Subscribe

Archive | Technology

Investigating Internet Crimes

Written by experts on the frontlines, Investigating Internet Crimes provides seasoned and new investigators with the background and tools they need to investigate crime occurring in the online world. This invaluable guide provides step-by-step instructions for investigating Internet crimes, including locating, interpreting, understanding, collecting, and documenting online electronic evidence to benefit investigations.

investigating_internet_crimesThis year I served as technical editor for this excellent book by Todd Shipley and Art Bowker. Cybercrime is the fastest growing area of crime as more criminals seek to exploit the speed, convenience and anonymity that the Internet provides to commit a diverse range of criminal activities. Today’s online crime includes attacks against computer data and systems, identity theft, distribution of child pornography, penetration of online financial services, using social networks to commit crimes, and the deployment of viruses, botnets, and email scams such as phishing. Symantec’s 2012 Norton Cybercrime Report stated that the world spent an estimated $110 billion to combat cybercrime, an average of nearly $200 per victim.

Law enforcement agencies and corporate security officers around the world with the responsibility for enforcing, investigating and prosecuting cybercrime are overwhelmed, not only by the sheer number of crimes being committed but by a lack of adequate training material. This book provides that fundamental knowledge, including how to properly collect and document online evidence, trace IP addresses, and work undercover.

  • Provides step-by-step instructions on how to investigate crimes online
  • Covers how new software tools can assist in online investigations
  • Discusses how to track down, interpret, and understand online electronic evidence to benefit investigations
  • Details guidelines for collecting and documenting online evidence that can be presented in court

Blackhatonomics: An Inside Look at the Economics of Cybercrime

blackhatonomicsBlackhatonomics: An Inside Look at the Economics of Cybercrime explains the basic economic truths of the underworld of hacking, and why people around the world devote tremendous resources to developing and implementing malware.

The book provides an economic view of the evolving business of cybercrime, showing the methods and motivations behind organized cybercrime attacks, and the changing tendencies towards cyber-warfare.

Written by an exceptional author team of Will Gragido, Daniel J Molina, John Pirc and Nick Selby,  Blackhatonomics takes practical academic principles and backs them up with use cases and extensive interviews, placing you right into the mindset of the cyber criminal.

The Russian Software Pirates

Every day here and in dozens of other Russian cities, pirate dealers sell copies of the world’s most popular software titles at $5 per CD-ROM.

Despite fears about the economy, small and medium-sized businesses are flourishing in this elegant northwestern Russian city – and pirated software is installed on almost all of their computers.

Nearly all high-end computer games, Encyclopaedia Britannicas and other educational and reference CDs are distributed through illegal sources.Bootlegged software use is certainly not limited to Russia. Industry analysts say that 27 percent of the software running on American computers is pirated.

And the Business Software Alliance, which monitors business software piracy, says 43 percent of PC business applications installed in Western Europe are illegal copies.

In Russia, however, the piracy rates are a stunning 91 percent for business applications and 93 percent for entertainment software, according to Eric Schwartz, counsel to the International Intellectual Property Association, a Washington, D.C.-based organization that lobbies internationally on behalf of the copyright industry.

Schwartz said that piracy in Russia costs American entertainment software manufacturers $223 million a year and business software makers almost $300 million. The Business Software Alliance estimates worldwide revenue losses to the software industry from piracy at $11.4 billion.

Under the 1992 agreement with the United States that guaranteed Most Favored Nation trading status, Russia is required to effectively enforce anti-piracy laws, but actual enforcement is virtually nonexistent.

Meeting the Dealers
The dealers, who operate in stalls and kiosks around major transportation hubs or in full-scale markets usually 15 minutes from the city center, offer an enormous range of titles, usually bundled in a form their manufacturers would never dream of.

“That’s Windows 98, Front Page 98, Outlook 98, MS Office 97 SR1 and, uh, yeah, Adobe 5.0,” said Pyotr R., a student at St. Petersburg Technical University, of a single CD-ROM. “On the disk there are files, like ‘crack’or ‘serial’ or something, and that’s where you’ll find the CD keys,” he said, referring to the codes that unlock CD-ROMs and allow users to install the programs.

Pyotr (who spoke, as did all others interviewed for this article, on condition of anonymity) sold that disk, plus a second one containing Lotus Organizer 97, several anti-virus programs and some DOS utilities, for 60 rubles or about $10.

Another dealer was offering Windows NT 4.0 for $5, and Back Office for $10. According to Microsoft, the recommended retail prices for these products are $1,609 and $5,599.

Many Russians, who during the days of the Soviet Union bought most necessities through black market sources, think nothing of buying their software this way. They even defend the markets as providing a commodity that had been long-denied them.

After the collapse of the Soviet Union, inexpensive computers began to flood into the country from Taiwan, Germany and the United States, increasing the importance of these illegal software markets. Spending at least $800 on a computer was an enormous investment for Russians, even relatively well-paid St Petersburgians who earn an average salary of around $350 a month. Those who did buy one were in no position to consider purchasing software legitimately, even if it were readily available, which it often wasn’t.

