Author: Tamlin Magee

Cyber terrorism didn't threaten Olympics

Although provisions were in place to prevent it, cyber terrorism was not a major concern at the London 2012 Olympics, according to  BT Security’s CEO, Mark Hughes, with the majority of notable events being rudimentary DDOS attempts or financial fraud.

Speaking at the RSA Conference in Amsterdam, Hughes acknowledged that his company, in partnership with LOCOG, ran through worst-case scenarios for cyber terrorism during the London 2012 Olympics, including putting together provisions for the shutting down of major power networks. In addition, despite the over 200 million malicious incidents reported during the event, just 77 tickets required a human response from analysts.

When asked to define those 212 million events, Hughes described these to us as anything that could be flagged as a potential threat – from a single DDOS attempt to defacement. Necessary defences were built over seven years of preparation, it was asserted, while the London 2012 website was the most visited on the planet during the Games.

Hacktivism – such as loose collective Anonymous – may sit under the same umbrella as cyber terrorism itself, from the perspective of the security industry. Although Hughes referred to hacktivists in his keynote as teenagers trying to change the world from their bedrooms, he recognises that rather than the phenomena being on the wane, there is potentially a shift towards targeting financial institutions. There are different stratums of the ‘hacktivist’ that vary both in message and technological proficiency – and the first waves of public defacements or DDOS attacks could be planting seeds for something altogether new.

Over the course of the London 2012 Olympic games, there were “quite a few” DDOS attacks as well as unsophisticated DNS amplifications, and it was coming “from everywhere”.

“The stuff we had to start dealing with was quite serious,” Hughes said, “that potentially would have had service impact if the right controls weren’t in place.”.

Businesses shouldn’t forget that hacktivism still exists. “It’s not like that’s gone away,” Hughes said. “People who are very gifted individuals who want to have a go at something are still doing  that.

“That said, I think recently from some of the stuff we’ve seen, for example, the targets against the US banks, that’s becoming a lot more sophisticated, not just as hacktivism but a lot more concerted,” Hughes said. “I think the way I would characterise those attacks is there’s becoming more financial motivation, I think there’s evidence clearly about criminals becoming more sophisticated in using those types of tools now for financial gain”.

Martin Brown, chief security portfolio architect at BT, said there are vastly different levels within hacktivism, from the technically proficient to people who simply want to get involved.

“Some of the hacktivist campaigns that have gone on over the last 18 months or so, and if you follow what’s going on on Twitter and IRC, you have the core people who are evangelising their point of view on why they want to carry out their attacks,” Brown said. “At the same time, you’re seeing them package how-to instructions on installing and running LOIC, people asking how to set it up and if it can be run on Windows. There’s different tiers taking place within this. There’s different scenarios taking place, some are very capable, some are there to participate but don’t know what they’re doing”.

Hughes distanced BT from culpability if malicious events did run on the company’s infrastructure. “We have a huge consumer base in the UK, I’m sure there are people who buy DSL circuits from us with nefarious purposes, but they’re the ones who are the motivated criminals – by us supplying services to our customers we enter that contract in good faith with our customers, and it’s up to them whether they break the law or not.

Responding to TechWeekEurope’s Tom Brewster about BT’s collaboration with British spy agency GCHQ, Hughes responded first with an audible gulp, second by saying there are “commercial services that we will supply to any government department”.

Crop World hit by anti-Monsanto protests

Anti-Monsanto and GM crops protesters swooped on Amsterdam’s RAI conference centre – where the RSA Conference is taking place – armed with a drum circle and several hundred people.

“Crop World 2013” was running just next door to RSA 2013. Protesters from March against Monsanto told TechEye that they object to the actions of big crop companies around the world, including enforcing their patents and saddling farmers with crippling debt.

One organiser said: “The evidence shows pesticide use is going up and in the longer term the harvest doesn’t go up – maybe in the first few years, but now it’s lower with GM crops than with normal crops. So what are they doing?

“They make money, but it’s not useful.

