Subscribe

Archive | Technology

Investigating Internet Crimes

Written by experts on the frontlines, Investigating Internet Crimes provides seasoned and new investigators with the background and tools they need to investigate crime occurring in the online world. This invaluable guide provides step-by-step instructions for investigating Internet crimes, including locating, interpreting, understanding, collecting, and documenting online electronic evidence to benefit investigations.

investigating_internet_crimesThis year I served as technical editor for this excellent book by Todd Shipley and Art Bowker. Cybercrime is the fastest growing area of crime as more criminals seek to exploit the speed, convenience and anonymity that the Internet provides to commit a diverse range of criminal activities. Today’s online crime includes attacks against computer data and systems, identity theft, distribution of child pornography, penetration of online financial services, using social networks to commit crimes, and the deployment of viruses, botnets, and email scams such as phishing. Symantec’s 2012 Norton Cybercrime Report stated that the world spent an estimated $110 billion to combat cybercrime, an average of nearly $200 per victim.

Law enforcement agencies and corporate security officers around the world with the responsibility for enforcing, investigating and prosecuting cybercrime are overwhelmed, not only by the sheer number of crimes being committed but by a lack of adequate training material. This book provides that fundamental knowledge, including how to properly collect and document online evidence, trace IP addresses, and work undercover.

  • Provides step-by-step instructions on how to investigate crimes online
  • Covers how new software tools can assist in online investigations
  • Discusses how to track down, interpret, and understand online electronic evidence to benefit investigations
  • Details guidelines for collecting and documenting online evidence that can be presented in court

Blackhatonomics: An Inside Look at the Economics of Cybercrime

blackhatonomicsBlackhatonomics: An Inside Look at the Economics of Cybercrime explains the basic economic truths of the underworld of hacking, and why people around the world devote tremendous resources to developing and implementing malware.

The book provides an economic view of the evolving business of cybercrime, showing the methods and motivations behind organized cybercrime attacks, and the changing tendencies towards cyber-warfare.

Written by an exceptional author team of Will Gragido, Daniel J Molina, John Pirc and Nick Selby,  Blackhatonomics takes practical academic principles and backs them up with use cases and extensive interviews, placing you right into the mindset of the cyber criminal.

The Russian Software Pirates

Every day here and in dozens of other Russian cities, pirate dealers sell copies of the world’s most popular software titles at $5 per CD-ROM.

Despite fears about the economy, small and medium-sized businesses are flourishing in this elegant northwestern Russian city – and pirated software is installed on almost all of their computers.

Nearly all high-end computer games, Encyclopaedia Britannicas and other educational and reference CDs are distributed through illegal sources.Bootlegged software use is certainly not limited to Russia. Industry analysts say that 27 percent of the software running on American computers is pirated.

And the Business Software Alliance, which monitors business software piracy, says 43 percent of PC business applications installed in Western Europe are illegal copies.

In Russia, however, the piracy rates are a stunning 91 percent for business applications and 93 percent for entertainment software, according to Eric Schwartz, counsel to the International Intellectual Property Association, a Washington, D.C.-based organization that lobbies internationally on behalf of the copyright industry.

Schwartz said that piracy in Russia costs American entertainment software manufacturers $223 million a year and business software makers almost $300 million. The Business Software Alliance estimates worldwide revenue losses to the software industry from piracy at $11.4 billion.

Under the 1992 agreement with the United States that guaranteed Most Favored Nation trading status, Russia is required to effectively enforce anti-piracy laws, but actual enforcement is virtually nonexistent.

Meeting the Dealers
The dealers, who operate in stalls and kiosks around major transportation hubs or in full-scale markets usually 15 minutes from the city center, offer an enormous range of titles, usually bundled in a form their manufacturers would never dream of.

“That’s Windows 98, Front Page 98, Outlook 98, MS Office 97 SR1 and, uh, yeah, Adobe 5.0,” said Pyotr R., a student at St. Petersburg Technical University, of a single CD-ROM. “On the disk there are files, like ‘crack’or ‘serial’ or something, and that’s where you’ll find the CD keys,” he said, referring to the codes that unlock CD-ROMs and allow users to install the programs.

Pyotr (who spoke, as did all others interviewed for this article, on condition of anonymity) sold that disk, plus a second one containing Lotus Organizer 97, several anti-virus programs and some DOS utilities, for 60 rubles or about $10.

Another dealer was offering Windows NT 4.0 for $5, and Back Office for $10. According to Microsoft, the recommended retail prices for these products are $1,609 and $5,599.

Many Russians, who during the days of the Soviet Union bought most necessities through black market sources, think nothing of buying their software this way. They even defend the markets as providing a commodity that had been long-denied them.

After the collapse of the Soviet Union, inexpensive computers began to flood into the country from Taiwan, Germany and the United States, increasing the importance of these illegal software markets. Spending at least $800 on a computer was an enormous investment for Russians, even relatively well-paid St Petersburgians who earn an average salary of around $350 a month. Those who did buy one were in no position to consider purchasing software legitimately, even if it were readily available, which it often wasn’t.

These days, though, legitimate outlets for hardware and software are popping up everywhere in Russia; computer magazines offer licensed versions of everything available in the United States and Western Europe, and software makers advertise in the city’s well-established English-language media.

The markets continue to thrive with an alarming degree of perceived legitimacy. Outside the Sennaya Square metro station in St. Petersburg, a police officer approached a pirate dealer (who offered, among other things, Adobe Font Folio and QuarkXPress) and angrily chastised him for not prominently displaying his license to operate the stall. When the dealer complied, the policeman moved on.

Customers feel secure that the pirated copies will work and that belief appears well-founded. Bootlegged titles come with a written guarantee – good for 15 days from the date of purchase – that they’re virus-free and fully functional.