These days, though, legitimate outlets for hardware and software are popping up everywhere in Russia; computer magazines offer licensed versions of everything available in the United States and Western Europe, and software makers advertise in the city’s well-established English-language media.

The markets continue to thrive with an alarming degree of perceived legitimacy. Outside the Sennaya Square metro station in St. Petersburg, a police officer approached a pirate dealer (who offered, among other things, Adobe Font Folio and QuarkXPress) and angrily chastised him for not prominently displaying his license to operate the stall. When the dealer complied, the policeman moved on.

Customers feel secure that the pirated copies will work and that belief appears well-founded. Bootlegged titles come with a written guarantee – good for 15 days from the date of purchase – that they’re virus-free and fully functional.

And files on the CDs themselves boast of high-quality, code-cracking techniques: “When so many groups bring you non-working fakes, X-FORCE always gets you the Best of the Best. ACCEPT NO IMITATION!” boasts one.

“There’s a lot of viruses around in Russia,” said Dima V., a system administrator who runs several small company networks in St. Petersburg using bootlegged copies of Windows NT 4.0, “but most of the disks you buy in the markets are clean. The guys are there every day and if they give you a virus you’ll come back – it’s just easier to sell you the real thing.”

Foreigners get in on the action
Russians are not by any means the only people installing the pirated programs. While employees of multinational companies or representatives of American companies would never dream of risking their job by violating copyright laws, self-employed Westerners, or ones who have established small Russian companies have no qualms about doing so.

They also pose a question software manufacturers find difficult to answer: Who would buy a network operating system package for $5,000 when it’s available for $5?

“Nobody,” said Todd M., an American business owner in St. Petersburg, whose 24-PC network runs a host of Microsoft applications that were all bootlegged.

“There’s just no financial incentive for me to pay the kind of prices that legitimate software costs,” he said. “I mean, it would be nice to get customer service right from the source, but we have really excellent computer technicians and programmers in Russia and they can fix all the little problems that we have.”

Customer support and upgrades are just what the manufacturers point to as advantages of licensed software, even in markets like Russia.

“There are enormous incentives,” said Microsoft’s Mark Thomas, “to buying legitimate software, and they start with excellent customer support and service and upgrades. We spend $3 billion a year on research and development and the money that we make goes right back into making products better and better products. The pirates don’t make any investment in the industry.”

And local industry, Thomas pointed out, suffers disproportionately in the face of piracy.

“A huge amount of our resources are put into making sure local industry builds on our platform,” he said. “When a local company creates packages for, say, accounting firms, and somebody can come along and buy it for $5, these local companies can lose their shirts.”

Piracy getting worse
Despite heavy lobbying by industry representatives and government agencies, piracy has worsened. As CD copying technology becomes cheaper, large factories in Russia and other countries, including Bulgaria, churn out copies of software copied by increasingly sophisticated groups in countries around the world, especially in Asia.

Encyclopaedia Britannica wrote off Malaysia as a market effectively destroyed by pirates, who sold 98 out of every 100 copies of its flagship Encyclopaedia three-CD set for a fraction of its recommended retail price of $125. The same disks, which have not officially even been offered for sale in Russia, are readily available in the St. Petersburg markets for $10.

“For Encyclopaedia Britannica, the cost of piracy is millions a year,” said James Strachan, EB’s international product manager. “One hundred percent of the value of our product is an investment in the authority and depth of our content,” he said. “Piracy causes us extreme concern and we do everything we can to root it out and prosecute.”

Todd M., the businessman with the 24-PC network, offers little hope that the situation will soon change in favor of manufacturers.

“With all the problems I have running my business here in Russia, from armed tax police to Byzantine procedures and customs duties, software piracy just doesn’t register with me,” he said.

“It’s the one thing about doing business here that’s somebody else’s problem.”

Venture Fever Hits Scandinavia

As recently as three years ago, “venture capitalism” in Scandinavia meant lending 50 bucks to your friend Soren – the one who’s fond of the racetrack. And even though Scandinavia is known throughout Europe as a hotbed of really smart people making exceptionally sexy technology, until recently entrepreneurs were, in essence, good technicians who didn’t understand commercialization.

Let’s fast forward. In the past year, more than 60 VC firms and incubators have been formed in Stockholm alone, a combination of professional VCs, as well as groups of angel investors, who have bundled themselves into unions. Many are local players, but some are international capitalists coming from the US, Finland, Norway and the Netherlands.

Last summer, Tornado-Insider.com did a feature on Swedish VC firm e-Chron, which had established a contest and networking event for Swedish startups called the E-Challenge. At the time, the founders said they were starting the event because of “the slow and difficult process of getting venture funding in Sweden.” E-Chron wanted to make it easier for startups to grow by bringing together entrepreneurs and the support industries that surround them, such as VCs, professional service providers and larger ICT corporations.

Since then, the VC industry has ballooned in Sweden and elsewhere in Scandinavia, in large part due to the fact that wireless is the flavor of the month. In fact, the whole VC vibe is more sophisticated and connected, with large sums of money available and a clear keenness to do deals.

