Total Pageviews

Friday, November 30, 2012

Today\'s Scuttlebot: Syria\'s Blackout, and Calvin and Hobbes

The technology reporters and editors of The New York Times scour the Web for important and peculiar items. Friday's selection includes the last typewriter produced in Britain, Staples offering to a 3-D printing service in Europe and analyses of the Syrian internet disruption.

Iranian Channel Reports Bomb Outside Its Office in Damascus

Iran's state-owned satellite channel Press TV reports that a bomb destroyed six vehicles, including a satellite news truck near the broadcaster's office in Damascus early on Friday.

Video posted on a YouTube account associated with Hussein Mortada, a Lebanese supporter of the Syrian government who directs coverage of Syria for Press TV and the Iranian government's Arabic-language satellite channel, Al Alam, was said to capture the blast. The surveillance-camera video is quite dark but, according to Press TV, the bombing took place just “after a man was caught on camera sticking something to a car.”

Video said to show an explosion in Damascus early on Friday outside the office of an Iranian satellite channel.

A second video clip posted on the same YouTube account on Friday, despite reports that the Internet remains down in Syria, appeared to offer a glimpse of a road near the airport in Damascus, and a government checkpoint, with the sounds of fighting in the distance. Fighting was reported near the airport on Thursday.

Video said to show a road near the airport in Damascus, the Syrian capital, on Friday.

Study May Offer Insight Into Coca-Cola Breach

Spend enough time with cybersecurity experts and chances are you will hear some variation of this line: There are two types of companies in the United States, those that have been hacked and those that don't yet know they've been hacked.

Government intelligence officials and cybersecurity specialists say hackers - predominantly from China - are siphoning gigabytes, if not terabytes, of data from companies in the United States every day. We count on much of this information to deliver the innovative products and services that will lead to new jobs and economic growth. The security software company McAfee estimates that in 2008 alone, companies around the world lost more than $1 trillion because of this sort of intellectual property theft.

“I've seen behind the curtain,” Shawn Henry, the Federal Bureau of Investigation.'s former top cyber agent, who recently joined the cybersecurity start-up CrowdStrike, told me in an interview in April. “I can't go int o the particulars because it's classified, but the vast majority of companies have been breached.”

The problem is that such breaches rarely make headlines because companies fear what disclosure will mean for their stock price. Google was the first to try to change that mentality when, in 2010, it went disclosed that it and 34 other companies, many based in Silicon Valley, had been attacked by Chinese hackers. Of those 34, only Intel and Adobe Systems came forward, and they provided few details.

Still, news of some breaches leak out. That was the case, most recently, with Coca-Cola. This month, Bloomberg News reported that Coca-Cola was breached by Chinese hackers in 2009 during a failed $2.4 billion takeover attempt of the China Huiyuan Juice Group. That attempted deal would have been the largest foreign acquisition of a Chinese company.

Now, a 2010 case study published by the Mandiant Corporation, a cybersecurity firm, may offer further details. The stu dy, which does not mention Coca-Cola specifically, details a 2009 breach of a “Fortune 500 Manufacturer” that aligns almost perfectly with Bloomberg's account of Coca-Cola's breach.

According to the study:

In 2009, a U.S. based Fortune 500 manufacturing company initiated discussions to acquire a Chinese corporation. During the negotiations, APT [advanced persistent threat] attackers compromised computers belonging to the executives of the U.S.-based company, most likely in an effort to learn more details of the negotiations. Sensitive data left the company on a weekly basis during negotiations, potentially providing the Chinese company with visibility to pricing and negotiation strategies.

As Bloomberg reported, Mandiant's study said the company gained knowledge of the breach only when law enforcement officials notified it of the intrusion. The study also details how hackers penetrated the company via a so-called spearphishing attack, in which the attackers sent e-mails to certain executives from a fake account ostensibly belonging to the chief executive.

According to Bloomberg, an e-mail containing the subject line: “Save power is save money! (from CEO)” was sent to the e-mail account of Bernhard Goepelt, Coca-Cola's current general counsel. The e-mail contained a malicious link that, once clicked, downloaded malware that gave the attackers full access to Coca-Cola's network.

Mandiant's 2010 report said the e-mail “was crafted to look like it originated from a fellow employee and discussed a message from the CEO on conserving resources.”

