Hunt for Deep Panda intensifies in trenches of U.S.-China cyberwar | Reuters

My piece on what Deep Panda looks like in action: Hunt for Deep Panda intensifies in trenches of U.S.-China cyberwar | Reuters:

Security researchers have many names for the hacking group that is one of the suspects for the cyberattack on the U.S. government’s Office of Personnel Management: PinkPanther, KungFu Kittens, Group 72 and, most famously, Deep Panda. But to Jared Myers and colleagues at cybersecurity company RSA, it is called Shell Crew, and Myers’ team is one of the few who has watched it mid-assault — and eventually repulsed it.

Myers’ account of a months-long battle with the group illustrates the challenges governments and companies face in defending against hackers that researchers believe are linked to the Chinese government – a charge Beijing denies.

‘The Shell Crew is an extremely efficient and talented group,’ Myers said in an interview.Shell Crew, or Deep Panda, are one of several hacking groups that Western cybersecurity companies have accused of hacking into U.S. and other countries’ networks and stealing government, defense and industrial documents.The attack on the OPM computers, revealed this month, compromised the data of 4 million current and former federal employees, raising U.S. suspicions that Chinese hackers were building huge databases that could be used to recruit spies.

China has denied any connection with such attacks and little is known about the identities of those involved in them.  But cybersecurity experts are starting to learn more about their methods.

Researchers have connected the OPM breach to an earlier attack on U.S. healthcare insurer Anthem Inc (ANTM.N), which has been blamed on Deep Panda.

RSA’s Myers says his team has no evidence that Shell Crew were behind the OPM attack, but believes Shell Crew and Deep Panda are the same group.

And they are no newcomers to cyber-espionage.CrowdStrike, the cybersecurity company which gave Deep Panda its name due to its perceived Chinese links, traces its activities to 2011, when it launched attacks on defense, energy and chemical industries in the United States and Japan. But few have caught them in the act.

    SHELL CREW IN ACTION

In February 2014 a U.S. firm that designs and makes technology products called in RSA, a division of technology company EMC (EMC.N), to fix an unrelated problem. RSA realized there was a much bigger one at hand: hackers were inside the company’s network, stealing sensitive data. 

‘In fact,’ Myers recalls telling the company, ‘you have a problem right now.’Myers’ team could see hackers had been there for more than six months. But the attack went back further than that.

For months Shell Crew had probed the company’s defenses, using software code that makes use of known weaknesses in computer systems to try to unlock a door on its servers. Once Shell Crew found a way in, however, they moved quickly, aware this was the point when they were most likely to be spotted.        SPEARPHISHING

On July 10, 2013, they set up a fake user account at an engineering portal. A malware package was uploaded to a site, and then, 40 minutes later, the fake account sent emails to company employees, designed to fool one into clicking on a link which in turn would download the malware and open the door. 

‘It was very well timed, very well laid out,’ recalls Myers.

Once an employee fell for the email, the Shell Crew were in, and within hours were wandering the company’s network. Two days later the company, aware employees had fallen for the emails – known as spearphish – reset their passwords. But it was too late: the Shell Crew had already shipped in software to create backdoors and other ways in and out of the system. 

For the next 50 days the group moved freely, mapping the network and sending their findings back to base. This, Myers said, was because the hackers would be working in tandem with someone else, someone who knew what to steal.

‘They take out these huge lists of what is there and hand it over to another unit, someone who knows about this, what is important,’ he said. 

Then in early September 2013, they returned, with specific targets. For weeks they mined the company’s computers, copying gigabytes of data. They were still at it when the RSA team discovered them nearly five months later. 

Myers’ team painstakingly retraced Shell Crew’s movements, trying to catalogue where they had been in the networks and what they had stolen. They couldn’t move against them until they were sure they could kick them out for good. 

It took two months before they closed the door, locking the Shell Crew out.  But within days they were trying to get back in, launching hundreds of assaults through backdoors, malware and webshells.

Myers says they are still trying to gain access today, though all attempts have been unsuccessful.  

