Archive | Technology

Investigating Internet Crimes

Written by experts on the frontlines, Investigating Internet Crimes provides seasoned and new investigators with the background and tools they need to investigate crime occurring in the online world. This invaluable guide provides step-by-step instructions for investigating Internet crimes, including locating, interpreting, understanding, collecting, and documenting online electronic evidence to benefit investigations.

investigating_internet_crimesThis year I served as technical editor for this excellent book by Todd Shipley and Art Bowker. Cybercrime is the fastest growing area of crime as more criminals seek to exploit the speed, convenience and anonymity that the Internet provides to commit a diverse range of criminal activities. Today’s online crime includes attacks against computer data and systems, identity theft, distribution of child pornography, penetration of online financial services, using social networks to commit crimes, and the deployment of viruses, botnets, and email scams such as phishing. Symantec’s 2012 Norton Cybercrime Report stated that the world spent an estimated $110 billion to combat cybercrime, an average of nearly $200 per victim.

Law enforcement agencies and corporate security officers around the world with the responsibility for enforcing, investigating and prosecuting cybercrime are overwhelmed, not only by the sheer number of crimes being committed but by a lack of adequate training material. This book provides that fundamental knowledge, including how to properly collect and document online evidence, trace IP addresses, and work undercover.

  • Provides step-by-step instructions on how to investigate crimes online
  • Covers how new software tools can assist in online investigations
  • Discusses how to track down, interpret, and understand online electronic evidence to benefit investigations
  • Details guidelines for collecting and documenting online evidence that can be presented in court

Blackhatonomics: An Inside Look at the Economics of Cybercrime

blackhatonomicsBlackhatonomics: An Inside Look at the Economics of Cybercrime explains the basic economic truths of the underworld of hacking, and why people around the world devote tremendous resources to developing and implementing malware.

The book provides an economic view of the evolving business of cybercrime, showing the methods and motivations behind organized cybercrime attacks, and the changing tendencies towards cyber-warfare.

Written by an exceptional author team of Will Gragido, Daniel J Molina, John Pirc and Nick Selby,  Blackhatonomics takes practical academic principles and backs them up with use cases and extensive interviews, placing you right into the mindset of the cyber criminal.

The Russian Software Pirates

Every day here and in dozens of other Russian cities, pirate dealers sell copies of the world’s most popular software titles at $5 per CD-ROM.

Despite fears about the economy, small and medium-sized businesses are flourishing in this elegant northwestern Russian city – and pirated software is installed on almost all of their computers.

Nearly all high-end computer games, Encyclopaedia Britannicas and other educational and reference CDs are distributed through illegal sources.Bootlegged software use is certainly not limited to Russia. Industry analysts say that 27 percent of the software running on American computers is pirated.

And the Business Software Alliance, which monitors business software piracy, says 43 percent of PC business applications installed in Western Europe are illegal copies.

In Russia, however, the piracy rates are a stunning 91 percent for business applications and 93 percent for entertainment software, according to Eric Schwartz, counsel to the International Intellectual Property Association, a Washington, D.C.-based organization that lobbies internationally on behalf of the copyright industry.

Schwartz said that piracy in Russia costs American entertainment software manufacturers $223 million a year and business software makers almost $300 million. The Business Software Alliance estimates worldwide revenue losses to the software industry from piracy at $11.4 billion.

Under the 1992 agreement with the United States that guaranteed Most Favored Nation trading status, Russia is required to effectively enforce anti-piracy laws, but actual enforcement is virtually nonexistent.

Meeting the Dealers
The dealers, who operate in stalls and kiosks around major transportation hubs or in full-scale markets usually 15 minutes from the city center, offer an enormous range of titles, usually bundled in a form their manufacturers would never dream of.

“That’s Windows 98, Front Page 98, Outlook 98, MS Office 97 SR1 and, uh, yeah, Adobe 5.0,” said Pyotr R., a student at St. Petersburg Technical University, of a single CD-ROM. “On the disk there are files, like ‘crack’or ‘serial’ or something, and that’s where you’ll find the CD keys,” he said, referring to the codes that unlock CD-ROMs and allow users to install the programs.

Pyotr (who spoke, as did all others interviewed for this article, on condition of anonymity) sold that disk, plus a second one containing Lotus Organizer 97, several anti-virus programs and some DOS utilities, for 60 rubles or about $10.

Another dealer was offering Windows NT 4.0 for $5, and Back Office for $10. According to Microsoft, the recommended retail prices for these products are $1,609 and $5,599.

Many Russians, who during the days of the Soviet Union bought most necessities through black market sources, think nothing of buying their software this way. They even defend the markets as providing a commodity that had been long-denied them.

After the collapse of the Soviet Union, inexpensive computers began to flood into the country from Taiwan, Germany and the United States, increasing the importance of these illegal software markets. Spending at least $800 on a computer was an enormous investment for Russians, even relatively well-paid St Petersburgians who earn an average salary of around $350 a month. Those who did buy one were in no position to consider purchasing software legitimately, even if it were readily available, which it often wasn’t.

These days, though, legitimate outlets for hardware and software are popping up everywhere in Russia; computer magazines offer licensed versions of everything available in the United States and Western Europe, and software makers advertise in the city’s well-established English-language media.

The markets continue to thrive with an alarming degree of perceived legitimacy. Outside the Sennaya Square metro station in St. Petersburg, a police officer approached a pirate dealer (who offered, among other things, Adobe Font Folio and QuarkXPress) and angrily chastised him for not prominently displaying his license to operate the stall. When the dealer complied, the policeman moved on.

Customers feel secure that the pirated copies will work and that belief appears well-founded. Bootlegged titles come with a written guarantee – good for 15 days from the date of purchase – that they’re virus-free and fully functional.

