19th > July > 2003 Archive

Guilty plea in Kinko's keystroke caper

If you used a computer at a Kinko's in New York City last year, or the year before, there's a good chance that JuJu Jiang was watching. The 25-year-old Queens resident pleaded guilty in federal court in New York last week to two counts of computer fraud and one charge of unauthorized possession of access codes for a scheme in which he planted a copy of the commercial keyboard sniffing program Invisible KeyLogger Stealth on computers at thirteen Kinko's stores sprinkled around Manhattan. For nearly two years ending last December, Jiang's makeshift surveillance net raked in over 450 online banking passwords and user names from hapless Kinko's customers, according to the plea. He would use victims' financial information to open new accounts under their names, and then siphon money from their legitimate accounts into the new, fraudulent ones. According to court records, the caper began unraveling last October, when Jiang had the bad luck to use a stolen GoToMyPC account to remotely control a victim's home computer while the victim was sitting in front of it. The victim, unnamed in court filings, watched as the PC's cursor began moving of its own accord, riffling through files, opening a browser window, and then establishing an account with online money transfer site Neteller.com under the victim's name. The victim had logged into the machine through GoToMyPC from a Kinko's on Seventh Avenue a few days earlier. GoToMyPC's access logs captured Jiang's IP address, and after a brief investigation, the U.S. Secret Service raided the apartment Jiang shared with his mother in Queens. They seized books on hacking, a laptop computer and four desktop machines from Jiang's bedroom. Under questioning, Jiang, admitted sniffing passwords and usernames from Kinko's machines and selling them over the Internet, according to a Secret Service affidavit filed in the case. Two months later, while free on bail, Jiang got caught planting another keyboard sniffer at a Kinko's on West 40th Street in New York. The plea is silent on how much Jiang made from the scam, and prosecutor Joseph DeMarco said he couldn't answer questions about the case. The only financial losses that Jiang admitted to last week were $5,000 in "damage" caused to Kinko's computers by his installation of the surveillance software -- a stipulation that satisfies the minimum statutory requirement for a computer fraud conviction. Jiang also pleaded guilty to two criminal copyright violations for auctioning Microsoft software that was not meant for resale. Jiang's attorney, Louis Freeman, told a judge that his client was undergoing a psychiatric evaluation, and that Freeman plans to use the results to ask for a reduced sentence. Reached by telephone, the lawyer declined to elaborate. A Kinko's spokesperson said the company tries to make customers aware of the risks of entering personal information and data on publicly accessible machines, but would not discuss what security measures they take, or comment on whether the company made any changes as a result of the Jiang case. At least some Kinko's stores have warning placards next to every public workstation. Last year, Kinko's security measures became an issue in the pre-trial arguments in the Zacarias Moussaoui terrorism prosecution. Defense attorneys sought information on Moussaoui's 2001 use of a public access PC at a Minnesota Kinko's store, but were foiled by what the FBI said was Kinko's national policy of completely reimaging public access machines on a weekly basis. It's not clear how that policy squares with Jiang's success; one possible explanation is that Jiang visited the 13 Kinko's frequently enough to retrieve the stored keystrokes before they were wiped out, and then re-installed his loggers afterwards. Sold by San Francisco-based Amecisco for about $100 a copy, Invisible KeyLogger Stealth is a kernel mode keyboard sniffer that hooks Windows system calls to prevent users from seeing the program. Some anti-spyware products -- like Spydex's Advanced Anti- Keylogger -- can detect IKS through its growing keystroke logfile. In an e-mailed statement, Amecisco's director Leon Yan said the company strongly condemns illegal use of its surveillance software. "Our intended audiences are authorized system administrators and parents," Yan wrote. "And I can give you examples after examples of parents [who] wisely used this tool to help with their children." Jiang is in custody at New York's Metropolitan Correctional Center pending sentencing. A sentencing date has not been set. © Related stories Keylogging student charged with massive ID fraud Mafia boss jailed in FBI keyboard bugging case FBI chief Mueller lied to Senate about key-logging
Kevin Poulsen, 19 Jul 2003