‘If they’re still trying to get back in, that lets you know you’re successful in keeping them out,’ he said.

(Additional reporting by Joseph Menn; Editing by Rachel Armstrong and Mark Bendeich)”

Moleskines Redux

Moleskin ® redux

Of course, I claim a lot of the credit for this decade-long trend Why Startups Love Moleskines: 

“The notion that non-digital goods and ideas have become more valuable would seem to cut against the narrative of disruption-worshipping techno-utopianism coming out of Silicon Valley and other startup hubs, but, in fact, it simply shows that technological evolution isn’t linear. We may eagerly adopt new solutions, but, in the long run, these endure only if they truly provide us with a better experience—if they can compete with digital technology on a cold, rational level.”

I have returned to Moleskines recently, partly because I realised I have a cupboard full of them, and partly because of exactly this problem: there’s no digital equivalent experience. 

  • easier to conceptualise on paper
  • you can doodle when the speaker is waffling; those doodles embellish, even turn it into Mike Rohde’s sketchnotes
  • you can whip it out in places where an electronic device would be weird, or rude, or impractical;
  • there’s a natural timeline to your thoughts
  • there’s something sensual about having a pen in your hands and holding a notebook
  • pen and moleskine focus your thoughts and attention
  • the cost of the book acts as a brake on mindless note taking (writing stuff down without really thinking why) 
  • no mindmap software has ever really improved the mindmapping experience. 
There’s probably more to it. But maybe the point is that this isn’t a fad. People have been using these in the geeky community for more than a decade, suggesting that they have established themselves as a viable tool. Being able to easily digitise them — for saving, or processing, as I did this morning with a chart I sketched out which my graphics colleague wanted to poach from — is a bonus, and saves us from the fear of losing our work. 

(Via.Newley Purnell)

Connected cows, cars and crockery prod chip mega mergers

My Reuters piece attempting to place the recent chip mergers in a longer timeline. Yes, I hate the term internet of things too. 

Connected cows, cars and crockery prod chip mega mergers | Reuters:

SINGAPORE/TAIPEI | BY JEREMY WAGSTAFF AND MICHAEL GOLD

Chip companies are merging, signing $66 billion worth of deals this year alone in preparation for an explosion of demand from all walks of life as the next technological revolution takes hold: the Internet of Things.

As cars, crockery and even cows are controlled or monitored online, each will require a different kind of chip of ever-diminishing size, combining connectivity with processing, memory and battery power.

These require makers to pool resources and intellectual property to produce smaller, faster, cheaper chips, for a market that International Data Corp said would grow to $1.7 trillion by 2020 from $650 billion last year.

By comparison, chip markets for personal and tablet computers are stagnant or in decline, and even smartphones are near peaking, said Bob O’Donnell, a long-time consultant to the chip industry.

‘We’re very much done in terms of growth of those traditional markets,’ said O’Donnell. ‘That’s why they are looking at this.’

Last month saw the biggest-ever chip merger with Avago Technologies Ltd agreeing to buy Broadcom Corp for $37 billion. That eclipsed the $17 billion Intel Corp agreed last week for Altera Corp, and the $12 billion NXP Semiconductors NV offered in March for Freescale Semiconductor Ltd.

On Friday, Lattice Semiconductor Corp said it was open to a sale.

 

CONNECTED COWS

The Internet of Things relies on chips in devices wirelessly sending data to servers, which in turn process the data and send results to a user’s smartphone, or automatically tweak the devices themselves.

Those devices range from a light bulb to a nuclear power plant, from a smartwatch to a building’s air-conditioning system. This range presents both opportunity and a challenge for semiconductor companies: their potential customer base is huge, but diverse, requiring different approaches.

Qualcomm Inc, for example, is used to selling chips to around a dozen mobile phone manufacturers. The Internet of Things has brought it business from quite different players, from makers of water meters to street lights that sport modems and traffic-monitoring cameras. All have their own needs.