And files on the CDs themselves boast of high-quality, code-cracking techniques: “When so many groups bring you non-working fakes, X-FORCE always gets you the Best of the Best. ACCEPT NO IMITATION!” boasts one.

“There’s a lot of viruses around in Russia,” said Dima V., a system administrator who runs several small company networks in St. Petersburg using bootlegged copies of Windows NT 4.0, “but most of the disks you buy in the markets are clean. The guys are there every day and if they give you a virus you’ll come back – it’s just easier to sell you the real thing.”

Foreigners get in on the action
Russians are not by any means the only people installing the pirated programs. While employees of multinational companies or representatives of American companies would never dream of risking their job by violating copyright laws, self-employed Westerners, or ones who have established small Russian companies have no qualms about doing so.

They also pose a question software manufacturers find difficult to answer: Who would buy a network operating system package for $5,000 when it’s available for $5?

“Nobody,” said Todd M., an American business owner in St. Petersburg, whose 24-PC network runs a host of Microsoft applications that were all bootlegged.

“There’s just no financial incentive for me to pay the kind of prices that legitimate software costs,” he said. “I mean, it would be nice to get customer service right from the source, but we have really excellent computer technicians and programmers in Russia and they can fix all the little problems that we have.”

Customer support and upgrades are just what the manufacturers point to as advantages of licensed software, even in markets like Russia.

“There are enormous incentives,” said Microsoft’s Mark Thomas, “to buying legitimate software, and they start with excellent customer support and service and upgrades. We spend $3 billion a year on research and development and the money that we make goes right back into making products better and better products. The pirates don’t make any investment in the industry.”

And local industry, Thomas pointed out, suffers disproportionately in the face of piracy.

“A huge amount of our resources are put into making sure local industry builds on our platform,” he said. “When a local company creates packages for, say, accounting firms, and somebody can come along and buy it for $5, these local companies can lose their shirts.”

Piracy getting worse
Despite heavy lobbying by industry representatives and government agencies, piracy has worsened. As CD copying technology becomes cheaper, large factories in Russia and other countries, including Bulgaria, churn out copies of software copied by increasingly sophisticated groups in countries around the world, especially in Asia.

Encyclopaedia Britannica wrote off Malaysia as a market effectively destroyed by pirates, who sold 98 out of every 100 copies of its flagship Encyclopaedia three-CD set for a fraction of its recommended retail price of $125. The same disks, which have not officially even been offered for sale in Russia, are readily available in the St. Petersburg markets for $10.

“For Encyclopaedia Britannica, the cost of piracy is millions a year,” said James Strachan, EB’s international product manager. “One hundred percent of the value of our product is an investment in the authority and depth of our content,” he said. “Piracy causes us extreme concern and we do everything we can to root it out and prosecute.”

Todd M., the businessman with the 24-PC network, offers little hope that the situation will soon change in favor of manufacturers.

“With all the problems I have running my business here in Russia, from armed tax police to Byzantine procedures and customs duties, software piracy just doesn’t register with me,” he said.

“It’s the one thing about doing business here that’s somebody else’s problem.”

Linux Gets Easier. Businesses Are Noticing.

A Cannes-based private investigator, Alain Stevens, recently switched computer operating systems from Windows to Linux. “It’s a security issue,” Stevens said. “Viruses which target Windows could send confidential documents from my machines to random people – and that could send me to prison.”

Citing cost savings, open standards and enhanced security, the German government in June reached a Linux deal with International Business Machines Corp. and SuSE Linux AG of Germany for its local, state and federal computer infrastructure.

And as the City Council in Nottingham, England, plans a new software application for 10,000 employee workstations, it is seriously asking the question, “Are we going to run this on Windows or open-source, like Linux?”

Throughout Europe, companies and governments large and small have recently been asking the same thing. Information technology departments are looking at what they have and rethinking what they want.

The resulting groundswell could soon make the Linux-based desktop more prevalent in Europe than anyone could have predicted even a year ago. Dan Kusnetzky, an analyst for International Data Corp., said Linux had a 3.9 percent share of desktops worldwide, outpacing Macintosh’s 3.1 percent.

Richard Heggs, Nottingham’s systems analyst, described the process this way: “We’re looking at Linux as a possible replacement for Windows as council desktop standard. It’s looking favorable. Senior management is saying, ‘We like this, but can it do what people say it can?’”

The stimulus to find out has been manifold. A new generation of user-friendly Linux products spearheaded by SuSE and MandrakeSoft SA of France – both of which are small, as yet unprofitable companies – has eased migration.

Legislative incentives have put open-source on corporate tongue-tips. Countries including Britain, Germany, France, Italy, Norway and Malta have introduced a flurry of initiatives to give open-source software access to a level playing field – and mandate the use of open standards for official communications. And Microsoft Corp.’s unpopular license-fee revamping has contributed to a general re-evaluation of IT purchasing criteria: Some tech managers say their feasibility studies of Linux migration may be justified by reasoning that, at a minimum, the results are ammunition for negotiations with Microsoft.

Microsoft’s Europe office would not comment. Companies still look for big names – like Microsoft’s – behind any new software they might buy. Now, other big names in computing are putting money behind Linux products. Sun Microsystems Inc., which recently announced an Intel-based server pre-loaded with Sun Linux 5.0, contends that the concept of having “one folk to choke” support for an open-source product lends credibility to open-source. “The key value Sun’s bringing to Linux isn’t really ‘on the tin,’” said Simon Tindall, volume products business manager for Sun in London, “but that we will support it directly as a vendor.”

This type of Linux support means that corporate IT departments and purchasing managers, ever wary of getting stuck with something forever, can now say, “Well, Sun’s providing support for it.” For example, BEA Systems Inc., IBM, Oracle Corp., SAP AG and Veritas Software Corp. have all ported their applications to run on Linux systems. All this effort may raise costs (Linux costs typically have nowhere to go but up), but that may not be a deterring factor.

