype that “we’re listening to users who said ‘don’t fiddle’ with it.” All well and good, but they could have fixed the more ridiculous things, like not being able to disable birthday notifications in some versions of the app, and losing the plot on groups. 

Still, this might be a new Microsoft, not the old Microsoft or Yahoo! doing these new acquisitions. They’ve done a lovely job integrating Acompli. So maybe there’s hope. I don’t mind these things getting that kind of treatment so long as they do it to reach out to users, rather than to fence them in. That’s going to take quite a change of attitude up in Redmond. 

Spy in the Sky – are planes hacker-proof?

My take on aviation cybersecurity for Reuters: Plane safe? Hacker case points to deeper cyber issues:

“Plane safe? Hacker case points to deeper cyber issues

BY JEREMY WAGSTAFF

Security researcher Chris Roberts made headlines last month when he was hauled off a plane in New York by the FBI and accused of hacking into flight controls via his underseat entertainment unit.

Other security researchers say Roberts – who was quoted by the FBI as saying he once caused ‘a sideways movement of the plane during a flight’ – has helped draw attention to a wider issue: that the aviation industry has not kept pace with the threat hackers pose to increasingly computer-connected airplanes.

Through his lawyer, Roberts said his only interest had been to ‘improve aircraft security.’

‘This is going to drive change. It will force the hand of organizations (in the aviation industry),’ says Jonathan Butts, a former US Air Force researcher who now runs a company working on IT security issues in aviation and other industries.

As the aviation industry adopts communication protocols similar to those used on the Internet to connect cockpits, cabins and ground controls, it leaves itself open to the vulnerabilities bedevilling other industries – from finance to oil and gas to medicine.

‘There’s this huge issue staring us in the face,’ says Brad Haines, a friend of Roberts and a security researcher focused on aviation. ‘Are you going to shoot the messenger?’

More worrying than people like Roberts, said Mark Gazit, CEO of Israel-based security company ThetaRay, are the hackers probing aircraft systems on the quiet. His team found Internet forum users claiming to have hacked, for example, into cabin food menus, ordering free drinks and meals.

That may sound harmless enough, but Gazit has seen a similar pattern of trivial exploits evolve into more serious breaches in other industries. ‘It always starts this way,’ he says.

ANXIOUS AIRLINES

The red flags raised by Roberts’ case are already worrying some airlines, says Ralf Cabos, a Singapore-based specialist in inflight entertainment systems.

One airline official at a recent trade show, he said, feared the growing trend of offering inflight WiFi allowed hackers to gain remote access to the plane. Another senior executive demanded that before discussing any sale, vendors must prove their inflight entertainment systems do not connect to critical flight controls.

Panasonic Corp and Thales SA, whose inflight entertainment units Roberts allegedly compromised, declined to answer detailed questions on their systems, but both said they take security seriously and their devices were certified as secure.

Airplane maker Boeing Co says that while such systems do have communication links, ‘the design isolates them from other systems on planes performing critical and essential functions.’ European rival Airbus said its aircraft are designed to be protected from ‘any potential threats coming from the In-Flight-Entertainment System, be it from Wi-Fi or compromised seat electronic boxes.’

Steve Jackson, head of security at Qantas Airways Ltd, said the airline’s ‘extremely stringent security measures’ would be ‘more than enough to mitigate any attempt at remote interference with aircraft systems.’

CIRCUMVENTING

But experts question whether such systems can be completely isolated. An April report by the U.S. General Accountability Office quoted four cybersecurity experts as saying firewalls ‘could be hacked like any other software and circumvented,’ giving access to cockpit avionics – the machinery that pilots use to fly the plane.

That itself reflects doubts about how well an industry used to focusing on physical safety understands cybersecurity, where the threat is less clear and constantly changing.

The U.S. National Research Council this month issued a report on aviation communication systems saying that while the Federal Aviation Administration, the U.S. regulator, realized cybersecurity was an issue, it ‘has not been fully integrated into the agency’s thinking, planning and efforts.’

The chairman of the research team, Steven Bellovin of Columbia University, said the implications were worrying, not just for communication systems but for the computers running an aircraft. ‘The conclusion we came to was they just didn’t understand software security, so why would I think they understand software avionics?’ he said in an interview.