“It’s making farmers dependents, and it’s creating more super weeds. It’s clearly their business, but there is no argument for it continuing”.

The demonstration was peaceful, if noisy, and security staff didn’t seem concerned.

We tried to gain access to Crop World 2013, but our RSA badge could only get us so far.

Ex London deputy mayor: hackers were to blame for my naked Facebook selfie

Former deputy mayor of London, Richard Barnes, has pinned the blame on “hackers” after a naked selfie was posted to his Facebook page.

In one photo, Barnes’ face is out of shot. But the viewer is presented with a photo of Barnes posing in front of a bedroom mirror, undressing from his white shirt and red braces, with his lower body exposed.

Barnes told the Evening Standard it was hackers to blame, not an iOS 7 blunder, as some pundits brandishing Occam’s razor have suggested.

“Have you ever been hacked?” Barnes asked, adding, “Well, I have been hacked. Someone’s got in there and put the picture up”. 

Although the pictures were quickly deleted from Facebook, screenshots had already spread like wildfire online. Readers can Google them if they must.

Speaking with the Metro, Barnes said: “I’m annoyed and shaking with anger. I’m a 65 year old gay man on his own, it’s not the sort of thing I do. Do you really think I would be that f***ing stupid after 30 years in politics?”

As everyone is aware, politics, scandal and embarrassment are very rarely linked.

Earlier this year, former congressman Anthony Weiner was the subject of scandal when his sexting under the pseudonym ‘Carlos Danger’  was revealed.

Barnes is a Conservative councillor in Hillingdon. He served as Boris Johnson’s deputy from 2008 to 2012.

Security expert Graham Cluley told TechEye: “It would certainly be unusual for a hacker to do this.

“What can people do to keep themselves safe from embarrassing blunders like this?  Keep their trousers on when they’re taking smartphone photographs,” Cluley said.

Blackberry sells its soul for $4.7 billion

* UPDATE – the Crackberry monster announced today it had made a deal with major Canadian investor Fairfax and others to sell itself off for $4.7 billion and to go private. Its shares initially fell on the news but have now been suspended. We guess it could be worse – it could have been bought by possibly the most incompetent mobile player on the globe, the Vole of Nokia.

What do you do if your company’s going down the pan? Fruity Blackberry, it has emerged, decided to buy itself a bigger executive jet.

Just as the ailing pioneer announced it expected to post a $1 billion loss for the latest quarter, it turns out the company had a large corporate jet delivered as recently as July.

Looking through Canadian aircraft registry records, the Wall Street Journal found Blackberry had bought a 2006 Bombardier BBD.B.T in July. The price isn’t public but they generally go for around $30 million.

In a statement, spokesperson Adam Emery said: “Earlier this year the company decided to sell both Dassault planes and replace them with one longer range aircraft. The company considered several options and selected a used Bombardier aircraft, which was eventually delivered in July”.

Although the plane was delivered in July, Blackberry has been in trouble for quite some time.

Since Thorsten Heins took over from Lazaridis and Balsillie he has failed to turn the company around. Admittedly, a larger ship takes longer to steer, but substantial hype generated for the Z10 didn’t manage to persuade the public it wasn’t an also-ran that was a bit like the iPhone. The range was a $1 billion write-off.

In spite of the bad times, Heins has been remarkably vocal about his vision for the future of a sector Blackberry is no longer really shaping at all. He declared tablets as bad for business and had the prescience to boast his company will be on top of the market – soon. 

The company recently announced it intends to cut 40 percent of its entire workforce. 

Whispers are increasingly suggesting Blackberry will have to carve itself into a fruit salad, despatch the rotten bits and sell off the best of its services to the highest bidder if it’s to save itself from turning to mulch.

On top of all the bad news, its BlackBerry Messenger app for Android and Apple devices has been delayed because of a leak, and the BBC describes the Android version “problematic” where it has been released.