Consider StarOffice, Sun Microsystems’ open-source challenge to Microsoft Office, its word-processing business software suite. Until recently, it cost nothing. Since release of version 6.0, Sun has begun charging up to $79 per license.

[The free product was renamed OpenOffice.org and is still available under that name. The products are identical except in name and the fact that Star Office is released in a boxed set with printed documentation and Sun Microsystems installation support by telephone.]

The price seems to make businesses trust it more, some analysts say – it is a real product with a viable revenue model, which is a lot easier to explain to your boss than a product supported only by eleemosynary efforts by some vaguely hippie-sounding “open-source community.”

James Jarvie, IT manager of the Central Scotland Police, said the £245,000 ($380,000) they saved on licensing fees with StarOffice paid for more police on the streets. Councils in Aberdeen and Penwrith have embraced it, and the British Office of Government Finance has now endorsed it, along with Office and Lotus’s SmartSuite.

“Unless Microsoft makes significant concessions in its new Office licensing policies,” Gartner Inc. said in a research report, “StarOffice will gain at least 10 percent market share at the expense of Microsoft Office by year-end 2004.”

To stand a chance, an operating system must provide applications that allow users to seamlessly edit and exchange documents with others (which often means “with Microsoft Office users”). StarOffice is about 95 percent compatible with Microsoft Office (macros don’t translate, but for everyday files it is more than adequate). It runs on Windows, Linux and Solaris, and since the user interface looks identical on Windows and Linux desktops, a major changeover for users would be easier.

“Running StarOffice on Windows,” said MandrakeSoft’s chief executive, Jacques Le Marois, “is almost always a strategic migration choice.”

Martijn Dekkers, chief enterprise architect for the prime minister’s office in Malta, agrees.

“The key barrier,” Dekkers said, “is office suites and collaborative tools like e-mail and Web browsers. Interface similarities ease transitions between different operating systems.”

Ten months ago, Malta began investigating the culture and benefits of open-source. Where big software vendors claim that open-source is unreliable, unsupported and untrustworthy, open-sourcers assert that its products are the solutions to the world’s ills. The truth is perhaps neither, but on the issue of support, Dekkers found open-source viable.

“We have found,” Dekkers said, “that one of the major issues put forward – no support and no accountability – is false.

“Small and large open-source vendors offer support which is equal to or better than support from main commercial developers.”

While large organizations typically take a long time to weigh such issues, some smaller businesses in Europe are switching to SuSE and MandrakeSoft for their desktops.

Last year, SuSE implemented its SmartClient architecture on Linux for Debeka-Gruppe, a German insurance and financial services group.

More than 3,000 workstations in 230 German locations are administered from its corporate headquarters in Koblenz. Where governments deal with issues of open-source culture and monopoly-busting, small companies indicate three main reasons for taking the plunge: reliability, security and cost.

“I switched,” said Mervyn Cottenden, an Essex accountant who runs two MandrakeSoft Linux machines, “because Windows is unreliable. I can’t afford to lose a client’s work because a machine goes down in the middle of a job.”

Europe’s Dirty Little Secret: Porn Is Prince

The new report by Forrester Research (NASDAQ: FORR) on broadband usage in Europe claims that technological and hardware issues aside, the main barrier to widespread acceptance of broadband is not cost, but lack of sufficient rich, broadband-specific content to allow consumers to justify the expense.

“Compelling content unavailable over dial-up could attract them, ” said Forrester analyst Lars Godell, the lead author of the report on potential European broadband customers, “but unresolved business issues around who gets paid, how and by whom discourage premium content providers like Carlton and BMG from offering audio, video or interactive games over broadband networks.”

Forrester’s Technographics Europe survey this April showed that the top three reasons why consumers with PCs at home don’t get Net access are “I don’t need to,” “I have no interest,” and “I have no desire to be connected.”

To be sure, companies such as Bertelsmann and Time-Warner, owners of large film libraries, are looking to explore new ways of exploiting their content in a European broadband marketplace.

But analysts differ in their take on where content for broadband will go. While Forrester is bullish on very rich, interactive video-on-demand and other TV-like programming for broadband, UK-based Yes Television and BTOpenworld announced that they will pilot BT Yes Television, to deliver VOD to televisions via ADSL-enhanced phone lines in London. And Filmgroup, a film distribution company competing for the same UK VOD audience via its web portal films2.com, announced its intention to float on the London Stock Exchange in the second quarter of 2000.

But Jupiter Communications research analyst, Noah Yasskin believes all these people may be barking up the wrong tree.

“Primarily, broadband will be an enhancement of existing applications and services, as opposed to some sort of TV-like revolution,” Yasskin said. “There will be some richer media, and more possibilities for advertising and video, but we think that more important than the speed is the “always-on’ aspect–that’s the real change for consumers.”

Industry watchers agree that a constant connection to the web at a fixed price is a crucial aspect of broadband’s success. “Very clearly this type of service will boost e-business,” said Joeri Sels, telecommunications analyst for Julius Bär in Frankfurt. “It doesn’t matter whether it’s “flat rate’ or just a very cheap, reliable fixed-base rate, but the important thing is that the general trend towards “always-on” is certainly in motion.”

Always-on, said Yasskin, will cause fundamental changes in European use patterns, by making it as easy to check the web for basic information like weather and local news as it currently is to check in the newspaper.

“Applications like downloading or renting software and other large digital files will take off with broadband,” said Yasskin, “this will be very different than the dial-up world where this isn’t possible in a reasonable amount of time. If broadband equaled video, it would already be widespread at the workplace–which is, after all, with leased lines a broadband environment. The PPV-movie/broadband scenario is totally wrong. People don’t want to watch feature length movies 18 inches away from their PC.”

