Start up: botnets worsen, who really hacked Sony?, mobile PCs in 2015, LizardSquad in detail

This stuff doesn’t work on mobile, apparently. Photo by Justin in SD on Flickr.

A selection of 9 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Botnet summary 2014 >> Spamhaus

To nobody’s surprise, botnet activity appears to be increasing. The majority of detected botnets are targeted at obtaining and exploiting banking and financial information. Botnet controllers (C&Cs) are hosted disproportionately on ISPs with understaffed abuse departments, inadequate abuse policies, or inefficient abuse detection and shutdown processes. Botnet C&C domains are registered disproportionately with registrars in locations that have lax laws or inadequate enforcement against cybercrime.

In 2014, Spamhaus detected 7,182 distinct IP addresses that hosted a botnet controller (Command & Control server – C&C). That is an increase of 525 (or 7.88%) botnet controllers over the number we detected in 2013. Those C&Cs were hosted on 1,183 different networks.


New York Times bets on native ads to drive mobile-ad revenue >> Media – Advertising Age

The New York Times is looking at native advertising, sponsorships and video to wring more money from readers coming to the Times on their mobile phones, according to Mark Thompson, president and CEO of The New York Times Co.

Just 10% of the Times’ digital advertising revenue was from mobile ads in the third quarter, but more than half its digital traffic came through mobile devices. Although mobile ad revenue is “growing rapidly,” this gap represents a “significant delta,” Mr. Thompson said at the UBS Global Media and Communications Conference in New York on Tuesday.

“It’s a challenge to overcome, but we will overcome it,” he said.

This seems like a natural and necessary evolution, given the low rates of mobile. They won’t make up for desktop, which in turn didn’t make up for print. Advertising rates are falling to zero.

What is going to happen >> AVC

Venture capitalist Fred Wilson with his list of predictions, from which we’ll pick these two:

4/ After a big year in 2014 with the Facebook acquisition of Oculus Rift, virtual reality will hit some headwinds. Oculus will struggle to ship their consumer version and competitive products will underwhelm. The virtual reality will eventually catch up to the virtual hype, but not in 2015.

5/ Another market where the reality will not live up to the hype is wearables. The Apple Watch will not be the homerun product that iPod, iPhone, and iPad have been. Not everyone will want to wear a computer on their wrist. Eventually, this market will be realized as the personal mesh/personal cloud, but the focus on wearables will be a bit of a headfake and take up a lot of time, energy, and money in 2015 with not a lot of results.

I’m very interested in trying Oculus Rift. Wearables are a tough sell anyway. However, Apple isn’t positioning its Watch as any part of what has gone before.

FBI briefed on alternate Sony hack theory >> Politico

Tal Kopan:

Researchers from the cyber intelligence company Norse have said their own investigation into the data on the Sony attack doesn’t point to North Korea at all and instead indicates some combination of a disgruntled employee and hackers for piracy groups is at fault.

The FBI says it is standing by its conclusions, but the security community says the agency has been open and receptive to help from the private sector throughout the Sony investigation.

Norse, one of the world’s leading cyber intelligence firms, has been researching the hack since it was made public just before Thanksgiving.

Norse’s senior vice president of market development said the quickness of the FBI’s conclusion that North Korea was responsible was a red flag.

1) a riled insider or insiders is a far, far more likely path to this hack
2) there’s no way in the world, now that the FBI has said that North Korea did it, and President Obama has echoed that, that the FBI or US government will ever admit to being wrong unless it is part of some gigantic diplomatic deal with North Korea. One has to wonder what NK would give the US in return for making the US eat humble pie in public.

Competition to intensify in flagging mobile PC market in 2015 >> TrendForce

Google’s low-cost Chromebook notebook computer performed well this year, benefiting from its cloud storage capacity and strong data security capabilities. But Chromebook sales were affected by Microsoft’s subsidized low-cost Windows notebooks. In 2014, Google sold about 6.5m Chromebooks and the device’s market penetration [of the mobile market] reached 4%. But if Chromebook uses the 2-in-1 PC concept, it will be difficult for Google to keep the device’s price low, Chen said. TrendForce forecasts Chomebook sales will increase slightly to 8m units in 2015. 

This year, Microsoft and Intel both launched subsidy plans for their notebooks and tablets, which had reduced their revenues. “Because they lower manufacturers’ costs, subsidies indirectly benefit consumers, but it will be better if Microsoft and Intel can find more substantial ways to develop the market, such as by utilizing the 2-in-1 concept or cloud computing,” [Caroline] Chen [Trendforce notebook analyst] said. 

Notably, this group describes the expected 12.9in iPad as a “2-in-1” device, not a tablet. There’s a certain amount of disagreement between analyst companies on what is a PC, what’s mobile, what’s a 2-in-1, and what’s a tablet; it can make decoding what they say really tricky.

