China, not the US, holds the dubious distinction of having the highest number of private computers that have been commandeered by hackers with malicious intent, according to a report by McAfee, an Internet security firm.

MaCafee monitors Internet-based threats targeting computers in 120 countries. It found that in the fourth quarter of last year, about 1,095,000 computers in China and 1,057,000 in the US had been infected.

Those numbers don’t count the roughly 10 million computers in each country that had previously been infected.

Infected, or “zombie” computers are typically linked together as botnets and then used to send spam e-mail or launch Denial of Service attacks on Web sites.

McAfee suggested that Chinese computers are particularly vulnerable to hackers since software piracy is common there, and computer users frequently do not download patches for their machines.

In a recent speech about Internet freedom, Secretary of State Hillary Rodham Clinton suggested that the Internet is a “global networked commons” for which “norms of behavior” ought to be developed by nations.

“An attack on one nation’s networks can be an attack on all,” she said. “Countries or individuals that engage in cyberattacks should face consequences and international condemnation.”

The US will have trouble heeding Clinton’s call for accountability and norms because it has so many infected computers. “The government could crack down on botnets, but doing so would raise the cost of software or Internet access and would be controversial,” Harvard Law professor Jack Goldsmith  wrote in the Washington Post.

“So it has not acted, and the number of dangerous botnet attacks from America grows.”

When a US embassy employee in East Asia clicked on an e-mail attachment in May, 2006, she inadvertently unleashed the largest cyberattack ever launched against the State Department. The breach permitted China-based attackers to insert malicious computer code into the department’s networks throughout the region.

A cyber-threat response team leapt into action and toiled 24/7 for 2 weeks to isolate the code and develop a patch that officials claim prevented a gargantuan breach.

Unfortunately, State is better equipped to handle cyberattacks than other parts of the federal government. And 2 months later, the Bureau of Industry and Security, a part of the Commerce Department that oversees exports of technology that has both commercial and military uses, was attacked in similar fashion.

The attack was not recognized for days and Commerce was never able to determine when the initial intrusion took place (Commerce claims there is no evidence data was compromised as a result).

Commerce and other parts of government are trying to improve their performance in this regard, but their efforts are often stymied by a marked shortage of skilled computer-security workers, from front-line technicians to so called Security Generals. 

Meanwhile, according to the Government Accountability Office, the number of probes, scans and attacks reported to the Homeland Security Department’s Computer Emergency Readiness Team more than tripled between 2006 and 2008, from 5,500 to 16,840.

The manpower shortage is impacting Pentagon efforts to staff-up a new Cyber Command and Homeland Security’s plans to increase it’s cyber-staff by 1,000 people over in the next 3 years.

The intense demand has sparked bidding wars among agencies and contractors for a small pool of special talent: skilled technicians with security clearances. Some young people with 3 years’ experience and a clearance are commanding salaries over $100,000. 

Philip Reitinger, deputy undersecretary of Homeland Security’s National Protection and Programs Directorate, conceded he couldn’t match private sector pay scales. “But in government,” he told the Washington Post, “one can have a bigger ability to effect change at an earlier place in your career than anywhere else.” he said.

Besides, Reitinger added, “your country needs you.”

It’s been a week since Google announced its Gmail systems had been breached by cyber criminals based in China, but the scope of the attack is just now being appreciated.

It looks as though the attack was part of a large corporate and political phishing ploy that leveraged security flaws in e-mail attachments to break into the networks of at least 34 companies including  Yahoo, Symantec, Rackspace, Adobe and Northrop Grumman.

According to Google, the hackers accessed the Gmail accounts of Chinese human rights advocates around the world, as well as other human rights groups that shape the national debate on human rights in China.
 
Google has threatened to retaliate by pulling out of China altogether.

The attacks were more sophisticated than their predecessors, according to security experts, in that they simultaneously exploited flaws in many software programs.

