There were plenty of companies, both old and new, at this year’s Mobile World Congress in Barcelona that offered creative new ways to enhance the mobile-phone multimedia experience. From semiconductor chips to software applications to new online services, a dozen of the hottest companies at the show had been picked up.
by Aaron Ricadela
It’s nearly enough to make you long for the days of typo-ridden e-mails pretending to come from your bank.
As Internet users display more of their personal information on social networking Web sites, and office workers upload more sensitive data to online software programs, computer hackers are employing increasingly sophisticated methods to pry that information loose. In many cases, they’re devising small attacks that can fly under the radar of traditional security software, while exploiting the trust users place in popular business and consumer Web sites.
In September, the names and contact information for tens of thousands of customers of Automatic Data Processing and SunTrust Banks were stolen from Salesforce.com CRM, which provides online customer management software for those two companies. The incident occurred after a hacker tricked a Salesforce employee into disclosing a password.
The assaults on consumer sites are getting more unnerving as well. A security researcher reported Nov. 8 that hackers had hijacked pages on News Corp.’s social networking site MySpace, including the home page of singer Alicia Keys. Clicking nearly anywhere on the page would lead viewers to a Web site in China that tries to trick them into downloading software that can take over their PCs. “We’re going to see a lot more of this in the consumer space,” says John Pescatore, an Internet security analyst for Gartner IT.
These kinds of targeted attacks on Web-based services may constitute the top computer security threats of 2008, according to security experts. “One of the biggest challenges of 2008 will be, how do you do business online when you know there’s a bad guy in the middle?” says Chris Rouland, chief technology officer in IBM’s Internet security systems division. “The personal computer isn’t the target of 2008; it’s the browser,” he says. IBM sees the landscape changing profoundly enough that the company plans to spend $1.5 billion next year to develop security suites that can address a broad array of threats rather than different products aimed at specific security risks.
Although a rash of e-mail-borne virus outbreaks in recent years have made most PC users wary of opening attachments or clicking on links in suspicious messages, it may be harder to prevent attacks that exploit the Web-based lists of friends and business contacts that users store in widely used services and social networks. “We’ve definitely seen the bad guys use malware to go after friends lists on MySpace and Facebook,” says Pescatore. “They’re exploiting trust.”
By targeting a relatively small number of users at a time—tens of thousands vs. millions—new hacking strategies can elude efforts to detect them. Hackers also are employing more professional approaches to maximize damage without being caught. These include division of labor by hacking expertise and wider use of black-market sites to hire programmers and purchase professional malware-writing tools.
Hackers Shift Attacks
Factor in the growing variety of places where people are connecting to the Internet—from work, from home, from Starbucks —and the growing array of devices they’re using to do so, and the coming year could present a potent brew of problems.
Although traditional PC software such as Microsoft’s Windows operating system and Office programs still present the broadest target because of their hundreds of millions of users, hackers are increasingly attacking online services, says Scott Charney, Microsoft vice-president for trustworthy computing. Worse, traditional virus attacks that crash PCs or issue floods of commands to overwhelm Web sites are being augmented with malicious software that can swipe personal information, such as bank and credit-card numbers.
To be sure, it’s in the interest of companies that sell security software to maximize fears that there’s a cyberthreat lurking behind every mouse click. At the same time, the sheer size of attacks is getting larger, and the Web’s incursion into nearly every facet of daily life presents attackers with more ways than ever to strike.
Cellular and Corporate Caution
For consumers, it’s not just their profiles on social networks that can be mined for personal information. Sophisticated smartphones that run full-fledged operating systems and e-mail applications, and hence store more valuable data, could present tempting targets. Security researchers have found numerous ways to break into prominent mobile-phone platforms from Symbian and Microsoft, and quickly demonstrated ways to hack into Apple’s new iPhone. “All of a sudden on that phone is the stuff the identity
thieves go after,” says Gartner’s Pescatore, noting security vendors have been hyping the cell-phone threat for years, while the damage hasn’t amounted to much.
In the corporate world, criminals are hunting for more of the valuable information stored on companies’ servers. A computer breach at T.J. Maxx in 2005 and 2006 may have handed hackers access to credit- and debit-card numbers for up to 94 million of the retailer’s customers—double what the company originally reported, according to court documents filed by Visa and MasterCard in October.
Cyberthieves are also attacking corporate databases in search of undisclosed financial data or proprietary design and engineering information that can be sold, says Phil Dunkelberger, CEO of security software company PGP. “The really big money now is going to be in stealing intellectual property,” he says.
Viruses: More Sophisticated Bait
Hackers are also unleashing viruses that can recruit armies of consumer PCs into larger networks of remote-controlled machines. These “botnets” can distribute spam, attack database software, or keep a record of users’ keystrokes. One of the worst, Storm Worm, has infected tens of millions of PCs this year.
Even the messages containing virus payloads are getting slicker. In the past, as compared with the sophistication of the viruses, the e-mails carrying them were rather crude. That made users less likely to follow their instructions, says David Perry, director of global education at security software vendor Trend Micro. “These were really well-written viruses, but nobody in the U.S. would click on them because they sounded like they came from Boris and Natasha,” he says, referring to Cold War characters from the old Rocky & Bullwinkle cartoons. Now, he says, “they’re hiring professionals” to write the e-mails.
