Powerful Malware Attacks Computers in the Middle East

A powerful computer virus described as being twenty times larger and significantly more complex than the notorious Stuxnet virus that attached Iranian computer systems has been busily attacking computers in the Middle East, according to experts at Kapersky Labs today.

The supervirus, known variously as The Flame or Skywiper to those who have been tracking it, is described as “complex” and “incredibly sophisticated.” It was apparently programmed to identify software that could make its existence easier to track and, rather than infecting those tools, avoiding them and moving on to different programs, thereby avoiding detection.

Once inside a host system, the malware can choose to operate as a trojan, wiping out the computer’s data and software, or it sits idly by as a backdoor, allowing intruders to monitor everything that happens.

“Flame can easily be described as one of the most complex threats ever discovered,” said Kapersky Labs’ Alexander Gostev in a blog post. “It’s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage.”

The existence of this cyber espionage worm came to the attention of our experts at Kaspersky Lab after the UN’s International Telecommunication Union came to the cyber intelligence company for help. At the time, the UN said it was looking for “an unknown piece of malware which was deleting sensitive information across the Middle East.” While searching for that code – nicknamed Wiper – Kapersky Labs discovered a new malware codenamed Worm.Win32.Flame.

“Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on,” said Gostev. “All this data is available to the operators through the link to Flame’s command-and-control servers.

“Later, the operators can choose to upload further modules, which expand Flame’s functionality. There are about 20 modules in total and the purpose of most of them is still being investigated.”

The malware has a variety of features that make it highly unusual and difficult to remove.  For example, while the fully deployed malware is huge – up to 20 Megabytes – it uses local databases with nested SQL queries, multiple methods of encryption, various compression algorithms, Windows Management Instrumentation scripting, batch scripting and more. Running and debugging the malware is also not trivial as it’s not a conventional executable application, but several DLL files that are loaded on system boot.

“Overall,” said Gustov, “we can say Flame is one of the most complex threats ever discovered.”

Malware watchdog site Sophos reports that at least seven countries have infected systems, mostly in the Middle East.

VentureBeat today reported that Kaspersky Lab found the worm while digging around for more information about the Wiper virus — another piece of malware aimed at the Middle East. Wiper, also known as Viper, would infect a system and delete any number of files from it, wiping out anything that came in its path. At the time, Wiper infected Iran’s Oil Ministry, deleted whole hard drives within the ministry, and causing it to shut down Internet access to all of its oil facilities and rigs.

Renesas to Tie Up with TSMC for Chip Manufacturing

Beleaguered Japanese chip maker Renesas Electronics Corporation said today that it will tie up with Taiwan Semiconductor Manufacturing Company according to reports from Reuters.

The tie-up with Taiwan Semiconductor Manufacturing Co. (TSMC) in the microchip business as it struggles to keep up with aggressive competitors while racking up heavy losses.

Just yesterday, Renesas said it would cut 6,000 jobs, or 15 percent of its workforce, and attempt to raise nearly $630 million as it tried to keep up with competitors and stave off heavy losses.

Renesas, a product of successive mergers of the chip units of Mitsubishi Electric, Hitachi Ltd and NEC Corp, is the world’s largest supplier of microcontroller chips for automobiles, but has struggled in the face of global oversupply and a variety of new competitors. Renesas was said to be seeking capital from these three main shareholders, who together account for about 90 percent of the stock.

Japanese chipmakers have also been hit hard by natural disasters in Japan and Thailand and a strong yen. Reuters reports that Elpida Memory, the country’s sole maker of dynamic random-access memory (DRAM) chips, has filed for bankruptcy protection.

Sources told Reuters earlier in the year that Renesas, Fujitsu Ltd and Panasonic had been in talks on combining their system chip operations with the financial backing of government-backed investment fund Innovation Network Corp. It was unclear whether a tie-in with TSMC would negate that deal.

Renesas gave no details on the tie-up, which it plans to announce next Monday, although chipmakers are increasingly tapping the technological prowess of companies such as TSMC, the world’s biggest contract chipmaker, to keep costs under control.