VC firms are forming alliances in order to share resources and expertise, in an aim to fund more deals and better serve existing portfolio companies. One such alliance is the Global Venture Alliance, bringing together 2m Invest, Telenor Ventures and Ledstiernan. Schmooze sessions are also on the increase with events like the invitation-only Sockerbiten (“sugar-bite”), which offers a clubby atmosphere of VCs exchanging ideas and business cards and just, well, talking to one another.

Why all the hubbub? “Greed,” said Niclas Carlsson, CEO and Founder of e-Chron. “People look at this old, socialistic country and then Altitun sells for $860 million – people go crazy.”

Okay, he admitted, it’s more than greed; it’s an attitude shift as well. Scandinavian VCs agree the most important change in the last two years is that entrepreneurs are more mature. They’re packaging themselves better, making it easier for VCs to invest. However, entrepreneurs also have a lot more capital to choose from.

“It’s definitely easier to start up here than ever before, and absolutely easier to start up here than even in other areas of Europe,” said Panu Mustonen, CEO of Springtoys, which makes games and entertainment software for mobile phones and PDAs. Springtoys recently closed its first round of funding, which included a 15 percent stake taken by Eqvitec and a 20 percent stake taken by Sonera.

Some investors say the draw of Scandinavia is that there are so many competent small enterprises in the region feeding off the well-established market of the larger players, especially in the wireless sector. “The proximity of Ericsson and Nokia, and mobile in general, has done a lot,” said Jukka Hayrynen, a partner at Helsinki-based Eqvitec. “When we built our technology fund in 1997, people said, ‘technology – that’s so narrow.’ Now they say, ‘technology, that’s so darn broad.”

Such a flourishing of technology startups can only benefit regional VCs, who are seeing an increasing demand for specialized expertise. Local VCs have the ability to concentrate on specific niches, learning the ropes of a particular business space.

In Finland, the amount of money available has made it difficult for some VC firms to find enough partners to manage their range of portfolio firms effectively, said Mustonen. That means VCs who really know a specific sector are in demand. “If I were a venture capitalist myself,” he said, “I would concentrate only on exactly what I know best; if you understand the sector, can limit yourself to just five companies and concentrate on building their businesses, you’ll make a killing in this city.”

Joining together with other VC firms is one way to concentrate efforts and expertise. “There’s a real attempt to get together and gear our resources,” said Kim Bach, vice president at 2m. Joint activities such as co-investing, sharing knowledge, extending buying power and working with shared databases could help VC firms “reach critical mass in sectors faster than we ever were able to before,” Bach said.

Bertelsmann Wants It All. They May Already Have It.

The announcement of a deal between Terra Networks, Lycos and Bertelsmann to create effectively the world’s broadest-based Internet portal is the latest in a series of Bertelsmann plays to aggressively expand their Internet activities. This fits nicely into Bertelsmann’s core strategy to leverage their enormous content pool into the one of the world’s largest offering of digital products.

“Kudos on their aggressiveness and their long-term vision,” said Michael Blok, senior analyst with Rabo Securities, “They enjoy a nice natural ‘hedge’, whereby if things on the web move as fast as the company expects, it will be in a good position to deliver through its Internet plays. And if things move slower, then their old core businesses will make more money for a longer time.””

Bertelsmann is not a publicly-traded company, but does allow individual investors to participate in profit sharing, through the use of profit participation certificates, sold on the Frankfurt Exchange and called Genussschein; about 30% of BertelsmannE’s equity capital is derived through these certificates (trading currently at Euro97.4).

Less splashy in the press than the Terra/Lycos/Bertelsmann deal but crucial to Bertelsmann’s overall internet strategy was a decision yesterday by the European Commission that cleared the way for a Bertelsmann purchase of 50% of Sweden’s Bokus.

Bokus, which successfully established itself as an online media and entertainment shop in Sweden, Norway, Denmark and Finland, in all local languages, is not surprisingly the market leader in all those countries – countries which, by the way, have the highest percentage of internet users by population in Europe. The joint venture acts as a major strategic foothold for BOL in Scandinavia, and dovetails nicely into Bertelsmann’s overall goals.

To get an idea of the strength of Bertelsmann’s holdings, consider that the privately-held German company is the world’s largest publisher of English-language books, through its acquisition of Random House; it is Europe’s largest broadcaster, with a 50% stake in Luxembourg based CLT-UFA, offering 40 TV and radio stations, and with their merger with Pearson TV, part of Pearson PLC, they will also be Europe’s largest production company. Bertelsmann owns BMG, the world’s fourth largest music label; magazine publishing giant Grüner and Jahr, and scientific publisher Springer.

And in order to sell all that content digitally, Bertelsmann has built, through development and acquisitions, a multimedia empire that includes BOL, a stake in US-bookseller barnesandnoble.com, a 50% stake in Lycos Europe, and created the Bertelsmann Broadband Group, which develops interactive services such as television and film for cable networks utilizing broadband technology.

“Our core strategic focus is on further development of our positions in our different content markets,” said Bertelsmann spokesman Markus Payer, “so on the technological side, we’re working to digitize all our content.”

