Girls Record Brutal Attack On Teen To Allegedly Post On YouTube
Video was released late Monday afternoon showing a brutal beating at the hands of a gang of teenage girls. Their motivation for the attack was allegedly so they could post the video on YouTube and MySpace.
The victim reported the attack after she was beaten so badly she had to be treated at the hospital. That's when the sheriff's office started looking into it and learned about the video.
The sheriff calls it shocking, saying he's never seen anything like it. It was a vicious attack all captured on home video inside a Polk County home.
When 16-year-old Victoria Lindsay arrived at her friend's house where she had been staying, six girls were waiting. Immediately, they started yelling and one girl began pummeling the victim.
On the video, the girls can be heard encouraging the fight in the background, even taunting Lindsay to fight back, all while one of them held the camera. The victim's family has said it was an elaborate plot to injure and embarrass Victoria Lindsay. Lindsay's parents couldn't believe their daughter had to endure the attack.
"That's my Tori. Don't do that to my Tori," said the victim's mother.
The 16-year-old suffered a concussion, eye injuries and several bruises. During the attack, two others were outside keeping watch according to the sheriff's office.
In fact, the sheriff said, Lindsay was lured into the home for the sole purpose of capturing and posting the video on the Internet. According to the sheriff's office arrest affidavit, Lindsay told deputies they "were going to post the beating on MySpace and YouTube."
Instead, it's the sheriff's office that ended up releasing it to the media and now all eight suspects accused of making it happen are charged with very serious crimes. All suspects face charges for false imprisonment and battery. Three of them were charged with kidnapping because, the sheriff's office said, they forced Lindsay into a car and drove her to another location after the beating.
The suspects were identified as 17-year-old Mercades Nichols, 17-year-old Brittini Hardcastle, 14-year-old April Cooper, 16-year-old Cara Murphy, 17-year-old Britney Mayes and 15-year-old Kayla Hassell. Zachary Ashley, 17, and Stephen Schumaker, 18, were identified by deputies as the lookouts.
"They weren't really involved, I don't know. I'm just overwhelmed by all of it. I don't know why the girls have them involved," said Debbie Shumaker, Stephen's mother.
All six of the girls attend Mulberry High School, according to the sheriff's office arrest affidavit.
http://www.wftv.com/news/15817394/detail.html
Pupils Posing as Paedophiles in Cyber-Bullying, Police Warn
Steven Morris
Children as young as 10 may be posing as predatory paedophiles on internet networking sites to frighten boys and girls they have fallen out with, police revealed yesterday. Officers have warned parents and children to be vigilant after as many as nine youngsters in Padstow, Cornwall, were targeted through the networking sites Bebo and MSN.
Police initially believed a local man was trying to groom the children by befriending them online and arranging to meet them. But a member of the public has come forward and told them that youngsters are trying to settle playground disputes by posing as a paedophile to frighten their rivals.
A spokesman for Devon and Cornwall police said: "Information from the public has highlighted a possibility that the offenders could be children aged 10 and over, masquerading as a paedophile. The investigations are continuing and at this moment we are looking into every line of inquiry and are not ruling out any possibility. However, the language used on the social networking sites such as Bebo and MSN is at times childish. It could be youngsters playing a sick game to try and intimidate friends they have fallen out with. This will be treated seriously and we will be contacting the families of the children involved and we will try and help them by involving social services."
Police urged parents in Cornwall to keep a close eye on the websites their children were looking at. The spokesman added: "We would appeal to anyone who has information about this to please contact us immediately so we can continue with our investigations to get this stopped."
A spokesman for the Child Exploitation and Online Protection Centre said: "We have many incidents of cyber-bullying - where children use the internet as a forum to pursue grievances - but have not heard of this happening before. It sounds like a very extreme and worrying course of action."
http://education.guardian.co.uk/scho...272143,00.html
Paedophiles Face Curbs on Internet Use
Bobbie Johnson
The home secretary will today outline plans to increase protection for children surfing the web, including new jail terms for convicted paedophiles who use social networking websites.
