Cyber summit signs training deal

24 March 2011 Last updated at 15:40 ET

A conference on cyber security has ended with a university deal to train a new generation of experts in fighting off criminal and terrorist IT attacks.

The summit in Cardiff agreed that the UK and the US would need to produce many thousands of people with this expertise over the next few years.

Delegates at the University of Wales event included the UN, the US defence department, Microsoft and IBM.

The US says government systems are under continued attack.

The US federal government recently announced plans to spend more than $13bn a year within the next five years on protecting its systems.

In the UK, cyber crime is costing the economy up to �27bn every year, it is estimated.

US officials say cyber criminals, terrorists and other nations are getting better at penetrating state and private networks, whether to spy, to steal data or damage critical infrastructure.

Continue reading the main story

"Start Quote

Cyber-physical security is now considered the number one threat to national security"

End Quote Professor John Williams Geospatial Data Centre, MIT

Last week, the head of the Pentagon's cyber command said the US military lacked the people and resources to defend the country adequately from concerted cyber attacks.

The two-day summit was organised by the University of Wales Global Academy and the Geospatial Data Center of the Massachusetts Institute of Technology (MIT) in the US.

It also included professors from Harvard University, the University of Oxford, University of Memphis, Boston University and the University of Central Florida.

'Overriding issue'

The University of Wales and the Geospatial Data Centre at MIT signed an agreement to jointly develop cyber security leadership and training programmes.

University of Wales vice-chancellor Professor Marc Clement said he believed the summit was a "major coup" for Wales and the deal signed would put Wales at the forefront of cyber security defence.

He said the university hoped to "work closely with many of the participating academics to take forward the agenda identified by the summit and to advance relations between MIT and the University of Wales".

He added: "We now plan to develop a joint training programme for taking forward educational developments in the field of cyber-physical security, an area that the summit agreed was the overriding issue for government, business, and universities."

Professor John Williams, director of the Geospatial Data Centre, said: "Cyber-physical security is now considered the number one threat to national security, being deemed more critical than conventional nuclear attacks.

"Last year alone, the US logged over 300,000 virus attacks on their networks and noted that organised crime now makes more money from cyber crime than any other activity."

Powered By WizardRSS.com | Full Text Feeds | Amazon Plugins

Iran accused in 'dire' net attack

24 March 2011 Last updated at 07:18 ET

Hackers in Iran have been accused of trying to subvert one of the net's key security systems.

Analysis in the wake of the thwarted attack suggests it originated and was co-ordinated via servers in Iran.

If it had succeeded, the attackers would been able to pass themselves off as web giants Google, Yahoo, Skype, Mozilla and Microsoft.

The impersonation would have let attackers trick web users into thinking they were accessing the real service.

Fake identity

The attack was mounted on the widely used online security system known as the Secure Sockets Layer or SSL.

This acts as a guarantee of identity so users can be confident that the site they are visiting is who it claims to be. The guarantee of identity is in the form of a digital passport known as a certificate.

Analysis of the attack reveals that someone got access to the computer systems of one firm that issue certificates. This allowed them to issue bogus certificated that, if they had been used, would have let them impersonate any one of several big net firms.

It appears that the attackers targeted the SSL certificates of several specific net communication services such as Gmail and Skype as well as other popular sites such as Microsoft Live, Yahoo and the Firefox browser.

SSL certificate issuer Comodo published an analysis of the attack which was carried out via the computer systems of one of its regional affiliates.

It said the attack exhibited "clinical accuracy" and that, along with other facets of the attack led it to one conclusion: "this was likely to be a state-driven attack."

It is thought it was carried out by the Iranian authorities to step up scrutiny of opposition groups in the country that use the web to co-ordinate their activity.

The bogus certificates have now been revoked and Comodo said it was looking into ways of improving security at its affiliates.

Browsers have also been updated so anyone visiting a site whose credentials are guaranteed by the bogus certificates will be warned.

