WikiLeaks out of the CLOUD

What prompted Amazon Web Services to give WikiLeaks the boot off its EC2 - Cloud - Servers? 

Our Julian has raised a really pertinent question - one that has nothing to do with diplomacy or secret cables -  Under what circumstances does AWS feel justified in shutting down a customer? How much longevity does the cloud truly offer?

Surely the publication of thousands of secret diplomatic cables gave someone in the U.S. State Department or Department of Homeland Security the initiative to call AWS and advise a shutdown?

No, there was another reason for doing pulling WikiLeaks from the clouds, A source from the CloudSleuth monitoring system tell me. WikiLeaks was running on servers in Amazon's data center in Dublin, Ireland. CloudSleuth maintains monitoring stations around the world, constantly checking the response times of web services running in 30 different cloud centers, including EC2’s Dublin data center.

As the revelations became more damaging, someone attempted to low or halt the outflow of WikiLeaks information through denial of service (DoS) attacks, where the host servers are subjected to so many automated requests that they can't deal with legitimate traffic. Cloud performance can vary due to network vagaries around the world, but CloudSleuth operators figured they should be able to detect the impact of the attacks from their London station, which was close enough to Dublin for the network issue to become negligible. And were they affecting EC2's performance out of Dublin?

Amazon Web Services spokesmen have not responded to requests for comment on the situation. But CloudSleuth practitioners were less reticent. "To quote the star of Sarah Palin's Alaska, 'You betcha!'" wrote John J. Krcmarik, a member of the CloudSleuth development team at Compuware, wrote in a blog Dec. 2.

Prior to the onset of the denial of service attacks, CloudSleuth found its own application in Dublin issuing a consistent response time of 1.3 to 1.4 seconds through November. On Nov. 29th, it spiked to 2.4 seconds, a 58% increase. There was a corresponding performance spike around the world at the 29 other monitoring stations, which appeared to bump up response times by 50%, Krcmarik wrote in his blog. That means the denial of service attacks directed at one customer were absorbing EC2's resources at the expense of some other customers and hurting their application performance.

On a business basis, Amazon Web Services was justified in making an executive decision and telling its WikiLeaks customer to go elsewhere, or simply curtailing its operation singlehandedly, which WikiLeaks posts indicate is what happened.

But this still raises awkward questions for advocates of cloud computing and AWS itself. Under what circumstances does AWS feel justified in shutting down a customer? Did it take a call from the State Department, and if so, what rank of public official gets to make that call? Surely not the administrative assistant to the under secretary.

On the other hand, it may have decided on its own that enough was enough and it wasn't in business to satisfy the demands of denial of service attacks. If so, what happens if someone formulates such an attack against your public-facing application in the cloud? AWS would likely treat a valued customer differently from how it treated WikiLeaks, and an application's owner and the cloud service provider would together find a way to shut out the attacks or shift operations to a dedicated and protected server.

It may be that the WikiLeaks incident illustrates something I thought was highly unlikely in the cloud: the service provider finds the traffic too debilitating to allow the customer to continue operations. Amazon Web Services can clarify what decisions it made - and what decisions were made for it - in this case, but right now, it's working on how to handle the fallout from this brouhaha and put an acceptable public face on it. MORE

InformationWeek Government has published an in-depth report on private clouds and data center transformation. Download the report here (registration required).

Google Ditched by Groupon

A source close to the deal is quoted as saying the deal was "as over as these things get" 

The Interweb is abuzz with opinion about the rejection of a $6 billion offer Google made to Groupon, a successful startup in the location/group buying space, we've followed for a while now.

This isn’t the first time we’ve watched a startup shy away from proper money offered by the likes of Google. Reasons for rejection are often more complicated than simply being too big for their boots, very often they do it out of concern for their own products, which they feel might stagnate or be shuttered once acquired - MySpace and imeem, Apple and Lala, Google and Dodgeball.


Groupon, founded two years ago, sends daily messages to users in 300 markets, offering discounts on products and services. Groupon keeps a 50 percent cut of every deal sold, while businesses benefit from a rise in new customers. Deals, known as groupons, activate when a certain number is sold, encouraging users to recommend offers to friends.

Groupon has a reported 3,000 employees. It has been hiring about 150 people a month, mostly in sales, to enlist the local businesses that provide its more than 400 daily deals, President Rob Solomon said in an interview this month.  Groupon's global network has more than 33 million subscribers in 35 countries.