Given the assortment of nasty behavior befouling the Internet, what’s a PC user to do? BusinessWeek.com consulted the experts, who offered the following advice:
- Don’t give away any valuable or sensitive personal information on your MySpace or Facebook profile, or within messages to other members of the network. And don’t click on any links in social network messages from people you don’t know.
- No reputable company will ask for your password, account number, or other log-in information via e-mail or instant message.
- Use one of the many antivirus, antispyware, and firewall programs on the market. Often, vendors offer all three functions in a single package. And many Internet service providers offer them free with your monthly subscription.
- Upgrade your browser to the most current version. From Microsoft, that’s Internet Explorer 7, Mozilla’s Firefox is on version 2, as is Apple’s Safari browser.
- Pay attention to the messages from Windows that pop up on your screen, especially in the new Vista operating system. They often contain helpful security information that many users overlook.
- Turn on Windows’ automatic-update function to get Microsoft’s regular security patches.
The term “crowdsourcing” has the ring of a passing fad. But long before Wired contributing editor Jeff Howe put a name to mass Web collaboration in pursuit of economic reward, entrepreneurs and big businesses alike were starting to explore methods to tap the wisdom of the crowds to produce goods and services. “Is it jargon?” says Howe. “The phenomenon itself predates my article—it’s the application of open-source principles to fields outside software. There doesn’t need to be a profit motive, but it is a mode of economic production.”
And the trend is building. Six months ago, BusinessWeek‘s Inside Innovation brought readers the lowdown on crowdsourcing, highlighting several of the more interesting projects (see “Crowdsourcing”). Since then, several new crowdsourcing experiments have emerged. Here are five recent efforts that you should know about:
A Swarm of Angels
This British open source film project takes on Hollywood’s traditional business model, aiming to create cult cinema for the digital age. Subscribers—the “angel” investors that “swarm” to create the site’s name—pay roughly $50 (£25) each to join. The site aims to draw 50,000 angels to create a film with a $1.8 million budget. Project founder Matt Hanson has written two separate movie screenplays that will be edited and refined based on feedback from the subscriber community.
Eventually, the community will vote to decide which film will be made. Community members will be paid to handle the production, and once finished, the film will be released free on the Internet under a Creative Commons license. Viewers will be invited to watch it, share it, and remix it. So far Hanson and his crew have 800 investors. Advisers include sci-fi writer Cory Doctorow and musicians The Kleptones. Stay tuned.
This French startup plans to use crowds to develop and bring to market tangible, inexpensive, electronic devices such as CD players, joysticks for video games, and Web cams. The community will handle all aspects of the product cycle—its design, features, technical specifications, even post-purchase customer support. As with software start-up Cambrian House, community members will submit and vote on product and design ideas. The winners will be funded by community members and they will go on to prototype and beta-test the products.
A core CrowdSpirit team, along with a subset of community members and distributors, will have a final say on decisions. The hope, however, is that the products will be extraordinarily focused on the customer because the ideas are coming directly from the people who will use the products. In development since last September, the site will formally launch at the end of June, 2007.
Marketocracy’s Web site boldly announces a mutual fund that delivers higher return with less risk. Launched in 2000, Marketocracy aims to gather the collective knowledge of the best investors to create a highly successful mutual fund. Sign-up is free and anyone can run a virtual fund, starting with $1 million. So far, the site has more than 60,000 users. Based on the virtual investments of its 100 most successful members, the site launched the Masters 100 Index in 2001. The fund now has $44 million in assets and has outperformed the S&P 500 Index with an average annual return of 11.4% since inception. Five years in, that’s a decent performance, though not worthy of Warren Buffett.
Barack Obama all but announced his intention to run as a candidate for the 2008 presidential election on Jan. 16 (the official decision will come on Feb. 10), and already CafePress.com is peppered with t-shirts sporting his name and election slogans. This Foster City (Calif.)-based online retailer lets members create, buy, and sell merchandise. Entrepreneurs Fred Durham and Maheesh Jain founded the site in 1999 to let members—the site reports 2.5 million—transform their artwork and ideas into new products and sell them through an online storefront with no up-front costs or inventory to manage.
Members can also personalize their own gifts by adding touches to one of 80 available products. CafePress.com sets a base price on products and takes care of printing, packaging, processing payments, and customer service; sellers decide how much to charge for their products. The site got a big break in 2003 when Phil Collins, Jet Li, and Olympic Gold Medalist Tara Lipinski launched online stores through CafePress.com. Since then it has grown to 800,000 shopkeepers and 36 million products.
Among the largest newspaper publishers in the U.S., Gannett has said it plans to change its newsroom to take advantage of crowdsourcing, putting readers to work as watchdogs, whistle-blowers, and investigators. Already last summer, the Fort Myers (Fla.)-based The News-Press (circulation 100,000) invited readers to help investigate ongoing concerns over price hikes in their utility assessments.
The response was hefty. Readers got involved—organizing their own investigations, poring through documents, and connecting to inside sources. As a result of the investigation, the city cut assessment fees by 30%.
Source: BusinessWeek online