Godell agreed that applications are a part of the overall broadband content bundle, and also argued that broadband won’t be limited to PCs. “In 2005, 70% of the UK’s 40 million mobile Internet users will also use the net on PCs or interactive TV,” he said.

Which means it’s time to take a closer look at telcos and cablecos that offer fixed telephone, mobile and cable TV to businesses and consumers in Europe, like KPNQwest, Tele Denmark, Chello, Deutsche Telekom, Bredbandsbolaget AB, Fastweb.it and Telia, as well as optics and box makers, including Lucent, Nokia, Alcatel and Siemens.

Hubba Hubba
One unsurprising–if difficult to discuss–benefactor of broadband access in Europe, of course, will be adult services, which operate some of the most profitable services in the Internet world. That’s nothing new: pornographers have always been on the cutting–and profitable–edge of technology since the invention of the ink quill. Forrester said that in order to shore up businesses that will offer affordable broadband access, telecoms will be forced to drop objections to transmission of adult programming for download.

Which means stay tuned to Tornado-Investor.com for an upcoming profile of high-tech adult offerings from BEATE UHSE AG—Germany’s only publicly listed smut-peddler.

Ericsson: Hothousing To The Core

The future is wireless, or at least that is what Nokia, Ericsson and a host of startups and network operators are earnestly hoping. But the quick success of 3G – The Third Generation of mobile telephony – is more than profitable icing for these companies; it has now become a matter of survival….

This article, which ran in the February, 2001 issue of Tornado Insider magazine, looks at the overall climate in European development of 3G, and then explores how each of Europe’s largest telecom networking manufacturers, Ericsson and Nokia, is coping with the challenge.

…………………………………………………….

It’s been a morning of suits and PowerPoint slides at the Ericsson demo center, and in the back row sits a pale Gen-Xer dressed head to toe in black and wildly thumbing away at his cell phone. He turns out to be Ivar Gaitan, a project manager for It’sAlive. After we listen to technical overviews of Ericsson’s Mobile Location Solutions, he stands up and shows us a location-based game his startup developed.

“BotFighters will launch this month,” says Gaitan. “It is a location-based game that people can play on their normal GSM phone. Using SMS, players determine who is in firing range and can fire…” A small beep is heard. Gaitan suddenly stops his patter and says, with an apologetic, but nonetheless delighted, grin: “Whoa… Sorry, my friend is 400 meters away and….” He begins thumbing madly on his keypad-entered “fire command.”

The game is, like Asteroids and Pac-Man before it, a triumph of simplicity. But by nature of its location-based, “find-your-friends” theme, it’s the essence of community building – that is, community building at 1.5 Swedish krona, or about 15 US cents, a pop.

These types of “small ticks” are music to the ears of operators, and therefore the holy grail of network vendor Ericsson, which bends over backwards to get products like this, or actually any product that works well with its systems and increases usage, to market. And these types of products are expected to drive 3G usage when it arrives.

“Ericsson’s been cooperating with us on both technical and marketing aspects,” says Tom Soderlund, It’sAlive co-founder. “They’ve let us into their labs and given us access to technical information, but we also have joint marketing activities, demonstrating our applications on their systems.”

Ericsson, of course, has venture wings, with $300 million in capital under management. But Ericsson’s strategy for hot-housing takes on several discrete, and sometimes even internally competing, roles. First, as with traditional hardware manufacturers, it attempts to open standards and technologies to developers, as would Palm, Psion, or even Nokia.

As with most hardware manufacturers, the process of getting into bed with Ericsson as a garden-variety application developer usually begins with the startup visiting the Ericsson developers’ website (www.ericsson.com/developerszone/), where it signs on for technical specifications. The technical information on the Developerszone is substantial enough that Swedish bank SEB – with an in-house IT team of 1,400 people that recently launched online WAP banking services – has almost relied on that alone.

SEB’s Bons says the bank launched with services based on the Ericsson R380, but that it was not an exclusive deal with Ericsson. “That was a launch device. When other hand-held devices, like PDAs, are released that are similar in size and ease-of-use to the R380, SEB will support those devices as well,” he says.

“It’s been a joint marketing effort. What Ericsson really gave us was understanding of how the whole puzzle works and the interaction of the whole mobile environment with vendors and operators. We know quite a bit about the Internet, but we are newcomers when it comes to mobile. Ericsson has really contributed to our knowledge,” Bons adds.

The decision to move beyond the Developerszone stage to solidifying the relationship could come from a number of instigators. It could be, as in the case of It’sAlive, that the VCs involved previously worked with a division or part of Ericsson, or it could also be that the startup demonstrates it can fill what Ericsson refers to as a “white spot” in its strategy.

These white spots, or opportunities, are key to a startup. “When we started at the Developerszone,” says It’sAlive’s Soderlund, “we received technical information and the like, but as the game evolved and it became more of a complete product, and as Ericsson saw how hot location services were becoming, we got more help on the marketing side.”

Today, when Ericsson demonstrates its location-based services, an It’sAlive gamer is right there to show a real, up-and-running practical use. “It’s too early to say anything about whether this has got us any contracts, because it’s just been released,” says Soderlund. “But I can say we’ve got lots of sales leads from the relationship.” That’s a piece of a white spot. But entire white spots? What’s coming down the pipeline?

“The area I think is really, really hot, is integrating wireless LAN with 3G solutions,” says Marie Bern, investment manager at Speed Ventures, which invested in It’sAlive. “When we get seamless access over wireless LAN, there will be a lot of new issues that have to be addressed.”

“How do you, for example, solve roaming between networks, owned by different players and based on different technologies? How do you solve billing, when all traffic is IP-based and the operator no longer controls every access point? Wireless LAN has the potential to turn wireless communication as we know it upside down, and there are huge opportunities for startups within this field,” Bern says.