“That may be their long term goal, but that’s not the whole story,” said Blok, “It’s also based on organic growth and new initiatives, and perhaps cause they’re privately owned, they’ve been reasonably willing to suffer losses whereas publicly quoted publishers are less willing to lest their stock nosedive. “

But Blok points to rapidly changing factors in Bertelsmann’s core businesses, such as music publishing, which will find it increasingly difficult to make the level of profits to which they’ve become accustomed as the Internet changes the music publishing business model completely.

One of Bertelsmann’s most valuable sales assets are their book clubs, with 25 million subscribers throughout the world. The clubs are already fully operational on the internet, giving Bertelsmann a wet-dream of a mailing list. But Blok warns that this too can change, as the internet would tend to make less attractive the kind of monopolistic or duopolistic models Bertelsmann enjoyed with its clubs to date.

Bertelsmann, meanwhile, is aggressively pressing to further their goals; to that end, Random House is working to digitize its entire backlist of books, and BMG is digitizing all its music offerings. Bertelsmann also has a 60% stake in Pixel Park (Neuer Markt: PXL.NME), one of Europe’s leading internet services companies, providing services to establish and maintain online presence, Internet and intranet solutions, e-commerce platforms and a consultancy business.

“As an analyst I’m looking for true leaders, with high barriers to entry,” says Blok, “Now, Bertelsmann currently don’t have a stake in something extremely huge that is certain to dominate a submarket – an amazon.com or even, anymore, an AOL. If they had something like that, then whatever happens in the next five years they would come out ahead.”

But, Blok noted, Bertelsmann’s BOL is well on its way, and should provide for a nice battle when Amazon really enters the European market.

Whither The Euro Portal

In the aftermath of the disasterous Lastminute.com, World Online and Lycos Europe IPOs, and with softening expectations for T-Online’s mid-April IPO, web insiders are taking a fresh look at the European portal business. To industry experts, the “bigger is better” American portal model just doesn’t work over here.

Instead, new home-bred ‘affinity portals’ are rapidly increasing their traffic, focusing content to narrow ranges of interest, building loyal online communities, expanding across borders and cultures and attracting investment. In this market, analysts and experts say, focused is beautiful, and general portals are out.

Consider comdirect.de, a German financial portal whose 1999 profits were up 600%, and which last month brought in more traffic than the German versions of T-Online, AOL and MSN combined.

Or Dooyoo.com, a Berlin-based comparitive shopping portal that has successfully expanded into several European countries. “It’s essential for commerce players to have that kind of pan-European approach, and this multi-national focus is key,” said Noah Yasskin, Europe anaylst at Jupiter Communications, “We’ve yet to see a clear leader emerge in that sector and there are still opportunities to lock this market.”

Dooyoo, and its German rival Ciao.com, have several advantages over the US competition beginning to move into Europe, including knowledge of local markets, and the ability to spend, while US shareholders are currently a bit squeamish about investing in Europe.

This trend is good news for the dozens of young, ambitious European start-ups that are on the scene today. And it’s good news for their investors.

It Was Always Over Over Here
The American portal model is to make a homepage on which users feel comfortable to begin each web session – an all-encompassing, broad-based link farm and search engine which tries to allow users to find whatever it is they’re looking for on the web from a single starting point. The model holds that the more users there are online in a given market, the more the portal is worth to advertisers, who pay fixed amounts per thousand views of their ad.

But therein lies the problem with the model in Europe. The American portal model is based on a culturally and linguistically homogeneous online society. Europe, as some have noted, does not share this homogeneity.

Fragmentation In A Model Built on Unity
In other words, what plays well in Peoria doesn’t necessarily play well in Passau or Paris. It’s simple math: if every Belgian came online, you’d have a grand total of 10.1 million potential customers (in any case, only about 10% are online). And sure, Germany’s a big market with 82 million people, and 20% of them are online.

But Germans speak German.

T-Online, Europe’s largest German-language portal, has that portal market (along with Austria’s and German-speaking Switzerland’s) sewn up quite nicely, with over 7 million subscribers and 115 million monthly page views, and their upcoming IPO is highly anticipated, offering 108 million shares at a range set between Eur 25 and 30.

T-Online’s competitors in Germany have less robust numbers, and market share is being sucked up quickly. Traditional portals like MSN and Fireball.de come in routinely with under 30 million page views a month; Yahoo.de gets about half T-Online’s page views, as does the portal/ISP combination AOL, with 3.4 million users. T-Online would seem to be unstoppable.

Not quite. Right next door in France, T-Online holds about as much market sway as you’d predict, not even denting the already saturated French-language portal market. There, Yahoo.fr and Viola.fr are the belles of the ball, with over 70 million monthly page views each, and competition is heating up from rivals AOL.fr, MSN.fr and others. The large portal situation is the same in all European countries: fragmentation in a model built on unity.

As early as October 1999, a Jupiter Communications report proclaimed the European Portal market saturated: “The window of opportunity for European portals is closed,” it said, “Europe’s existing portals will consolidate into a few multinational portals capable of aggregating audiences across several markets.”

