Phishing For a Scapegoat

By | November 22, 2011
1 Comment

It’s somewhat scary that more than 10 employees of a laboratory that works on security issues (including phishing) could fall for a phishing attack. The Oak Ridge National Laboratory, or ORNL, managed for the U.S. Department of Energy by UT-Battelle, works on science and technology involved in energy production and national security. In late October the lab was targeted from Chinese websites, according to eWeek:

All of the phishing e-mails instructed lab employees to open an attachment for more information or to click on an embedded link. ORNL’s investigators now believe that about 11 staff fell for the come-ons and opened the attachments or clicked on the links. That was enough for the attackers to install keyloggers or other types of malware that gave attackers access to systems and the ability to extract data.

The interesting thing here is whether this was a “coordinated attack” and a “cyberattack” as has been suggested in the media. The Knoxville News Sentinel, for example, quotes lab director Thom Mason as saying, involved the thieves making “approximately 1,100 attempts to steal data with a very sophisticated strategy that involved sending staff a total of seven phishing e-mails, all of which at first glance appeared legitimate.” Meanwhile this AP article quotes Mason’s memo to employees:

The assault appeared “to be part of a coordinated attempt to gain access to computer networks at numerous laboratories and other institutions” in the United States, lab director Thom Mason said in a memo to the 4,200 employees at the Department of Energy facility.

The key here may be that the attackers were after personal information, not military secrets. As John C. Sharp writes:

The headlines keep coming about the news that several high-profile military labs – including some of the world’s leading nuclear research labs – have been compromised by phishing scams. Unfortunately, many of these headlines are missing the point.

Example: In one story published today, PC World claims that Chinese Hackers “launched” a coordinated “major attack” on two US Military Laboratories.

This is almost certainly *not* what happened. According to most of the published data, this was a phishing attack, plain and simple.

The fact is that China’s computers are so insecure that more or less anyone could use them to do more or less anything, from relaying spam to launching phishing attacks. So it’s not proof that China, or even Chinese, were involved just because the IP addresses are Chinese.

Of course, we don’t know for sure what happened yet. But if the attack was enabled by employees clicking on an email attachment or link that originated from a Chinese server, you’ve got to question a) the security training at a place like that, and b) wonder what kind of security filters they have on their servers that would allow such emails to get through, especially given the sheer number of emails that were sent.

Sometimes “China” is a great excuse for all sorts of incompetence and inefficiency, and “sophisticated cyber attack” is just another way of saying “sorry, we haven’t got a clue about all this Internets stuff.”

Oak Ridge Speared in Phishing Attack Against National Labs

The Inanities of the Visionary

By | November 22, 2011
6 Comments

I have a lot of respect for Doris Lessing but her recent remarks about the Internet reveal an ignorance and lack of understanding that is depressing and unbecoming of such a literary giant. Here’s what she said in her acceptance speech for the Nobel prize for literature:

We never thought to ask how will our lives, our way of thinking, be changed by the internet, which has seduced a whole generation with its inanities so that even quite reasonable people will confess that, once they are hooked, it is hard to cut free, and they may find a whole day has passed in blogging.

Frankly, I’m not sure Ms. Lessing knows what blogging is. And I am also one of those people who are concerned that the Internet is changing our society in ways we haven’t thought through. But it’s certainly not killing reading, learning and writing. In fact the opposite: the Internet is actually offering us so much information, and so much knowledge, the problem now is being able to judge what is important and what is not, and to retain a sense of mystery about the world.

If we can look down from heaven on any point of the globe via Google Earth, if we can look up any fact on Wikipedia, if we can communicate with any person in any country via voice for free via Skype, if we can listen to any radio station on the planet (and watch 100s of different tv channels) or read more or less any newspaper, if we can read tens of thousands of different books for free via Project Gutenberg, not to mention hundreds of thousands of excellent blogs, I can’t really see what is “inane” about the Internet.

Ms. Lessing is concerned that amidst all this online inanity, books will die. Of course books won’t die. Books as books (pbooks) won’t die. They come in a form that has proved perfect for their content. They will also be available as ebooks, too, and in forms we can’t yet imagine or create.

The point is that writing will continue. Online it may be shorter — but not always — and it may be interspersed with other media. But I would say that there are more people reading and writing now than any time in history. As Ms. Lessing herself says, according to The Guardian’s Maev Kennedy:

She contrasted her experiences in Zimbabwe and other parts of Africa, where people were hungry and clamouring for books even though they might have no food, where schools might not have a single book and a library might be a plank seat under a tree.

In a way the Internet is the solution to this kind of problem; in some ways it’s easier to bring knowledge to people and institutions via the Internet than by bringing them books. Or, failing that, bringing them the single biggest repository of free, community-based knowledge in the world: Wikipedia — printed out, or put on a CD-Rom and given via a refurbished $100 PC. I don’t think that the One Laptop Per Child idea is necessarily the correct way to go about it, but I do believe on the whole the Internet has brought people in the developing world closer to knowledge than any physical library ever has.