Ericsson plays a crucial role in sorting out the white spot solution providers from the mere partners, taking internal and external projects it feels may someday become part of its core business. If it does, the company is absorbed into either Ericsson or Ericsson Business Innovation (EBI). If it doesn’t, Ericsson spins it out by partnering with a VC or other investors, building the business as an external company, then exiting at release.

The exit strategy seems to be the crucial difference. Where Nokia approaches the issue of external vendors with a shotgun strategy – if you throw resources at them, they will come – Ericsson can take a more vertical view of hot-housing and look upon each new vendor as a potential core Ericsson business.

Take, for example, Red Jade, which declined to discuss its product other than to say it relates to wireless technology and entertainment. Whatever it is, the company and EBI are working hard at it; Stockholm-based incubator IT Provider saw EBI’s role in it as not just crucial, but as deal breaking. “It’s definitely part of the decision to invest in a company,” says Jesper Korrbrink, venture manager at IT Provider. “With Red Jade, we needed a very high level of technological know how, and we and Red Jade had the impression that the business just could not be done without Ericsson. It involved technologies in which they lead.”

Sometimes the hot-housed company comes from the reverse process: the result of an EBI-instituted project that didn’t really fit into the core Ericsson business. EBI spins it out with the help of external VCs. Such was the case with ConnectThings, which also had investments from IT Provider. Fortunately, ConnectThings can say what it does for a living: It makes barcode readers that will be embedded in future handsets.

“The barcode reader is integrated with the phone,” says EBI’s Hoff, “and whatever is scanned triggers information on the product to be displayed. If it’s a drug, you can see what kind of drug interactions or side effects [it has] or how to use it. Or if you swipe a CD in the store, you can hear the song on your phone’s MP3 player.”

For a consumer to get product information by swiping a barcode in an ad as opposed to typing in a URL is a very different delivery method. It could be very useful for people and businesses, but only if it’s not platform specific. A key point when considering Ericsson’s hot-housing strategy is that the result needn’t be exclusively an Ericsson product. “We are looking at implementing the service with all the handset manufacturers. It’s not Ericsson-focused in that sense,” says Per Troborg, ConnectThings president. “Our vision is that all mobile terminals will have a low-cost, small-sized barcode reader integrated right inside.”

The Future Of 3G

The future is wireless, or at least that is what Nokia, Ericsson and a host of startups and network operators are earnestly hoping. But the quick success of 3G – The Third Generation of mobile telephony – is more than profitable icing for these companies; it has now become a matter of survival….

This article, which ran in the February, 2001 issue of Tornado Insider magazine, looks at the overall climate in European development of 3G, and then explores how each of Europe’s largest telecom networking manufacturers, Ericsson and Nokia, is coping with the challenge.

…………………………………………………….

Driving through the freezing streets of Kista, Sweden, I’m trying to look nonchalant while conducting a third-generation (3G) mobile-video teleconference. We’re bouncing over the cobblestones and chatting with a spokeswoman back at the Ericsson 3G center. Simultaneously, I’m downloading CD-quality streaming audio from the Web.

This would be a typical PR exercise if not for the fact that our “handset” – a modified three-ton Volkswagen passenger bus – is somewhat bulky.

“There are no actual handsets yet,” apologizes Viktoria Eklund, a marketing manager for Ericsson who is acting as our tour guide on Ericsson’s 3G Magic Bus, “so we have to use regular networked PCs. But the connection is totally 3G wireless.”

Eklund’s point is compelling. I’m interacting across a wireless connection of 472 kilobits per second packet-switched and 328 kilobits per second circuit-switched. That’s faster than Deutsche Telekom can pump anything into a Munich home phone line no matter how much is offered in payment.

The importance of all this goes well beyond high technology for its own sake. The commercial success of large-scale 3G mobile systems is literally the key to survival for many of Europe’s mobile operators in the coming five years. It’s estimated that the more than $100 billion they spent on licenses alone must be followed by $120 billion to $200 billion in infrastructure spending.

“…By the time operators roll out the monumentally over-hyped 3G, their financial world will be different: Their credit ratings will have been battered, cruise ships-full of cash will have been spent, and the economic outlook will have changed….”
This makes 3G the juiciest opportunity to develop and exploit a diverse basket of new technologies since the heady days of the United States’ battle to conquer the moon ahead of the Soviets. It is also perhaps as risky. Much of the initial burden for hot-housing the companies that will deliver the applications and services destined to roll out with 3G, has been placed squarely on the shoulders of the two industry leaders, Ericsson and Nokia, as well as on their venture capitalists, strategic partners, and entrepreneurs they back. It may prove make or break for all of them as well.

There is much more riding on 3G than simply giving users more bandwidth and fancy applications. “When the operators are buying all this 3G infrastructure,” says Marie Bern, investment manager at Speed Ventures in Stockholm, “they are asking the vendors to prove the business case. If there are no compelling services and no convincing revenue models, there’s no case.”

It is always a risk for application developers to create for future technology platforms. One never really knows how long it will take before there is a critical mass of customers. Usually it takes far longer than the network vendors claim, which makes the business case for huge investment very vulnerable. To survive and be successful, developers need the support of venture capital firms and their networks, as well as the network vendors.

“When this collaboration works it’s really a win-win situation for all parties,” Bern says. The hot-housing is so crucial that it can be the difference between invest and don’t invest decisions. “When you look at an investment, you look at the team, the business idea, the partners, and the customers. In this case, the network vendors are the business partners,” Bern adds.

Anders Bons, Swedish bank SEB’s senior advisor for mobile business strategies and project leader for SEB mobile services, agrees. “The [networking hardware] vendors have finally started to realize that what they need is proof-of-concept by supporting real and valuable applications like mobile banking,” he says. “It’s not enough to have just artificial applications – like letting you buy a coke from a vending machine – to prove the value.”