Jupiter’s Yasskin states: “Online content is available globally but only relevant locally, so content ventures must achieve scale and value through localized and branded category-leading sites, not portal plays.”

Making A Bad Situation Worse
Nonetheless, with fierce competition for eyeballs, Europe’s large portals have been forced to add heaps of free services such as free internet access, free email and other perks. National telecoms and their competitors got in on the action as well, and now attempt to create enough offline brand name recognition to pre-win online brand loyalty.

“The trend seems to point to portal services trying to attract not ‘millions of users’ “, said Bank Julius Bär analyst Joeri Sels, “but rather ‘dozens of millions of subscribers’, which will be necessary for profitable operations.”

The market for those monstrous “Über-Euro-Portals” may be flooded, but thereE’s still plenty of room to move with such smaller ‘affinity’ sites.

The Field
Today’s “portal” has expanded to include places where users decide to start particular activities or searches on the web – so an investor would begin her search for new high-tech European investment opportunities at tornado-insider.com; a travel writer at one of a multitude of ticket sites including ebookers.com, or otctravel.co.uk; a researcher in Cambridge at altavista.co.uk; a shopper in Milan or Berlin at dooyoo.com or ciao.com. All these are sites containing links to everything about a particular subject.

Look at comdirect.de, whose 330,000 customers have Eur 6.75 billion on deposit, and made over 5.1 million transactions last year. Comdirect appeals to the mass-market online investor by offering links to market news from around Europe, and attracting loyal users through an innovative game called “broker poker”. With broker poker, customers create pretend virtual portfolios and compete against one another in a giant pool, the winner taking a prize of Eur100,000.

Can this work in France and the UK as well?

“Absolutely,” said Suzan Nolan, President and lead marketing analyst for Paris-based Blue Sky International Marketing, “this is a great tool for teaching investors how to invest online, and it’s also a very nice way to let experienced investors run multiple portfolios, test what they’re thinking and expand their knowledge.”

That seems likely. With 388,000 users (63,000 new customers within March 2000 alone), and 335,000 direct brokerage customers, and after-tax profits up 600% last year to Euro 13.7 million, Comdirect plans its IPO on the Neuer Markt for later this quarter.

That’s what works: “build locally, cross the nearest border and do it again” might be a rallying cry for the new breed of specialized Euro-portals. And do it fast. While big guns attempt to develop an all-round pan-European strategy, smaller and more daring internet start-ups are taking ideas and charging with them, learning from their mistakes.

Or put another way, “Load…fire…aim,” the core strategy of feisty comparison shopping portal Dooyoo.com, which now has hard-hitting and successful practical-information shopping sites in Germany, Spain, Italy and France, and plans to launch in the near future in the UK and Scandinavia.

The site’s draw is consumer commentary on products from toasters to blenders to computers; ratings of products by consumers help others make purchasing decisions about specific products like laptops, or children’s books.

Dooyoo’s 43,000 members (and current 49,000 product listings) think this is so ducky that the site got six million page views in February. Perhaps more important, last month dooyoo secured its second round of funding (in the “double digit millions of dollars”) and solidified plans to go public on the Neuer Markt later this year.

“Compared to the fuss over general portals these kinds of companies might not appear very distinguished,” said Christian Junk, Senior Software Analyst at Commerzbank, “but it would seem they have a very good opportunity to contribute highly specialized content offerings and grow into affinity portals.”

Bank Julius Bär’s analyst Joeri Sels pointed at a Dooyoo rival, Ciao.com, which bills itself a ‘horizontal one-click shopping portal’, and which is also moving fast, with sites in Spain, Italy, France, UK, Austria and Germany. Ciao recently merged with another similar German start-up, Amiro.com. “The first step is lots about building a feeling of community,” said Frederick Paul, CiaoE’s founder and director. Ciao started with US$5MM from Wellington Partners and media house Burda, and they’re about to close their second round of about 20MM; the new company is presently valued, they say, at about $75MM, and say they’ll go to an IPO at the end of 2000 at the latest.

The Near Future
The big-is-beautiful crowd isn’t going away overnight, and the “gaggle” factor of European web investing will still follow these major players into the market. There will be more portal IPOs in the coming months, and as the numbers increase there’ll be even more consolidation. The huge players will be elbowing one another to grab the remaining sections of the general portal market.

And don’t forget the portals run by the incumbent national telecoms, which provide both huge amounts of national traffic as well as juicy, content-rich merger target grist for the ever-expanding large portal mill.

Over 12 months, as investors and especially web users become more sophisticated, the organic attractiveness of such offerings will wane. Sure, they work in the USA, with its large, culturally and linguistically homogeneous market.

Whither The Über-Euro-Portal? This trend doesn’t by any means signal the death of the giants. By incorporating local content through mergers and alliances, and working to leverage the potential of e-commerce, m-commerce and wireless-mobile services, there’s still plenty of opportunities to grow for the big guys.

As T-Online, Yahoo!, AOL, MSN as well as banks and equipment makers move in, the European portals will continue to be enthralling places to watch for both investors as well as growing numbers of European internet users.

Setting up Squid. Then Using It.