And files on the CDs themselves boast of high-quality, code-cracking techniques: “When so many groups bring you non-working fakes, X-FORCE always gets you the Best of the Best. ACCEPT NO IMITATION!” boasts one.

“There’s a lot of viruses around in Russia,” said Dima V., a system administrator who runs several small company networks in St. Petersburg using bootlegged copies of Windows NT 4.0, “but most of the disks you buy in the markets are clean. The guys are there every day and if they give you a virus you’ll come back – it’s just easier to sell you the real thing.”

Foreigners get in on the action
Russians are not by any means the only people installing the pirated programs. While employees of multinational companies or representatives of American companies would never dream of risking their job by violating copyright laws, self-employed Westerners, or ones who have established small Russian companies have no qualms about doing so.

They also pose a question software manufacturers find difficult to answer: Who would buy a network operating system package for $5,000 when it’s available for $5?

“Nobody,” said Todd M., an American business owner in St. Petersburg, whose 24-PC network runs a host of Microsoft applications that were all bootlegged.

“There’s just no financial incentive for me to pay the kind of prices that legitimate software costs,” he said. “I mean, it would be nice to get customer service right from the source, but we have really excellent computer technicians and programmers in Russia and they can fix all the little problems that we have.”

Customer support and upgrades are just what the manufacturers point to as advantages of licensed software, even in markets like Russia.

“There are enormous incentives,” said Microsoft’s Mark Thomas, “to buying legitimate software, and they start with excellent customer support and service and upgrades. We spend $3 billion a year on research and development and the money that we make goes right back into making products better and better products. The pirates don’t make any investment in the industry.”

And local industry, Thomas pointed out, suffers disproportionately in the face of piracy.

“A huge amount of our resources are put into making sure local industry builds on our platform,” he said. “When a local company creates packages for, say, accounting firms, and somebody can come along and buy it for $5, these local companies can lose their shirts.”

Piracy getting worse
Despite heavy lobbying by industry representatives and government agencies, piracy has worsened. As CD copying technology becomes cheaper, large factories in Russia and other countries, including Bulgaria, churn out copies of software copied by increasingly sophisticated groups in countries around the world, especially in Asia.

Encyclopaedia Britannica wrote off Malaysia as a market effectively destroyed by pirates, who sold 98 out of every 100 copies of its flagship Encyclopaedia three-CD set for a fraction of its recommended retail price of $125. The same disks, which have not officially even been offered for sale in Russia, are readily available in the St. Petersburg markets for $10.

“For Encyclopaedia Britannica, the cost of piracy is millions a year,” said James Strachan, EB’s international product manager. “One hundred percent of the value of our product is an investment in the authority and depth of our content,” he said. “Piracy causes us extreme concern and we do everything we can to root it out and prosecute.”

Todd M., the businessman with the 24-PC network, offers little hope that the situation will soon change in favor of manufacturers.

“With all the problems I have running my business here in Russia, from armed tax police to Byzantine procedures and customs duties, software piracy just doesn’t register with me,” he said.

“It’s the one thing about doing business here that’s somebody else’s problem.”

Standards Battle? What Standards Battle?

A standards battle of VHS-Betamax proportions has been brewing, and the winner will control how you copy DVDs on your home computer. Among those least concerned about who wins is Roland Lacher, the outspoken chief executive of Singulus Technologies AG, based in Kahl, Germany.

“Philips DVD+RW will win the battle,” Lacher said. “DVD-RW and DVD-RAM will die.”

Not that the outcome really matters to Lacher. His machines will probably manufacture the DVDs you buy, regardless of which standard wins.

Singulus, the leading manufacturer of the machines that make optical disks (including DVDs and CDs), is doing well despite the standards war.

When CDs – plastic platters coated with metalized film that reflects laser light – were introduced 20 years ago, optical disks became an exciting new market.

By pitting the metallic surface, manufacturers can create light and dark spots. A light spot is read as a “1,” a dark one as a “0.” Measure these digits 44,100 times a second and the disk will recreate audio with startling clarity.

The catch is that to create a uniform, nonbubbling metalizer, you need extremely good – and extremely expensive – technology. And to create the machines that make the disks, you need lots of know-how.

With access to a labor pool of university-educated employees and Ph.D. researchers, Singulus says it has overcome the German obstacles of high wages and taxes and expensive travel to the company’s main markets: the United States and Asia.

“We do 100 percent of the R&D and engineering here,” Lacher said, “and outsource 100 percent of parts and components.”

To market the products, the company established scores of corporate subsidiaries, bypassing sales agents with local representation.

The formula seems to work. Although the Swiss-based company Unaxis Holding AG competes in components of the systems, Singulus has become the world leader in complete CD and DVD manufacturing systems.

Last year, Singulus said, it booked 182 DVD systems, or 65 percent of worldwide market share. (A metalizer starts at E130,000 while a DVD-recordable machine costs more than E1 million.)

Singulus posted E35 million ($38 million) in net profit last year on revenue of E286 million. Both figures grew about 25 percent from 2001, beating the company’s own expectations of a 20 percent rise, and it did so with 13 percent profit margins.

To say that investors associate Lacher with the company’s trajectory is like saying there’s some banking in Frankfurt. Lacher has an outspoken and steadfast vision for the company he helped create.

He ran Leybold AG’s thin-film coating systems division, where he oversaw research and development, sales and production in the 1990s.

Along with outside investors and a Leybold manager, Reiner Seiler, Lacher led a management buyout of Leybold’s CD business in 1996. Singulus went public in 1997.

Since then, advances in computer speeds and hard-drive technologies have rendered the 650-megabyte CD almost quaint.