Renesas is already a client of both TSMC and rival United Microelectronics Corp, the No.2 contract chipmaker.

While a rising yen squeezes margins at its plants in Japan, Renesas, the world’s biggest supplier of microcontroller chips for automobiles, is under constant pressure to spend heavily on a technological arms race with emerging overseas rivals to produce smaller and more powerful chips at lower prices. But it has run out of capital to do that.

Renesas posted a 62.6 billion yen net loss in the financial year to March 31 after last year’s natural disasters in Japan and Thailand forced it to shut eight factories and encouraged domestic automakers to diversify their supplies.

With its state of the art foundry manufacturing, TSMC is able to provide next-generation chip manufacturing as a service, dramatically reducing the cost of new chip development.

10 Reasons Why Facebook’s IPO Timing was Brilliant Strategy

Facebook’s executive staff showed its genius yet again this week with its IPO strategy.

Pundits have been less-than-impressed by the lackluster performance of the stock on its first day of trading (it gained just 23 cents by the closing bell), but there’s quite a lot of upside to be noted.

1. At $38 per share, the stock was priced at its high end.  Doubtless many of the managers would have liked  to have seen it start a little lower to ensure a quick first-day profit, but that wasn’t in Facebook’s best interest.  The company showed that it means to be in the driver’s seat by pulling the maximum possible value out of the offering.

2. The offering was managed by just about every major Wall Street firm, ensuring that few, if any, of the big name money managers have any reason to feel slighted.

3. The high valuation keeps investors committed.  By reaching for the high end, Facebook made sure that none of the managers or investors could stage an easy run for a quick first-day cash-out.

4.  The Friday IPO keeps day traders out of the equation. Certainly, there was some day trading taking place after the initial half-hour or so, which was dominated by millions of computerized transactions.  By closing the trading for the weekend, Facebook avoided the potential for a massive, irrational, week-long scramble…or the potential for an disillusioned sell-off at the end.

5. The weekend close also avoids the possibility of sustained programmed trading that could have embarrassed the money managers.

6. The weekend reprieve allows everyone a chance to rationalize the activity. If the valuation is too high, the market will correct it in a rational way. Facebook is already large enough to take the hit without feeling much pain and an early correction would keep too many others from being hurt as well. Those who were willing to take the early risk get what they asked for.

7. Facebook starts using the money right away, sending a clear signal that the company intends to make good on the IPO by acquiring revenue-producing startups such as Karma.

8. Eduardo Saverin had enough time to find a good hiding place in Singapore.

9. Mark Zuckerberg could afford a suit and tie for his wedding.

10. Mr. and Mrs. Zuckerberg get a nice honeymoon. Anywhere.

GOP Tells Military to Stop Using BioFuels

A report surfaced earlier today that the Republican-controlled House Armed Services Committee ordered the Department of Defense to cease using biofuels in its warships, planes and other vehicles.  Ostensibly, the reason for the cease and desist was because biofuels are still considerably more expensive than “traditional fossil fuels.”

In a classic tirade, House Armed Services Seapower subcommittee member Randy Forbes took Navy Secretary Ray Mabus to task, slamming the service’s continued investment in alternative fuels, one of Mabus’ top priorities for the service.

“I understand that alternative fuels may help our guys in the field, but wouldn’t you agree that the thing they’d be more concerned about is having more ships, more planes, more prepositioned stocks,” Forbes said during the Friday hearing. “Shouldn’t we refocus our priorities and make those things our priorities instead of advancing a biofuels market?” Before Mabus could respond, the Virginia Republican took a clear shot at the secretary: “You’re not the secretary of the energy. You’re the secretary of the Navy.”

For his part, Mabus responded admirably in another committee hearing.

“It’s a false choice to say that we should concentrate on more ships versus a different kind of fuel. If we don’t get a different kind of fuel, if we don’t have a secure domestic supply of energy at an affordable price… the ships and the planes may not be able to be used because we can’t get the fuel,” Mabus told the Senate Subcommittee on Water and Power in March.