Groupon doesn’t seem to be the kind of product Google would shut down. The startup fits perfectly with the Google’s newfound emphasis on local advertising - in fact - Google recently put the high-profile Marissa Mayer in charge of all location-based services at the company and shortly thereafter unveiled Hotpot, a consumer-friendly Yelp competitor.


Groupon had a valuation of about $1.5 billion in April, after Digital Sky Technologies led a group that invested in the company. It has raised $170 million from investors, including Facebook backer Accel Partners and New Enterprise Associates. 


Clearly, Google is now ready to play the location-based ad game. Instead, the interweb powerhouse,  opened its check book and purchase real estate in New York City. Reuters, quoting a person close to the transaction, said late Friday that Google agreed to scoop up a large Manhattan office building the company occupies for $1.8 billion.

Graphic.ly CEO Micah Baldwin writes, “It all changes when the founder drives a Porsche.” Baldwin’s salient point - that the Groupon founders are already rolling in cash and can afford to turn down a big offer - is one worth considering. “Basically the motivation for a big exit is no longer motivated by ‘how much money can I get;’ it is motived by ‘what is my legacy.’ That simple shift makes their rejection of Google’s $6 billion offer not that surprising.”

That Groupon - which has been contemplating raising new venture funding - held out, possibly eliciting a sweetened offer from Google, is not the end to this story. Google has a very patient nature and will most likely simply wait for the next opportune moment. 


Groupon chief executive Andew Mason has reportedly expressed interest in taking the company public next year.

China Attacks Google

Google announced that it had been the target of a “highly sophisticated” and coordinated hack attack against its corporate network. It said the hackers had stolen intellectual property and sought access to the Gmail accounts of human rights activists. The attack originated from China, a Google spokesperson said.

“We have never ever, outside of the defense industry, seen commercial industrial companies come under that level of sophisticated attack,” says Dmitri Alperovitch, vice president of threat research for McAfee. “It’s totally changing the threat model.”

Hackers seeking source code from Google, Adobe and dozens of other high-profile companies used unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer, according to new details released by the anti-virus firm McAfee.

The attackers used nearly a dozen pieces of malware and several levels of encryption to burrow deeply into the bowels of company networks and obscure their activity, according to Alperovitch.

“The encryption was highly successful in obfuscating the attack and avoiding common detection methods,” he said. “We haven’t seen encryption at this level. It was highly sophisticated.”

The hack attacks, which are said to have targeted at least 34 companies in the technology, financial and defense sectors, have been dubbed “Operation Aurora” by McAfee due to the belief that this is the name the hackers used for their mission.

The name comes from references in the malware to the name of a file folder named “Aurora” that was on the computer of one of the attackers. McAfee researchers say when the hacker compiled the source code for the malware into an executable file, the compiler injected the name of the directory on the attacker’s machine where he worked on the source code.

Minutes after Google announced its intrusion, Adobe acknowledged in a blog post that it discovered Jan. 2 that it had also been the target of a “sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.”

Neither Google nor Adobe provided details about how the hacks occurred.

In the wake of Threat Level’s Thursday story disclosing that a zero-day vulnerability in Internet Explorerwas exploited by the hackers to gain access to Google and other companies, Microsoft published anadvisory about the flaw that it already had in the works.

McAfee has added protection to its products to detect the malware used in the attacks.

Although the initial attack occurred when company employees visited a malicious website, Alperovitch said researchers are still trying to determine if this occurred through a URL sent to employees by e-mail or instant messaging or through some other method, such as Facebook or other social networking sites.

Once the user visited the malicious site, their Internet Explorer browser was exploited to download an array of malware to their computer automatically and transparently. The programs unloaded seamlessly and silently onto the system, like Russian nesting dolls, flowing one after the other.

“The initial piece of code was shell code encrypted three times and that activated the exploit,” Alperovitch said. “Then it executed downloads from an external machine that dropped the first piece of binary on the host. That download was also encrypted. The encrypted binary packed itself into a couple of executables that were also encrypted.”

One of the malicious programs opened a remote backdoor to the computer, establishing an encrypted covert channel that masqueraded as an SSL connection to avoid detection. This allowed the attackers ongoing access to the computer and to use it as a “beachhead” into other parts of the network, Alperovitch said, to search for login credentials, intellectual property and whatever else they were seeking.

McAfee obtained copies of malware used in the attack, and quietly added protection to its products a number of days ago, Alperovitch said, after its researchers were first brought in by hacked companies to help investigate the breaches.