RIAA nails 1,000 music-lovers in ‘new Prohibition’ jihad

The Recording Industry Association of America's attack on US culture has escalated at an alarming pace this week. On Friday the lobby group that works on behalf of the large, mostly foreign-owned, music conglomerates that own the music copyrights and distribution channels confirmed that it was serving subpoenas at the rate of 75 a day on US citizens for the crime of sharing the music they love. This signals a change of tactics for the RIAA: as now each individual file sharer is potentially responsible for thousands of dollars in damages. Once they were shielded by ISPs, but in the wake of the Verizon case, individuals are now exposed to direct intimidation. The RIAA is beside itself with glee: and boasted that a thousand music-lovers had already been busted. The escalation in violence threatens to bring the US criminal justice system to an impasse: although the prison industry is already full to the brim, the RIAA's actions make new criminals out of tens of millions of ordinary US citizens. As Boycott-RIAA's founder Bill Evans notes, "there are more file-sharers than voters for either candidate at the last Presidential Election". When Evans dubs the 'Recording Incarceration Industry of America' he's only half-joking. If the RIAA was to be indulged in its whims, the statistics suggest that the USA would rapidly become a vast, continent-wide penal colony. And that's hardly a beacon of liberty to shine on the rest of the world. Particularly when, with the backing of the much-maligned US military, the RIAA is ripping up liberal social copyright laws and replacing them with its own. Not surprisingly, this has provoked a deep counter-reaction which is finally, and belatedly, taking to the streets. On August 1 and 2, Boycott-RIAA and affiliated groups will be holding anti-RIAA rallies across the country. Well, here's your alarm call. While it may seem to be invincible, the RIAA is desperately vulnerable: and it knows it. It's under threat of anti-competitive lawsuits, its key DC placemen are under fierce scrutiny ... and the mass criminalization of innocent US citizens is a most coercive step citizens have seen since the Prohibition era. But can you compel your neighbor to give up lawnmowing, or weblogging, for long enough to make a real difference? Well, read them this attack on family values I cannot accept that the "Land of the Free" is accepting the nonsense propounded by the RIAA. This desire to fine and litigate is becoming pervasive and foolishly assumes that you can modify normal human behaviour with LAW. Firstly - all art forms are like children in that the creative urge is similar to the urge to reproduce. If we accept this analogy then it follows that as you do not own your children for their entire life you cannot expect to own your art for it's entire life. In fact, if the rules currently in force where in place in the earlier part of the last century then many films could not have been made and much music could not have been produced. Music belongs to us all. ... so wrote Jean Barnard. From: Gene Mosher To: ashlee.vance@theregister.co.uk Subject: RIAA My great grandfather was born in 1870. He learned to build crystal radio sets to listen to the earliest radio broadcasts in the 1920's. He would invite the whole town of about 500 over to listen to them. My grandfather was born in 1899. He purchased one of the earliest tape recorders to make copies of radio broadcasts for his friends in the late 1950s. My dad was born in 1924. He had a collection of 78's that he passed around for many years until he died last year. And now I am using the Internet to assemble an MP3 collection of all the tunes on all those LPs, cassette tapes and CD's that I've been buying since 1959. I'll be damned in hell before I accept the notion that I and my ancestors who love to listen to the audio arts are in any sense guilty of anything that is illegal, wrong, evil, immoral or improper. Gene Mosher With so much at stake, I can't see how Americans can fail - except through apathy. But can you and your neighbor make a difference? ® Related stories RIAA attacking our culture, the American Mind Congressman pocketed $18,000 for RIAA 'lobbying trip' Congress mulls prison terms for KaZaA users Radio royalties: the ticking timebomb under the RIAA US Senator would destroy MP3 traders' PCs Fab Hacker shirts at Cash and Carrion Caps, mugs, rubberwear too
Andrew Orlowski, 19 Jul 2003