“Usually it’s a group using one type of malicious code per target,” Eli Jellenc told the Washington Post. Jellenc, the head of international cyber-intelligence for VeriSign’s iDefense Labs, added that “in this case, they’re using multiple types against multiple targets. That’s a marked leap in coordination.”

The standoff between Google and China creates a headache for federal officials, since it cuts to the heart of many current issues in U.S.-China relations: from human rights and censorship to intellectual property protection and access to military technology.

Since it entered the Chinese market in 2005, Google has clashed with the Chinese government about which search topics should be censored. The company’s service has been blocked when it defied government wishes.

News about Google’s public rebuke was censored in China, other than an op-ed piece in People’s Daily which called the search giant a “spoiled child” and predicted it would eventually back-off its threats.

One day during last year’s presidential campaign, FBI agents notified Barack Obama’s campaign that its computers had been hacked. Later, they told McCain’s campaign the same thing. 

Both attacks almost certainly originated in China.

These were not isolated incidents. China, or free-agent hackers on their payrolls, has penetrated computer systems of the State Department, US nuclear weapons labs and defense contractors.

It has stolen files on political dissidents from members of Congress, disrupted e-mail servers used by the Secretary of Defense and launched a spyware attack on electronic devices used by the Commerce Secretary during a visit to Beijing.

Last April, then-National Counterintelligence Executive Joel Brenner famously reported that the Chinese had penetrated “certain of our electricity grids” with malicious code that could be activated at a later date, perhaps bringing it down altogether. 

Officials can’t know exactly what has been stolen or how badly US systems have been exposed, but they do know why China has become an aggressive cyber threat.

“This is the way they plan to thwart US (military) supremacy in a potential conflict,” Robert Knake, a Council on Foreign Relations fellow told the Washington Post. “They believe they can deter us through cyber warfare.”

Chinese officials scoff at the accusations. “Allegations that China is behind cyber attacks against the US are irresponsible,” said Wang Baodong, a Chinese Embassy spokesperson.

“Since the US serves as the hub of the international information highway, attacking the US in cyberspace equals attacking one’s own cyberspace assets. . . . What’s the logic?” Wang added.

Amid the furor, US cyber policy expert James Lewis said it best, “I’m not going to get upset about China spying on us, because we spy on them. The only thing I’m going to get upset about is if we don’t do better.”

Four years ago, the Federal Communications Commission adopted “network neutrality” principles that protected consumers’ rights to use Internet-based applications, services, content and devices of their choosing, and to foster competition among Internet providers.

Last week, FCC chairman Julius Genachowski proposed formalizing these rules and adding an additional one designed to prevent Internet providers from discriminating against certain applications or content by using bans or service degradations against offerings that compete with their own.

Genachowski also proposed that the rules should apply to wireless networks, which had not heretofore been subject to the network neutrality principles.

The FCC invoked network neutrality last year when it called-out Comcast for attempting to degrade the Internet connections of users who were attempting to use a particular kind of file-sharing software. Comcast appealed the ruling on grounds that the neutrality principles had not been formally adopted.

Formal adoption of the rules promises to be a time consuming process since it requires an extended period for public comment. During this phase, the communications industry is sure to raise several objections.

In particular, some providers want to offer faster connections to companies that pay a premium for the service, such as those who provide high-definition movies online.

Public advocates fear that such services can transform the Internet into a tiered service in which premium offerings are available only to well-endowed users.

Genachowski will likely compromise in this area, allowing experimentation with premium services while assuring that sites which do not pay extra continue receiving service levels to which they have become  accustomed.

The formalization process should begin later this month. A final plan could be voted on by next spring.

Steven Forage, a metro-DC-based software salesman spends 5 hours per day behind the wheel. Like so many others, he’s closing deals on his cell, drinking coffee and checking email, in addition to driving.

One thing he worries about no more, however, is getting nailed by a speed camera.

That’s because Forage tricked-out his Caddy with PhantomAlert, a system that links all known locations of the cameras with his GPS and warns him when he’s approaching one.