Some businesses still like the iconic Blackberry for its security but increasingly CIOs are adoption Bring Your Own Device policies that do away with having to kit out your entire workforce with the smartphones.

Blackberry will now have to give up its Bombardier as it seeks to cut unnecessary costs.

“In light of the company’s current business condition, the company has decided to sell that aircraft along with the two legacy aircraft and will no longer own any planes,” the spokesperson added.

Mike Dell to Icahn: Ucahn't! Dell to pull Dell private

Tinbox maestro Michael Dell has got his way, clinging onto his namesake with the help of investment firm Silver Lake Partners, in a $25 billion takeover that will see the company go private.

Shareholders passed the vote today. But it has been a close fight over previous months. Top challenger and “activist investor” Carl Icahn, in tandem with Southeastern Asset Management, was gunning to take over the company and for a while, it looked like he might have won out. The board delayed the final decision three times.

However, the Wall Street Journal reports, some sweeteners in the bid helped the deal pass, with a reported tally of 65 percent in favour.

Stockholders will get $13.75 cash per share as well as a special cash dividend of 13 cents a share, or $13.88 each in total.

Icahn decided to give up the ghost early this week as shareholders refused to rebel against the Tinman.

Michael Dell said: “I am pleased with this outcome and am energised to continue building Dell into the industry’s leading provider of scalable, end-to-end technology solutions. As a private enterprise, with a strong private-equity partner, we’ll serve our customers with a single-minded purpose and drive the innovations that will help them achieve their goals”.

There have been some murmurings that, should Dell take Dell private, the company will seriously refocus on enterprise technology, servers, and services. Its enterprise section is something of a success story despite economic difficulties, so perhaps an approach not too far off SAPman Apotheker’s attempted ruination of HP would not actually go amiss. 

Despite touting security, iPhone 5S scanner raises concerns

Another year, another iPhone – well, two. The build up to Apple’s flagship launch o’ the year was typical in its pre-event hype, but as the expected fingerprint scanner in the 5S was made official, some eyebrows were raised from usually enthusiastic corners of the Apple-rabid press. With privacy such a hot topic at the moment, what are the experts saying about the iPhone 5S?

Apple promises its fingerpint identification system is basically uncrackable and that the peaks and contours of your index will remain yours. But criticisms have been launched from every angle – with one pundit claiming thieves may even mutilate their victims to gain access to their phones.

Carrying around a victim’s finger in your pocket probably isn’t appealing to the most vicious of muggers, but it alarmed Marc Rogers from mobile security company Lookout.

“Thieves in some regions have worked out that you can force a victim to unlock a secured device, and in some extreme cases have also mutilated victims in order to steal their equipment,” Rogers said. “Fingerprints can be a useful addition to security but their value depends highly on the type of fingerprint reader and how it is being used – for example, the best use of a fingerprint is to provide a convenient way to unlock something in a medium to low security scenario”.

The Free Software Foundation, meanwhile, flagged Apple’s familiar walled garden of delights as a threat to digital freedoms.

Executive director John Sullivan said Apple has provided new hardware with the “same old restrictions”, letting customers use only Apple approved software. This will put user data, privacy, and freedom of expression in the hands of Cupertino, where operations “are secret and demonstrably untrustworthy”.

“We can’t imagine a more hostile reaction to the wave of privacy concerns sweeping the world right now than debuting a proprietary, network-accessible fingerprint scanner as your new ‘feature'”, Sullivan said.

Perhaps it’s not surprising the FSF took such a hostile view to the latest of Apple’s trademark gimmicks. For some time, Apple has been trying to win over its fanbase with this or that ‘feature’ – first with the iPhone 4’s charming rubber band that promised to fix its reception problems, then with Siri, then with a mapping system that told users to drive into lakes, for example.

With the Snowden revelations reverberating around the planet, the tinfoil hatted conspiracy folk will be joined by reasonably privacy-concerned citizens in wondering just what could be done with data gleamed from biometric scanning.