But considering that the GOP has recently offered the Department of Defense hundreds of millions of dollars more in the 2013 budget than it asked for, in a recession year, there has to be more to this. And there is.

The biofuels industry is still largely in the experimental phase. Many biofuels exist and to varying degrees, most are in fact still more expensive to develop, manufacture and distribute than traditional fossil fuels.

This is due in part to the long history of research and development that the fossil fuels industry has enjoyed, with considerable tax-free government assistance and even later write-downs based on that research.

The biofuels industry is in a similar phase, doing its best to accelerate the development of manufacturing technologies that are within cost and energy goals.

The biofuels industry has received significant government funding to continue this research, but the funding is in jeopardy as Congress wrestles with the Obama administration over budgets and, more to the point, tax incentives for corporations.

To make a long story short, the oil industry wants to keep tax incentives for biofuels research. It just doesn’t want that money to go to the biofuels researchers.

Here’s what I mean.  A large percentage of alternative energy, biofuels and fuel cell research – perhaps a significant majority – is being conducted by traditional oil companies in the United States and elsewhere. Chevron has been particularly active in this respect.

These oil companies get government funding in the form of alternative energy research grants. They get tax write-offs for research. And then they get more write downs for expenses.

Smaller independent alternative energy research companies enjoy these same benefits, which makes them potentially competitive  with the big oil companies. Worse, big oil doesn’t really want any of this research to see the light of day until traditional fossil fuels run out…that is, until all the profit has been wrung out of traditional fossil fuels and the demand for alternative energy sources is high enough to jack up the prices.

So big oil is hiding its alternative energy developments from all but a small group of tight-knit investment managers.

Meanwhile, mandates for alternative energy research have require the federal government to participate by purchasing alternative energy for vehicle fleets and military use, both to test out the viability of the projects and to further fund alternative energy projects.

Here’s  the real rub: multinational oil companies have too many foreign ties to make them good candidates for alternative energy purchases by the government. There is too much red tape, there are too many national security issues, and there are too many sensitivities with respect to foreign diplomacy.  So the preference is to secure contracts with independent biofuels researchers, not big oil companies.

In addition, if big oil were pressured into opening its biofuels research, it would have to reveal its developments, potentially forcing them to put their products on the market years ahead of strategy.

So lobbyists hit up the Defense Committee to get them to put a stop to the acquisitions, citing budget considerations.

Once again, the energy companies have thrown alternative energy research back, perhaps years back, in the quest to deliver reliable, high volume alternative fuels.

Security Industry Sources say DHS Requested Gas Pipeline Companies Let Phishers Get Inside Networks

SecurityWeek today said that the Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT) issue three successive confidential “amber” alerts at the end of March warning of an active phishing campaign targeting the U.S. natural gas infrastructure. The warnings, requested by the U.S. Department of Homeland Security (DHS), noted that multiple sources had described various features of an ongoing cyber attack.

But industry watchers expressed even greater alarm at the advice that the DHS gave to infrastructure security companies.

“There are several intriguing and unusual aspects of the attacks and the US response to them not described in Friday’s public notice,” Christian Science Monitor Staff Writer, Mark Clayton, noted. “One is the greater level of detail in these alerts than in past alerts. Another is the unusual if not unprecedented request to leave the cyber spies alone for a little while.”

According to CSM sources, energy companies were “specifically requested in a March 29 alert not to take action to remove the cyber spies if discovered on their networks, but to instead allow them to persist as long as company operations did not appear to be endangered.”

The unusual request to publicly owned companies to avoid mitigating or blocking these active intruders is “pretty unheard of,” said CSM sources.

“It’s pretty unusual in the commercial world to just let them collect data. Heaven forbid that the intruders gain control,” said the source.

SecurityWeek writer Steve Ragan said the possibility of a cyber attack against critical infrastructure is a reality because the networks running the infrastructure are so poorly protected.

“ It’s gotten to the point that simple phishing attacks, things that proper email protection and awareness training cover, rate three separate warnings and alerts,” wrote Ragan.

The CERT alert covered multiple targeted attempts and intrusions into multiple natural gas pipeline sector organizations, and all were determined to be related to a single campaign that appears to have started in late December 2011 and is still active today.