The measures, which mirror systems operating in the US, include a requirement for convicted sex offenders to give their email address to the police. If they use that address to sign up to a website such as MySpace, Bebo or Facebook, they could be imprisoned for up to five years.
The restriction will apply to more than 30,000 people who have been added to the sex offenders' register since its inception in 1997. However, questions have been asked about how this will work in practice, as anyone can create new email identities in a few minutes.
A spokesman for the Home Office said that failure to declare any new email accounts would be considered a criminal offence, but admitted that police would ultimately rely on members of the public to tell them of unlawful actions.
The email idea is thought to have been a late addition to the package of new guidelines, developed by the Home Office in consultation with children's charities and large social networking websites.
The home secretary, Jacqui Smith, said: "We have some of the strictest controls on sex offenders in the world to protect our children. We are working together with police, industry and charities to create a hostile environment for sex offenders on the internet, and are determined to make it as hard for predators to strike online as in the real world."
The plans also include a new kitemarking scheme for parental filtering software. They follow last week's independent Byron review, which recommended better education for parents. A separate study by the media regulator Ofcom found that more than 25% of eight- to 11-year-olds had a profile on a social networking site.
The Home Office plans were largely welcomed by children's charities. "We must strive to do all we can to protect children by keeping one step ahead of the abusers," said Diana Sutton of the NSPCC.
http://www.guardian.co.uk/uk/2008/ap...hildprotection
Officials Find Child Pornography on 20,000 Va. Computers
Fourth-highest number of offenders in Herndon
Chris L. Jenkins
Law enforcement officials working undercover were sent child pornography files from nearly 20,000 private computers in the state over a 30-month period, according to a report by an expert on the distribution of Internet child porn.
Those computers accounted for 215,197 Internet child pornography transactions between October 2005 and February, according to a state report developed by Flint Waters, a special agent with the Wyoming attorney general's Division of Criminal Investigation. He has developed a national online system to track such activity.
Waters is part of a federal program, the Internet Crimes Against Children Task Force, which consists of 59 law enforcement agencies nationwide, including two in Virginia. Waters's report found that Herndon ranked fourth among Virginia localities in the number of computers known to possess child pornography statewide. The town of 23,000 is reported to have 1,058 known computers that sent hard-core child pornography to investigators. The task force helped analyze the data, which found that Alexandria had 657 such computers; Fairfax County, 507; Arlington County, 503; and Woodbridge, 467. The city with the most computers was Virginia Beach, followed by Norfolk and Richmond.
The recorded numbers are just a small percentage of the traffic generated by child pornography distributors, who use peer-to-peer file-sharing networks such as Lime Wire to peddle often violent and hard-core movies and images, Waters said. The program tallies only the files that were distributed to undercover officers. The tracking software investigators use, Operation Fairplay, does not tally files shared between private users.
"Right now there's no way that law enforcement can keep up with all this activity," Waters said, adding that such activity has increased steadily in the United States.
Operation Fairplay is being used by law enforcement agencies across the United States and in 18 other countries, including England, France and Sweden. The software allows investigators to download child pornography from a suspected computer that shares files with the investigators and then identify the machine's Internet protocol address. Officials can obtain a physical address from the sender's Internet service provider, which can lead to a search warrant.
Virginia has started to expand state efforts to track down such offenders. Lawmakers will add $1.5 million to the biannual budget approved last month by the General Assembly and Gov. Timothy M. Kaine (D) for the state's Internet Crimes Against Children Task Force. The task force's units, based in Fairfax and Bedford counties, are charged with helping police find Internet predators.
Virginia officials estimate that law enforcement officials are able to follow up on less than 2 percent of known cases, because of a lack of resources. The additional funding will enable departments to train more officers and provide more communities with the tracking software.
"The problem is expanding exponentially," said Del. Brian J. Moran (D-Alexandria), who pushed for the increase in state funding. He cited federal statistics that have shown that 55 percent of possessors of child pornography had committed contact offenses.