Writing on the blog of digital rights lobby group the Electronic Frontier Foundation, Peter Eckersley, said the attack posed a "dire risk to internet security".

"The incident got close to � but was not quite � an internet-wide security meltdown," he said.

"We urgently need to start reinforcing the system that is currently used to authenticate and identify secure websites and e-mail systems," said Mr Eckersley.

Powered By WizardRSS.com | Full Text Feeds | Amazon Plugins

US hacker denies fleeing justice

24 March 2011 Last updated at 05:24 ET

The American hacker who unlocked Sony's PS3 has denied fleeing the country to avoid legal action.

George Hotz, also known as Geohot, said his trip had been planned for months and added that he was still in contact with his lawyers.

Sony had raised questions about the reason for his sudden disappearance in recent legal papers that it filed in California.

The company is suing him for computer fraud and breach of copyright.

To explain his absence, Mr Hotz wrote on his blog: "Factually, it's true I'm in South America, on a vacation I've had planned and paid for since November. I mean, it is Spring break; hacking isn't my life."

He continued: "Rest assured that not a dime of legal defense money would ever go toward something like this."

The blog was written in reaction to reports of his departure which speculated that he may have paid for the trip with money donated by supporters, intended to pay for pay for his legal costs.

Serious question

His absence was brought to light in the latest court documents filed by Sony Computer Entertainment America (SCEA) to the San Francisco court where he is being sued.

They raise concerns, both about Mr Hotz whereabouts and the condition of computer equipment he was due to submit for examination.

The filing states: "SCEA learned that Hotz had deliberately removed integral components of his impounded hard drives prior to delivering them to a third party neutral and that Hotz is now in South America, an excuse for why he will not immediately provide the components of his hard drives as requested by the neutral.

"Hotz's attempts to dodge this Court's authority raise very serious questions."

Sony launched its legal action in California where its US subsidiary is headquartered. It also claims that information relating to the hack was posted on several California-based websites, including Twitter and Youtube.

However, Mr Hotz has disputed the court's jurisdiction, claiming that he is a resident of New Jersey and that the PS3 is made in Japan.

Mr Hotz developed his system for unlocking the PlayStation 3 in 2009. It makes it possible for users to play "homebrew" software and copied games, although he denies that it was his intention to enable piracy.

Sony is taking legal action against Mr Hotz and more than 100 other defendants who, it claims, downloaded the hack.

In previous hearings, George Hotz has been ordered to hand over the IP addresses of users who accessed his website.

Powered By WizardRSS.com | Full Text Feeds | Amazon Plugins

Games industry wins tax relief

23 March 2011 Last updated at 12:05 ET

TIGA, the trade association which represents the UK games industry has described plans to enhance R&D tax credits as a "decisive victory" for its members.

The announcement in the budget should be worth around �7 million to the video games industry, a spokesman said.

It will mean studios can invest more in research and development, as well as hiring additional staff.

But it falls short of the specific tax relief that the industry wanted.

Dr Richard Wilson, TIGA chief executive said: "The R&D tax credits will deliver 60% to 70% more value to games studios than the current tax credit regime."

But he was unhappy that the government had not gone further.

"Failure to deliver TIGA's Games Tax Relief is a dismal decision that displays a complete lack of imagination and one which will leave the UK video games industry swimming against the tide internationally," he said.

"Our key competitors have tax breaks for games production. The UK does not," he said.

Canada, for example, saw its games industry grow by 33% between 2008 and 2010, while the UK sector declined by 9%.

Plans by Labour to introduce tax cuts for the games industry were scrapped by the incoming coalition government during its 2010 emergency budget.

Powered By WizardRSS.com | Full Text Feeds | Amazon Plugins

Sudan to unleash cyber jihadists

23 March 2011 Last updated at 11:31 ET

Sudan's ruling National Congress Party has warned that its "cyber jihadists" will "crush" internet-based dissent.

It follows an increase in anti-government campaigns organised on Facebook and Twitter.

Vice-president in Khartoum state, Mandur Al-Mahdi warned opposition groups that its "cyber battalion" was leading "online defence operations".