“Fuzz alert!” shouts an electronic voice from his dashboard. “Ding, ding. Ding, ding. Fuzz alert!”

PhantomAlert has subscribers all over the country, including more than 2,000 in metro-DC alone according to it’s owner, Joseph Scott.

Scott’s employees access the locations of speed cameras from government and police Web sites, and receive tips from subscribers as well.

Scott believes cops should dig his device, since after all the cameras are there to slow-down drivers and not generate cash from tickets. “Not only should they support us,” Scott told the Washington Post, “but when they mail out citations, on the back they should say, ‘Get PhantomAlert.’ “

Some officials disagree. “If drivers think they only get a ticket when their little device goes off, that could lead them into a false sense of security, which could cause them to speed,” Lisa Sutter, a District employee who runs camera enforcement operations in DC told the Post.

But in fact others see merit in Scott’s device. Corinne Geller, a spokeswoman for the Virginia State Police, thinks PhantomAlert could create a perception that there is more surveillance going on at any time than is actually the case. “If it’s a deterrent, that’s a good thing,” Geller said.

Chinese officials have announced that beginning on July 1, all computers sold there must include government-designed software that blocks pornography.

OK fine, but a few Internet savants smelled a rat and set out to test the so-called Green Dam-Youth Escort software.

Their conclusion: Green Dam also censors religious and anti-government Web sites, disables programs after people input certain words, monitors personal communications, and tracks the Internet explorations of Chinese citizens, according to the Wall Street Journal’s Gordon Krovitz.

China is in effect asking computer makers to help block access to information and punish citizens if they visit unsavory sites or express themselves freely online.

Green Dam, dubbed derisively by its own citizens as the “Great Firewall of China,” has also been found to close computer applications without warning and create serious security problems.

So far Dell, HP, Apple and Lenovo—whose biggest shareholder is China’s government—have tread lightly around the subject, allowing their trade associations to gently press the matter with Beijing.

But now, US Trade Representative Ron Kirk and Commerce Secretary Gary Locke have begun quietly pressuring China to shelve the program altogether. They claim the program may violate commitments that China made to the World Trade Organization.

In letters to 2 Chinese ministries yesterday, the US officials said, “China is putting companies at an untenable position by requiring them, with virtually no public notice, to pre-install software that appears to have broad-based censorship implications and network security issues.”

The letters encouraged China to seek ways to promote parental control without restricting freedom to roam the Internet, freedom of expression and the free flow of information, according to the Washington Post.

As part of its crackdown on free speech following last week’s rigged elections, Iran’s government is exerting unprecedented control over the country’s Internet communications. And to do that, it’s using products supplied by European companies.

Based on interviews with technology experts inside and outside Iran, the Wall Street Journal reported yesterday that those pesky mullahs are carrying out deep packet inspection on a massive scale.

In addition to blocking or slowing Internet communication, deep packet inspection gathers information about users and can be used to alter the content of the communication itself—changing a “yes” to a “no,” for example—which may be more disruptive than shutting off Internet communication altogether.

The nefarious capabilities are there for the mullahs to use, courtesy of a JV between the German multinational, Siemens, and Nokia, a Finnish mobile phone provider.

According to spokesperson Ben Roome, the company installed a “monitoring center” within the Iran’s government-run telecom monopoly as part of a larger gig that included the installation of mobile-phone networks.

“If you sell networks, you also, intrinsically, sell the capability to intercept any communication that runs over them,” Roome told the Journal.

The Iranian government had briefly experimented with the Big Brother-like equipment in the run-up to last week’s travesty, but few people fully understood the system’s capabilities until its powers were unleashed in the face of escalating street protests.

Deep packet inspection involves the deconstruction and subsequent reconstitution of Internet data including email, Internet phone calls, and images and messages sent via social-networking sites like Twitter and Facebook.