The Climate
By the time operators roll out the monumentally over-hyped 3G, their financial world will be different: Their credit ratings will have been battered, cruise ships worth of cash will have been spent, and the economic outlook will have changed. In addition, the mainstream press will have incited the public to demand everything from postage-stamp-sized, user-friendly multimedia terminals with high-resolution streaming video-teleconferencing and video postcards, to robust new applications that will change lives, all for the cost of a 3G terminal and some airtime, of course.

Operators, in turn, will demand of the manufacturers not just networks, but rather complete end-to-end systems with turnkey, bundled applications. As was proven by the runaway success of what until recently seemed trivial applications like SMS and downloadable ring-tones, neither the vendors nor the operators have the foggiest idea which applications will be popular and which will simply be a waste of bits.

Will mobile-video postcards, as Nokia expects, eat into the lucrative “analog” postcard industry? Will location-based services compel games and useful business information, or merely irritate by beeping mobile phones every time someone passes within 300 meters of a McDonald’s?

Vendors believe that the only way to meet the needs of the 3G user base, which isn’t demanding anything specific yet, is to try to get as many applications as possible up and running as fast as possible. For their part, the operators are busy building locally-driven services and forging regional business alliances. But the cost and difficulty for operators to develop custom-built portfolios of applications and services specific to their network make the “walled garden” approach neither sensible nor desirable.

3G requires diverse technologies to converge, and quickly. In the US space program, parallel and massive technology initiatives were undertaken in everything from food processing to rockets, satellites, miniaturization, and computer and communication systems. The contractors couldn’t foresee the ways in which their technologies would interact. But they changed the world by developing technologies that would become miniaturized computers, the GPS satellite navigation system, and even Tang, the orange-drink powder.

The companies involved with the drive toward 3G systems are in a similar position. In order to succeed, 3G needs seismic advances in network, display, power, and size-factor technology plus other aspects such as personalization elements. NASA had 12 years to get it all done, 3G has perhaps two years.

Data breaches may be new boon for mobile security

We’ve noted recently that laptops are becoming ever more portable, holding more data and processing power than ever before, and rapidly replacing the enterprise desktop as a primary computing device. We also noted that along the way they are fast becoming a major point of security failure that enterprises must address.

That proved a timely assertion, especially now that the nation’s mainstream media is buzzing about the theft from a U.S. Department of Veterans Affairs (VA) employee of a laptop computer and CD-ROM containing personally identifiable information (PII) of at least 26 million veterans. It’s safe to say that the data loss and intellectual property theft associated with mobile laptops and storage devices is a hot topic. Veterans groups have filed a lawsuit against the VA in connection with the breach, seeking $26.5 billion in damages. This monetizes – perhaps for the first time on such a large scale – the problem.

Nearly 85 million records containing PII have been compromised since February 2005, when Alpharetta, Ga.-based ChoicePoint Inc. announced the loss to hackers of 145,000 records containing PII. Ten days later, another breach announcement was made, but this time the problem wasn’t hackers – it was butterfingers: Bank of America in Charlotte, N.C., announced that it had lost an unencrypted backup tape holding 1.2 million records containing PII. Not stolen or hacked… lost.

We reckon that 40% of those 85 million compromised records were lost not to evil hackers cleverly breaking through security or social-engineering credentials from unsuspecting employees, but instead to stolen or lost laptops, computers or backup tapes, or inadvertent emailing. This kind of data compromise is a national problem affecting everything from small business, to all sizes of enterprises, to government on every level. It’s also a massive opportunity because to a large extent, this problem can be reduced.

Compliant or secure?
Much marketing ink has been spilled around the word ‘compliance’ in the past couple of years. The term sometimes refers to compliance with state regulations, like California’s, New York’s and Connecticut’s regarding data breaches. But more often, it refers to compliance with federal regulations and industry guidelines, like SOX, HIPAA, the Federal Financial Institutions Examination Council, the Payment Card Industry Data Security Standard and other acronym-laden best-practices lists designed to introduce more accountability and technical oversight into the worlds of enterprise and government data.

The ChoicePoint announcement rang in de facto national compliance with the California state law requiring notification of affected parties of a breach in security, confidentiality or integrity of unencrypted data containing PII. For each reported breach, press coverage intensifies. As identity theft becomes more common and better publicized, the consumer response to such data compromise has become angrier, which leads to still more media coverage. Data loss, which used to mean some bad PR if you got found out, now means an instant share price punishment, heaps of bad publicity and customer rage. Those are the three most significant drivers of enterprise adoption of security products.

The biggest immediate winners would seem to be mobile device security vendors. Companies like Bluefire Security Technologies, Credant Technologies, Mobile Armor, PGP Corp, Pointsec Mobile Technologies, SafeBoot, Trust Digital, Utimaco Safeware and WinMagic all offer products that encrypt sensitive data on enterprise mobile computing and storage devices.

Mobile device security
For the past several years, vendors in the mobile device security space have been hollering their heads off about just these issues. Mobile device security in this case boils down to the ability to encrypt sensitive data on the hard drive and removable media of any device or storage media capable of being carried out of the enterprise.

That’s a sensible enough goal, and unlike the case with intrusion detection or edge defense, most people can intuitively understand it. In this space there are religious differences – a constant discussion over whether it’s best to encrypt every single bit that hits the hard drive, or selectively encrypt only the data deemed by some policy to be ‘sensitive.’

And there are logistical challenges. Think of how many devices are capable of taking a walk with 60,000 or 6 million records, and your thoughts would have to extend to laptops, mobile phones, CDs and DVDs, USB flash storage drives and mass storage devices like iPods, MP3 players, digital cameras and the like, plus backup tapes, external hard drives and tape drives… There’s a pretty long list.