Intel leans on wireless world with UWB, Wimax plans

Don't ask whether Intel can succeed in imposing its preferred standards, for ultra-wide band wireless, or for 802.16a local wireless broadband. Study your history. You'll see that it can. Next time you take your computer (with built-in modem) on the road, consider what a trivial matter it is to connect it to a phone network - anywhere in the world. All you need is a cable with the right attachment on the end. And that's possible because Intel leant, heavily, on the approvals people. In the early days of email, it was actually illicit to plug a modem that was designed for use in America, into any European phone network. Heck; it was illegal to plug a French-approved modem into the German network, or a Spanish-legal device into a UK phone socket. Intel stepped in, and put a modem on the market. It included a small flash memory, into which, Intel said, the configuration details for all countries could be loaded. It then submitted this device for approval into most major countries. And, one by one, the resistance of the authorities crumbled, and approval was given. Intel then withdrew from the modem market, and proceeded to sell flash memory to every modem manufacturer. (It now dominates the flash memory business). What Intel did in the late 80s and early 90s is now being reflected in wireless. At least, that's clearly the plan. Sean Maloney, who runs Intel's Communications Group, is committed to making all sorts of wireless ubiquitous. His reasons aren't even vaguely secret. Intel (as he has said) believes that in another silicon generation, most radio devices will be built in Intel's favourite semiconductor technology: CMOS. Intel reckons it will have the best CMOS wireless chips; it wants to set standards that make these chips sellable. The threat to other chip suppliers is simple enough. No, Intel doesn't want to enter the market for making WiFi and GSM and CDMA and other wireless chips. Instead, it wants to build these devices as standard peripherals on its processors. So, in the year 2009, you'll go out and buy your 128-bit Intel based wrist-watch and built into its high-speed arithmetic/logic unit there will be a universal, configurable radio. Software will drive it; it will switch between all different standards. In other words, it will be able to function as a GSM phone, a UMTS radio, a WiFi device, and even a UHF radio or TV receiver - or transmitter - depending on what your program requires. The important point is: Intel will build it all on chip. This strategy, again, is hardly news. "Native Signal Processing" meant that the Pentium replaced complex (and costly) digital signal processing chips in commercial modems. Software controlled what signals to send down the phone line; modems became much cheaper. Good news! - except, of course, that if you wanted to run something other than Windows, your software ceased to work, and your modem ceased to function. We're seeing something similar with WiFi, where your notebook PC will drive almost any sort of client adapter card, and search for a local hotspot - unless, of course, you're trying to run Linux or FreeBSD. It's a driver issue, not an integration issue - at the moment. But the Centrino process shows what Intel wants. A Centrino notebook has a built-in WiFi wireless chip set. If you buy a Centrino notebook, the only reason you could have for ever buying a WiFi card, would be that Intel made an error of judgement, and didn't make the right standard Centrino wireless. That's a constant problem for Intel and Centrino, as long as it has to integrate wireless chips made from ordinary analogue technology into the motherboard. What it wants, is a motherboard which can be updated, just by downloading new software - a "soft wireless" technology. Hence the standards battle. Intel has no use for an ultra-wide band wireless standard which it reckons can't be supported in a CMOS-based, programmable radio - eventually. Motorola, on the other hand, will have very little market for its radio devices if everything you can buy has a Intel processor with a built-in Intel soft wireless already working. For the WiMAX forum, having Intel come on board with its support and influence will seem like a big win. This will make it happen! - well, yes, it will. But what, exactly, will Intel want to see happen? It's easy enough: it will want the standard to evolve in a direction that suits its software controllable wireless plans. Resistance, as they say, is futile. If you're working in wireless, you probably will be assimilated - this is The Incredible Hulk Of Borg. Well, all sorts of possibilities exist in the future. But Intel has made its intentions perfectly clear, and that is the future it has planned. Ignore the warning at your peril. © NewsWireless.Net Some recent articles on NewsWireless.Net Wi-Max gets the big one - Intel commits to local wireless broadband First Tablet under $1,000? It uses Transmeta, not Intel Testing a new PC - how long does the battery live?
Guy Kewney, 19 Jul 2003