As reported by the DHS though the Transportation Security Administration’s Office of Intelligence, the U.S. pipeline system is comprised of 161,189 miles of liquid pipelines with more than 200 operators; 309,503 miles of natural gas transmission pipelines with more than 700 operators; and 1.9 million miles of natural gas distribution pipelines with more than 1,300 operators.

Virtually the entire U.S. pipeline system and critical infrastructure is owned and operated by private entities, the agency said in a pipeline threat assessment memo from 2011.

The ICS-CERT is charged with helping secure the nation’s industrial control systems – computerized systems that open and close valves, switches, and factory processes vital to the chemical, industrial, and power sectors. Their “fly away” teams visit factories, power plants, and pipeline companies to investigate cyber intrusions.

Historically, DHS has been concerned that terrorist groups could target supervisory control and data acquisition (SCADA) networks that manage these networks.  And while the DHS said it is “not aware of any credible, specific threat reporting targeting U.S. pipelines’ industry control systems or the supervisory control and data acquisition networks,” the new alert suggests that a terrorist may not have to be that sophisticated.

The Integrated Circuit was First Described 60 Years Ago Today

Sixty years ago today the integrated circuit was first described Geoffrey Dummer.

Who? Yeah, that’s what we said.

But a quick look into history shows that by all rights, Dummer likely had more practical knowledge that would lead to this world-changing event than probably anyone else of his time.

Dummer, who is known in engineering circles as “The Prophet of the Integrated Circuit,” was born in the township of Hull in Yorkshire, England in February of 1909 and studied electrical engineering at Regent Polytechnic in London and Manchester College of Technology in the 1930s. His first job was with Mullard Radio Valve Company in 1931 examining defective valves.  In 1935 he began working on cathode ray tubes and circuits. He joined the Ministry of Defence in 1939 as a Technical Officer at the Air Ministry Research Establishment in Malvern for a group was responsible for the first plane position indicator, or radar screen, ever built.

In 1942 Dummer started a Synthetic Trainer Design Group, responsible for the design, manufacture  and servicing of radar training equipment during the war. In 1943 he visited the USA and Canada to advise on trainers and to help set up similar training devices in the USA. After the war, he was awarded the MBE or Member of the British Empire for his work on ground-based aircraft detection training.

His search for more reliable components let him in 1944 to become Divisional Leader of the Physical & Tropical Testing Laboratories and the Component Group, which placed contracts with industry for new components and materials. Together with Dr A. C. Vivian he made the first plastic potted circuit in January 1947 to protect components from shock and moisture. They also explored printed wiring and etching techniques, both of which were the precursor to today’s lithographic systems, the most important tools in semiconductor manufacturing.

On May 7, 1952 Geoffrey Dummer read a paper called “Electronic Components in Great Britain” at the US Symposium on Quality in Electronic Components in Washington, DC. (The proceedings had been published a day earlier.)  As reported in Electronic Product News, at the end of the paper he concluded:

“With the advent of the transistor and the work on semi-conductors generally, it now seems possible to envisage electronic equipment in a solid block with no connecting wires, The block may consist of layers of insulating, conducting, rectifying and amplifying materials, the electronic functions being connected directly by cutting out areas of the various layers”.

This is now generally regarded as the first public description of an integrated circuit.

Dummer later recalled, “It seemed so logical to me; we had been working on smaller and smaller components, improving reliability as well as size reduction. I thought the only way we could ever attain our aim was in the form of a solid block. You then do away with all your contact problems, and you have a small circuit with high reliability. And that is why I went on with it. I shook the industry to the bone.”

In September 1957, Dummer actually presented a model to illustrate the solid-circuit —a flip-flop in the form of a solid block of semiconductor material, suitably doped and shaped to form four transistors. Four resistors were represented by silicon bridges, and other resistors and capacitors were deposited in film form directly onto the silicon block with intervening insulating films.