Most, if not all, of the vendors in this space build in some kind of remote-destruct feature to thwart Fred from Purchasing from absconding with the company sales list: The device typically phones home on boot and gets instructions, or checks in when connected to the Internet. This is all useful stuff of course, but the main concern most people have is whether disks can go on a walkabout without endangering the customer data and the company’s reputation.

The reason we say that vendors in this space will benefit from the recent events far faster than those in others (such as, for example, database protection, storage encryption and key management and the worlds of intellectual property loss prevention) is because the technology is simple, fairly cheap and can be deployed on what you have now.

It’s a fairly easy purchase that the enterprise doesn’t have to live with forever – the technology on which it is deployed, often a laptop or handheld, will almost certainly be replaced in three to five years (as opposed to a database protection system, which would be expected to last longer, or storage encryption and key management system, which would be expected to last until the end of time, or at least a decade). Also, mobile devices are frankly the most likely to be lost or stolen or otherwise compromised – like when an employee is fired and ‘forgets’ to return it.

Vendors
Partial disk encryption sets aside areas of the disk to be encrypted, and/or examines content to determine by policy whether the information is sensitive. And these days, products from companies like Bluefire, Credant and Trust Digital offer extremely granular controls over what sensitive means, including encryption of all data from certain applications, data containing patterns (such as Social Security and credit card numbers) and other triggers. Whole-disk encryption encrypts everything on the disk. The arguments against this are as numerous as those for it and revolve around restoration of system files and re-provisioning without destroying all the data. Mobile Armor, PGP, Utimaco’s SafeGuard Easy and WinMagic all offer robust whole-disk encryption products.

All these vendors offer controls, from basic to fairly sophisticated, to ensure that data saved to removable media of any sort is encrypted. This stops short of products from M-Systems, which place an agent on Windows machines preventing all but M-Systems hardware-encrypted USB drives from being mounted by the computer, and requires all data stored on the removable media to be encrypted; a central management system handles provisioning, remote-destruct, lost passwords and other features. Safend, GFI Software and other companies have less granular systems that provide control of all external media devices as well.

Opportunities
Compliance – in this case, compliance with best practices that result in your enterprise’s name not featuring prominently in the national media – is the key driver for these technologies, and the sky is the limit. The terabytes of data just floating around unencrypted on removable media only scratches the surface of the problem. That special report we published on mobile laptops as desktops points out that mobile laptop deployment already outpaces that of desktops. After the third loss of a laptop in a year (resulting in the compromise of at least 280,000 records), Ernst & Young is said to be looking into an enterprise-wide encryption policy. More of those will be forthcoming in the immediate future. And the mobile security vendors will try as hard as they can not to say "We told you so."

Software Pirates Rule In Russia

russia_piratesEvery day here and in dozens of other Russian cities, pirate dealers sell copies of the world’s most popular software titles at $5 per CD-ROM.

Despite fears about the economy, small and medium-sized businesses are flourishing in this elegant northwestern Russian city – and pirated software is installed on almost all of their computers.

Nearly all high-end computer games, Encyclopaedia Britannicas and other educational and reference CDs are distributed through illegal sources.Bootlegged software use is certainly not limited to Russia. Industry analysts say that 27 percent of the software running on American computers is pirated.

And the Business Software Alliance, which monitors business software piracy, says 43 percent of PC business applications installed in Western Europe are illegal copies.

In Russia, however, the piracy rates are a stunning 91 percent for business applications and 93 percent for entertainment software, according to Eric Schwartz, counsel to the International Intellectual Property Association, a Washington, D.C.-based organization that lobbies internationally on behalf of the copyright industry.

Schwartz said that piracy in Russia costs American entertainment software manufacturers $223 million a year and business software makers almost $300 million. The Business Software Alliance estimates worldwide revenue losses to the software industry from piracy at $11.4 billion.

Under the 1992 agreement with the United States that guaranteed Most Favored Nation trading status, Russia is required to effectively enforce anti-piracy laws, but actual enforcement is virtually nonexistent.

Meeting the Dealers

The dealers, who operate in stalls and kiosks around major transportation hubs or in full-scale markets usually 15 minutes from the city center, offer an enormous range of titles, usually bundled in a form their manufacturers would never dream of.

“That’s Windows 98, Front Page 98, Outlook 98, MS Office 97 SR1 and, uh, yeah, Adobe 5.0,” said Pyotr R., a student at St. Petersburg Technical University, of a single CD-ROM. “On the disk there are files, like ‘crack’or ‘serial’ or something, and that’s where you’ll find the CD keys,” he said, referring to the codes that unlock CD-ROMs and allow users to install the programs.

Pyotr (who spoke, as did all others interviewed for this article, on condition of anonymity) sold that disk, plus a second one containing Lotus Organizer 97, several anti-virus programs and some DOS utilities, for 60 rubles or about $10.

Another dealer was offering Windows NT 4.0 for $5, and Back Office for $10. According to Microsoft, the recommended retail prices for these products are $1,609 and $5,599.

Many Russians, who during the days of the Soviet Union bought most necessities through black market sources, think nothing of buying their software this way. They even defend the markets as providing a commodity that had been long-denied them.

After the collapse of the Soviet Union, inexpensive computers began to flood into the country from Taiwan, Germany and the United States, increasing the importance of these illegal software markets. Spending at least $800 on a computer was an enormous investment for Russians, even relatively well-paid St Petersburgians who earn an average salary of around $350 a month. Those who did buy one were in no position to consider purchasing software legitimately, even if it were readily available, which it often wasn’t.

These days, though, legitimate outlets for hardware and software are popping up everywhere in Russia; computer magazines offer licensed versions of everything available in the United States and Western Europe, and software makers advertise in the city’s well-established English-language media.

