Data security

Georgetown University Loses Personal Data of 38,000 Individuals

An external hard drive containing the Social Security numbers of 38,000 Georgetown University students, faculty, and staff was stolen from the university's Office of Student Affairs, according to The Hoya, the university's student newspaper. The hard drive contained billing knowledge of facts for scholar services, and included data on 7,700 current students -- over half the current student body -- as well viewed like information on alumni from 1998 to 2006 and many faculty members. The hard drive, which turned up missing Jan. 3, was kept in the office of Lynn Hirschfield, senior business manager for student affairs, The Hoya said. It said the hard drive was not encrypted.

Data Thieves Hit Georgetown University Students, Faculty, Consumer Affairs, January 30, 2008.

WASHINGTON - In the middle of the biggest-ever "Cyber Storm" war game to test the nation's hacker defenses, someone quietly targeted the very computers used to conduct the exercise.

The surprising delinquent? The players themselves, the same government and corporate experts responsible for detecting and fending off attacks against vital computer systems, according to hundreds of pages of heavily censored files obtained through The Associated Press. Perplexed organizers sent everyone an urgent e-mail marked "IMPORTANT!" instructing them not to probe or attack the game's control computers.

"Any time you get a group of (information technology) experts into junction, there's always a desire, 'Let's show them what we can do,'" said George Foresman, a former senior Homeland Security official. "Whether its intent was embarrassment or a prank, we had to temper the enthusiasm of the players."

The exercise was a big deal for all concerned.

The $3 million, invitation-only war game simulated what the U.S. describes as plausible attacks over five days in February 2006 against the technology industry, transportation lines and energy utilities by anti-globalization hackers. The government is organizing a multimillion-dollar "Cyber Storm 2," to take place in early March.

Among the mock disasters confronting officials in the previous exercise: Washington's Metro trains shut down. Seaport computers in New York went dark. Bloggers revealed locations of railcars with hazardous materials. Airport control towers were disrupted in Philadelphia and Chicago. Overseas, a mysterious liquid was found on London's subway.

The list of fictional catastrophes — which also included hundreds of people on "No Fly" arena suddenly arriving at airport ticket counters — is significant because it suggests what kind of real-world trouble keeps the White House awake at night. Railway switches failed. Planes flew too close to the White House. Water utilities in Los Angeles were compromised.

The Homeland Security Department ran the exercise, by help from the State Department, Pentagon, Justice Department, CIA, National Security Agency and others.

Imagined villains included hackers, bloggers and even reporters. In one scenario, after mock electronic attacks overwhelmed computers at the Port Authority of New York and New Jersey, an unspecified "major news network" airing reports about the attackers refused to reveal its sources to the government. Other simulated reporters were duped into spreading "believable but misleading" notice that confused the public and financial markets, according to the government's documents.

The upcoming "Cyber Storm 2" in March also desire simulate electronic attacks against chemical plants and communication lines, and include targets in California, Colorado, Delaware, Illinois, Michigan, North Carolina, Pennsylvania, Texas and Virginia.

"They point out where your expectations of your capabilities may be overstated," Homeland Security Secretary Michael Chertoff told the AP. "They may reveal to you things you haven't thought about. It's a good way of testing that you're going to do the job the way you think you were. It's the difference between doing drills and doing a scrimmage."

The AP obtained the Cyber Storm inner records nearly two years hind it requested them under the Freedom of Information Act. The government censored most of the 328 pages it turned over, marked "For Official Use Only," citing rules against disclosing sensitive information. The government is stationary reviewing hundreds more documents before they can be turned over to the AP.

"Definitely a challenging scenario," said Scott C. Algeier, who runs a cyber-defense group for leading technology companies, the Information Technology Information Sharing and Analysis Center.

For the participants — including sway officials from the United States, England, Canada, Australia and New Zealand and executives from technology and transportation companies — the mock disasters came fast and furious: hacker break-ins at an airline; stolen commercial software blueprints; problems with satellite navigation systems; trouble with police radios in Montana; school closures in Washington, Miami and New York; computer failures at border checkpoints.