Work drying up for IT freelancers

The government has been urged to do more for independent freelancers after an industry trade body revealed a quarter of its members are out of work, with many more struggling to make a profit. A survey by the Professional Contractors Group (PCG) found one in four of its members had no current job, while 54 per cent admitted to suffered a drop in earnings over the past year compared to the previous 12 months. Of the study’s 1,800 freelancer respondents, over half felt prospects for the rest of 2003 would be particularly gloomy, with many predicting a fall in profits after tax. Over 70 per cent of those quizzed said they had been freelancing for more than five years, with a quarter having worked for themselves for over a decade, indicated even freelancers with vast experience had been badly affected by the downturn. Nearly nine out of ten of those in employment said they operated as a limited company with no more than one or two employees. Simon Griffiths, chairman of the PCG, said the government should take action on several issues his organisation had campaigned on to boost the freelance sector. “This vindicates the views we have consistently put forward to the government, and in our recent submission to the All Party Parliamentary Small Business Group, regarding the scale of the lack of work within the freelancer community. “Clearly, our persistent lobbying with regard to Fast Track Visas, work permits and the skills shortage list has been entirely justified.” Griffiths said the high proportion of experienced freelancers facing difficulties was particularly worrying. “We’re talking about the majority of freelancers surveyed having been established for a long time, which makes the proportion not in contract all the more disturbing.” © Related stories Is this contract a robust defence against IR35? IT subbies out of work and out for the count New PCG boss predicts doom and gloom in IT sector Barclays, GlaxoSmith Kline slash IT contractor rates
Startups.co.uk, 19 Jul 2003

Latest Xbox figures revealed

Software giant Microsoft has announced its financial results for the quarter and financial year ended June 31, revealing firm figures for the global installed base of Xbox and its targets for the coming year. By the end of the financial year, Microsoft had sold 9.4 million Xbox consoles worldwide - far, far lower than some estimates recently, which had put the figure well north of the 10 million mark, with one piece of research suggesting that it was as high as 13 million. During fiscal 2003, Microsoft sold 5.5 million consoles, and in the next year it expects to sell between 5 and 6.6 million consoles - bringing the installed base to somewhere between 14.5 and 16 million units in total. The figures for 2003 were helped slightly by the price cuts to the console in the last quarter, and the Home and Entertainment Division of Microsoft saw an 8 per cent rise in revenues during the quarter - bringing it to $483 million. However, the price cut didn't have that major an effect, according to Microsoft's chief Xbox officer, Robbie Bach. "Certainly the price cut probably had some effect, though I think most people would tell you the effect has been pretty modest," he commented. One thing which emerges very clearly from the figures is that Microsoft is distinctly struggling in territories outside North America. A massive 6.2 million of its Xbox installed base - some 66 per cent, or two thirds - resides in North America, with Asia Pacific accounting for a mere 1 million units and Europe also lagging very badly, with 2.2 million units. It's common for industry analysts to mention how badly Xbox is doing in Japan, and how poorly GameCube is doing in Europe - but even more so than the overall sales figures (which, interestingly, put Cube and Xbox almost neck and neck on a global level, with around 9.5 million units each - so why are so many US-based analysts desperate to write off the Cube?), these figures illustrate the gulf between the PS2 and its would-be competitors. Sony has no territory in which it is weak, while the Cube and the Xbox clearly only have one territory each in which they could be considered strong (Japan for the Cube, North America for the Xbox), and are struggling elsewhere. One very positive figure to emerge from all of this, however, is the Xbox tie ratio - which is standing at around 5:1 globally, although it's not clear whether this takes into account software which was bundled for free with the console in many territories. Microsoft expects to grow this figure significantly in the coming year, with titles like Project Gotham Racing 2 and Halo 2 on the way and likely to sell millions of copies on the system. © gamesindustry.biz
gamesindustry.biz, 19 Jul 2003