Tal Be'ery, a senior Web researcher at Imperva, a data security firm, compared details of the Coca-Cola breach with Mandiant's study and said the two accounts clearly referred to the same company. Executives at Mandiant and media officers at Coca-Cola did not return requests for comment.

If Mandiant's study is, in fact, based on Co ca-Cola, then it offers new insights into the breach. According to the study, once in, hackers used password-stealing software to gain access to other systems on the company's network. They also used the compromised executive's account to launch what is known as an SQL server attack, in which hackers exploit a software vulnerability and enter commands that cause databases to produce their contents.

But one of the most interesting aspects of the breach, according to Mandiant, was how well the attackers had concealed their tracks. According to Mandiant, hackers used so-called stub malware. This is an agile agent whose code can be tweaked by hackers to use it for various functions while leaving a small forensic footprint.

The one discrepancy between the Bloomberg and Mandiant accounts was why, ultimately, the company's acquisition fell apart. According to Bloomberg, Coca-Cola's takeover attempt of China Huiyuan Juice Group was thwarted because China's Ministry of C ommerce rejected it for antitrust reasons. Mandiant's report offered a different take:

The intrusion had a significant impact on the victim organization. As a result of the compromise, the U.S. company terminated their acquisition plans. While it was not possible to determine all the data that had been lost, the victim company was not able to compete the acquisition and accomplish their business objectives.

Reading Egypt\'s Draft Constitution

As my colleagues Kareem Fahim and David Kirkpatrick report from Cairo, Tahrir Square was filled with protesters again on Friday as opponents of President Mohamed Morsi, “galvanized and angered by his unexpected and hurried effort to pass Egypt's new constitution,” returned to the streets.

The Cairene blogger who writes as The Big Pharaoh observed that the square was full, if not as jammed as it had been three days ago, when Egyptians rallied in numbers that recalled the 18 days of protest that toppled Hosni Mubarak.

Video of Tuesday's rally, posted on YouTube by activists from the Mosireen collective, testified to the size and passion of the new protest movement against the Islamist president and the draft constitution app roved by his allies in a constituent assembly packed with his supporters.

Video of Tuesday's protests in Cairo, from the activist film collective Mosireen.

Since the new constitution has to be approved in a referendum, that document is now the focus of intense scrutiny. Hours after it was approved, The Egypt Independent published an English translation of the Arabic text prepared by Nariman Youssef. Ms. Youssef, who describes herself as “a literary translator, wannabe cultural historian and sometimes poet” on her blog, Multivalence, voiced some criticism of the text as she worked.

The BBC produced a very useful side-by-side comparison of important parts of the new document to those in Egypt's previous constitution. Issandr El Amrani, the Cairo-based journalist who blogs as The Arabist, suggested that the comparison was not flattering to the new text.

As the constituent assembly raced to pass the document on Thursday and Friday, in the absence of non-Islamist members who boycotted the proceedings, Heba Morayef, the Human Rights Watch Egypt director, provided a running and quite frequently lacerating commentary on Twitter.

Several of Ms. Morayef's objections were incorporated into an analysis of the draft constitution published by Human Rights Watch on Friday.

The rights group welcomed some parts of the text, but expressed concern about seve ral others.

Human Rights Watch has reviewed Chapter II of the final draft, entitled Rights and Freedoms, and followed the televised session in which the constituent assembly voted on each of these provisions. The rights chapter provides for strong protection against arbitrary detention in article 35 and torture and inhumane treatment in article 36, and for freedom of movement in article 42, privacy of communication in article 38, freedom of assembly in article 50, and of association in article 51. But the latest draft, unlike the earlier version, defers to objections from the country's military leadership and has removed the clear prohibition of trials of civilians before military courts.

Human Rights Watch also identified and explained in detail its concerns over limited guarantees of freedom of expression, freedom of religion and women's rights in the new framework for Egyptian law.

Gehad El-Haddad, a senior adviser to the Muslim Brotherhood and the group's political party, which nominated Mr. Morsi for the presidency earlier this year, sparred with critics, including Ms. Morayef on Twitter.

The author Rawah Badrawi, who lives outside Cairo, observed that the referendum campaign was already underway, at least for Mr. Morsi's allies in the Muslim Brotherhood, and the opposition might need to develop a “ground game” to defeat the draft constitution rather than just focus on street demonstrations.

Evidence that the campaign in favor of the draft constitution has begun was posted online by Egyptian blogger - a photograph of a Muslim Brotherhood flyer, reportedly being passed out in Alexandria, Egypt's second-largest city.