"The more you know about this stuff," Moran said, "the more you realize that every time you bring a computer into your home, you provide online predators with access to your children."
http://www.washingtonpost.com/wp-dyn...040803930.html
Virginia 1st State to Require Internet Safety Lessons
AP
Virginia is the first state to mandate that public schools offer Internet safety classes for all grade levels -- and it's one of many measures being taken nationally to protect young Web users.
Virginia's requirement initially stemmed from concerns about sex offenders preying on children online and a general increase in Internet-based crime. It took effect this school year.
In a recent presentation at a suburban Richmond high school, Virginia assistant attorney general Gene Fishel flashed an online social-networking profile a 15-year-old who says she enjoys being around boys and wants to meet new people. The real profile user turned out to be a 31-year-old man convicted of sexually abusing 11 children he met online and sentenced to a 45-year prison term.
A 2006 study by the National Center for Missing and Exploited Children showed that about 13 percent of Internet users ages 10 to 17 received unwanted sexual solicitations.
http://www.wdbj7.com/Global/story.asp?S=8127995
Facebook Sex Addict Slept with 50 Men
A woman says she is a Facebook sex addict and has slept with 50 men she met through the networking site.
Laura Michaels, 23, set up a group called "I Need Sex" on the site.
She invited men to contact her and those whose picture she liked, she met up with.
Within 10 minutes the group had 35 members and soon attracted 100 men, 50 of whom she slept with.
She told The Sun: "I know that it was risky behaviour but that was part if the thrill."
One of her Facebook conquests was called Simon from Swindon.
She said they met for drinks in her home town of Bristol and then went back to his hotel for sex.
She admitted some people might "look down on me" for her behaviour and said some might even say that she may as well have been a prostitute because then she would at least have been paid for sleeping with so many different men, but she said: "I don't see it like that at all.
"I was satisfying my own desires by setting up the group."
She said Facebook had since removed her page.
http://www.metro.co.uk/news/article....&in_page_id=34
Oklahoma Court Rules Public Upskirt Photography Perfectly Legal
An Oklahoma court released a 34 year old man who was caught kneeling behind a 16 year old girl at a store in Tulsa, taking an "upskirt" picture of her, ruling upskirt photography in public places a legal practice.
"Oklahoma's Court of Criminal Appeals ruled that taking pictures up someone's skirt in a public place is not a crime. The court voted 4-1 in favor of 34-year-old Riccardo Ferrante who was arrested for putting his camera up an unsuspecting 16-year-old girl’s skirt in a department store, reports the Associated Press."
http://www.pollsb.com/polls/poll/943...erfectly-legal
Text Alerts to Cellphones in Emergency Are Approved
AP
Federal regulators approved a plan on Wednesday to create a nationwide emergency alert system using text messages delivered to cellphones.
Text messages have exploded in popularity, particularly among young people. The trade group for the wireless industry, CTIA, estimates more than 48 billion text messages are sent each month.
The plan stems from the Warning Alert and Response Network Act, a 2006 federal law that requires upgrades to the emergency alert system. The act requires the Federal Communications Commission to develop ways to alert the public about emergencies.
“The ability to deliver accurate and timely warnings and alerts through cellphones and other mobile services is an important next step in our efforts to help ensure that the American public has the information they need to take action to protect themselves and their families prior to, and during, disasters and other emergencies,” the commission chairman, Kevin J. Martin, said after the plan was approved.
Carriers’ participation in the system, which has strong support from the industry, is voluntary.
Cellphone customers would be able to opt out of the program. They also may not be charged for receiving alerts.
There would be three types of messages, according to the rules.
The first would be a national alert from the president, probably involving a terrorist attack or natural disaster.
The second would involve “imminent threats” that could include natural disasters like hurricanes, tornadoes or university shootings.
The third would be reserved for child abductions, so-called Amber alerts.
The alerts would be delivered with a unique audio signature or ”vibration cadence.”