But despite numerous attempts to turn his idea into reality, Dummer was beat to the punch in 1958 by Robert Noyce and Jean Hoerni, whose planar process turned the ideas of fellow IC pioneer Jack Kilby into a manufacturable product.

Dummer sought British investment in IC development, but despite numerous attampts to realize this dream, the British military failed to see the significance of the development.

Still, Dummer passed away 10 years ago at the age of 93, having seen his prophecy radically change the world for half a century.

Brands are for the Over 40 Set

If you are over 40 years old and you haven’t gathered a significant nest-egg (which most people think they will spend on their later years but will likely be spent on your parents, your kids and your health), it’s time to get into action.

Working for others has gotten you this far. But as many of us already know from being laid off during a recession, the older you are, the harder it is to stay at the level you have achieved.

Unless you are in the old-boy network of stock adorned vice presidents and above, the likelihood that you have already reached the top of your corporate compensation package is quite high.

It’s time to start thinking about your brand.

Now, I’m aware some people may read this and feel their hearts sink to the floor. They’ve worked all their lives at doing one thing well, and they think they don’t have anything else to give.

Ironically, if you are one of these people, you’re likely to find that the journey to your brand is one of the most exciting things you have ever done.

The journey begins with discovering what really moves you as a person.

• Is it your work, or your leadership ability?
• Is it your contribution, or your intellect?
• Do you feel that you are doing what you wanted to do when you were a kid? What was that?
• If you are technical, do you have a creative side?
• If you are in management, is there a hobby or a passion that you keep to yourself?

One of the most important aspects of building a personal brand is understanding what you want to accomplish by doing so.  For instance, are you trying to:

• Launch to the VP level and stay there?
• Start a new company?
• Start a new career?
• Engage your creative passion?

Importantly, you should be aware of what brand is.  Brand is the total experience that others have of you or your company.  It is your appearance, your actions, your words, your product, your interaction with your customers, the things that others say about you.  If  you want all of this to reach a point of excellence – a point which former Apple evangelist Guy Kawasaki calls “enchantment,” then you have to be cognizant of how you communicate and interact with everyone you meet.  Make your brand exceptional.

Brand is the total experience that others have of you or your company.  It is your appearance, your actions, your words, your product, your interaction with your customers, the things that others say about you.

As a practical matter, it’s also key to know what it is you intend to sell. After all, if you are not creating a transaction that rewards your efforts financially, you’re just giving your hard work away.  That’s a major drawback of social media, by the way; much of what is delivered into the space is free, and therefore lost revenue to whomever it was that created it in the first place (unless they somehow tied it back to their site).  Even if all you are hoping to achieve is recognition, you should know that success has financial value that you rightly deserve.

The point is, if you’re ready to launch a brand, make sure you’ve got something to sell. Too many people get caught up in creating followers and audience without first having a sense of what they are doing, and consequently they end up borrowing from others, ultimately falling into multilayer marketing schemes or poorly thought out business plans, or worse, finding that the following they have created is incompatible with the market they are trying to reach.

Financial independence is increasingly difficult to achieve. Some say it is an illusion, not really possible for most of us.

I say it is possible, if you simply focus on what you want your brand to be, and how to make that valuable to others.

In Politics, Tone is Everything

If you’ve ever engaged in a political discussion online, you’re probably familiar with the situation where your opponent makes a claim about your candidate or subject, causing you to Google up a response…only to find that they appear to be right.

Have no fear, there is a simple solution.

Just turn the statement around.

For instance, let’s say your opponent’s position is that “the economy is worse under Obama.”

If you try to argue against this position by Googling it up, all your are going to find is articles – lots of them, in fact – that support your opponent’s contention.

But if you turn the statement around to say “the economy is better under Obama,” you’ll just as quickly find plenty of supporting articles for this position as well.

In political discussions, tone is everything.

In fact, political parties are sufficiently aware of this phenomenon that they often attempt to game the results by republishing major articles and posting opinion pieces that specifically use common phrasing for political discussion.  To carry that even further, political strategists try to tease out political discussions that will produce searchable claims with sufficient virality to surface huge SEO hits.