A market boom is being fueled by worldwide appetite for storage capacity for movies, games and data, as well as in new DVD technologies such as the Blu-ray Disc, which uses the shorter wavelength of blue light to afford denser data storage. (Singulus said it would make the Blu-ray standard as well.)

The company’s customers are mainly DVD and CD makers in the entertainment and computer industries. Its machines have been used to produce CDs with holographic images for Microsoft Corp. and Technicolor, a division of Thomson Multimedia SA.

Product lines include Skyline CD-audio and CD-ROM making machines (38 percent of sales), Spaceline DVD systems (37 percent), Streamline recordable-CD systems (10 percent) and Singulus metalizers (3 percent).

Equipment sales have been picking up in the United States and Europe, and analysts estimate that the market will enjoy steady double-digit growth in the next two years.

In Asia, as DVDs start to replace the more common CD-Video format (an Asian standard for movie disks), saturation may be postponed even further.

Analysts are impressed with the company’s technology and management. But the analysts, investors and the company itself realize that once the market is saturated, Singulus will need to have another product lineup waiting in the wings.

Lacher is gambling that that product will be nonvolatile computer memory, or M-RAM, easily appreciated by anyone who has ever lost power while working on a spreadsheet, as it holds its data even without being powered.

Singulus is betting that the similar technologies used in making chips and disks will help it enter the semiconductor market.

As with DVDs, making M-RAM is essentially a matter of putting very thin film on a substrate and sandwiching it together with a sort of di-electric mayonnaise.

Analysts concede the logic on paper, but they also wonder whether the company can successfully break into a consolidating industry with high entry barriers and an entirely different breed of customers.

“It’s a pretty conservative industry,” Bruno Winiger, analyst at Vontobel Holding AG in Zurich, said in referring to the memory chip field.

“They use proven technologies, and they’re not fond of experimenting with things. It’s not just the technology but also the long-lasting connections to the players in the market. It’s a different customer base, and a different way of selling.”

Qualifying as a chip supplier to a company like Toshiba Corp. in the semiconductor market – where products are routinely one ten-thousandth of the thickness of a human hair – involves a more stringent process than in other industries.

To succeed in this market, a start-up needs to offer a product that is drastically superior to that of the competition.

“More established semiconductor companies such as AMD and others just have more resources to draw on for R&D, and they can draw on three decades of semiconductor manufacturing experience,” said Uche Orji, who heads the European semiconductor team at JP Morgan in London.

Furthermore, the semiconductor industry is consolidating – looking for fewer, not more, suppliers. That development, Orji said, “is a lot more challenging than people may expect.”

Lacher said he was not deterred by the odds.

“Everything’s a risk,” he said. “We think it’s a managed one. We’ve got the technology ahead of the competition.”

And if it fails?

“We’ve invested E5 million in this over two years,” Lacher said. “Look at our balance sheet – that’s pocket change.”

Broadband’s Here. Where’s The Content?

With the launch of BTOpenworld and broadband announcements by major telcos across Europe, investors have been increasingly wondering just what it is that will be delivered so quickly. As hardware manufacturers from Nokia and Alcatel to Hewlett Packard and IBM are gearing up to deliver rich, interactive content such as video-on-demand (VOD) and video teleconferencing on a variety of systems, analysts and industry watchers are still split as to who will make the content and what it will be.

UK-based Yes Television and BTOpenworld announced that they will pilot BT Yes Television, to deliver VOD to televisions via ADSL enhanced phone lines in London. And Filmgroup, a film distribution company competing for the same UK VOD audience via its web portal, announced its intention to float on the London Stock Exchange in the second quarter of 2000.

“VOD is an interesting experiment,” said Lars Godell, Analyst for European Corporate Technologies at Forrester Research, “so far it hasn’t taken off in previous trials around the world – there are very serious players interested in producing the kind of rich content the broadband net will need, but many have held back some of their most ambitious plans because of the free nature of lots of internet content and copyright issues.”

Those very issues have been addressed quite a bit recently, and the announcements last week of a joint venture between Microsoft and Xerox in ContentGuard, web-based copyright protection software, as well as rulings against in a copyright infringement suit, may clear the way for more smaller companies to risk investment in production of broadband specific content.

Always On
To be sure, companies such as Bertelsmann and Time-Warner, owners of large film libraries, are looking to explore new ways of exploiting their content in a European broadband marketplace. But analysts differ in their take on where content for broadband will go. While Forrester is bullish on very rich, interactive video-on-demand and other TV-like programming for broadband, Jupiter Research analyst Noah Yasskin believes the opposite is true.

“Primarily, broadband will be an enhancement of existing applications and services as opposed to some sort of TV-like revolution,” said Yasskin, “There will be some richer media, and more possibilities for advertising and video, but we think that more important than the speed is the ‘always-on’ aspect – that’s the real change for consumers.”

Industry watchers agree that a constant connection to the web at a fixed price is a crucial aspect of broadband’s success. “Very clearly this type of service will boost e-business,” said Joeri Sels, telecommunications analyst for Julius Bär in Frankfurt, “It doesn’t matter whether it’s ‘flat rate’ or just a very cheap, reliable fixed-base rate, but the important thing is that the general trend towards ‘always-on’ is certainly in motion.”

Always-on, says Yasskin, will cause fundamental changes in European use patterns, by making it as easy to check the web for basic information like weather and local news as it currently is to check in the newspaper.

Local And Pan-European Content Development
In addition to “always on”, the trick in Europe is to provide international, national and truly local coverage in ways that broadcast television has never been able to, and companies such as Chello (owned by United Pan-Europe Communications (AEX:UPC, Nasdaq:UPCOY), anticipated to be spun off and go public in Europe in the second quarter of 2000), are poised to do just that.