The service could be in place by 2010.
http://www.nytimes.com/2008/04/10/wa...n/10alert.html
It Takes a Cyber Village to Catch an Auto Thief
Richard S. Chang
EARLY on the afternoon of March 26, two young men visited Heritage Auto Sales, a specialty dealership in Calgary, Alberta. They asked to test-drive a dark gray 1991 Nissan Skyline GT-R, a performance model made primarily for the Japanese market and rarely seen in North America.
The car had been imported from Japan by Shaun Ironside for his dealership. Despite its reserved appearance, the Skyline GT-R is something of a performance icon to car enthusiasts and video gamers; it fit well among the Porsches and Mercedes-Benzes in Mr. Ironside’s inventory.
One of the men had been to the dealership a week earlier for a ride, but he and Mr. Ironside didn’t get far. The car, with an engine modified for extra horsepower, began to act up. When the man returned with a friend for another try, Mr. Ironside was juggling two customers, so he just handed them the keys, explaining that there was only enough gas in the tank for a drive around the block.
But 15 minutes later Mr. Ironside noticed that the Skyline still hadn’t returned — and that the car that the two men had arrived in was gone. A bad feeling swelled in his gut; still, he reasoned, sometimes a buyer will take a car to have it inspected.
“It’s kind of hard to report a vehicle stolen 15 minutes after it’s not come back from a test drive,” he said in a telephone interview last Sunday.
The car never returned. That night, after reporting its disappearance to the police, Mr. Ironside posted a message on Beyond.ca, a Web site for Canadian auto enthusiasts, to spread the word.
10:28 p.m., March 26 Unfortunately I have to post this as one of my first posts my 1991 Skyline GT-R is officially STOLEN.
The forum posting went on to describe the afternoon’s events, repeating information that was included in the police report. He described the driver as a white male in his early 20s, heavy-set, around 5-foot-6, with a distinguishing feature: missing ring and middle fingers on his left hand.
The post included several photos of the missing car and offered a cash reward, though as he typed, Mr. Ironside had little expectation of getting the car back, he said later. But his post set off a cyberworld dragnet — a process definitely not recommended by the police — in a case the arresting officer called “a bizarre file.”
Results came quickly. The next day, James Lynch, a forum moderator, was leaving the Chinook Center mall in Calgary in his BMW M3 when he noticed a Nissan Skyline close behind him.
Having seen the photos of the missing Skyline online earlier in the day, Mr. Lynch immediately recognized the black wheels. He pulled alongside the Skyline at the next light, he said, and gave the driver a “rock out” sign, holding up a hand with pinkie and index finger extended and his other fingers clenched.
“He was dumb enough to do it back to me — and I got a picture right when he did it,” Mr. Lynch said.
When Mr. Ironside checked the Skyline message thread that afternoon, he scrolled through messages from dozens of members. At the bottom of the first page, he reached a surprising post by Mr. Lynch, whom he knew only by his forum handle, JAYMEZ.
4:19 p.m., MARCH 27 I FOUUUNNNDDDDD THEM =) And I have pictures Called the police and chased them, also talked to them.
Five minutes later, the photo, with the driver looking straight into the camera, appeared on the thread. He fit the description in Mr. Ironside’s police report, down to the white and black New York Yankees baseball cap. The photo wasn’t entirely clear, but the driver appeared to be missing two fingers.
Mr. Ironside forwarded the photo to the police, who told him, “The picture is as solid evidence as you’d ever find.”
Online auto forums have helped unravel crimes before. Two years ago, a detective in Los Angeles used the forum on FreshAlloy.com, a Nissan enthusiast site, to track down victims of an elaborate fraud scheme. (That case, too, involved Nissan Skylines.)
The Beyond.ca site had also played a role in earlier cases of what might be called open-source crime solving. A year ago one of its members saw a hit-and-run accident a block in front of him, said Shelton Kwan, who co-founded the site with his cousin Ken Chan in 2002. “He took pictures. And the guy who got hit was another member of ours.”
The victim posted a message about the incident an hour later. The witness with the camera followed up with clear shots of the suspect’s face and license plate — and it made the local news.
“We sent all of that to the cops,” Mr. Kwan said. “And that one was handled basically by the end of the day.”