SLOW RESPONSE

This, security researchers say, can be seen in the slow response to their concerns.

The International Civil Aviation Organisation (ICAO) last year highlighted long-known vulnerabilities in a new aircraft positioning communication system, ADS-B, and called for a working group to be set up to tackle them.

Researchers like Haines have shown that ADS-B, a replacement for radar and other air traffic control systems, could allow a hacker to remotely give wrong or misleading information to pilots and air traffic controllers.

And that’s just the start. Aviation security consultant Butts said his company, QED Secure Solutions, had identified vulnerabilities in ADS-B components that could give an attacker access to critical parts of a plane.

But since presenting his findings to vendors, manufacturers and the industry’s security community six months ago he’s had little or no response.

‘This is just the tip of the iceberg,’ he says.

(Additional reporting by Siva Govindasamy; Editing by Ian Geoghegan)”

The End of the Google+ Era?

Alex Chitu of the Google Operating System sees in Google’s decision to buy into the Twitter firehose the End of the Google+ Era:

Google announced that it will start to display tweets in Google Search for mobile. “When you’re searching on the Google app or any browser on your phone or tablet, you can find real-time content from Twitter right in the search results,” informs Google.

He sees this as the final nail in the coffin of Google+ as a real time social media service: 

It’s the end of the Google+ era. Even if Google+ will continue to exist in one way or another, Google will stop promoting it aggressively and will probably use it as a backend service. Bloomberg reports that Google “is set to reveal an online picture sharing and storage service that will no longer be part of the Google+ social network” and “will let users post images to Facebook and Twitter”.

He could well be right. I know that a lot of folk see positives in Google+ as an active network for certain interests, but Google has never been interested in anything less than mega scale, and won’t settle for that, I’m sure. 

(Via Google Operating System)

BBC: The Rise of Disappearables

The transcript of my BBC World Service piece on wearables. Reuters original story here

Forget ‘wearables’, and even ‘hearables’, if you’ve ever heard of them. The next big thing in mobile devices: ‘disappearables’.

Unless it really messes up, Apple is going to do for wearables with the Watch what is has done with the iPod for music players, the phone with its iPhone, the iPad for tablets. But even as Apple piques consumer interest in wrist-worn devices, the pace of innovation and the tumbling cost, and size, of components will make wearables smaller and smaller. So small, some in the industry say, that no one will see them. In five years, wearables like the Watch could be overtaken by hearables – devices with tiny chips and sensors that can fit inside your ear. They, in turn, could be superseded by disappearables – technology tucked inside your clothing, or even inside your body.

This all may sound rather unlikely, until you consider the iPhone is only 8 years old, and see what has happened to the phone since then. Not only do we consider the smartphone a status symbol in the salons of New York, but they’re something billions of people can afford. So it seems highly plausible that the watch as a gizmo is going to seem quaint in 10 years — as quaint as our feature phone, or net book or MP3 player is now.


So how is this all going to play out? Well this year you’ll be able to buy a little earpiece which contains a music player, 4 gigabytes of storage, a microphone to take phone calls – just nod your head to accept – and sensors that monitor your position, heart rate and body temperature.

Soon after that you’ll be able to buy contact lenses that can measure things like glucose levels in tears. Or swallow a chip the size of a grain of sand, powered by stomach juices and transmitting data about your insides via Bluetooth. For now everyone is focused on medical purposes, but there’s no reason that contact lens couldn’t also be beaming stuff back to you in real time — nice if you’re a politician being able to gauge the response to your speech so you can tweak it in real time.

Or you’re on a date and needing feedback on your posture, gait, the quality of your jokes. 

In short, hearables and wearables will become seeables and disappearables. We won’t see these things because they’ll be buried in fabric, on the skin, under the skin and inside the body. We won’t attack someone for wearing Google Glasses  because we won’t know they’re wearing them. 

Usual caveats apply. This isn’t as easy as it looks, and there’ll be lots of slips on the way. But the underlying technologies are there: components are getting smaller, cheaper, so why not throw in a few extra sensors into a device, even if you haven’t activated them, and are not quite sure what they could be used for? 