“That’s Chello’s core philosophy,” said a source close to the company, “to provide global but then also very local coverage – so users in Vienna and in Innsbruck would see absolutely different local content.” Chello, BT, France Telekom and Deutsche Telekom are clearly heading in the same direction, as can be seen by BTopenworld’s list of over 50 content providers.

So producing the local content, and therefore competing with US companies such as Atom Films and Digital Entertainment Network is the challenge for smaller European startups, and in that area the playing field is still wide open; small companies such as the UK’s ProteinTV, which won’t go public for at least a year, are very nervous about launching too quickly and getting swallowed, or worse, launching a content product line that will be irrelevant given the as yet unseen realities of the European broadband market.

“It’s more than just broadband video production,” said ProteinTV’s founder and chairman Will Rowe, “It’s about encompassing a complete range of content offerings as well as service offerings – so that we can offer a package that’s above and beyond those of Atom or DEN – the existing us organizations who really don’t have much in the way of Euro-centric programming.”

Analysts and industry experts agree that simply providing rich content is not in and of itself enough to generate interest in broadband. That sentiment was echoed not just by production companies but by ad agencies as well – and while analysts almost universally say that advertising will provide the money that fuels the next generation of online content, agencies are skeptical of projections of ‘gee-whiz’, highly interactive advertising.

“ItE’s too early to tell what advertising content works well on European broadband,” said David Sable, CEO of Y&R 2.1, Young & Rubicam’s agency to coordinate on-line and off-line marketing services, “and in fact, from our perspective, the technology is irrelevant, the challenge is for us to deliver advertising that’s relevant to the audience.”

Some predictions of interactive advertising, such as sports fans stopping the action to change the attire of the players, seems less a likely final application than, say families home shopping on line, taking interactive tours of the home and checking neighborhood services, commute times and school facilities.

Whichever is more realistic, it’s not happening immediately, and the interactivity is not yet clear. But it’s being watched carefully.

“We’re exploring everything,” said Y&R 2.1’s Sable. “Ad agencies and marketers have to understand that the issue here as everywhere is education and entertainment delivered in an interesting way.”

Looking for new applications of broadband technology, analysts see several areas on the horizon, including private and business video teleconferencing, and especially towards consumer-oriented applications such as software libraries and personal application service providers.

While current access speeds are just too slow to really use remote software applications or effectively download cutting edge software, broadband opens the door to all sorts of new areas for consumers, such as video game rental, downloading CD-ROM-type software or entertainment packages.

In Any Event, The Hardware’s Ready For It
While Alcatel and Ericsson work to bring new ADSL-capable products to market, Nokia has demonstrated a prototype version of its sexy MW111, a SOHO (Small-Office/Home-Office) box that offers a combination highspeed wireless LAN connection with broadband internet access that will be released later this year.

BT’s strategy for BTOpenworld directly addresses the problems that users in Germany and France have had with the complexity of setting up broadband on their PCs and have cut deals with hardware manufacturers including Apple, Hewlett-Packard and IBM to pre-install the service on their new PCs.

Whatever the final device – be it an integrated ‘smart’ television set, WAP device or a souped-up PC – to the European residential user the major problem is that they don’t see a compelling reason to upgrade – early adopters see it, but the masses don’t, and won’t until there’s sufficient compelling content online.

VCs Eye Location-Based Startups

With UMTS license bids in Germany in full swing [2000], there’s tons of hype about the coming of the mobile Internet. Signs are encouraging that the new mobile Internet will in fact allow VCs to look at some rapidly emerging technologies that will indeed change the way Europeans use information.

And right now, the smart money is betting on location services. VCs are saying they’re the coming killer app on the UMTS-powered mobile internet. The character string “m-” is currently as in vogue as was the character string “e-” two years ago. The space is heating up quickly, but there’s room for many.

“We haven’t yet invested in the end-application space, but I’m certainly personally very interested in finding some good, solid business plans in the area,” said Peter Boehringer, Investment Manager at 3I in Munich, which currently invests in location infrastructure company, Cambridge Positioning Systems.

“These are great applications that allow businesses to super-target their marketing and sales to very specific areas without wasting a lot of money. And the user likes it, too, because they get noticed and start getting offered things they really want and can use. Up to now no one’s been able to address this really local market on a broad scale.”

Great. So in the near future, as we’ve all heard, if we’re within five minutes’ walk of a Starbucks, our phone will beep telling us that a) a friend of ours happens to be nearby, and b) if we’d like to get together and have a coffee, we’ll get $1 off a large half-caf-mocca-skim-chocca-no-fat-triple-latte –if we show up in the next ten minutes.

There are two sides to the space, both interesting. There’s infrastructure technology – companies like Cambridge Positioning Systems, which develop the technology that can do the positioning systems and report locations of users. Cambridge’s Cursor system compares the relative times of arrival of signals between base transceiver stations and the actual handset and can thus extrapolate a user’s location within 50 meters or so. Cursor has already undergone trials working with companies including the AA, Vodafone and Maxon.

And then there are other companies, such as iProx that are developing means to use the positioning data for end-commerce applications.

“iProx is a very interesting company,” said Martin Fiennes, Investment Manager at Top Technology Limited, a UK VC firm, “and we’ve indirectly invested in them through Brainspark. Iprox is developing a series of applications and my personal view is that I don’t know which of them will become the killer app, but I’m confident that one or more of them will.” iProx received seed funding of US$1 million in April, and is presently in the middle of an interim round of funding, looking for £3 to £5 million.

“The trick is,” said Ravi Kanodia, Iprox co-founder and Chief Operating Officer, “if you know where the people, stores and places of interest are, then you can be quite clever with the technology, for example by letting people know when their buddies’ phones are in the area without their actually “asking” for it, through our use of intelligent profiling. You have to be capable of following millions of users but you mustn’t send the traffic bandwidth through the roof or require millions of supercomputers to process.”