Although security firm iDefense told Threat Level on Tuesday that the Trojan used in some of the attackswas the Trojan.Hydraq, Alperovitch says the malware he examined was not previously known by any anti-virus vendors.

[Update: McAfee did not provide information on the code it examined until after this story published. Researchers who have since examined Hydraq and the malware McAfee identified in the attack say the code is the same and that Hydraq, which Symantec identified only on Jan. 11, was indeed the code used to breach Google and others.]

iDefense also said that a vulnerability in Adobe’s Reader and Acrobat applications was used to gain access to some of the 34 breached companies. The hackers sent e-mail to targets that carried malicious PDF attachments.

Alperovitch said that none of the companies he examined were breached with a malicious PDF, but he said there were likely many methods used to attack the various companies, not just the IE vulnerability.

Once the hackers were in systems, they siphoned off data to command-and-control servers in Illinois, Texas and Taiwan. Alperovitch wouldn’t identify the systems in the United States that were involved in the attack, though reports indicate that Rackspace, a hosting firm in Texas, was used by the hackers. Rackspace disclosed on its blog this week that it inadvertently played “a very small part” in the hack.

The company wrote that “a server at Rackspace was compromised, disabled, and we actively assisted in the investigation of the cyber attack, fully cooperating with all affected parties.”

Alperovitch wouldn’t say what the attackers might have found once they were on company networks, other than to indicate that the high-value targets that were hit “were places of important intellectual property.”

iDefense, however, told Threat Level that the attackers were targeting source-code repositories of many of the companies and succeeded in reaching their target in many cases.

Alperovitch says the attacks appeared to have begun Dec. 15, but may have started earlier. They appear to have ceased on Jan. 4, when command-and-control servers that were being used to communicate with the malware and siphon data shut down.

“We don’t know if the attackers shut them down, or if some other organizations were able to shut them down,” he said. “But the attacks stopped from that point.”

Google announced Tuesday that it had discovered in mid-December that it had been breached. Adobe disclosed that it discovered its breach on Jan. 2.

Aperovitch says the attack was well-timed to occur during the holiday season when company operation centers and response teams would be thinly staffed.

The sophistication of the attack was remarkable and was something that researchers have seen before in attacks on the defense industry, but never in the commercial sector. Generally, Alperovitch said, in attacks on commercial entities, the focus is on obtaining financial data, and the attackers typically use common methods for breaching the network, such as SQL-injection attacks through a company’s web site or through unsecured wireless networks.

“Cyber criminals are good … but they cut corners. They don’t spend a lot of time tweaking things and making sure that every aspect of the attack is obfuscated,” he said.

Alperovitch said that McAfee has more information about the hacks that it’s not prepared to disclose at present but hopes to be able to discuss them in the future. Their primary goal, he said, was to get as much information public now to allow people to protect themselves.

He said the company has been working with law enforcement and has been talking with “all levels of the government” about the issue, particularly in the executive branch. He couldn’t say whether there were plans by Congress to hold hearings on the matter.

China Hacks Official Policy

U.S. Secretary of State. Hilary Clinton says the U.S is "prepared to use force" in order to have China desist in it's Hack Attacks on the Internet and Google

U.S. Diplomatic cables released over the weekend reveal that the attempt by the Chinese to steal Google’s source code was managed at the highest levels of government.  One cable sent from Beijing showed that, according to well placed contact, officials in the Politburo Standing Committee directed the hacking operation on Google.  The Politburo Standing Committee membership is comprised of between 5 and 9 people and includes the top officials of the Communist party in China.

The cable from Beijing was classified as secret, and was one of a small number regarding China’s hacking operation published on the Wikileaks website Saturday. Wikileaks is gradually posting about 250,000 diplomatic cables to its website.

Independent researchers have argued that China works with ‘patriotic hackers’ and views cyber spying as one way to obtain intellectual property from the West in order to transfer it to Chinese businesses.  The cables released Saturday show that U.S. diplomats agreed with the researchers.

The release of the diplomatic cables revealing Chinese involvement in the Google hacking project comes at an unfortunate time, since the U.S. is now looking to China for support as it addresses concern over North Korea’s nuclear program. Meanwhile, both countries are at odds over Beijing’s 

China Arrests 460 Hackers

China has arrested 460 computer hackers this year and closed a number of hacker-training websites, but warned that the chances of further cyber-attacks remain "very grim".