So I’m here in California, staying at a hotel for ten days and want to look at some websites. Nothing too fancy, some blog entries, research for upcoming reports, maybe some racy stuff like No-Load Mutual Funds. And I am, of course, like you, on a free, open, wireless connection. My mail is tunneled, but web isn’t. So I realize I should set up a proxy server somewhere else, like at home, and tunnel into it, lest anyone sniffing on the local WiFi LAN (not that I’d ever do something like that with something like Wireshark) or indeed the hotel’s wireless contractor have a record of everything I look at and type.

No brainer: Squid’s your man. But in looking around for a plain-English How-To set up Squid and then use it guide, I couldn’t find one. So here it is. The first thing to do then, is install and configure Squid.

Setting Up Squid
Because I am on Gentoo, this was easy:

emerge —sync
emerge squid

I bet on Debian it’s as simple as

sudo apt-get update
sudo apt-get install squid

Once Squid was installed, I saved the original /etc/squid/squid.conf file as a backup and then made this my new one:


http_port 3128
cache_mem 50 MB
visible_hostname DOSA
cache_dir ufs /var/cache/squid 500 16 256
offline_mode off
maximum_object_size 102400 KB
reload_into_ims off
pipeline_prefetch on
acl my_network src 192.168.0.0/255.255.255.0
acl localhost src 127.0.0.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
http_access allow my_network
http_access allow localhost
http_access deny all

Then save, and restart squid (or start it)

/etc/init.d/squid start

That, you’ll see, allows traffic from both local network and localhost but not to anyone else. We’re accessing via SSH, so once we’re tunneled in, we are on localhost.

I only allow access to the box via one port for SSH, and that is not a standard port. This little security-by-obscurity kludge was not for defense against hackers, but only to stop the bots from constantly knocking on my door and filling up my auth.log with automated login attempts. Those attempts were useless anyway because of the actual (non-obscurity-related) security measure: I don’t allow remote login with a keyboard password – you need a pre-saved key. Also, of course, the firewall does not accept connections to the Squid port – to get at that port, you need to SSH in and do port forwarding. (If anyone can tell me a better, safer way to do this I’d be obliged.)

There’s some other authentication stuff one could do quite easily (forcing a user prompt in the browser when users start a new session to authenticate to Squid via pam) that I feel comfortable ignoring in this case because I’m fairly confident about the physical access to the network (if that’s breached I have bigger problems) and also because web access to the box is limited as I’ve just described.

Setting Up The Tunnel
Now the trick is to get my machine here in the hotel to talk to Squid across an encrypted SSH tunnel lest I send my blog password and evidence of my looking at IBEX 35 stocks to everyone in my 17-floor hotel. This machine is an Ubuntu box, so I set up a simple SSH tunnel with port forwarding – using the technique first rattled off to me by Ian Sacklow, head of the Capital District Linux Users Group, while we were standing in a Barnes & Noble store about three years ago:

sudo ssh -L 3128:127.0.0.1:3128 user@your-server.com -p 7890 -f -N

The -L means bind the local port (given first) to the remote port (given last) of the server (given in the middle, wrapped between ::s). Put in a mnemonic way,

SSH BIND MY_PORT_HERE:server:THEIR_PORT_THERE.

By that standard, I’m binding port 3128 of my local machine (127.0.0.1) to port 3128 of the remote machine. Then I specify the remote machine with the user@your-server.com and specific port command (if that is required).

The -f sends the SSH shell to the background – but brings it back if the SSH server prompts for a password or sends something else back. The -N (in SSH2 only) says, “And while you’re in the background, don’t execute any remote commands,” or in this case, “Just set up the tunnel and make yerself scarce.”

If you’ve timed out a sudo session or if you have just opened the terminal, you’ll be first prompted for your user password to carry out the sudo part of the command. Once that’s done, if your SSH server allows you to use keyboard interactive logins and you don’t have a remote key, then you’ll be prompted for the password of the user name on the remote server. Enter it and if accepted, you should just return to a local user prompt. Same if you have an SSH key – after running the tunnel command, you’ll just be returned to a local user prompt.

Tip: If you set up the tunnel and you get a message saying that the local port is already in use, find out what’s using it: in this case, you’d run:

sudo lsof -i tcp:3128

That should get you info about what’s running. Kill it and then start the tunnel again. Unless you decide that you don’t want to kill it, in which case, you’d change the local bind to a different port. It doesn’t matter a whit to either SSH or Squid.

Firefox settings screenshotSetting up Firefox
Now things are easy. You’ve got Squid running on the remote server. You’ve got an SSH tunnel connecting you to it. Now just tell Firefox where to look. In Firefox select Edit -> Preferences -> Network -> Connection Settings. Tick the radio button marked, ‘Manual Proxy Configuration’, type E’127.0.0.1’ in the HTTP Proxy box and ‘3128’ (or whatever) into the Port box, click OK, then Close. Now type http://www.google.com into your URL bar and see what happens. With luck, you’ll get taken to Google.

To make sure you’re actually using the proxy, SSH into the Squid server box, and look at the tail of /var/log/squid/store.log. You should see something about google. To watch it change in near real time, do:

tail -f /var/log/squid/store.log

And surf to another location.