After all, what we know is that security agencies in the United States had actively been leaning on American tech companies to install back doors and even having a significant say in encryption standards.

Privacy speculation notwithstanding, vulnerability management company Rapid7 said overall, the built in fingerprint sensor should improve security for iOS devices.

But Rapid7’s Dirk Sigurdson warns: “Apple has on a number of occasions released flawed versions of its passcode lock implementation which allows attackers to bypass lock screen protections”.

“With the added complexity of biometric authentication it’s likely that continue to see vulnerabilities related to these features,” Sigurdson said. “It will remain important for companies to monitor iOS vulnerabilities”.

Speaking with TechEye, Sigurdson said Apple has gone to great lengths to publicly tout the device’s security, with the fingerprint data cryptograhically stored internal to the A7 chip, with only the touch ID module able to access it. “Apple’s reputation would be greatly harmed if it intentionally gained access to and shared this information,” Sigurdson said.

Arxan Technologies’ Vince Arneja, vice president of product management, said the fingerprint scanner certainly can represent an advance in personal device security. But users should understand security does not begin and end on the device itself, and there are serious concerns about application layer protections from reverse engineering or other intrusive attacks.

“We analysed the top banking applications on both Android and iPhone and found that all of them are vulnerable to these emerging hacker attacks and insertion of malware exploits,” Arneja said, “meaning cyber criminals can take a legitimate app, crack it open and insert malicious code, then repackage and redistribute”.

Like it or lump it, Apple could well be a driving force behind the fingerprint as a payment method, according to analyst house CCS Insight.

Ben Woods, chief of research, CCS, expects Apple to open its touch APIs to partners like banks and Paypal, as an alternative authentication method, provided the take-up is far reaching enough.

“Apple has over 575 million iTunes accounts with associated credit cards,” Woods said.

“Touch ID could easily be used as a way of facilitating micropayments for online and physical retailing,” Woods said. Better watch those fingers.

Vancouver to host Bitcoin ATMs

Advocates for the alternative digital currency, Bitcoin, are quick to sing its praises – but actually using the platform as cash can prove difficult. Finding the right online exchanges and retailers to spend the money is not entirely user friendly, which is why it’s interesting an enterprise in Vancouver, Canada, is planning to open five Bitcoin ATMs.

Vancouver’s Bitcoiniacs will buy up five RoboCoin Bitcoin ATMs, each of them costing $20,000. Something that represents a digital wallet, such as a QR code, identifies the user, who then pays cash in, a small cut is taken, and the customer gets their Bitcoin cash sent digitally to their wallet.

Bitcoiniacs already offers transfers to Bitcoin, ZDNet says, but appointments must be made first. The ATMs promise to make the process easier. 

Bitcoin is a decentralised digital currency with a thriving, enthusiastic community. Fans insist it’s a way to democratise cash flow outside of big banks, but there are pros and cons that come with that – such as artificial inflation and market crashes. Users “mine” the currency by dedicating compute power to solving complex algorithms as part of an online network.

Indeed, the network recently passed the 1 exaFLOPS point, making it faster than top supercomputers combined.

Bitcoin has received its fair share of criticism. As well as being marked as unstable, as with this year’s flash crash, the currency has been sensationalised as a way to buy drugs or other illegal wares on the TOR network.

But it also offers possibilities and alternatives to the way markets operate in the future, supporters say.

A pub in Hackney, London, was among the first bricks-and-mortar establishment to embrace the technology in the UK. The Pembury Tavern has been accepting Bitcoin as currency since earlier this year.

EE's 4G monopoly should have done better

Since telco merger EE – borne from T-Mobile and Orange – grabbed a headstart on 4G networks in the UK it has now reached the milestone of one million customers. But considering its position, it could have done even better.

EE launched its first 4G service in October 2012, followed by an aggressive rollout across the country. Now, the company’s network covers over 100 towns and cities, which EE claims are faster than similar networks in Europe, the USA, and Japan.

CEO Olaf Swantee said in a statement that EE’s entry into the 4G market was a booster shot for the British mobile sector.