The country saw anti-government street protests in January.

The government, which seized power in a military coup in 1989, is concerned about uprisings similar to those seen across the Middle East and North Africa.

It reacted violently to street protests organised by opposition parties, detaining many activists.

In the run-up to the January protests, supporters of the NCP posted messages on the Facebook pages of dissidents, warning them against joining in.

So far the protests, organised by groups from Sudan's Darfur region, have failed to attract mass popularity.

Despite the NCP's threat, there is little evidence regarding the size or nature of the cyber battalion, or if it even exists.

In July 2010, oil-producing South Sudan became independent of the north.

Its ruling party, the Sudan People's Liberation Movement has since accused President Omar al-Bashir of plotting to overthrow the southern government.

Powered By WizardRSS.com | Full Text Feeds | Amazon Plugins

Millions download latest Firefox

23 March 2011 Last updated at 08:25 ET

More than five million people have downloaded the latest version of Firefox since its release a day ago.

Mozilla, which makes the number two web browser, has been keeping a real-time map showing where in the world users are installing the software.

Despite the rapid uptake, downloads have been slower for version 4 than its predecessor.

Over the past year, Firefox's market share has declined slightly in the face of competition from Google's Chrome.

Firefox 4 was made available for download less than a month after Microsoft launched Internet Explorer 9, the latest version of its market-leading browser.

Both pieces of software promise users a faster, more secure online experience.

Firefox, like its rival, now makes extensive use of HTML 5, one of main the programming languages used to build websites.

Both browsers feature hardware acceleration when displaying HTML 5 pages - drawing on the power of a computer's graphics processor to improve the speed of complex visuals.

Declining share

Within its first 24 hours, more than 5.5 million users had downloaded Firefox 4. However, that falls short of the 8 million who downloaded version 3 on its release day in 2008.

The lower figure may be explained by the widespread availability of pre-release versions of Firefox 4 in the months ahead of its launch.

Firefox has enjoyed rapid growth since it first appeared in 2004. At its peak, in 2009 it held a 24% market share, according to Netmarketshare.

However, by February 2011 its slice of the browser market had fallen to 21%.

At the same time, Google's Chrome browser has grown from 1% to 10%, according to the same figures.

Internet Explorer remains the dominant platform, although its fall has been the most precipitous - from 68% in March 2009 to 56% in February 2011.

Some analysts believe that Firefox could still secure a bigger piece of the increasingly fragmented market, especially among corporate users.

"Internet Explorer 9 is only for Windows Vista and 7. Two thirds of companies are still using Windows XP," said Ovum analyst Richard Edwards.

"If you want to make the most of the HTML 5 stuff that is out there then you have to go to IE9 and a Windows 7 upgrade or switch to Firefox.

"That may be a significant opportunity for Firefox," he said.

Powered By WizardRSS.com | Full Text RSS Feed | WordPress Plugin

Digital Act heads to High Court

23 March 2011 Last updated at 05:12 ET

Parts of the Digital Economy Act that deal with illegal file-sharing are being challenged in the High Court.

Internet providers BT and TalkTalk demanded the judicial review, arguing that the legislation was rushed through parliament without proper debate.

They claim that the measures unnecessarily impact users' privacy and force ISPs to police copyright infringement on the net.

If the court finds in their favour, the act would no longer be enforceable.

"It is a big deal to be judicially reviewing primary legislation but we took advice and there were very clearly were some real problems," said Simon Milner, BT's head of industry policy.

"It might find that it is all fine - I'd be surprised if it was - but we are going to court to get legal clarity," he added.

Letter campaign

Continue reading the main story

"Start Quote

Peer-to-peer file-sharing is yesterday's game. People now are going off the network where they won't be detected - swapping hard-drives, and getting music via blogs and upload sites"

End Quote Mark Mulligan Forrrester Research

The courts will consider whether the act is in line with European legislation, in particular as it relates to users' privacy and the role of ISPs.