Summary
Web surfing in hotels or coffee shops is nasty stuff. This is one way to add a modicum of privacy to your activities at no cost but your time. Of course, corporate firewall requirements might require some modification to the tunnel commands to get out to your server, but shouldn’t present too much trouble. But beware – an entire industry exists which seeks to discover people engaged in just that kind of activity, which is certainly against your corporate access policy.

Happy Days In The Bird Business

With political intrigue, high finance and customers in exotic locales, it’s not a boring time to be in the “bird” business.

Despite a global communications sector slowdown and tepid business climate, revenues of satellite services companies grew 7 percent to $49.8 billion in 2002, according to the Satellite Industry Association.

But it’s not the best of times, either – that 7 percent growth pales in comparison to the 17 percent jump in 2001.

Operators, though, are investing heavily in new technologies and standardization despite a string of bankruptcies over the past decade that have made financing more difficult.

The major players – Inmarsat, PanAmSat, New Skies Satellites, Loral Skynet and Eutelsat – operate constellations of satellites, providing a broad range of services and technologies.

As new satellite-based network technology emerges and the industry enters a transitional phase, these companies must foster new growth while maintaining their core customer base.

The current generation of satellites are essentially “bent pipes,” in that they take a signal from a specific location on the ground and broadcast it back towards earth to an area significantly larger.

But the next generation of birds promises very high-speed Internet connections and on-board, high-speed digital signal processing; satellites will effectively become Internet routers-in-the-sky.

While pay television has been a runaway consumer success story for the satellite industry, efforts to sell satellite phones before their time soured the concept of satellite phone and Internet services in the minds of consumers (and the investment community).

Yet behind this image is a steady and sizable business.

The core customers are the military, governments and corporations seeking secure, remote access to data; broadcast television, and telephony. Satellite services are particularly good at providing communications between central offices and remote locations in industries like natural-resource exploration, finance, manufacturing and transportation.

By far the largest commercial customers are military; Gartner DataQuest estimates that the U.S. Department of Defense alone spends $300 million annually on satellite services. Satellite communications, says Patti Reali, an analyst at Gartner, are a significant part of U.S. military tactics. In turn, the military is driving the requirements for the next generation of satellites, she said.

Satellite companies are hoping their new capabilities will appeal not just to governments but to businesses small and large seeking the ability to send and receive data from anywhere.

Inmarsat, the world’s first global satellite communications operator, is the best-known name in the small circle of satellite consortia that operate in this business. Established by the United Nations in 1979, the International Maritime Satellite Organization was privatized in 1999 and has 86 government and corporate shareholders. After retreating from plans for an initial stock sale because of unfavorable market conditions, Inmarsat is now seeking a private sale.

It is the object of a bidding war between a pair of British private equity firms, Apax Partners and Permira, and a U.S.-based consortium comprising Soros Private Equity and Apollo Management.

The bidders are attracted by Inmarsat’s maritime customer base and military contracts. Inmarsat now also serves mobile business Internet users with its Regional Broadband Global Area Network product, known as R-BGAN, a portable satellite modem providing relatively high-speed Internet access from a portable unit that resembles a notebook-computer.

“BGAN is not for everybody,” said Paul Griffith, vice president for portfolio development at Inmarsat. “It’s not consumer-oriented, but it will be very attractive to businesses” beyond the traditional oil and gas, humanitarian aid groups and media markets.

If satellite companies hope to appeal to more mainstream groups, they will have to make their offerings simpler, cheaper and more universal.

A newly-adopted standard, digital video broadband return channel over satellite, or DVB-RCS, may foster competition and help reduce satellite broadband Internet charges, allowing satellite companies to compete with terrestrial options such as digital subscriber line, or DSL; cable; and fiber optics.

Satellite companies are also appealing to developing countries, who find that the cost of building a traditional, earthbound communications network is sometimes more expensive than a wireless solution.

Even the developed world has areas in which satellite technologies can complement fiber and cable networks. Satellite can more cheaply bring broadband to remote regions in countries like Spain, France and even Germany and the Netherlands to help those countries comply with an EU initiative called eEurope 2005, which mandates that all public schools, administrations and hospitals have broadband capabilities by 2005.

Similar government initiatives in Canada and Mexico have caught the eye of satellite services companies.

“We also continue to see strong demand in the Middle East and Asia,” said Diederik Kelder, senior director of business planning for New Skies, “and there is a lot of activity in Western Africa as well.” New Skies, which provides infrastructure to Internet service providers operating in remote areas, has seen heavy interest in data services in and around Iraq as that country’s reconstruction ramps up.

Late this year, the Spaceway unit of Hughes Network Systems will employ high-performance Ka-band satellites, which combine sophisticated onboard digital processing with advanced transmission capabilities. Hughes hopes to upgrade customers like banks, credit card companies and other businesses, which need terminals to communicate with a central location, to this next-generation of satellite. They will simultaneously try to expand into the small-and medium-size business market with services such as fast Internet access.