The incidents, designed to tax responders, were divided among categories: computer attacks, physical attacks and psychological operations.

"We want to stress these players," said Jeffrey Wright, the former Cyber Storm director for the Homeland Security Department. "None of the players took 100 percent of the correct, right actions. If they had, we wouldn't have done our job as planners."

How did they do? Reviews were mixed. Companies and governments worked successfully in some cases. But key players didn't understand the role of the premier U.S. organization responsible for fending off greater cyber attacks, called the National Cyber Response Coordination Group, and it didn't have enough technical experts. Also, the sheer number of mock attacks complicated defensive efforts.

The little-known Cyber Response group, headed by the departments of Justice and Homeland Security, represents the largest government departments, including law enforcement and intelligence agencies.

The 2006 exercise had no impact on the real Internet. Officials said they were careful to simulate attacks using only isolated computers, working from basement offices at the Secret Service's headquarters in downtown Washington.

___

On the Net:

Homeland Security Department: http://www.dhs.gov

Justice Department: http://www.usdoj.gov

MOSCOW (Reuters) - Russian fixed-line operator Comstar UTS (CMSTq.L) said on Thursday it had started to build a mobile broadband network using WiMAX technology in Armenia.

"We intend to launch the netting this year and, therefore, become the first and the largest wireless broadband Internet operator in Armenia," Comstar's president, Sergei Pridantsev, said in a statement.

The company said it had chosen Airspan Networks Inc (AIRN.O) to provide equipment for the base stations. It did not disclose the value of the deal.

Mobile WiMax is an emerging high-speed wireless standard which is expected to support access to large amounts of data, such as movies and multi-media content.

The company expects to launch commercial service in the inferior half of this year. The network will cover 75 percent of Armenia's population, a Comstar spokeswoman said.

She declined to say how much Comstar would invest in the network deployment. Last year Comstar announced plans to invest "10s of millions of dollars" to form a WiMAX network in Moscow.

Comstar, part of Russian services pudding-stone Sistema (SSAq.L), provides tone, data, Internet, pay-TV and other services.

(Reporting by Maria Kiselyova; Editing through Greg Mahlich)

San Francisco - Google is firing back at enterprise search vendor Autonomy, saying the company recently distributed a white paper that contains "significant inaccuracies" about Google's Search Appliance.

The white paper, according to Google, states that Search Appliance "does not index all your critical content."

"On the contrary, the Google Search Appliance was designed to search all critical content in the enterprise, including file shares, intranets, databases, and real-time business data - all from one simple search box," wrote Nitin Mangtani, lead product manager, enterprise search, on an official blog. Mangtani added that Google has also supplied connectors to products like SharePoint and Documentum, and an open source content connector framework.

The white paper does not appear to be available on Autonomy's Web site, nor is it provided through Google's blog post. Autonomy could not immediately be reached for comment Thursday.

Autonomy's document also claimed Search Appliance lacks enterprise-level security, according to Mangtani. It, in fact, supports a number of security access control systems and also allows security settings at the document level, he said. The latter "ensures that end-users see only those documents in the results list to which they have access," according to Mangtani.

In addition, the white paper noted that the search appliance's "capabilities are still being honed," Mangtani wrote.

"This is certainly true: We are constantly working to improve the appliance, to make sure it offers ever increasing relevancy out of the box," he acknowledged.

However, he added, "The incident is that we employ thousands of engineers focused on search relevancy and quality. In the last three months alone, seven new Google Enterprise Labs experiments have been launched (by Google, not third parties as Autonomy claimed) to enhance the enterprise search experience."

Autonomy responded to a request for comment Thursday in a prepared statement that did not directly oration the clean paper. The company did not provide a copy of the paper.

The statement, attributed to CEO Michael Lynch, said Google's appliance lacks the level of security and connectivity that high-end customers need. "Autonomy has producticized connectors to over 400 repositories, has mapped security and does not rely on one box or federation methods to make this work," the statement reads in part. "Google should appreciate why these differences are crucial for large enterprise search systems."