I’m sad that Ms. Lessing, who has been considered a social radical and has written some great science fiction, has not seen the Internet for what it is: a great leveller, redistributor and repository of information and knowledge.

( PS I just looked up dorislessing.com and dorislessing.co.uk: the first is up for auction (and sports a picture of a young woman in white with a white laptop in a white chair; definitely not Doris Lessing) and the second redirects to a radio and TV tuning website where you can tune in to dozens of radio and TV stations. Meanwhile anyone online wanting to know about her can find it on Wikipedia. It all seems somehow fitting.)

Nobel prize winner Lessing warns against ‘inane’ internet | Special Reports | Guardian Unlimited Books

How to Data Roam on the Cheap

By | November 22, 2011
1 Comment

This week’s column in the WSJ is about finding cheap data roaming connections on the road. I’ll be the first to admit I wasn’t very successful, and hope readers may have better luck than I. But here in the meantime are some suggestions:

Free WiFi connections:

  • AnchorFree offers free WiFi hotspots via partners, in return for ads. Good idea, but poor website.
  • Fon allows members to get free WiFi from other members in returning for sharing their own. Non members can buy WiFi cheaply. More here.

WiFi roaming services

  • iPass Not cheap, but you might already have an account if you have a broadband connection. Check out via your ISP’s website or by checking out the reseller locator link.
  • Boingo offers three packages – Unlimited (North America only; $22 a month), Global ($40 a month) or AsYouGO ($8 within North America, $10 globally.) Once again, you may already have an account if you have a broadband or a mobile broadband account elsewhere.

Alliances

  • Wireless Broadband Alliance (site not active at the moment) supposedly offers a wireless broadband roaming to members of more than 25 service providers, but until the site comes back up I can’t really confirm this. StarHub says it’s a member, and that subscribers to its cellular, broadband or even TV services can use sister WiFi connections for free.
  • Conexus is an alliance of seven operators in Asia which promises flat-rate per-day data roaming. This is good news but won’t be ready until next year (2008).
  • BridgeAlliance an alliance of 11 operators in Asia which offers Bridge DataRoam, a one-flat rate across 11 territories: Airtel (India), AIS (Thailand), CSL (Hong Kong), CTM (Macau), Globe Telecom (Philippines), Maxis (Malaysia), SK Telecom (Korea), SingTel Mobile (Singapore), SingTel Optus (Australia), Taiwan Mobile (Taiwan) and Telkomsel (Indonesia). Four more will be added in the next few weeks: Maxis in Malaysia, SK Telecom in Korea, Singtel Optus in Australia and CSL in Hong Kong. Plans are US$30 for 15MB (Bridge DataRoam15) or US$60 for 40MB (Bridge DataRoam40).

Odds and ends

  • If you have a UK bank account you could sign up for vodafone’s Mobile Broadband service which costs £9.99 per 24 hrs (500 MB limit).

Investigation Step #1: Google Suspect

By | November 22, 2011
0 Comment

image

Every journalist (and police officer, for that matter) should start their investigative work with a Google search. They may find it’s all they need.

You’ve probably read by now of the disappearance, reappearance and arrest of the former British prison officer John Darwin, who turned up at a police station this month saying he’d lost his memory after a kayak incident in 2002. Everyone was relieved, including his wife, who had apparently reconciled herself to his passing and moved to Panama a week earlier. But one person was skeptical: an unnamed woman who turned to Google, as this Guardian story by Matthew Weaver reports:

A single mother put police and journalists to shame in their attempts to unravel the mysterious reappearance of the canoeist John Darwin by using a simple Google search, it emerged yesterday.

The woman found the picture that apparently shows Darwin with his wife, Anne, in Panama City in July last year.

When confronted with the picture, which was published in the Daily Mirror yesterday, Anne Darwin is reported to have admitted: “Yes, that’s him. My sons will never forgive me.”

The photograph was available on a website of the firm Move to Panama. It was found by the anonymous woman after she tapped in the words “John, Anne and Panama” into Google. She forwarded the picture to Cleveland police and the Mirror. She said that when she sent the picture to detectives, she was told: “You’re joking.”

I believe she actually did a Google image search, which, at the time of writing, still throws up the same image as the number one result, although the actual image has been removed from the site.

Police and journalists should share the shame and blame for not doing some basic Google sleuthing.

Caught in the web | Special reports | Guardian Unlimited

Broadband on a Moving Bus

By | November 22, 2011
1 Comment

I don’t know if it’s anything to do with my recent column  (probably not) about the need for flat data rates(“The Price is Wrong,” from Nov 2’s WSJ.com), but m1 of Singapore is now offering unlimited data for its mobile broadband plans. So now you can get 512 kbps for about $15 a month, 1.8 Mbps for about $25, and 3.6 Mbps for $45.

I use the 512 kbps service and frankly, it’s fast enough for me. Of course, with the island state embracing free WiFi this all becomes a bit academic at some point, but I still find it easier to crank up the Huawei modem than log in to the WiFi, and there’s something about surfing on a bus that is positively liberating. Not something I ever tried on the moving robbery carts that are buses in Jakarta, I must say.

M1 broadband