Two hours after the photo taken by Mr. Lynch was posted, Allan Thomson, known on the forum as Numi, reported a Skyline sighting the previous night and gave directions to the area. The forum exploded with vigilante fervor; members living close by proposed a search.
Four hours later, Mr. Thomson posted again, this time to say that he had sent out a personal message pinpointing the car’s position.
10:23 PM, March 27 FOUND!!! PMED with exact location. Guy drives it like he owns it. Idiot parks outside his house backed in so you cant see his plate.
Exactly 15 minutes later, a forum member added a link to a Google map with directions to the house. Other members scrambled to narrow their Facebook searches for the suspect to the closest high school. At about 11 p.m., a link to the Facebook profile appeared online. The photos seemed to show the same person in the picture taken by Mr. Lynch.
In a little more than 24 hours from the time of Mr. Ironside’s first post on the stolen Skyline, members of the forum had spotted the car and assembled a name, photo, home address and Facebook profile for the person seen behind the wheel of the Skyline.
That night, Mr. Ironside joined a handful of forum members at the address where the car had been parked earlier. After midnight, he posted again.
12:30 a.m, March 28 There was a older body style 94-01 Dodge Ram 1500 Pickup Red in color acting suspicious in the area. If it wasn’t anybody here I would be willing to bet that this guy got a little spooked from all the activity and is just riding around in another vehicle. Anyways, I had to book out and switch up vehicles to a less obvious ride.
Mr. Ironside returned home at 2:30 a.m. and went to sleep.
Punit Patel, known as Dj-Stylz on Beyond.ca, followed the busy thread through the night. He saw that other forum members had searched the area to no avail and decided to leave for work early the next day to swing by the house. He didn’t think about what he would do if the Skyline was there.
When Mr. Patel found the Skyline parked between two pickups, he blocked the driveway with his Acura and asked a friend to post his discovery. Then he called the police and waited.
Mr. Ironside was surprised by the latest development when he checked the forum in the morning. He jumped into his car and arrived at the house at 8:45 a.m. Then he called 911 with his case number. The police arrived in minutes.
Mr. Patel’s next post detailed the events.
11:26 A.M., MARCH 28 The owner arrived and he called the cops because no one came for more then 2 hours. Cops came within 5 minutes after the owner called. I got pictures just give me a little time to upload. Also got a video of the guy getting arrested.
For Mr. Ironside, it was the best possible outcome. His car was dirty but in good shape. He would need to replace the tires and fix a few rock chips.
“Basically this guy thought the car was his, from what I could tell,” he said. “There were receipts in the car for premium car washes. He had all his music collection in there.”
Less than 48 hours after Mr. Ironside’s initial post, photos of the house and videos of the arrest appeared on the thread. The shaky video showed a single police officer escorting the suspect, confirmed by the Calgary police as 18-year-old Jamie Glen Jacobson, to an unmarked police car. He was charged with theft over $5,000. He is free on bail pending a court appearance on April 16.
“This guy has worldwide recognition for being a car thief for the rest of his life,” Mr. Ironside said. “The Internet is not going away.”
http://www.nytimes.com/2008/04/13/au...s/13STEAL.html
Experts Hack Power Grid in No Time
Basic social engineering and browser exploits expose electric production and distribution network
Tim Greene
Cracking a power company network and gaining access that could shut down the grid is simple, a security expert told an RSA audience, and he has done so in less than a day.
Ira Winkler, a penetration-testing consultant, says he and a team of other experts took a day to set up attack tools they needed then launched their attack, which paired social engineering with corrupting browsers on a power company's desktops. By the end of a full day of the attack, they had taken over several machines, giving the team the ability to hack into the control network overseeing power production and distribution.
Winkler says he and his team were hired by the power company, which he would not name, to test the security of its network and the power grid it oversees. He would not say when the test was done, but referred to the timeframe as "now." The company called off the test after the team took over the machines.
"We had to shut down within hours," Winkler says, "because it was working too well. We more than proved that they were royally screwed." In addition to consulting, Winkler is author of the books Spies Among Us and Zen and the Art of Information Security.