The flyer seeks to undermine a series of objections to the draft constitution, with the help of clip art and answers to what are presented as common misconceptions.

The first panel of the flyer is a response to a voter who says, “I heard that non-Muslims won't be able to take their rights in this country!” The response reads:

What did I hear? Instead of listening to other people, see for yourself. You haven't got the draft - so come here. What is it you are saying? This constitution gave everyone rights that were not there before. Like Article 3, which says that non-Muslims - Christians and Jews - have the right to be governed by their own laws in regards to personal status. And article 27 says that freedom of thought is protected and that the state ensures freedom to establish houses of worship within the confines of the law.

But, as Human Rights Watch notes, “Article 43 on freedom of religion limits the right to practice religion and to establish places of worship to Muslims, Christians, and Jews. Previous drafts had provided for a general right to practice religion but limited the establishment of places of worship to adherents of these three Abrahamic religions. Article 43 discriminates against and excludes followers of other religions, including Egyptian Bahais.”

BitTorrent\'s Plan for 2013? Go Legit

BitTorrent, the start-up behind the popular peer-to-peer file-sharing system of the same name, has an unusual resolution for 2013: to align itself with the entertainment industry and legally distribute movies, music and books online.

“We've been trying to groom the entertainment industry to think about BitTorrent as a partner,” said Matt Mason, the executive director of marketing at the company, which is based in San Francisco.

“It's a constant challenge,” he said. “People don't even know we're a company. They think we're two teenagers in a basement in Sweden.”

The start-up says it has 160 million people using its two official software clients to upload and download files, one called BitTorrent and a smaller, lighter one called μTorrent. Forty million of those users, it says, are active daily.

Those figures, he said, amount to “more than Hulu, Spotify, Netflix combined and doubled,” he said. “We have a massive user base, one of t he largest on the Internet.”

It's the mission of Mr. Mason and the 110 employees working for the company to figure out a way to warm relations with content companies, forge partnerships and monetize the company's reach.

They have tried before. In 2008, the company introduced a rival to iTunes that struggled to gain momentum. But although iTunes still dwarfs BitTorrent's reach (and already has the credit card information of those users on file), Mr. Mason said the company is better positioned to try a slightly different approach.

“We don't want to create a store, just tools so people can figure it out themselves,” he said. “We are a technology company, not a media company.”

In addition, he sees promise in the company's expansion onto mobile. The iOS and Android versions of BitTorrent's official clients are expected to pass the 10 million download mark late next week.

Mr. Mason said that Facebook, which uses BitTorrent's protocol to qu ickly transfer files to multiple locations during server updates, is just one example of how companies could make use of the company's technology.

On the media side, he said BitTorrent was trying to prove that it can go beyond free downloads and actually generate sales.

The most recent example he pointed to was the promotion of Tim Ferriss's new book, “The Four-Hour Chef,” which BitTorrent publicized by making a “bundle” of extra materials, like notes, photos and recipes, available as a free download. Mr. Mason said that 210,000 people downloaded the bundle and another 82,000 continued on to Mr. Ferriss's Amazon page. He did not yet know how many of those visitors bought a book, but he called the preliminary results “promising.”

“We're seeing people go from consuming content in BitTorrent to paying for content,” he said.

These new deals could pave the way for other revenue streams and strengthen the company's reputation. Mr. Mason said . BitTorrent is profitable and makes money a few ways. It offers premium versions of its software clients that include extra features like antivirus measures, and it runs an ad network through the BitTorrent ecosystem, which allows advertisers to reach the service's largely male users.

The company's next move is to work with set-top box makers to embed its software into their hardware so that viewers at home can stream, download and watch content on the device itself. Those will probably come out in Asia and Europe next year, he said. “It'll probably be a little while before those come to North America.”

Part of BitTorrent's new business strategy stems from the rise of streaming services like Netflix and Hulu. Mr. Mason said the company isn't worried about those services. He did say, however, that if they help cut down on the illegal downloading of movies and music, then it's a “win” for the company. He also said that unlike those businesses, BitTorrent has little to no immediate interest in trying to develop its own Web shows and programs.

“The way to solve the content delivery problem is to get out of the way of the content. No one wants to just be the pipes,” he said. “We're already the pipes and we're good at it, so it's a huge opportunity for us to make this transition work.”