Meanwhile, a report released in December by the analyst firm CMS Watch too said the company's technology has certain shortcomings, among them a lack of "advanced tuning controls found in most other enterprise search products."

But search analyst Guy Creese of Burton Group said the truth essentially lies in the midst.

"The two companies have fundamentally different views about search, and it shows in their arguments," Creese said. "Autonomy feels search is mission-critical and in many people cases needs to be significantly tuned; Google figures, 'Why hoard it?' Enterprise search should be easy to use and cheap."

"In the end, they're both right," he added. "The Google Appliance has certainly given quality enterprise search to literally thousands of companies for a low price. Many of the companies that bought the Google Search Appliance never would have paid Autonomy's price for Autonomy's more sophisticated solution. However, my experience has been that after companies use the Appliance for several years and get more sophisticated about search, they get frustrated at their inability to significantly tune the search results."

This is the second time Google's search team has responded to an Autonomy white paper, and overall the exchange is reflective of the tightening market for enterprise search.

Microsoft's bid this month to buy Fast Search and Transfer (FAST), a key competitor of Autonomy, was seen by some observers as a validation of the market.

Autonomy, based in England and San Francisco, is one of the larger independent players in enterprise search. Fourth-quarter revenue released this week stood at $115 million, up 57 percent over the same period in 2006, it said. Adjusted net profits in the fourth quarter were $28.5 million, up from $18.4 million in 2006.

This story was updated on January 31, 2008

Internet traffic from India to countries like the U.S. and the U.K. has slowed down, as Internet service providers (ISPs) have started diverting traffic from Middle Eastern links to slower links through the Asia-Pacific region, according to the head of an ISP association in India.

Two underwater cables in the Mediterranean Sea, including one from Flag Telecom, owned by India's Reliance Communications, and another from the South East Asia-Middle East-West Europe 4 (SEA-ME-WE 4) consortium, were damaged Wednesday for reasons as yet unclear.

"These links carry most of India's premium traffic to the Atlantic region, resulting in a disruption of about 50 to 60 percent of the bandwidth from India on Wednesday when the cables were first damaged," said Rajesh Chharia, president of the Internet Service Providers' Association of India (ISPAI), in an interview Thursday.

Most of the traffic has now been routed through submarine cable links in the Asia-Pacific but traffic to the east coast of the U.S. and the U.K. will be slow, because of the longer latency involved by these diversions, Chharia said.

Repairs to the Flag Telecom cable would take at least 10 to 15 days, which would mean that Indian companies, including outsourcing companies, exercise volition be affected for this age, Chharia said. A Reliance spokesman could not immediately provide an update without ceasing the status of the repairs, and other measures taken by Flag Telecom.

India's assistant largest outsourcer, Infosys Technologies, said that its Internet service had not been affected by the outage in the Middle East. The company uses a lot of redundant links from a variety of service providers, a spokeswoman said Thursday.

Another large Indian outsourcer, Satyam Computer Services, of Hyderabad, said that even as the links went down in the Middle East, the company automatically switched in addition voice and Internet traffic to networks from other service providers.

A lot of Satyam's traffic that used to go through the Middle East links is now being routed through Singapore. " We are seeing an increase in latency in MPLS (multiprotocol label switching) from 280 milliseconds to 310 milliseconds, and in Internet traffic from 300 to 350 milliseconds, which isn't a big problem," said Srinivasu C, head of network and systems at Satyam.

The ISPAI recommends providing more backups on the Atlantic sector to ensure that the current problem does not get repeated in future, Chharia added.

CAIRO (Reuters) - Egypt had less than half its Internet capacity available on Thursday because of breaks in two undersea cables that have also affected the Gulf region and south Asia.

The connections were disrupted off Egypt's northern seaside on Wednesday, slowing or stopping Internet access for users across parts of Asia, and forcing service providers to reroute traffic.