The problem is pervasive across the power industry, he says, because of how power company networks evolved. Initially their supervisory, control and data acquisition (SCADA) networks were built as closed systems, but over time intranets and Internet access have been added to the SCADA networks. Individual desktops have Internet access and access to business servers as well as the SCADA network, making the control systems subject to Internet threats. "These networks aren't enclosed anymore. They've been open for more than a decade," Winkler says.
The penetration team started by tapping into distribution lists for SCADA user groups, where they harvested the e-mail addresses of people who worked for the target power company. They sent the workers an e-mail about a plan to cut their benefits and included a link to a Web site where they could find out more.
When employees clicked on the link, they were directed to a Web server set up by Winkler and his team. The employees' machines displayed an error message, but the server downloaded malware that enabled the team to take command of the machines. "Then we had full system control," Winkler says. "It was effective within minutes."
Winkler says SCADA systems are inherently insecure because they are software running on standard operating systems on standard server hardware, making them subject to all the vulnerabilities of those systems.
Power companies' desire to not risk interrupting service with software upgrades that could improve security perpetuates the inherent weaknesses, he says. "The power grid is so poorly maintained that it is easier to attack than most other systems and networks," he says. "They hope for the best and make the risk-avoidance excuse if something goes wrong."
Winkle says his talk doesn't expose power networks to any more danger than they face now. "The real bad guys already know what I'm saying," he says. "There is the potential for serious damage."
Winkler says power companies need to adopt SCADA software that is better tested for vulnerabilities and engineered for rapid patching when flaws are found. They also need to segment their networks so a breach from the Internet cannot reach the SCADA network.
http://www.networkworld.com/news/200...ower-grid.html
High-Tech Crime Is an Online Bubble That Hasn’t Burst
Doreen Carvajal
There are no storefronts or corporate headquarters in the cybercrime industry, just savvy sellers in a murky, borderless economy who are moving merchandise by shilling credit card numbers — “two for the price of one.”
“Sell fresh CC,” promised one who offered teaser credit card numbers. “Visa, MasterCard, Amex. Good Prices. Many countries.”
Electronic crime is maturing, according to security experts, and with its evolution, criminals are adopting conventional approaches like supermarket-style pricing and outsourcing to specialists who might act as portfolio managers or computer technicians.
“It’s a remarkable development of a whole alternative business environment that’s occurred over the last couple years,” said Richard Archdeacon, a senior director of global services for Symantec, an Internet security company with 11 research centers around the world. “What’s been so astonishing is the speed with which it’s developed.”
In the United States alone, victims reported losses of $239 million to online fraud in 2007, with average losses running about $2,530. The complaints are recorded by a special Web-based hotline operated by the F.B.I. and the National White Collar Crime Center, a nonprofit corporation focusing on electronic crime.
The most common frauds were fake e-mail messages and phony Web pages, and the crimes were organized from the United States, Britain, Nigeria, Canada, Romania and Italy, according to an F.B.I. report issued last month.
Despite the increasing sophistication and elusiveness of online criminals, judges remain reluctant to order much jail time for computer crime, according to some national law enforcement officials and major companies like Microsoft.
A case in point is Owen Thor Walker, an 18-year-old hacker from New Zealand who pleaded guilty last week to criminal charges arising from his development of a vast international network of individual computers, which he had infected with hidden software, or “malware,” and remotely controlled.
In the parlance of the trade, he was a “bot herder” who offered his “robot network” for hire to a company in the Netherlands, which wanted to covertly install its advertising software.
Walker’s borderless network first surfaced in an F.B.I. investigation of a computer attack in 2006 that caused the crash of a computer server at the University of Pennsylvania. The F.B.I. singled out a Pennsylvania student in the attack who ultimately led investigators to Mr. Walker.
Mr. Walker’s sentencing is scheduled for May, but the judge on the case indicated that he would consider community detention and work release or some home detention for punishment of the teenager, who has Asperger syndrome, a mild form of autism marked by poor social skills and compulsive behavior.