May 2014: Samsung says new Galaxy S5 smartphone is off to a strong start >> WSJ

Noted here for its hindsight value, from an interview in May 2014:

J.K. Shin, who also heads Samsung’s mobile business, said in an interview at company headquarters that sales of the new smartphone reached more than 11m units since its launch in early April, outpacing the Galaxy S4, which sold about 10m in the first month after it was unveiled last year.

Speaking halfway into Samsung’s second quarter, Mr. Shin also said he thinks strong Galaxy S5 sales will lead to higher mobile profit margins and market share in the quarter. He declined to provide specific figures.

“It’s been a month since we began selling the S5, and out of the gate, sales are much stronger than the Galaxy S4,” Mr. Shin said, noting sales were especially good in developed markets such as the U.S., Australia and Germany.

The comments from the top executive at the world’s biggest smartphone maker paint a rosier picture of Samsung’s mobile business than many analysts and investors had been expecting.

What then happened is that Samsung made 20% more S5s than it had S4s, but sold 10% fewer. This meant oversupply in the channel (wholesalers/carriers) and forced price cuts, and so lower profits and slower sales.

Worth considering when you next see a chief executive interviewed, and weigh up what analysts are expecting.

Samsung Electronics should announce its preliminary 4Q results some time next week.

Here’s why The Hunt’s app developer hearts Android >> VentureBeat | Dev | by Barry Levine

While “the conventional wisdom is build first for iOS,” he said, “if we had to do it all over again, I would launch on Android first,” or at the same time as iOS. More than half of The Hunt’s downloads are to Android devices.

The Hunt’s Android version launched last month, and its iOS version came out last year.

The Hunt allows its three million, mostly female users to post a picture of some product they’ve seen online — such as a photo of a dress in a news story — and get feedback from the community of retailers and fellow shoppers about where that item or something similar is sold.

Weingarten noted that his company has “a very successful iPhone app, [with] thousands of daily downloads.”

“I’m not being negative about Apple.”

But, he pointed out, his company is “seeing much stronger engagement rates on Android.”

As one example, more than a third of Android users who have downloaded the app have started Hunts, while only 20% of iOS users have. Additionally, 40% of iOS weekly users are following to see if their Hunt queries have found the product in question, while half of Android users are.

Be good to know some more of the demographics of the users showing these behaviours. An interesting data point though.

Inadvertent algorithmic cruelty >> Eric Meyer

Yes, my year looked like that.  True enough.  My year looked like the now-absent face of my little girl.  It was still unkind to remind me so forcefully.

And I know, of course, that this is not a deliberate assault.  This inadvertent algorithmic cruelty is the result of code that works in the overwhelming majority of cases, reminding people of the awesomeness of their years, showing them selfies at a party or whale spouts from sailing boats or the marina outside their vacation house.

But for those of us who lived through the death of loved ones, or spent extended time in the hospital, or were hit by divorce or losing a job or any one of a hundred crises, we might not want another look at this past year.

To show me Rebecca’s face and say “Here’s what your year looked like!” is jarring.  It feels wrong, and coming from an actual person, it would be wrong.  Coming from code, it’s just unfortunate.  These are hard, hard problems.  It isn’t easy to programmatically figure out if a picture has a ton of Likes because it’s hilarious, astounding, or heartbreaking.

This post has been widely shared, but it is worth reflecting on from a distance. Algorithms have dangerous power because once we start them off, it’s really hard to stop them.

Lizard Squad kids: a long trail of fail >> Krebs on Security

In a show of just how little this group knows about actual hacking and coding, the source code for the service appears to have been lifted in its entirety from titaniumstresser, another, more established DDoS-for-hire booter service. In fact, these Lizard geniuses are so inexperienced at coding that they inadvertently exposed information about all of their 1,700+ registered users (more on this in a moment).

These two services, like most booters, are hidden behind CloudFlare, a content distribution service that lets sites obscure their true Internet address. In case anyone cares, Lizardstresser’s real Internet address currently is, at a hosting facility in Bosnia.

In any database of leaked forum or service usernames, it is usually safe to say that the usernames which show up first in the list are the administrators and/or creators of the site. The usernames exposed by the coding and authentication weaknesses in LizardStresser show that the first few registered users are “anti” and “antichrist.” As far as I can tell, these two users are the same guy: A ne’er-do-well who has previously sold access to his personal DDoS-for-hire service on Darkode — a notorious English-language cybercrime forum that I have profiled extensively on this blog.

One of the duo alleged to make up Lizard Squad is a 22-year-old Briton who has been arrested and bailed by Thames Valley Police. He’s on Twitter, has been interviewed by Sky News, and denies having taken part in any hack (or DDOS?) of Sony or Microsoft; he claims just to be the group’s spokesman, if his Twitter feed reflects his views.

Let’s see how that works out. He also says the alleged offences for which he has been bailed include some from 2013.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.