Secondly, there’s the ethical stuff. As you know, I’m big on this and we probably haven’t thought all this stuff through. Who owns all this data? Is it being crunched properly by people who know what they’re doing? What are bad guys and governments doing in all this, as they’re bound to be doing something? And how can we stop people collecting data on us if we don’t want them to? 

All good questions. But all questions we should be asking now, of the technologies already deployed in our street, in our office, in the shops we frequent, in the apps we use and the websites we visit. It’s not the technology that’s moving too fast; it’s us moving too slow.

Once the technology is too small to see it may be too late to have that conversation.  

Technorati Tags: , , , ,

Truth-app.jpg

The path to a wearable future lies in academia | Reuters

The path to a wearable future lies in academia | Reuters:

My oblique take on wearables

IMG 0563

For a glimpse of what is, what might have been and what may lie ahead in wearable devices, look beyond branded tech and Silicon Valley start-ups to the messy labs, dry papers and solemn conferences of academia.

There you’d find that you might control your smartphone with your tongue, skin or brain; you won’t just ‘touch’ others through a smart Watch but through the air; and you’ll change how food tastes by tinkering with sound, weight and color.

Much of today’s wearable technology has its roots in these academic papers, labs and clunky prototypes, and the boffins responsible rarely get the credit some feel they deserve.

Any academic interested in wearable technology would look at today’s commercial products and say ‘we did that 20 years ago,’ said Aaron Quigley, Chair of Human Interaction at University of St. Andrews in Scotland.

Take multi-touch – where you use more than one finger to interact with a screen: Apple (AAPL.O) popularized it with the iPhone in 2007, but Japanese academic Jun Rekimoto used something similar years before.

And the Apple Watch? Its Digital Touch feature allows you to send doodles, ‘touches’ or your heartbeat to other users. Over a decade ago, researcher Eric Paulos developed something very similar, called Connexus, that allowed users to send messages via a wrist device using strokes, taps and touch.

‘I guess when we say none of this is new, it’s not so much trashing the product,’ says Paul Strohmeier, a researcher at Ontario’s Human Media Lab, ‘but more pointing out that this product has its origins in the research of scientists who most people will never hear of, and it’s a way of acknowledging their contributions.’

VAMBRACES, KIDS’ PYJAMAS

Those contributions aren’t all pie-in-the-sky.

Strohmeier and others are toying with how to make devices easier to interact with. His solution: DisplaySkin, a screen that wraps around the wrist like a vambrace, or armguard, adapting its display relative to the user’s eyeballs.

Other academics are more radical: finger gestures in the air, for example, or a ring that knows which device you’ve picked up and automatically activates it. Others use the surrounding skin – projecting buttons onto it or pinching and squeezing it. Another glues a tiny touchpad to a fingernail so you can scroll by running one finger over another.

Then there’s connecting to people, rather than devices.

Mutual understanding might grow, researchers believe, by conveying otherwise hidden information: a collar that glows if the wearer has, say, motion sickness, or a two-person seat that lights up when one occupant has warm feelings for the other.

And if you could convey non-verbal signals, why not transmit them over the ‘multi-sensory Internet’? Away on business? Send a remote hug to your child’s pyjamas; or deliver an aroma from one phone to another via a small attachment; or even, according to researchers from Britain at a conference in South Korea last month, transmit tactile sensations to another person through the air.

And if you can transmit senses, why not alter them?

Academics at a recent Singapore conference focused on altering the flavor of food. Taste, it seems, is not just a matter of the tongue, it’s also influenced by auditory, visual and tactile cues. A Japanese team made food seem heavier, and its flavor change, by secretly adding weights to a fork, while a pair of British academics used music, a virtual reality headset and color to make similar food seem sourer or sweeter to the eater.

MAKING THE GRADE

It’s hard to know just which of these research projects might one day appear in your smartphone, wearable, spoon or item of clothing. Or whether any of them will.

‘I don’t think I’m exaggerating when I say that 99 percent of research work does not end up as ‘product’,’ says Titus Tang, who recently completed a PhD at Australia’s Monash University, and is now commercializing his research in ubiquitous sensing for creating 3D advertising displays. ‘It’s very hard to predict what would turn out, otherwise it wouldn’t be called research.’