The previous government brought in the tough measures to deal with the growing issue of internet piracy.

Under the current legislation, content providers will have to monitor peer-to-peer networks for illegal activity and collate the IP addresses - the numerical code that links a particular computer network to an illegally downloaded file.

They can then apply to a court to force ISPs to surrender the real world address that is connected to that IP address.

Letters could then be sent to alleged net pirates, advising them that their computer connection has been used in illegal activity.

The creative industry is keen that the emphasis will be on education initially, although people will go on a blacklist which could in future be used to take individual infringers to court.

Other penalties, such as slowing down net connections or even cutting people off from the net entirely have not been ruled out, but would need additional legislation.

The letter-writing strategy bears similarities to the tactics of discredited law firm ACS: Law, which sent over 10,000 letters to alleged net pirates.

Unlike content providers, which will not be levying fines, ACS: Law collected some �300,000 from people - who were charged an average of �500 per infringement.

Not everyone paid up and 27 cases recently went to court in highly controversial circumstances.

Lead solicitor Andrew Crossley attempted to discontinue the cases shortly before the hearing was due and was accused of obstructing the court process.

In the middle of the case, Mr Crossley said he no longer wanted to be in the business of chasing net pirates and the cases were eventually thrown out.

But he faces an investigation for his conduct from the Solicitors' Regulation Authority and could be hit with legal costs for the cases he brought.

Yesterday's game

During the court case, doubt was cast over whether an IP address was suitable evidence of wrong-doing as it does not identify the individual user - only the location of their connection.

Consumer watchdog Which? highlighted several cases where people claimed to have been wrongly accused.

Charles Dunstone, chairman of TalkTalk, thinks the same thing will happen if the government's measures go ahead.

"Innocent broadband customers will suffer and citizens will have their privacy invaded," he said.

Jim Killock, director of the Open Rights Group, said that he is particularly worried about how the legislation will affect public wi-fi hotspots.

"We need to start again and find a new policy settlement which embraces, rather than tramples on, the exciting possibilities that the digital age offers," he said.

John McVay, chief executive of PACT (Producers Alliance for Cinema and TV), who will represent the UK's creative industries at the judicial review, defended the act.

"The Digital Economy Act is the result of many years of consultation and presents a reasonable and balanced solution," he said.

But Mark Mulligan, an analyst with Forrester Research, warned that even if the act remains intact, the measures won't work because they are already out-of-date.

"Peer-to-peer file-sharing is yesterday's game. People now are going off the network where they won't be detected - swapping hard-drives, and getting music via blogs and upload sites," he said.

Powered By WizardRSS.com | Full Text RSS Feed | WordPress Plugin

Play.com warns of security breach

22 March 2011 Last updated at 11:27 ET

Play.com has warned its customers to "be vigilant" after a security breach led to some personal information being compromised.

The retailer, which sells music, videos and games, blamed another company that it employs to do marketing.

It said that no payment details were stolen, but asked users to beware of spam e-mails containing harmful links.

The company has apologised saying it had "taken every step to make sure this doesn't happen again".

In a statement, Play.com's chief executive John Perkins said: "On Sunday 20 March some customers reported receiving a spam e-mail to e-mail addresses they only use for Play.com."

"We believe this issue may be related to some irregular activity that was identified in December 2010 at our e-mail service provider, Silverpop.

"Investigations at the time showed no evidence that any of our customer e-mail addresses had been downloaded.

"We reacted immediately by informing all our customers of this potential security breach in order for them to take the necessary precautionary steps."

The retailer, which operates out of Jersey, said that all of its customers had now been warned to be cautious of e-mails appearing to come from Play.com.

It has also requested that any suspicious messages be forwarded to privacy@play.com.

Cyber attack

US-based firm Silverpop was employed by the site in 2008 to manage e-mail marketing and communications.

Silverpop's manager of corporate communications, Stacy Kirk, told the BBC that the only security issue it had been affected by happened last year, and that it had notified all affected clients at the time.