‘You can’t think the new market is just like the old one,’ Qualcomm Vice President of Marketing Tim McDonough said in an interview.

Qualcomm estimates that the Internet of Things will bring in more than 10 percent of its chip revenue this business year.

And then there are those cows. Instead of monitoring herds by sight, farmers in Japan have tagged them with Internet-connected pedometers from Fujitsu Ltd and partner Microsoft Corp, to measure when they might be ready for insemination. Cows in season, it turns out, tend to pace more.

SPECK OF CHIP

This new business is pushing chip companies together in part to consolidate their expertise onto one chip, a trend forged by mobile phones.

The Avago-Broadcom deal, for instance, brings together motion control and optical sensors from Avago with chips from Broadcom that specialize in connectivity via wireless technologies such as Bluetooth and Wi-Fi.

In the past ‘if you wanted to build a board that has all the components, then you needed to buy three different chips,’ said Dipesh Patel of ARM Holdings PLC, which licenses much of the technology inside mobile phones – and, increasingly, in the Internet of Things.

‘Now you only need to buy one chip. But you’re trying to get more of the same system on the same chip.’

As chips get smaller, they could be tiny enough to ingest, according to Vital Herd Inc. The Texas-based startup’s pill-like sensor, once a cow swallows it, can transmit vital signs, warning farmers of illness and other problems.

Jen-Hsun Huang, co-founder and chief executive officer of graphics chips maker Nvidia Corp, predicts chips will shrink to the size of a speck of dust and find their way into almost anything, from shoes to cups.

‘Those little tiny chips, I think they’re going to be sold by the trillions,’ Huang said in an interview. ‘Maybe even sold by the pound.’

PROCESSING

Installing chips into end products is only one side of the equation. The more things connect, the bigger the number and capability of servers needed to process the vast amount of specialized data those chips transmit.

To meet the demand, Intel could employ chips for its servers designed by new purchase Altera that analyze streams of similar data – specializing in one function, as opposed to multiple functions like chips inside personal computers – industry consultant O’Donnell said.

Combining such strengths is going to be vital, said Malik Saadi of ABI Research, because consolidation is not over yet.

More chip companies ‘will have to make that radical decision to merge,’ said Saadi. ‘This is just the starting point.’ 

(Additional reporting by Liana Baker in New York; Editing by Christopher Cushing)”

Deja Vu or New Dawn? Microsoft’s Acquisition Binge

I’m not quite sure what to make of these acquisitions. It reminds me of Yahoo’s binge 10 years ago: After del.icio.us, a Directory of Other Things Yahoo! Should Buy. They snagged up a lot of my favourite stuff back then, and Microsoft is doing the same thing with Sunrise etc: 

Welcome 6Wunderkinder! Microsoft acquires Wunderlist – The Official Microsoft Blog: “What’s better than completing that last important task on your to-do list? Doing so with a beautiful and useful productivity app. Today, I am thrilled to announce that Microsoft has acquired 6Wunderkinder, the creator of the highly acclaimed to-do list app, Wunderlist.

The addition of Wunderlist to the Microsoft product portfolio fits squarely with our ambition to reinvent productivity for a mobile-first, cloud-first world. Building on momentum for Microsoft Office, OneNote and Skype for Business, as well as the recent Sunrise and Acompli acquisitions, it further demonstrates Microsoft’s commitment to delivering market leading mobile apps across the platforms and devices our customers use – for mail, calendaring, messaging, notes and now tasks.”

One Microsoft person told me when I complained about little work had been done on Skype that “we’re listening to users who said ‘don’t fiddle’ with it.” All well and good, but they could have fixed the more ridiculous things, like not being able to disable birthday notifications in some versions of the app, and losing the plot on groups. 

Still, this might be a new Microsoft, not the old Microsoft or Yahoo! doing these new acquisitions. They’ve done a lovely job integrating Acompli. So maybe there’s hope. I don’t mind these things getting that kind of treatment so long as they do it to reach out to users, rather than to fence them in. That’s going to take quite a change of attitude up in Redmond.