“We set a new standard for UK mobile networks,” Swantee said. “We have seen one of the fastest adoption rates in the world”.

EE is no longer the only 4G provider in the UK as spectrum was opened up to Vodafone and O2, with Three to come this December.

Although EE claims its price point is competitive in the UK and abroad, many customers will still be priced out of the service – at least, to make the super fast network worth the extra spend.

For example, using EE’s online shop, a data plan with the Samsung Galaxy S4 costs £51 per month for 20GB of usage. More affordable plans include £26 per month for 500MB of data, £31 per month for 1GB of data, and £36 per month for 1.5GB of data. Even though customers can take advantage of the ultra fast network, just a couple of gigabytes of data will not be enough to justify the extra expense for many. Streaming may be super speedy, but the limit will run dry, quickly.

Despite this, EE commissioned research noted half of users are using fewer or no public wi-fi spots since upgrading to 4G, while a third stream more content over 4G than they did on 3G, including with TV and film services such as iPlayer and Netflix.

EE’s milestone, of course, must be put into context. Its massive head start kept it ahead of the pack because it was the only company offering actual LTE networks on LTE devices that customers wanted.

Ovum’s Steve Hartley, head of Industry, Communications & Broadband Practice, explained, speaking with TechEye:

“There was no competition,” Hartley said. “We’ve got a wealthy market, and we’ve got a market that is a very high user of mobile broadband, but at the same time 3G networks haven’t actually evolved quite as quickly as other markets around the world. The difference between a 4G and 3G experience is quite extreme, you’re going to notice, it’s a lot smoother and faster”.

With that “pent up demand,” Hartley said, if you are the only company able to serve it, naturally there is an advantage.

EE managed to efficiently and quickly put the necessary infrastructure in place to nail coverage. “They have deployed the network very quickly,” Hartley said, “certainly if you compare to other LTE launches around the world,” but the others have only just launched so EE will “continue that quasi-monopoly for a while yet”.

Crucially, EE was able to have the right handsets available at launch.

“One of the nuances in the EE statement, about being among the fastest uptake, you have to remember LTE have only really been available in something approaching volume this year and the end of last year,” Hartley said.

“Earlier LTE launches relied heavily on dongles and MiFi type devices, and of course that has a natural pull of potential customers, whereas with the other handsets, if you have mobile broadband on your handset, you’re a target for LTE”.

“Having that range of devices available at launch has really helped them. If you can imagine trying to launch without the iPhone 5, the Samsung Galaxy S3, then the 4, the Blackberry Z10, you had these hero devices coming out at roughly the same time, and just so happened if you want them to work on LTE you could only go to one place”.

Considering EE’s near year long monopoly, the milestone could have been even better for the company, Hartley said.

“Given they had a monopoly they could have done even more,” he said. “You have all that coverage and devices people want – then you price things aggressively to encourage people onto LTE networks. Others launching could have found themselves two million behind or more. Since they launched, the premium has been too much. I’ve spoken about it to EE, and to Olaf, and we have a fundamental disagreement for the business case for LTE.

“For me it’s about transporting data efficiently. For Olaf, and understandably under pressure from shareholders, he thinks you charge a premium for LTE. As you can see, the two business models don’t marry too neatly”.

If a company with a monopoly charges a top premium, it actually slows down the adoption rate, and businesses want that adoption rate as high as possible, as quickly as possible.

“The one million mark being hit early is a nice landmark. But I did wish they had done even more, because they could have really shaken up the competition,” Hartley said. 

Universal credit plagued by bloated IT disaster

British Secretary for Work and Pensions, Iain Duncan Smith, is blaming a “Titanic” IT failure of his own pet project – the universal credit system – on civil servants.

A National Audit Office (NAO) report declared the £2.4 billion scheme a bloated mess, plagued by serious IT problems which could raise the total project balance in the hundreds of millions.