There are barriers.

First, the technical: telecoms believe that the location data it can provide are the crown jewels in their collection of services, and they’re not only not willing to let those go cheaply, they want to have total control over them. This brings up the issue of just whose data it is – it isn’t the operator’s location, it’s the user’s location, and it could well be argued that the user may indeed own the rights to his location signal.

But it would seem that this first barrier is less of a problem than it might seem: true, different telecoms use different technology, and have in the past refused to share it with their rivals. But companies offering end-use applications will have the opportunity to act as a ‘Switzerland’ – a middle ground interface offering cross-platform services. This has benefits for both telecoms and users: for example, SMS usage became what it is today only after the telecoms allowed it to became a cross platform tool.

“I think that rather than the services being controlled by the operators,” said Sandeep Kapadia, Investment Associate at Prime Technology Ventures in Amsterdam, “what we’ll see is something similar to the web-based portals, and similar to what NTT DoCoMo is currently doing: synergy of multiple applications. There will be hundreds of available applications, from hundreds of companies, and the operators will take a cut.”

Another barrier is, naturally, that this brings up the old privacy bugaboo in a major way. Privacy laws and etiquette varies throughout Europe, and, as 3i’s Boehringer says, “Not everyone wants their movements tracked.”

But VCs agree that solutions to the legal as well as the privacy issues are on the horizon, perhaps as early as this coming autumn. Users probably will be able to selectively give permission to m-marketers to allow them to receive, say, certain types of offers. Or use Iprox’s much touted “buddy system”, which tracks the movements of a group of friends, constantly vigilant for the opportunity to beep any two and tell them they’re in close proximity to one another.

And the legal issues are currently under review throughout Europe as well. It is to the advantage of all parties to come up with a solution to any legal barriers as quickly as possible.

One last thing: this is an entirely Euro-phenom. US-based mobile systems are simply too creaky, too convoluted and frankly to pre-m-historic to even contemplate such a system without major investment. With this technology, Europe clearly leads the way, and things are moving fast – so fast that searching the internet for companies in the space will likely be an unrewarding activity.

“We’re talking about something that’s moving fast,” said 3i’s Boehringer, “way too fast for Internet here.”

Family Radios Keep You In Touch

It’s a holiday nightmare: your child, found tearfully tugging at the skirts of a grinning theme park employee, has ratted you out as the parents that lost him.

As hundreds of university students in air conditioned fur character suits have your description, the net closes in. Goofy’s speaking into his wrist and pointing at you!

Now you’ve got to face dozens at the dreaded Guest Relations, where you collect your wayward child and sheepishly explain that, “I only turned my back for a SECOND!” For families and groups of even two visiting American theme parks or malls, Walkie Talkies on the new US Family Radio Service can be a Godsend.

A new range of inexpensive handheld radios operate on the FRS, a set of US radio frequencies that are available to users without an FCC license. Hand-held CB radios, while powerful, couldn’t provide a traffic-free channel, and carrying a roaring pocket full of “good buddies” through the Magic Kingdom just didn’t seem practical.

So radio manufacturers Motorola and Radio Shack made the FCC a deal: loosen restrictions on the airwaves, and they would produce low-cost walkie talkies that would allow friends and families to communicate. Say, across the wilds of a theme park, shopping mall, park or forest.

The FCC passed the Family Radio Service act in 1995, clearing the way for Motorola, Radio Shack and other manufacturers to produce some of the coolest little handheld radios on the market.

Motorola’s main entry, selling at around US$89 a piece in shops (but listed as $129 by Motorola), is the neon-colored TalkAbout: very colorful and retro-modern looking (think Buck Rogers) two-way radios with a range, they claim, of up to two miles.

Radio Shack’s 2-Way Personal Radio models, which are actually built by Motorola and cost about the same as the TalkAbout, look somewhat more Mission Impossible. They’re clumsily marketed, but the Radio Shack models, along with FRS walkie talkies from companies including Kenwood and Midland, are very good products with just about the same technical specs as the Motorola branded models.

I recently took the Motorola radios on a little trip through Walt Disney World, the Sawgrass Mills Shopping Mall, the Kennedy Space Center and the entire state of Florida, and the Radio Shack radios through Orlando. I’m happy to report that when you’re in the theme parks or on the same floor of a mall, these things are absolutely fantastic.

Plop! One shortcoming was that despite the rugged looking case, the TalkAbout is by no means waterproof. While planning our day poolside, I read with interest the TalkAbout manual, which said, “Water Resistant…” and before I finished reading the sentence I tossed the little yellow box into the pool, expecting it to float.

I have never seen something sink so quickly.

I dived in after it, and when it surfaced, I turned the power switch on. It made the most pathetic electronic noise since R2D2 was deactivated: Beeeeeewooop. After an hour with a newly-bought six-point star socket wrench and a hair dryer, I’m happy to report it worked as good as new.

“Water resistant”, apparently, means it can be rained on lightly. Tempting as it may be, don’t expect the thing to work under water unless it’s in a waterproof plastic bag.

Vowing to use it only as intended, my wife Corinna and I set out for Orlando and the theme parks.

The thing to remember is that the range conditions stated on the box are optimal – as in, optimally you’ll use it at night, at sea level, with clear skies, and in Tahiti.

The actual range we found was just about a mile, which is perfect for, say, the whole family in the same Disney park. Across the Magic Kingdom, we were able to communicate perfectly, making this a natural for parents to let their kids run off with one radio while they keep the other.

We did a range test, with my wife on the monorail to Epcot. We were able to hear each other only for a little while before her comments became just about,

“Im gzzrbth with baazrrrb CRACK Epcot”

But within the parks themselves, the radios functioned absolutely as promised. We even had no interference – our own private channel – despite the sight of about seven or eight other families in the area using their FRS radios.