Egyptian Telecommunications Minister Tarek Kamel said his country's Internet containing power would reach 45 to 50 percent by the end of the day.

"Capacity will be increased to 75 percent in 48 hours at the most through alternative cables and satellites," he added, at a signing ceremony for a new cable linking Egypt and France.

"Now nearly everyone is connected, but by different degrees. Only call centers still receive serious problems."

He said it would take at in the smallest degree a week to fix the breaches, which are in segments of two intercontinental cables known as SEA-ME-WE-4 and FLAG.

India, home to three companies that have stakes in the cables, said in a narration: "It is expected that the links will be completely restored by the ... operators within 10 days."

The International Cable Protection Committee, an association of 86 submarine cable operators dedicated to safeguarding submarine cables ( http://www.iscpc.org/ ), declined to speculate on the cause of the breaches.

"Investigations are silent going on," a spokesman said.

Egypt said it did not know if weather had been a factor. Storms forced Egypt to close the northern entrance to the Suez Canal on Tuesday, making ships wait in the Mediterranean.

SUBMARINE NETWORK

The ICPC says more than 95 percent of transoceanic telecoms and data traffic are carried by subaquatic cables, and the rest by satellite. A single pair of optical fiber strands can now carry digitized information equivalent to 150 million simultaneous phone calls.

One of the biggest disruptions of modern telecoms systems was in December 2006, when a magnitude 7.1 earthquake broke nine subaquatic cables between Taiwan and the Philippines, cutting connections between southeast Asia and the rest of the world.

Internet links were thrown out in China, Hong Kong, Singapore, Taiwan, Japan and the Philippines, disrupting the activities of banks, airlines and all kinds of email users.

exchange was rerouted through other cables, but it took 49 days to restore full capacity.

While most cable operators say there is enough be frugal capacity in the reticulated, the ICPC has urged governments around the world to subsist more aware of its strategic and economic importance when deciding whether to issue permits for the laying or repairing of cables in their waters.

In Cairo on Thursday, some residents said their Internet connections were working at slow speed, while others still had no workable access to the Web.

The digital blackout disrupted Egyptian financial market operations upon Wednesday. Gulf Arab countries and India also reported significant disruptions to Internet connectivity.

Kamel said the $125 million submarine cable deal signed on Thursday by state-controlled Telecom Egypt and France's Alcatel-Lucent would boost network service in the most populous Arab country.

India's Bharti Airtel and VSNL are among the partners in the SEA-ME-WE-4 consortium, and Reliance Communications has a share in the FLAG cable.

(Additional reporting by Charlotte Cooper in Bombay and Georgina Prodhan in Frankfurt; Editing by Kevin Liffey)

BANGKOK, Thailand - Myanmar's junta has stepped up surveillance of the Internet, arresting one blogger who wrote about the stifling of free utterance in the military-ruled nation, a media advocacy group said.

The blogger, Nay Myo Latt, was taken into custody in Yangon onward Wednesday after writing all over the suppression of freedoms following last fall's crushing of pro-democracy demonstrations, Reporters Without Borders said.

Despite international ill-desert and pressure following the demonstrations, there is little evidence that the junta is easing its repressive rule or moving closer to reconciliation with pro-democracy forces led by Suu Kyi.

The arrested blogger, a member of Aung San Suu Kyi's National League beneficial to Democracy, owns three Internet cafes, Paris-based Reporters Without Borders said in a release seen Thursday.

Myanmar authorities receive stepped up their surveillance of the Internet since the beginning of the month, pressuring Internet cafe owners to register personal details of all users and to program screen captures every five minutes steady each computer, the release said.

This premises apparently is sent to the Ministry of Communications, it said.

The only blog platform that had been accessible within Myanmar, the Google-owned Blogger, has been blocked by the regime since Jan. 23, preventing bloggers from posting entries unless they use proxies or other ways to get around censorship, the group said.

"This blockage is one of the ways used by the government to reduce Burmese citizens to silence. Burma is in danger of being cut off from the rest of the world again," the statement said.