But the gap is narrowing between the academic and the commercial.

Academics at the South Korean conference noted that with tech companies innovating more rapidly, ‘while some (academic) innovations may truly be decades ahead of their time, many (conference) contributions have a much shorter lifespan.’

‘Most ‘breakthroughs’ today are merely implementations of ideas that were unimplementable in that particular time. It took a while for industry to catch up, but now they are almost in par with academic research,’ says Ashwin Ashok of Carnegie Mellon.

Pranav Mistry, 33, has risen from a small town in India’s Gujarat state to be director of research at Samsung America (005930.KS). His Singapore conference keynote highlighted a Samsung project where a camera ‘teleports’ viewers to an event or place, offering a real-time, 3D view.

But despite a glitzy video, Samsung logo and sleek black finish, Mistry stressed it wasn’t the finished product.

He was at the conference, he told Reuters, to seek feedback and ‘work with people to make it better.’

(Editing by Ian Geoghegan)”

Chinese hackers target Southeast Asia, India, researchers say

Chinese hackers target Southeast Asia, India, researchers say | Reuters

My piece on FireEye’s report about hackers. Other reports have appeared since. 

Hackers, most likely from China, have been spying on governments and businesses in Southeast Asia and India uninterrupted for a decade, researchers at internet security company FireEye Inc said.

In a report released on Monday, FireEye said the cyber espionage operations dated back to at least 2005 and ‘focused on targets – government and commercial – who hold key political, economic and military information about the region.’

‘Such a sustained, planned development effort coupled with the (hacking) group’s regional targets and mission, lead us to believe that this activity is state-sponsored – most likely the Chinese government,’ the report’s authors said.

Bryce Boland, Chief Technology Officer for Asia Pacific at FireEye and co-author of the report, said the attack was still ongoing, noting that the servers the attackers used were still operational, and that FireEye continued to see attacks against its customers, who number among the targets.

Reuters couldn’t independently confirm any of the assertions made in the report.

China has always denied accusations that it uses the Internet to spy on governments, organizations and companies.

Asked about the FireEye report on Monday, foreign ministry spokesman Hong Lei said: ‘I want to stress that the Chinese government resolutely bans and cracks down on any hacking acts. This position is clear and consistent. Hacking attacks are a joint problem faced by the international community and need to be dealt with cooperatively rather than via mutual censure.’

The Cyberspace Administration of China, the Internet regulator, didn’t immediately respond to written requests for comment.

China has been accused before of targeting countries in South and Southeast Asia. In 2011, researchers from McAfee reported a campaign dubbed Shady Rat which attacked Asian governments and institutions, among other targets.

Efforts by the 10-member Association of Southeast Asian Nations (ASEAN) to build cyber defenses have been sporadic. While ASEAN has long acknowledged its importance, ‘very little has come of this discourse,’ said Miguel Gomez, a researcher at De La Salle University in the Philippines.

The problem is not new: Singapore has reported sophisticated cyber-espionage attacks on civil servants in several ministries dating back to 2004.

UNDETECTED

The campaign described by FireEye differs from other such operations mostly in its scale and longevity, Boland said.

He said the group appeared to include at least two software developers. The report did not offer other indications of the possible size of the group or where it’s based.

The group remained undetected for so long it was able to re-use methods and malware dating back to 2005, and developed its own system to manage and prioritize attacks, even organizing shifts to cope with the workload and different languages of its targets, Boland told Reuters.

The attackers focused not only on governments, but on ASEAN itself, as well as corporations and journalists interested in China. Other targets included Indian or Southeast Asian-based companies in sectors such as construction, energy, transport, telecommunications and aviation, FireEye says.

Mostly they sought to gain access by sending so-called phishing emails to targets purported to come from colleagues or trusted sources, and containing documents relevant to their interests.

Boland said it wasn’t possible to gauge the damage done as it had taken place over such a long period, but he said the impact could be ‘massive’. ‘Without being able to detect it, there’s no way these agencies can work out what the impacts are. They don’t know what has been stolen.’

Pornchai Rujiprapa, Minister of Information and Communication Technology for ASEAN member Thailand, said the government was proposing a new law to combat cyber attacks as existing legislation was outdated.