That’s because all brands of these radios allow you to broadcast subaudible tones which effectively multiply the available channel sets tremendously: there are 14 channels and 38 subtones from which to choose.

The Radio Shack model worked great throughout the Belz discount outlet mall. We had some fading in and out, but could always hear each other.

Since specs are all very similar, your choice is really which one you like best or, more likely, which one’s cheapest at the time you;re shopping for them.

The TalkAbout and TalkAbout Plus, while not water resistant, are certainly rugged, and stood up to drops and bumps. We saw a kid at the Kennedy Space Center kicking his radio and then speaking on it. The manual didn’t mention anything about this but I assume it is not recommended.

The best place to buy the radios – whichever brand you decide on getting – is in the States, where the prices are better than in Europe. They’re sold at many electronics shops, all Radio Shack locations and in ham and commercial two way radio shops. You can also buy them over the internet, and have them delivered to your hotel in the US, saving on international shipping and import duties.

Motorola’s website is Radio Shack’s website is at Midland and Kenwood FRS Radios are available through Northern Mountain,

Clinitrac’s Brick Could Save Pharmaceutical Companies Millions

The development cost of a pharmaceutical drug can easily run between $500 million to $800 million, and clinical trials alone can cost between $1 million and $2 million per day in lost future revenues. So imagine a service that could reduce by a year the time it takes to perform a clinical trial, analyze the results and submit them to the US Food and Drug Administration (FDA).

That’s the dream of Stockholm-based Clinitrac, which has produced a working prototype of its GSM-based wireless solution geared to the problem of initiating, gathering, analyzing and accessing the information generated through medical clinical trials. The time to market is, of course, dependent on loads of factors, but probably refers to larger, longer trials.

VCs Believe
Clinitrac received $3 million in seed funding in May 2000, mainly from BrainHeart Capital and HealthCap, but also netted stakes by the Swedish Industry Fund and others. The company is currently entering a second round with the original funders, to the tune of an additional “three to four times that amount,” and are seeking to bring in an additional, US-based venture partner to the fray.

The company has yet to produce revenues, but its working prototype is impressive. It has already cut a deal with Psion for the Netpad and is in discussions with a major PDA manufacturer. And it has had meetings with US GSM operators to ensure that Clinitrac’s product will have all the GSM network coverage it needs when it offers its product to US markets in 2001.

Patients enter information on a half-brick-sized Psion NetPad, which has a wireless Internet connection, a touch-activated screen and enough shock absorption around its edges to tolerate a month in a New York City public secondary school. The information is then transferred back to the company performing the testing, and made immediately available to doctors, scientists, product managers and developers.

“This sounds like an interesting technology,” said Nick Woolf, biotech analyst for ABN AMRO. “There are other companies in clinical trial services who claim to have various systems – voice recognition systems and others – but it’s certain that real-time information on a clinical study is valuable.”

Clinical Trials Today
The process is, in a word, revolutionary. Today, patients are asked to fill in paper forms, and they often forget, fill them in late or inaccurately. This information is delivered to a doctor after 30 days, which means that a patient who repeatedly misses his noontime dosage or has an adverse reaction to a drug would not be identified until after at least a month.

“The biggest problem with clinical trials,” said Clinitrac CEO Andreas Segerros, “is keeping the patient in the trial. Once they blow the protocol a certain number of times, you need to take them out. Our product would allow monitors to see, on a daily basis, that Mr. Thompson over there keeps missing his 3 p.m. pill, and call him early enough to keep him in the study by making sure he took the drug.”

That indicates a level of involvement and monitoring of tested subjects unheard of today. Currently, paper forms are stacked up from around the world, flown to central data processing facilities and keypunched into systems before anyone can even have an idea of the nature of the data.

The major risk, Woolf said, is getting the product out there and recognized as a clinical trial service. Most large pharmaceutical companies, he said, contract out much of the work of clinical trials to Contract Research Organizations (CROs).

“Today there are CRO subcontractors that do nothing but take dirty paper forms filled in by patients and scan in the results,” said Henrik Linder, Clinitrac’s clinical research operations senior director. “[Our] system gives you clean data, digitally, directly where you need it and in real time. And when we approach the pharmaceutical companies, they’re like, “Finally! Thank you!””

There are potentially several areas in the pharmaceutical industry where a product like this could be used to affect both savings for the end user as well as increased profits for the manufacturers. Traditionally, on approval of a drug, the onus is on the drug companies to appeal to the FDA in order to maintain a high price – the FDA is in effect negotiating on behalf of the American Medicaid system, which will pay or not pay for a drug based on the assessment of the FDA.

The pharmaceutical company will argue that a) the thing took them years and billions of dollars to research, b) it meets an immediate, and heretofore unaddressed, need of the general public, and c) the quality of life improvement, or simply the decrease in necessary medical attention required by a patient taking this drug, is so compelling as to justify a higher dose or daily cost of the drug.

Clinitrac said its product can help in this process as well, by allowing pharmaceutical manufacturers to have access to a broader-than-ever range of quality-of-life questions, or information above and beyond the physical effects of the drug.

For example, in addition to hard medical questions of efficacy to a patient on a clinical trial for a drug that attacks skin rash, they would also be asked questions such as: “In the last week, how often did embarrassment about your condition cause you to make more conservative clothing choices?”

The answers to questions such as these would enable pharmaceutical makers to argue that in addition to straight efficacy, the drug in question has a positive impact on the patient’s quality of life – a compelling argument for a higher price for the drug.