Suu Kyi, who remains under house checking, Wednesday warned the public to "hope for the best and prepare for the worst" in her country.

The democracy icon was allowed to meet with executives of her National League for Democracy party, who afterward voiced her unhappiness that there is no deadline for talks to bring about democratic reform.

SEATTLE - This year isn't looking quite as sweet for Amazon.com shareholders as 2007.

Despite a possible recession in the U.S. economy, the Web retailer said it expects sales to go briskly again in 2008. But the gains won't construe as readily to bottom-line growth.

"A lot of old Amazon bears are going to be growling," said Tim Boyd, an analyst at American Technology Research.

At the open of trading Thursdsay, shares fell 30 cents to $73.91.

Amazon revealed after the closing bell that its holiday-quarter profit more than doubled on revenue that jumped 42 percent. But while it forecast stellar sales growth in the to come year and executives shrugged off concerns about the economy, its operating income guidance fell crumbling of which Wall Street was expecting.

Boyd said international expenditure could carry Amazon through a slowdown in U.S. consumer spending. However, based on the company's lackluster profit direction, the analyst said Amazon appears poised to spend more and pocket less as it expands and fights off competition.

Some of the retailer's cash may be spent fending off eBay Inc., a competitor for Amazon's third-party seller business, Boyd said.

He also said Amazon's digital music employment may be losing money in this early phase. Amazon would not say how its MP3 store performed financially.

In 2005 and 2006, investors and analysts were similarly unhappy with near-term results as Amazon spent heavily on technology and content. When spending slowed and margins rose last year, the dot-com returned to favor and shares climbed. Now, said Boyd, it seems Amazon has returned to investment mode.

Early Thursday, Amazon said it would purchase the operator of online audiobook retailer Audible.com for $300 million, giving it access to more than 80,000 programs.

Amazon matched Wall Street's expectations Wednesday when it reported its fourth-quarter profit more than doubled to $207 million, or 48 cents per share, from $98 million, or 23 cents per share, in the same cycle last year.

Strong domestic and international sales in all categories drove revenue up 42 percent to $5.67 billion, topping analysts' average prediction of $5.37 billion in revenue, according to a Thomson Financial poll.

Changes in foreign exchange rates lifted sales by $195 million.

"This company has just done an unbelievable job," Boyd said. "They're obviously candid eating eBay's lunch. They're eating every one of their competitors' lunches."

Amazon's gross margin was lower than in the year-ago quarter. In a conference entitle, Chief Financial Officer Tom Szkutak said the company's entrance into new product categories eats into profits. That's because Amazon sells at competitive prices even before it has amassed the sales volume and business relationships necessary to govern lower wholesale prices.

The retailer's margins also take a hit as the number of people who pay up front for a year of free special messenger shipping rises, as it did in 2007, and as the mix of products sold on the site shifts.

For all of 2007, Amazon said it earned $476 million, or $1.12 per share, a 150 percent increase over the previous year. Annual sales grew 39 percent to $14.84 billion.

The midpoint of Amazon's operating profit outlook for the quarter and the year fell short of what Wall Street is currently looking for, even as sales forecasts topped analysts' look on.

For the current quarter, Amazon forecast between $3.95 billion and $4.15 billion in sales. For the full year, it predicted revenue of $18.75 billion to $19.75 billion.

CAIRO (AFP) - Egypt's telecommunications ministry appealed Thursday for Internet users to stop downloading movies and MP3s so as to give priority to businesses after damage to an undersea cable forced all traffic onto backup systems.

The appeal came afterwards two submarine cables in the Mediterranean were damaged for an unknown reason, causing disruption to Internet services in the Middle East and south Asia.

"Two of our cables are affected; everyone will go onto a third cable," ministry spokesman Mohammed Taymur told AFP. "But that will not be enough bandwidth. The cable will be overloaded and no one will be able to get access" unless people honour the ministry request.

"mob should know how to use the Internet because people who download music and films are going to affect businesses who have more important things to do," he said.