It could explain why the mullahs allowed Iran’s Internet to function rather than shutting it down altogether, and why it has been running at glacial speed since things started getting out of hand.

Iran is “now drilling into what the population is trying to say,” Marshal8e6 director of technical strategy Bradley Anstis told the Journal. “This looks like a step beyond what any other country is doing, including China.”

Electricity powered cars not only run cleaner than their gasoline powered ancestors, they also run more quietly.

For inhabitants of noise-polluted cities, this might seem like a positive but there is growing concern that pedestrians and cyclists can’t hear the cool-running vehicles, thus increasing the risk of accidents. 

That’s why many believe it’s time to trick-out electric and hybrid cars with external sound systems.

In fact Congress is considering a bill that would establish minimum sound levels for non-gasoline powered vehicles so that the visually impaired and pedestrians can hear them approach. The European Commission is pondering a similar proposal.

What kind of sounds should electricity powered vehicles make? Perhaps they could beep as do some pedestrian crossings, or buzz like a power tool.

The work of Laurence Rosenblum and colleagues at UC California Riverside has convinced them otherwise. “People want cars to sound like cars,” he told the Economist. The sound needn’t be loud; just a slight enhancement of the current noise would suffice to improve safety substantially, he added.

Such external sound systems are already in the works. Lotus Engineering, for example, recently inked a deal with audio system maker Harman Becker to produce one. Their system also produces internal sounds that change with speed and use of the throttle, providing audible feedback to drivers.

This means carmakers will soon be able to create sounds that help with brand promotion. Drivers might someday even be able to select from a menu of engine sounds, perhaps downloading them like ringtones.

The Fisker Karma, for example, will be outfitted with a sound generator when the luxury electric hybrid goes into production late this year. It will be up to Fisker to decide how, exactly, a luxury electric vehicle should sound.

IBM is putting the finishing touches on a computer program that will compete against human contestants on “Jeopardy!” 

Comparing such an achievement to Deep Blue, the venerable tech company’s chess-playing program that beat world champion Garry Kasparov in 1997 is like comparing checkers to chess.

Chess is a game of simple statistical probabilities, a lot of them it’s true, and pieces with clearly defined powers.

“Jeopardy!” presents more daunting challenges for computers, which must weigh nuances of language including double entendres, puns, and analogies faster than Ken Jennings on crack.

The machine has been dubbed Watson in honor of IBM founder Thomas Watson. It is the culmination of a 3-year project involving a team of 20 with expertise in language processing, information retrieval and machine learning.

“The big goal is to get computers to…converse in human terms,” said David Ferucci, an AI scientist and the team’s leader.

In the contest, Watson will receive questions as electronic text, whereas the human contestants will, as usual, see the question and hear it spoken by host Alex Trebek.

Watson will use a synthesized voice to respond and select follow-up categories.

It will not be connected to the Internet during the contest, instead rendering answers from text that had been processed and indexed in advance.

Harry Friedman, the show’s executive producer, indicated he might invite Jennings to carry the flag for humans.

In 2004 Jennings won 74 consecutive contests and collected $2.5 million along the way.

In prepping for the contest, Watson will have stored a large chunk of the Web as indexed by Google, but it’ll mean nothing if the machine can’t understand the context of each clue.

For example, the sentence “I never said she stole my money” can have seven meanings depending on which word is stressed.

“We love those sentences,” Eric Nyberg said. “Those are the ones we talk about when we’re sitting around having beers after work.” The computer scientist from Carnegie Mellon University is on the development team.

Last fall, Google’s philanthropic division released Flu Trends, a tool that purportedly predicts regional influenza outbreaks 7-10 days faster than traditional methods. The bio-surveillance tool relies on the fact that people use Google to search flu-related terms well before calling their physicians.

Now, a study of similar methodologies appears to show that the Mountain View-based company’s omnipotence extends to the prediction of economic trends as well.