“As a monitoring tool it could be extremely effective,” said ABN AMRO’s Woolf, although he stopped well short of saying that the technology alone would amount to a stronger negotiating position. “Whether you can correlate the monitoring tool to a gain of negotiating points with the FDA, HMOs and other reimbursement agencies would be difficult to claim.”

He added: “These guys need to team up with a Quintiles or a Covance,” referring to two of the larger CROs. “Because those are the ones that already have the relationships and access to clinical hospitals.”

Absolutely true, Clinitrac agreed. For now.

But the company is convinced that eventually pharmaceutical companies will see the savings involved in their real-time offerings, and Clinitrac won’t be keeping many friends in the CRO world for long.

A sample network access policy

In order to protect our network, computers and the confidential data of our clients, [Firm Name] (the “Firm”) has instituted this Network And Computer Access Policy. We’re protecting against not just the damages and liability created when unauthorized access occurs, but also against viruses and physical damage to our systems.

This document sets forth standards which must be adhered to by all employees, contractors and any user granted access to any machine on the Local Area Network (LAN) at any time, whether physically present at the Firm or via remote access.

Failure to comply with the policies set forth in this document will result in disciplinary action, and may result in termination of employment.

For the purposes of this document, an “Employee” is any employee, contractor, agent, temporary worker, vendor and any other person in a position to know or obtain information about computers or devices on the LAN.

The firewall is a hardware or software device which protects the ports of computers on the LAN. For the purposes of this document, “Remote Access” shall mean access to the Local Area Network from any location outside the firewall by any method, including but not limited to Virtual Private Network (VPN), dial-in modem, frame-relay, SSH, cable-modem and any other method of accessing the LAN from outside the firewall.

Policy Scope
The Policy applies to any person granted authorization to access any computer or device on the Firm’s LAN (an “Authorized User”). This includes but is not limited to contractors, temporary workers, vendors, sub-contractors, employees, attorneys and partners authorized to access any of the Firm’s computers, locally or via Remote Access, for any reason, including email and Internet or intranet web browsing.

Physical Security
All computers and devices on the LAN must be physically secured when leaving them unattended. All servers must be additionally secured with locking devices such as keyboard locks.

Any notebook or laptop computer, Personal Digital Assistant (PDA), Internet-capable cellular device, Wi-Fi-enabled device or other device capable of connecting via Remote Access to the LAN (A “Mobile Device”) must be secured with a BIOS password, and user authentication. Any Mobile Device must run up-to-date anti-virus protection and properly configured software firewall (see __ below).

Any Authorized User must take reasonable steps to ensure that any Remote Access to the LAN is treated with the same security approach as a connection made within the Firm.

Information Security
It is essential that each Employee be instructed never to tell even the most seemingly innocuous detail about the Firm’s Information Technology (“Sensitive Information”) to a third party. While it may seem inconvenient or rude, all Employees – from temporary receptionist to senior Partner – must treat as suspicious any request from any third party person not personally Known to that Employee. Private detectives and others who specialize in information retrieval may call several people in a firm, asking each for a seemingly innocuous detail, which combined can result in a breach of the Firm’s security. Employees must jealously protect any information about the Firm’s Information Technology, including but not limited to:

  • Never telling a caller any details including but not limited to server names, Internet Service Providers, telephone provider, email server information (including email server name), printer type, computer brand, router type or brand;
  • Never telling a caller the name of your Information Technology specialist, whether that Information Technology person is in-house or contracted;
  • Never telling a caller the name of any Wireless Access Point (WAP) SSID; never confirming the presence of a Wi-Fi WAP;

Any caller not personally known to the Employee who requests Sensitive Information must be referred to the appropriate department head or Partner, without giving such person the name of such appropriate department head or Partner. If such referral is not possible or practical, then the Employee must request from the caller a callback number, to be given to the appropriate department head or Partner, without giving such person the name of such appropriate department head or Partner.

Password Security
All Authorized Users must use strong passwords. Unacceptable passwords include but are by no means limited to,

  • first or last names, or combinations thereof;
  • names of an Authorized User’s children or pets;
  • words found in a dictionary, combinations of dictionary words with a sound alike digit (second2, etc);
  • use of the words or variants on the word password, admin, update, access, login, computer, terminal, workstation, work, home, etc.

Strong Passwords are a string of at least eight characters of upper and lower case letters and numbers.

Authorized Users should change their password regularly.

No Employee may leave a password written down in proximity to the computer or device which the password accesses.

No Employee may ever provide their login or email password to anyone, including family members.

Acceptable Use
Authorized User may access the Internet for Firm business or personal information provided that they:

  • do not jeopardize the security of any Firm or confidential client information which may be present on the computer being used to access the Internet;
  • do not violate any of the Firm’s policies;
  • do not engage in illegal or prurient activities;
  • do not engage in outside business interests;

Wi-Fi Security
Any Wi-Fi Access Point (WAP) must be configured to comply with the four-step Proposed Standard of Reasonable Wireless Network Security in Law Firms available at This proposed standard provides four steps to securing a WAP, which includes:

  • Changing the WAP defaults (administration password, router name, router IP address, SSID name, etc);
  • Encrypting the signal using the best available encryption method, in order from most to least desirable, WPA2, WPA, 128-bit WEP;
  • Requiring VPN access into the LAN from anywhere outside the Firewall;
  • Implementing a written access policy, such as this one

Wireless (Wi-Fi) Access
Any access to any computer or device on the LAN behind the firewall must be via VPN. Any Authorized User accessing the LAN via VPN from their home or other WAP (a, “Remote WAP”) must apply all four steps above to the Remote WAP.

Remote Devices
Any Employee using any Remote Device must ensure that such device is updated with the most recent security patches for their Operating System.