The markets continue to thrive with an alarming degree of perceived legitimacy. Outside the Sennaya Square metro station in St. Petersburg, a police officer approached a pirate dealer (who offered, among other things, Adobe Font Folio and QuarkXPress) and angrily chastised him for not prominently displaying his license to operate the stall. When the dealer complied, the policeman moved on.

Customers feel secure that the pirated copies will work and that belief appears well-founded. Bootlegged titles come with a written guarantee – good for 15 days from the date of purchase – that they’re virus-free and fully functional.

And files on the CDs themselves boast of high-quality, code-cracking techniques: “When so many groups bring you non-working fakes, X-FORCE always gets you the Best of the Best. ACCEPT NO IMITATION!” boasts one.

“There’s a lot of viruses around in Russia,” said Dima V., a system administrator who runs several small company networks in St. Petersburg using bootlegged copies of Windows NT 4.0, “but most of the disks you buy in the markets are clean. The guys are there every day and if they give you a virus you’ll come back – it’s just easier to sell you the real thing.”

Foreigners get in on the action

Russians are not by any means the only people installing the pirated programs. While employees of multinational companies or representatives of American companies would never dream of risking their job by violating copyright laws, self-employed Westerners, or ones who have established small Russian companies have no qualms about doing so.

They also pose a question software manufacturers find difficult to answer: Who would buy a network operating system package for $5,000 when it’s available for $5?

“Nobody,” said Todd M., an American business owner in St. Petersburg, whose 24-PC network runs a host of Microsoft applications that were all bootlegged.

“There’s just no financial incentive for me to pay the kind of prices that legitimate software costs,” he said. “I mean, it would be nice to get customer service right from the source, but we have really excellent computer technicians and programmers in Russia and they can fix all the little problems that we have.”

Customer support and upgrades are just what the manufacturers point to as advantages of licensed software, even in markets like Russia.

“There are enormous incentives,” said Microsoft’s Mark Thomas, “to buying legitimate software, and they start with excellent customer support and service and upgrades. We spend $3 billion a year on research and development and the money that we make goes right back into making products better and better products. The pirates don’t make any investment in the industry.”

And local industry, Thomas pointed out, suffers disproportionately in the face of piracy.

“A huge amount of our resources are put into making sure local industry builds on our platform,” he said. “When a local company creates packages for, say, accounting firms, and somebody can come along and buy it for $5, these local companies can lose their shirts.”

Piracy getting worse

Despite heavy lobbying by industry representatives and government agencies, piracy has worsened. As CD copying technology becomes cheaper, large factories in Russia and other countries, including Bulgaria, churn out copies of software copied by increasingly sophisticated groups in countries around the world, especially in Asia.

Encyclopaedia Britannica wrote off Malaysia as a market effectively destroyed by pirates, who sold 98 out of every 100 copies of its flagship Encyclopaedia three-CD set for a fraction of its recommended retail price of $125. The same disks, which have not officially even been offered for sale in Russia, are readily available in the St. Petersburg markets for $10.

“For Encyclopaedia Britannica, the cost of piracy is millions a year,” said James Strachan, EB’s international product manager. “One hundred percent of the value of our product is an investment in the authority and depth of our content,” he said. “Piracy causes us extreme concern and we do everything we can to root it out and prosecute.”

Todd M., the businessman with the 24-PC network, offers little hope that the situation will soon change in favor of manufacturers.

“With all the problems I have running my business here in Russia, from armed tax police to Byzantine procedures and customs duties, software piracy just doesn’t register with me,” he said.

 

“It’s the one thing about doing business here that’s somebody else’s problem.”

Infineon Breaks Losing Streak

Infineon Technologies on Monday posted a fourth-quarter profit, ending nine quarters of losses.

Infineon, the world’s sixth-largest maker of semiconductors, said net income was E49 million, or $56.5 million, compared with a loss of E505 million a year earlier. Revenue rose 37 percent to E1.76 billion.

For the year through September, the company reported a net loss of E435 million, compared with a net loss of E1.02 billion in 2002. Sales rose 26 percent to E6.15 billion.

“It’s good, but we fully expected this a quarter ago,” said Andrew Griffen, European semiconductor analyst at Merrill Lynch. “I can’t criticize what they’re doing – those who criticized them for investing heavily two years ago are now seeing those investments returning profits. But they’re in a tough industry, and their shares are overvalued.”

At the company’s annual news conference, Ulrich Schumacher, president and chief executive, cited cost savings through job cuts and outsourcing as well as an increase in the price of its core D-RAM products and reductions in its cost of producing them.

Schumacher said profit from the sale of Infineon shares in the Taiwan chipmaker ProMos had also added to the bottom line.

Fully 57 percent of revenue originated outside Europe, the Munich-based company said: 34 percent from Asia and 23 percent from North America.

Infineon also said it had become the third-largest chipmaker in the United States, overtaking Texas Instruments. Worldwide, Infineon said it had 4 percent of the market in semiconductors, up from 3 percent.

The company said it was on track to achieve its goal of 6 percent market share by 2007. It said that it expected demand for personal computers to increase in the current quarter and that the holiday season looked especially promising.

Peter Fischl, chief financial officer, said Infineon had set said E28 million to prepare for a possible adverse outcome of a U.S. Department of Justice investigation of price-fixing in the market for D-RAMs, chips that expand personal computer memory and help more programs operate simultaneously. Both Washington and the European Commission have been investigating any Infineon role in alleged price-fixing scheme.

Schumacher, asked about plans to move Infineon’s headquarters from Germany to a more tax-friendly country, said that the company was actively exploring the possibility and that it was not just a question of costs but also of productivity and speed to market.

“In our Chinese factories we are able to work three shifts per day seven days a week,” Schumacher said, adding that labor laws and work force costs in Germany constrain the company to work far fewer hours. “To ignore this is to imperil our very existence.”