Hal Varian, an economics professor at UC Berkeley who moonlights as Google’s chief economist, and  Hyunyoung Choi, a Google employee tested the hypothesis that variations in search frequency for certain phrases improves the accuracy of econometric models used to forecast retail and home sales, among other things.

Such data are available to the public through Google Trends, which enables interested parties to access reports on search volumes for particular categories and terms. The reports are updated daily.

The scientists found that addition of such information improves the predictive value of the standard models used to forecast car and truck sales by 18%.

Similarly, search volume on terms like Hong Kong and other ports of call carried out in Australia, India, the UK and the US can foretell bumps in tourist volume to these locations.

The tool still needs refining, however. The scientists showed for example that searches for real estate agents are better predictors of future home sales than those for home financing.

People get attached to their Roombas.

They name their machines. They worry that repairs might change their Roomba’s personality. They paint them, dress them in costumes, even post videos of their Roomba in action.

Roboticists see opportunity in this behavior. If humans develop strong feelings about mindless floor cleaners, imagine how they might respond to “socially assistive” machines designed specifically to provide companionship and assistance to people; those with disabilities, for example.

Socially assistive robots, scientists hope, will one day assist stroke patients with rehab, stroll alongside dementia patients-perhaps helping them navigate hallways along the way, and help autistic kids improve interpersonal skills.

But they’ll reach their potential only if they can discern human emotion and intent, express something akin to feelings in response, and follow social conventions, according to Kerstin Dautenhahn, a professor at the School of Computer Science at the UK’s University of Hertfordshire.

“A socially ignorant robot always takes a direct path and interrupts at any point to do its task,” she explained to the Washington Post.

“But a socially (assistive) robot modifies its path to avoid getting too close to a human, waits until the right time to talk and fetches items without being asked.”

To accomplish this, new robots will use information obtained from sensors.

For example, motion detectors attached to the wrist allow robots to assess a human’s speed and direction. Heat sensors permit the robot to move toward or away from a warm body.

“People may be open to direct encouragement when they’re fresh and require more empathy when they’re tired,” notes Reid Simmons, a professor at Carnegie Mellon.

“So the robot may need to change its speech and expression, just as a therapist would.”

When Barack Obama’s economic Hail Mary cleared Congress, his e-team posted the legislation on whitehouse.gov with an open invitation to post comments. The bill was 1,071 pages long but responses were limited to 500 characters.

“Absurd,” cried Ellen Miller of the Washington-based Sunlight Foundation, who spoke for many.

A day later the e-team managed to bump the count to 5,000 while removing egg from its eye and chewing gum at the same time, but that was an inauspicious beginning for the geekocrats who had been canonized just months earlier for running the most tech savvy presidential campaign in history.

The Big O had hired Macon Phillips to be the White House director of new media, and immediately kinged him to special assistant with direct access to The Man and The Blackberry.

He envisioned whitehouse.gov to be his major communication platform, a digital Cape Canaveral from which he could launch gold nuggets that would rain down on supporters.

But the site, it turns out, doesn’t permit email blasts.

And the Presidential Records Act mandates that all White House written communications be preserved so Web pages on the site must be archived every time they’re modified, which gums up site refreshing.

“This is uncharted territory,” said Phillips, which we take to mean that no one tried to chart the territory before the Big O unpacked his gym bags on January 20.

But Phillips can point to progress. WhiteHouse.gov now has a blog, a YouTube channel, and a jobs link for example.

The first post on that blog announced that that all non-emergency legislation will be posted there for 5 days, giving the public a chance to review and comment before the president signed off.

That promise lasted until Congress passed the SCHIP extension and the Big O signed it 3 nanoseconds later.

Shortly after Russia’s brazen denial-of-service attack knocked Kyrgyzstan off the grid for a week, the impoverished nation’s president announced he was closing Manas Air Base, the US’ last remaining facility in Central Asia.

The Bear’s cyber-bullying had the Big O bumming since he planned to use the base as a staging ground for troops on their way to Afghanistan.