"Silverpop was among several technology providers targeted as part of a broader cyber attack that occurred in the fall of 2010," she said.

"At that time, we very quickly stopped the attack, notified all customers impacted by the activity and began working with the FBI, law enforcement and third party security experts to help identify those responsible and take any additional steps necessary to ensure this did not happen again.

Continue reading the main story

"Start Quote

On behalf of Play.com, I would like to once again apologise to our customers for any inconvenience due to a potential increase in spam that may be caused by this issue."

End Quote John Perkins CEO, Play.com

"We are confident that the breach last year remains an isolated incident."

Ms Kirk would not confirm that Play.com was among those contacted due to client confidentiality.

Some users on Twitter and in discussion forums have reported an increase in spam e-mail to accounts signed up to Play.com, with some of these e-mails containing links to websites containing malware.

Phishing scams are designed to trick users into believing they are sharing data with a company that they trust, and giving out personal information such as a credit card details.

However, it cannot be confirmed that the e-mails were sent as a result of the data breach at Play.com.

No notice

Some customers who received Play.com's warning e-mail questioned its validity as it did not refer to them by name.

Play.com's website currently contains no notice or guidance about the breach.

Many users have also complained that it is currently not possible to manually remove credit card details from the site.

Paul Vlissidis, technical director of IT security firm NGS Secure, said that such situations are a major concern for retailers and their customers.

"Online businesses, even those of Play.com's size, cannot afford the loss of reputation and customer trust that negligence of this type causes," he said.

"While it is a weakness in the security of a third party that has allowed this data breach, it is the responsibility of all organisations dealing with personal customer data to ensure comprehensive security audits have been carried out in all areas of outsourced work."

Mr Perkins has moved to re-assure customers that other data kept with Play.com is safe.

"We would also like to reassure our customers that all other personal information (i.e. credit cards, addresses, passwords, etc.) are kept in the very secure Play.com environment.

"Play.com has one of the most stringent internal standards of e-commerce security in the industry.

"On behalf of Play.com, I would like to once again apologise to our customers for any inconvenience due to a potential increase in spam that may be caused by this issue."

Powered By WizardRSS.com | Full Text RSS Feed | WordPress Plugin

China rejects Google allegations

22 March 2011 Last updated at 04:06 ET

China's foreign ministry has rejected claims by Google that Beijing is disrupting access to its e-mail service in the country.

"This is an unacceptable accusation," ministry spokeswoman Jiang Yu told a regular news conference on Tuesday.

Google said on Monday that difficulties faced by users of its Gmail service was the result of government blocks.

Users say the interference coincided with an internet campaign calling for protests like those in the Middle East.

Google said it had found no technical issues, and blamed "a government blockage carefully designed to look like the problem is with Gmail".

Last year, Google said it had suffered cyber-attacks from China-based organisations intent on hacking into the Gmail accounts of Chinese rights activists.

The incident caused tensions between China and the United States, and led to Google reducing its presence in the Chinese market.

Beijing has always denied any state involvement in the cyber-attacks, and has in the past called such accusations "groundless".

Powered By WizardRSS.com | Full Text RSS Feed | WordPress Plugin

China blamed for Gmail disruption

21 March 2011 Last updated at 04:02 ET

Google has blamed the Chinese government for problems accessing its e-mail service in the country.

Internet users have complained that the authorities have stepped up disruption of its Gmail service in recent weeks.

Google said it had found no technical issues, and blamed "a government blockage carefully designed to look like the problem is with Gmail".

Users say the interference coincided with an internet campaign calling for protests like those in the Middle East.

Last year, Google said it suffered cyber-attacks from China-based organisations intent on hacking into the Gmail accounts of Chinese rights activists.

The incident caused tensions between China and the United States, and led to Google reducing its presence in the Chinese market.

Beijing has always denied any state involvement in the cyber-attacks, and has in the past called such accusations "groundless".

Powered By WizardRSS.com | Full Text RSS Feed | WordPress Plugin