Of course, all of this strategy goes in the circular file if your candidate has a habitof  flip flopping on the issues.

And while it might be tempting to simply use this concept as a rule of thumb in political discussions … e.g., turn the phrase around when you search for answers … keep in mind that you’re likely to encounter answers that have been strongly slanted in favor of your position, just as your opponent likely pulled his claim from a political party’s talking points.

If you really want a challenge, go from the gut. Search on a concept that you think carries weight, and see what you come up with.  You may well uncover an angle that represents an agreeable compromise that the politician simply aren’t discussing.

After all, it’s not whether you win or lose, but how YOU play the game.

Global Corporations Should Be Treated Like Ships At Sea

I’ve seen, and been involved in, a lot of discussions recently regarding corporate taxes and the tricks that various companies use to avoid paying them.

A recent column by former BusinessWeek columnist Steve Wildstrom at Tech.Pinions prompted me to add just a bit more. I’m going to take issue with two points in particular.

First, in his article, Wildstrom argues that a corporation has “a duty to its shareholders, its employees, even its customers to run its business in the most efficient, effective, and ultimately profitable way possible. And that responsibility includes not paying more than is required in taxes.”

That statement would be defensible if corporations were dealing with a single tax code in a single country.

But every major publicly traded company today incorporates itself wherever it sees fit, irrespective of where its corporate offices, employees or manufacturing resides. Every company creates multiple subsidiaries, and each of these resides in its own country. Every company moves money and product through channels that provide the best tax advantages, and so on.

The point being, that it’s not about “not paying more than is required.”

Clearly, these companies are avoiding what is required. In many cases, the avoidance techniques themselves are so complex that it is difficult even for the corporation to manage the money trail.

So the notion of “not paying more than what is required” falls flat. Quite simply, these corporations are setting themselves above the laws of individual countries and gaming the system wherever they go.

Further, they’re often lobbying for preferential treatment in ways that governments don’t fully understand. As a result, they get huge benefits without having to make good on their end of the bargain.

Calling these companies to the floor for these practices is often worse than the pain that’s already inflicted.

The second point that I’ll take issue with was the following:

“The real lesson … is about the tax code… It shows both how badly the law needs fixing and how difficult it will be to fix; every loophole is someone’s billion dollar opportunity.”

Actually, that’s not the only lesson, and it’s not even really accurate.

Many of the “tax loopholes” that corporations exploit were created by corporate lobbyists working behind the scenes with lawmakers. So it’s not the tax code per se that needs to be addressed, but the system that allows such blatant gaming of the tax code.

Other “loopholes” were actually well-intentioned provisions that would have worked well had the companies decided to maintain jurisdiction. But by moving to another locale, or setting up other organizations, they effectively run away from their responsibility.

Of course, there’s really no way to ensure that tax codes everywhere in the world are consistent, and in fact many states and countries purposefully relax their codes to attract businesses. So there’s actually an incentive built into the global economic system to avoid taxes.

And this brings up an important departure from Wildstrom’s piece.

The fact is that global corporations have effectively removed themselves from responsibility to any single country anywhere. They are their own country, they call their own shots, and in many cases, they are larger than all but a handful of real countries.

For all practical purposes, they are unbelievably huge ships in international waters. They can do pretty much whatever they want.

One could argue that they are responsible to shareholders and customers, but from a tax perspective, that’s hardly relevant. To global corporations today, taxes are merely an exploitable nuisance.

So what’s my answer to this second problem?

Apply the same standards to corporations that one would apply to a ship at sea. Create a universal tax code and a universal jurisdiction.  Implement economic zones that enable the benefits of commerce while ensuring that taxation is consistent and fair everywhere. Provide benefits that encourage universal participation in this model.

We may not be able to get all American corporations to pay all their due taxes here, but that doesn’t make it right, and it doesn’t mean that we should throw up our hands and say, “oh well, I guess there’s nothing we can do about it.”

In fact, there is a lot that we can do about it.

Facebook Fancy

The neat thing about Facebook is

if you are tired of getting what you are getting

you can just change the things you LIKE

and you’ll start seeing things differently.