As for satellite companies offering broadband services to consumers, analysts are skeptical that a case can be made. The few initiatives which have popped up – notably including Star Band and DirecPC in the United States – have been commercial failures. Lars Godell, a senior analyst at Forrester Research, places satellite services firmly in the “other” category when discussing the European broadband market.

“Consumer selection of broadband comes down to price, price and price,” he said, “most satellite solutions require either a large subsidy from the service provider or, less likely, from the consumer – just remember how cheap DSL and cable modems are these days.”

WiFi encryption standards

There are three commonly-used standards of Wi-Fi AP security in the world today. The best known, Wired Equivalent Privacy (WEP), is readily vulnerable to exploits and must not be trusted except for the flimsiest of protection. WEP is widely considered to be a trivial barrier to even barely competent hackers, and to afford only a bare minimum of protection on its own.

Wi-Fi Protected Access (WPA) was developed as an intermediate solution to the revelation that WEP’s encryption had been highly compromised. The second generation of WPA security is called WPA2, and this is the current state of the art. WPA2 delivers (to date) very good encryption and protection against eavesdropping. WPA2 Personal provides strong encryption and uses Temporal Key Integrity Protocol (TKIP), which dynamically encrypts the key used for authentication. WPA2 Enterprise uses an authentication server to authenticate users.

Until recently, implementing WPA and WPA2 was something of a hassle; if you’ve been wireless for some time now, and still have Wireless B Cards (see sidebar), you’ll have challenges using WPA. If you have fairly new equipment, such as an Intel Centrino notebook, you’ll be able to use at least WPA if not WPA2.


 

Also in this series…
A proposal for Reasonable Wireless Security for law firms

A sample network access policy

Wifi encryption standards

“There’s nothing on my desk worth stealing”

…and free hotspots for all

 


ASPs Heat To Red Hot

In the midst of early April’s [2000] major tech sell-off, a company called Update.com Software AG had an oversubscribed and successful IPO on the Neuer Markt, and analysts say that a major reason for the successful launch was that the Update is an early mover as an Application Service Provider, or ASP.

To many analysts, ASPs are simply revolutionary. “As a general trend,” says Charles Homs, Senior Analyst at Forrester Research, “ASPs will substantially change the overall facility delivery in the e-business market.”

The European ASP sector has gotten off to a slower start than in the USA, but it is definitely heating up, and a sector worth watching. And Europe-based ASP companies have a decided home-court advantage over American imports: industry movers like the Finnish Sonera, German Infomatec and England’s Netstore, and even giants such as SAP, understand that American solutions don’t work well out-of-the-box here.

ASPs offer businesses of all sizes offsite tools to store, retrieve and use information. When broadband hits Europe – in six to nine months for Scandinavia, and a year to a year and a half in most other countries – the spread of ASP is expected to catch on like wildfire.

Netstore, with 750,000 customers and a market cap of €895 million, and the Infomatec (IFO NM) offer customers centrally stored applications, such as spreadsheets and inventory control ystems, as well as providing storage for data – effectively allowing companies to outsource all their IT needs.

Sonera (SOY GR) focuses mainly on web-based transaction and delivery products, such as allowing sites to offer streaming media and other functions.

The road to European ASP market is fraught with problems that locals have a better time identifying. For example, said Homs, a company providing Customer Relationship Management software to a company in Germany is required by German law to physically maintain the server within the German borders, to comply with German data security laws.

But IBM, too, has been an early mover in the European ASP space, and have broad experience in implementation in Europe. For the past two years they’ve been actively developing ASP products.

What’s An ASP?
ASPs are large, ultra-reliable, high-capacity and high-speed servers that store not just a company’s databases and information, but also the applications that manipulate the data. Whereas companies now invest in traditional “fat clients” – the typical computer/operating system combination wherein applications are run and data stored – many companies in the US and Europe already employ a new system.

Using a fast wired or wireless internet connection and a “thin client” – a desktop, notebook or even palm-top device running just a simple operating system and a web browser – users can now download the shell of, say, a package tracking or inventory system, call up data they need, modify it and store the results, using only software stored on the ASP’s server.

For small to medium size enterprises, ASPs could be most valuable, allowing them to maintain one copy, not thousands, of a program, and administer it centrally.

“This is a really interesting sector, because these ASPs can really help small to mid-sized firms save lots of money,” said Peter Klostermeyer, analyst at VMR. “Today’s software applications are not as expensive as they used to be but the beauty of ASPs is that they bring down the costs of implementation and administration of systems”

A not-so-subtle differentiation in the ASP sector is between hosting and true ASP, and the most important question is the who is actually implementing the solutions. Some ASPs simply give you the platform and allow a client to load whatever you choose, while others set up all the infrastructure, running everything on the server. They often limit the flexibility to what can be customized.

But to small- and medium-sized enterprises, this second option brings a new world of computing power for far less than doing it yourself.

“These are the companies that stand to gain the most in the short term,” said Homs, ” because companies are finding it increasingly difficult to find the people to set up their systems and web systems – and it’s also very expensive. But this allows them to share the costs with other companies. I think this type of ASP is a very lucrative solution.”