Still, that was small potatoes compared to the coordinated cyber-attacks on the Pentagon and other US agencies in 2007, which among other things infiltrated Robert Gates’ email.

The hack demonstrated for the once and future Defense Secretary that his country isn’t nearly as prepared to defend itself in a cyber war as it is to do so in a conventional military war.

Obama got the memo too. He just charged Melissa Hathaway to lead a 60-day review of America’s cyber security prowess, or lack thereof.

The more our government, financial systems and power grid rely on the Internet, the more exposed we become. Michael McConnell, who was National Intelligence Director under Bush Jr., told the Wall Street Journal that cyber security was “the soft underbelly of this country.”

Last year, Bush created the Comprehensive National Cyber Security Initiative, a top-secret $6 billion program directed at shielding dot-gov and dot-mil Web sites with nuts and bolts security procedures ironically dubbed “Einstein.”

Cyber aggressors would likely cruise past such defenses without breaking a sweat, if they haven’t already.

The US government repels amateurish cyber attacks daily. Many are after weapon designs or classified communication.

Most appear to originate in China, though it’s not possible to know, the Internet being what it is.

There were 13,000 information security attacks in 2007 alone, according to the Wall Street Journal, and that’s not counting the ones we don’t know about.

 So far as the US public knows, no one’s launched a sophisticated, coordinated, sustained cyber-attack against the US since 2007.

Even if this has happened and we’ve defended ourselves fairly well, no one knows what will happen next time. (more…)

Last month Steve Jobs Who-is-Apple acknowledged that, 5 years after being treated for a rare neuroendocrine tumor of the pancreas, he’s not altogether well.

Jobs emailed employees to say he’d be taking a 6-month leave from the company. His “health-related issues are more complex” than he’d known previously, and he’s cool with Tim Cook being “responsible for Apple’s day-to-day operations” while he’s gone.

Jobs Who-is-Apple also made it clear he’s coming back and he’s still CEO.

So now Tim Cook, Apple nation turns its lonely eyes to you.  Cook, Apple’s COO, has been running the show for years, but always with Jobs Who-is-Apple there to provide context not to mention the fairy dust.

Most people figured Cook would never cut it as Apple’s CEO, that he was an ops guy and not a visionary like Jobs Who-is-Apple.

But under these circumstances no one makes sense as a stand-in more than the guy who already oversees customer support, sales, the online store, the Macintosh division, and telecom relations not to mention operations.

But can he like, really do it all by himself?

“The company already has coalesced around (Cook),” a top Apple executive told Fortune, on condition of anonymity.

“Tim does almost nothing that would make you disrespect him, which you can’t always say about Steve,” he added.

It would have been the Tech story of the year but for now at least, a Twitter-Facebook hook-up is not going to happen.

Talks between the social network and the microblogging service began soon after Evan Williams became Twitter’s chief executive in mid-October, according to Claire Cain Miller of the New York Times. But they concluded abruptly after Williams rejected Facebook’s$500 million largely stock offer.

 “We explored it, as we should. We took it seriously,” Williams told the Times, “but it wasn’t the right time.”

It is the right time for Twitter to try making money, something it has not done yet despite its fantastic brand, 6 million registered users and $20 million in VC cash.

That’s not going to cut it during our economic crisis or as Williams put it, “I don’t want to have to raise money in 2009.”

Williams told the Times he wants to avoid an ad-based model and instead convince companies that use his site to interact with customers to pay for the privilege.  Dell, JetBlue, CNN, Whole Foods and others use Twitter this way.
 
Williams might have to buy a suit to pull this off since he candidly admits, “We have no business people in the company, so this isn’t an area we’re focused on.”

Yeesh!

Meanwhile, there’s competition from Yammer, a microblogging service for use by companies that started making money the day it went live, and old-school giants like Microsoft and Yahoo might enter the space.

But Williams remains undaunted. Twitter is after all just a 2 year-old company with 25 employees.  “Give us a minute,” he pleaded.