All machines on the LAN and any Remote Device must run current versions of anti-virus software with regularly updated virus definitions. Note that new viruses are introduced every hour; “regularly updated virus definitions” means at a minimum of once each week. It could be argued it is reasonable to update every 24 hours.

Any Remote Device must be running a properly-configured firewall program such as Zone Alarm or Computer Associates eTrust. Users at Public Hotspot must be aware that, if such Remote Device is not running a firewall, a malicious user can gain access to the Remote Device and install software or remove files from the Remote Device’s hard drive.

Any Authorized User using a Remote Device outside the firewall must use the VPN to send and receive Firm email. No Firm email may be sent using third-party email services (including but not limited to gmail, hotmail, etc).

Any Authorized User accessing any computer or device on the LAN for remote management or administration must use SSH or VPN. For remote file transfer, SCP, SFTP or VPN must be used. Under no circumstances shall Telnet, FTP or other un-encrypted access method be used.

No Employee using any Remote Device shall access the LAN while connected to any other network, except a personal network over which such Employee has complete control.

Also in this series…
A proposal for Reasonable Wireless Security for law firms

A sample network access policy

Wifi encryption standards

“There’s nothing on my desk worth stealing”

…and free hotspots for all

There’s Money In Them Thar Parts

When you find your 14 year-old son in the middle of the living room with a guilty look on his face, a screwdriver in his hand and your nifty new UMTS cell phone in a million pieces on the floor, hold off on blowing up for a second – the pieces you see represent the achievements of some of today’s greatest European start-ups. And there’s opportunity in them thar parts.

“We make the software that runs OC layers one through three of the handset,” said Clifford Dong, CTO at Zesium, a Munich start-up that last year received a seed investment of €2 million from 3i. He’s referring to the “seven layer” stack concept which includes level 1, the ‘physical layer’ which actually sucks and blows bits into the airwaves; layer 2, responsible for guaranteeing the safe delivery and receipt of data, and layer 3, which deals with what data will be transferred along with mobility management, radio resources and call control.

3i says that because Zesium’s business is personnel, not finance, intensive, they don’t expect to have to sink any further money into Zesium any time soon – even though the company is making extraordinary headway and faces little competition to date. “They have very specialized know-how,” said Peter Boehringer, investment manager at 3i, “and there are several large manufacturers who would rather buy the software than build it, and Zesium is very good at building this software.”

Some larger handset manufacturers, Boehringer said, are committed to building it themselves, but Boehringer thinks that those companies might not have the manpower they would like, and therefore even they might end up at Zesium’s door. “We’ll just build it and see what happens,” Boehringer said.

VCs say that this kind of guts-building is exactly where small start-ups can benefit best from the spending frenzy as European telcos prepare to invest what Commerzbank estimates will be &euro87.5 billion over the next four years and a total of €175 billion over ten years.

“We see a trend,” said Max Oppersdorff, Vice President of EM Warburg Pincus in Munich, “that hardware vendors are acting more like general contractors. The major part of what they supply they make in house, but they’re trying to buy from third parties that are out on the edges of advanced technilogy where perhaps the vendors are not as advanced – and sometimes the customers themselves are even demanding this.”

Much of the spending flurry will be focused on issues of infrastructure, and while much of the backbone and base station action is likely to be taken up by the Nokias, Lucents and Ericssons of the world, there are literally dozens of niche areas in which small, independent and fast moving technology companies can move in and own the space.

Take, for example, base station amplifiers. The frequency and bandwidth used by the next generation of mobile phones pushes the envelope of the specs of existing base station transmitter equipment, and there is an enormous and immeiate need for more efficient linear amplifiers. Amps, in the boxes at the bottom of base stations, currently require fans and other cooling technology, and must be constantly monitored. The infrastructure cost associated with all this coddling can add up.

“Telecoms spend tens of millions of pounds in any year on electricity,” said Dave Cheesman at Advent Venture Partners, “and a lot of that goes to wasted power in amplifiers .”

Advent is backing, along with Deutsche Bank and 3i, a company called Wireless Systems, which makes range of patented, next generation, wide-band linear, high efficiency amplifiers. Wireless just closed its third funding round for $23 million.

Opportunities Everywhere
New hardware and software technologies – or even new applications of existing technologies – are also absolutely essential. Squeeze any portion of the mobile world and an opportunity just might pop out: the next generation of mobile phones, and their increased bandwidth, means that handset range given the available power will decrease. To combat this, handsets require far more efficient antennas in order to provide services without sucking dry batteries in the dialing process.

Consider, too, the humble handset. The amount of technology crammed into those tiny little buggers is astounding: aside from the chips, switches and other hardware, today’s typical handset already contains around 2MB of code. That is expected to quadruple in size as mobile devices become more complex.

Or ponder the very deployment of base stations. New generation mobile cells will be smaller, and therefore more will be required. Companies that make a new generation of network planning software will be of intense interest to telecoms looking to maximize the efficiency of physical placement of base stations, and even the angle at which to point the antennas to squeeze every gram of coverage possible out of the new systems.

Even backlighting technology is being reconsidered: Advent’s Cheesman says that current systems, which use light emitting diodes (LEDs) and molded acrylic light guides to sorta – shove the light where it’s needed are less than perfect. “They use lots of power and don’t supply even lighting,” said A. Kianin, Technical Director for Elumin in Wales. Elumin uses electro-luminescent material for a range of applications, from private jet refurbishments to escape lighting on aircraft, to night vision devices and, of course, mobile telephone handsets.

EL’s nothing new in the world, but it is relatively new to handsets. It uses a light-emitting phosphor sandwiched between layers of insulation and conducting electrodes which are then laminated together. The result is a light that can produce various brightness with negligible heat. Advent has recently invested more than €2.5 million into Elumin, which Kianin says, expects to begin production for “a big company” of their backlighting products as early as November.