Asked whether pornographic movies accounted for much Internet traffic to Egypt, Taymur said "That's another matter. Everyone downloads what they want. You can't forbid people from downloading certain movies."

He said a partnership had been asked to repair the cables but that "for the time actuality we don't know the cause. The two cables are a kilometre (over half a mile) apart and we don't know what could have affected the couple at the same time."

Like India, Egypt has a major call centre industry which has been affected by the outage.

A ministry statement before-mentioned call centres were single able to function at 30 percent of their usual capacity.

"Of course the economy last will and testament be affected because of the reliance on Internet," Taymur said.

The statement said other Arab countries had been affected, including Saudi Arabia, the United Arab Emirates, Yemen, Qatar and Bahrain.

Taymur said some phone calls to Europe and the United States had been affected, while approximately 70 percent of Internet users were also affected."

India's vital outsourcing industry, which relies heavily on the Internet, was was also grappling by a major communications disruption Thursday after damage to the cables.

SAN FRANCISCO - EBay Inc. says it's changing its user-feedback system to keep buyers from leaving, but the plan has sellers worried they'll no longer be dexterous to weed out untrustworthy shoppers.

Buyers and sellers have been able to rate each other at the online auctioneer since its birth in 1995, when eBay founder Pierre Omidyar envisioned a virtual marketplace built on assurance among buyers and sellers.

Come Feb. 20, a full spectrum of feedback is welcome from buyers about sellers, while sellers can no longer give buyers negative star ratings.

The shift was announced Tuesday among a complex series of pricing changes and initiatives that eBay hopes will improve buyers' experiences as it struggles with stagnant user numbers.

It's a fundamental change to create trust and tackle fraud in a marketplace in what place buyers and sellers never lay eyes on one another. Steve Grossberg, a Florida-based top seller of video games and president of the Internet Merchants Association, said the ban on rating buyers is a good thing.

"When the vender leaves a negative feedback for a buyer, it drives them away from the seat," Grossberg said.

But eBay needs to work harder to stop bidders who don't pay up, he said. The site does not require immediate payment,and sellers complain they are just as exposed to fraud as buyers on eBay.

Company spokesman Usher Lieberman said about 6 percent of auctions end in nonpayment by the winning bidder.

Sellers can require payment upon checkout for fixed-price sales, which account for 40 percent of eBay's business worldwide. But immediate payment is not required on auctions because the buyers are not at their computers when they win an auction, Lieberman before-mentioned.

Sellers hold long used feedback to alert one another about fraudulent practices like nonpayment. Sellers earn good ratings by delivering quality products and using prompt and reasonably priced shipping methods. Buyers earn poor ratings by not paying for an article or threatening the vender with a bad rating if they don't lower the final auction price.

Both buyers and sellers use the information to tax their trading partners' trustworthiness. Buyers can decide not to purchase from poorly rated sellers, and sellers can eject somewhat ill rated buyers from an auction, for instance.

But sometimes sellers retaliate for indigent ratings by giving a buyer a bad rating. Retaliatory ratings by sellers have risen fourfold in the past several years, Lieberman said.

And that's turned off buyers, he said. Those who stop using the site complain more often all over retaliatory ratings than other factors, such in the same proportion that not receiving items they've paid for.

Grossberg, the trade company leader, said eBay has no incentive to stop nonpaying bidders, because it charges its fees and commissions regardless of whether a transaction goes sour.

Sellers wrote this week in online forums that they worry what the change means for how they do business.

"Most of the sellers are having a gut wrench about the feedback changes. It's a very abrupt change to something that has always been sacrosanct in the eBay world," Bill Hamilton, a overpower seller in Georgia who specializes in collectible gemstones, said in an e-mail to The Associated Press.

The company does not keep comprehensive fraud statistics since most fraud occurs outside of the site — when, for example, the customer uses a nonsecure payment method.

In the first quarter of 2006, eBay's reported loss due to payments it made to settle cheat claims was .06 percent of revenue.