American diplomatic cables, released by the Wikileaks website,
have suggested that China had ordered a hacking attack on Google, 

the search engine, in December 2009Photo: AP

"The current situation of our crackdown is still very grim and the number of hacker attacks and sabotage activities in China are still high," said a statement from the Chinese ministry of Public Security.

The statement came after American diplomatic cables, released by the Wikileaks website, suggested that China had ordered a hacking attack on Google, the search engine, in December 2009.

At the time, Google described the attack as a "highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google".

on sunday 26th september - while walking adelaides wondrous parks - marie.b and i found a swish little phone, lost - entirely out of inquisitiveness and naught to do with discovering ownership for return [though we did return to sarah _ _ _ _ that same day] i decided to trawl through the sms inbox - first message read "i'm arriving friday night, please shave down there" from jake

why is this tidbit here? because if there is a point to this page it is that we all love differently - almost uniquely - sarah is a married mum with 2 kids, jake is a stud - there is also a lesson SARAH! don't leave entangled txt's or pix on your phone - silly girl!


Boy he's got a tight bum . . . .

Ten Toys to Avoid for 2010

In 1991 a fictional toy called the Happy Fun Ball made the first of many appearances on Saturday Night Live, accompanied by a series of ominous warnings. "If Happy Fun Ball begins to smoke, seek shelter and cover head," advised one parody advertisement. Another: "Do not taunt Happy Fun Ball."

Unfortunately the real-life toy market is littered with dangerous playthings, some of which sport instructions and advisories nearly as bizarre as those associated with the Happy Fun Ball. The U.S. Consumer Product Safety Commission (CPSC) recalled 44 toys in fiscal year 2010, ended Sept. 30, and several more in October and November. And that doesn't count recalls of sporting equipment used mostly by kids, such as theClassic Sport Super Bounce pogo sticks sold through Sports Authority, which were recalled just last month.

That means early holiday shoppers may have already purchased some of these items, unaware of the dangers they pose. So check the gifts hidden in your closets, as well as what's already stuffed in your kids' toy boxes.

In Pictures: 10 Dangerous Toys For 2010

MORE

Indice n° 04: La vie est sur le bonheur et des sourires - Ne pas se perdre ou confondre. La vie est sur le bonheur - sourires - Ne pas se perdre ou confondre. La vie est sur le bonheur - sourires. Ne pas se perdre ou confondre! La vie est sur le bonheur et des sourires ~ Ne vous perdez pas / confus. La vie est sur le bonheur + sourires, ne pas se perdre ou confus. . . .

Marjane ma douce, tu me fais sourire!

Rule # 42: Having had your head in another's lap is not sufficient grounds for love !

Jewish Pirates of the Caribbean

The book Jewish Pirates of the Caribbean is written by a historian - Edward Kritzler - but its tales of smugglers, brigands, and high-seas violence have all the flavor of a guilty pleasure.

In 1492, the Inquisition expelled all Jews from Spain and Portugal. Many headed for the New World - specifically, for the Caribbean islands. Some Jews became explorers and exporters, discovering treasures in the Americas and sending them back to Europe for a price. (In fact, Christopher Columbus's departure coincided with the start of the Inquisition - Jewish Pirates makes a strong case that he may have been Jewish himself.

Other early Jewish players in the Americas had less regard for the law, and established themselves as smugglers, raiders…and pirates.  Samuel Palache, the "pirate rabbi," had one business as a diamond smuggler and another as a spiritual leadaer. Count-Duke Olivares, a Jew who embraced Christianity, was in charge of silver mining for the Spanish Empire. And even if Columbus wasn't Jewish, much of his crew definitely was. The final chapter is devoted to Columbus, and it leaves us with a tantalizing as-yet unsolved mystery - a possible location of the explorer's lost gold mine. 

via Jewniverse an initiative of MyJewishLearning.comand The Manuel D. and Rhoda Mayerson Foundation

This snippet makes me smile

Indice n° 04: La vie est sur le bonheur et des sourires - Ne pas se perdre ou confondre. La vie est sur le bonheur - sourires - Ne pas se perdre ou confondre. La vie est sur le bonheur - sourires. Ne pas se perdre ou confondre! La vie est sur le bonheur et des sourires ~ Ne vous perdez pas / confus. La vie est sur le bonheur + sourires, ne pas se perdre ou confus. . . .

Marjane ma douce, tu me fais sourire!

Rule # 42: Having had your head in another's lap is not sufficient grounds for love !