Speaking with BBC Today on Radio 4, Duncan Smith said he could have “written this report myself”, before saying the problem was with those who put together the IT details. He claimed those responsible “did not make the correct decisions”.

Of the government’s expected spend of £425 million up to April 2013, £303 million of this has been spent on contracts for designing and developing IT systems.

The NAO’s progress review of Universal Credit has found that even the government’s pathfinder pilot scheme, launched April 2013, is woefully underequipped – supporting just the simplest new claims and built around limited IT functionality. The report found that processes needed further input from staff, knocking the proposed scalability without yet more IT investment, not entirely useful considering the NAO’s claims that over 90 percent of new claimants begin online.

Because of shortfalls in the programme, the department will not be able to roll out universal credit nationally by October 2013 as originally planned – instead being forced to launch just six pathfinder websites from the month instead. The department is also unsure of how much the IT systems it has built will even support national roll-out, as pathfinder systems are not comprehensive and don’t let claimants change any details of their circumstances online as originally planned.

In fact, in May 2013, the department decided it needed to write off a sizeable £34 million – or 17 percent – of new IT assets.

Duncan Smith said the Universal Credit system will still be delivered on the “overall timetable” of 2017. “It is a very important reform and it is a reform that will save the government and taxpayers money and improve the lot of those most needing it,” he claimed.

Last month, shadow work and pensions secretary for Labour, Liam Byrne, slammed the welfare overhaul as being in “serious trouble”, and costing the tax payer “up to £1.5 billion”.

“There seems to be something very wrong in the mind of the man at the helm of DWP,” Byrne said of Duncan Smith. “He has a mandate to reform but the instruction to deliver appears to have got lost somewhere in his office.”

Byrne has now said the scheme is a “Titanic-sized IT disaster” and claimed Duncan Smith has both lost control of the department and alleged a cover up. 

At the very least, the project looks like it will serve as a boon for IT contractors.

Windows Phone market boosted by feature phone converts

Windows Phone has enjoyed a significant boost compared to recent months, reaching record market share of 8.2 percent across five top EU markets, UK, Germany, France, Italy, and Spain.

Android market share dipped a little in some key EU markets, however, Android devices still held the lion’s share, followed by iOS, according to Kantar Worldpanel ComTech.

In the UK, Android share dipped slightly by 3.8 percent. iOS gained 7.8 percent of share, while Windows Phone gained 5.0 percentage points. This put Windows Phone just shy of a tenth of the British market, more than doubling to 9.2 percent from 4.2 percent in July 2012.

Of the new Windows Phone customers, 42 percent were making the leap from the feature phone – the classic mobile model before the touch-screen smartphone boom.

Despite some slight dips in market share that seem to be offset by gains from other manufacturers, Android performed exceptionally well across the European and China markets, making up roughly 70 percent of all smartphone sales for the past quarter.

iOS performed better in the States with 43.4 percent of all sales. Similarly, there was decent growth in Britain, France and Mexico.

Poor old Blackberry accounted for just 2.4 percent of sales across the big five EU markets, and 1.2 percent in the United States.

Kantar’s Dominic Sunnebo said it’s “easy to forget that there is a third operating system emerging as a real adversary”.

“Windows Phone, driven largely by lower priced Nokia smartphone such as the Lumia 520, now represents around one in 10 smartphone sales in Britain, France, Germany and Mexico,” Sunnebo said.

“Windows Phone’s success has been in convincing first time smartphone buyers to choose one of its devices, with 42 percent of sales over the past year coming from existing feature phone owners,” he said. “This is a much higher proportion than Android and iOS. The Lumia 520 is hitting a sweet spot, offering the price and quality that new smartphone buyers are looking for”.

At the same time, it’s worth noting the large amount of people who already have smartphones are locked in to their chosen OS – and for many, it’s not worth losing content by jumping brands.

Microsoft and Nokia have chucked heaps of cash at marketing the rather nice looking Lumia range, but have so far struggled to match the amount of apps – or, indeed, device options – of rivals.