‘So far we haven’t found any attack so big it threatens national security, but we are concerned if there is any in the future. That’s why we need a new law to handle it,’ he told Reuters.

(Additional reporting by Ben Blanchard in BEIJING and Pracha Hariraksapitak in BANGKOK; Editing by Miyoung Kim and Ian Geoghegan)”

(Via.)

BBC: Cluetraining Disruption

Has technology, convinced of its own rectitude, lost its sense of moral direction? 

Disruptive innovation is one of those terms that worms its way into our vocabulary, a bit like built-in obsolescence or upselling. It’s become the mantra of the tech world, awhich sees its author Clayton Christensen, as a sort of messiah of the changes we’re seeing in industries from taxis, hotels and media. Briefly put the theory goes: existing companies are undercut and eventually replaced by competitors who leverage technology to come up with inferior but good enough alternatives — think the transistor radio displacing vacuum tube radios — or come up with wholly new products that eventually eclipse existing markets — think the iPhone killing off the MP3 player (and radios, and watches, and cameras, and guitar tuners etc.) 

Backlash 

A backlash has emerged against this theory, partly because it’s somewhat flawed — even Prof Christensen himself has misapplied it, as in the case of the iPhone — but also because it’s scary. Uber may be a great idea if you’re looking for a ride, but not if you’re an old-style cabbie. Airbnb is great for a place to crash, but feels like a car crash if you’re running a real b’n’b. And don’t get me started on being a journalist.   But there’s a much bigger problem here. The tech world is full of very inspiring, bright, charismatic people and that’s one reason I choose to write about it for a living. But it has changed in the past decade or so, undeniably. 15 years ago, just before the last dot.com crash, a tome appeared: The Cluetrain Manifesto, and you’d either read it or you hadn’t. It was a collection of writings by some fine thinkers, the great bloggers of the day like Doc Searls and Dave Weinberger. The main thesis: the Internet is unlike ordinary, mass media, because it allows human to human conversations — and that this would transform marketing, business, the way we think. Markets are conversations, it said.   For a while we were giddy with the power this gave us over corporations. We could speak back to them — on blogs, and later on what became known as social media. Even Microsoft hired a blogger and let him be a tiny bit critical of things at Redmond.

Last blast

Looking back, it was probably the last naive blast of the old dying Internet rather than a harbinger of the new. The language, if not the underlying philosophy, lives on in conferences and marketing pitches. Most social media conversations are harsh, mostly inhuman — we refer to deliberate online baiters as trolls, which I suppose makes them subhuman — and we’ve largely given up influencing the companies we do business with except in the occasional diatribe or flash hashtag full frontal mob assault.

And more importantly, there is no longer any of that idealism or utopianism in any startup movement that I can see. For sure, we cheer on these players because they seem to offer something very seductive, from free email, calendars, spreadsheets to cheaper rides, stays, music, video and goodies, to shinier bling, gadgets, wearables and cars. And they all sing the same mantra: we’re disruptive, we’re disintermediating, we’re leveraging technology, we’re removing friction, we’re displacing old cozy cartels, we’re doing it all for you.

The problem is that underneath this lies an assumption, an arrogance, that technology is a natural ally of good, that disruption is always a good thing, that the geeks parlaying it into products are natural leaders, and that those opposing it are reactionaries, doomed to the scrapheap.

Rapid cycle

The result: we’re just getting into a more rapid cycle of replacing one lot of aloof, cloth-eared giants with another lot, who in short order will be replaced by another. Microsoft, IBM, and HP, the giants of when Cluetrain was written, have been replaced by Amazon, Apple, Alibaba, Facebook and Google, all of them as hard to hold a conversation with as Microsoft ever was. And the big players of tomorrow, which may or may not be Uber, Airbnb, Tencent and Twitter, don’t seem particularly interested in a conversation either.

We need to recover some of that old Cluetrain idealism, naivety, when we thought that what we were doing was building a new platform for anyone to use, to talk back to authority, to feel heard and appreciated — and not just a cult-like celebration of the rugged individuals who dismantled Babel only to build a bigger, shinier and more remote one its place.

This was a piece I wrote and recorded for the BBC World Service. It’s not Reuters content – JW