“Most of the time, it’s very difficult for a judge to understand what’s going on and what the risks are,” said Eric Loermans, chief inspector of a Dutch high-tech crime unit.
Mr. Loermans was part of a cybercrime forum in Strasbourg last week that was convened by the Council of Europe to develop guidelines for closer international cooperation between law enforcement and Internet service providers. More than 200 people representing government agencies and private companies from Europe, Africa and the Americas participated in the conference.
Mr. Loermans’s plainclothes high-tech unit now numbers about 25 people, but the police are also developing training programs for everyone on the staff down to the officer on the beat, according to Mr. Loermans.
“Years ago, we saw cybercrime as a speciality,” he said. “Now we have added cybercrime in every form of police training, so we are raising the level of the entire Dutch police force. There’s no crime anymore where there are no digital components built in.”
David Roberts, chief executive of the Corporate IT Forum, which represents 150 companies in Britain, said his group was pressing for a single confidential channel through which corporate security chiefs could report cybercrimes.
http://www.nytimes.com/2008/04/07/bu...s/07cyber.html
Market for Stolen Data Getting More Competitive
AP
Fierce competition among identity thieves has driven the prices for stolen data down to bargain-basement levels, which has forced crooks to adopt mainstream business tactics to lure customers, according to a new report on Internet security threats.
Credit card numbers were selling for as little as 40 cents each and access to a bank account was going for $10 in the second half of 2007, according to the latest twice-yearly Internet Security Threat Report from Symantec Corp. released Tuesday.
Symantec detected 711,912 new threats last year, 468 percent more than in 2006, when it found 125,243 - and almost two-thirds of all 1,122,311 Symantec has cataloged since 2002.
The data is usually sold through instant-message groups or Web forums that exist for only a few days or even hours, according to Symantec, and the hacking community exacts harsh consequences when members try to pass along fraudulent information.
"If the seller says there's $10,000 in a bank account, and there isn't $10,000 in there, their ability to sell will drop through the floor," said Alfred Huger, vice president of Symantec Security Response. "It's a sort of honor among thieves, and it's very strictly enforced."
Researchers said they found more evidence during the last six months of the year that Internet fraudsters are adopting mainstream tactics, including hiring teams of hackers to create new viruses and offering volume discounts on stolen data to encourage larger orders.
In some cases, stolen credit card numbers were sold in batches of 500 for a total of $200. That's 40 cents each, less than half the price observed during the first half of 2007, when they were down to $1 apiece in batches of 100, according to the report.
Full identities - including a functioning credit card number, Social Security number or equivalent and a person's name, address and date of birth - are going for as little as $100 for 50, or $2 apiece.
Certain identities are more alluring than others, according the report. Stolen identities of citizens of the European Union sell on the high end - for $30 - an average of 50 percent more than U.S. identities.
Researchers said the higher prices reflect the fact that the identities can be used in multiple countries, instead of just one. They added, however, that scarcity of a certain type of identity will drive up its price.
Also popular with attackers are Web site-specific vulnerabilities because few are fixed quickly. Of 11,253 so-called "cross-site scripting" vulnerabilities found on specific sites during the second half of 2007, only 473 were patched.
Cross-site scripting vulnerabilities are flaws in the coding of Web applications that allow hackers to insert malicious code into the pages and then deploy it to unsuspecting visitors.
The report was released as thousands of security professionals gathered in San Francisco for the RSA Conference, a weeklong event at which Symantec's CEO John Thompson Tuesday keynote is among several high-profile speeches.
The survey is based on malicious code gathered from more than 120 million computers running Symantec antivirus software and some 2 million decoy e-mail accounts that collect spam.
http://www.siliconvalley.com/news/ci_8848491
Man Claims People's Bank is Careless with Personal Info
Rob Varnon
For four months, James Hastings dove into Dumpsters outside People's United Bank branches throughout Fairfield County, pulling out bags of paperwork containing private information, including customers' Social Security numbers and account information.
Bank employees didn't know what Hastings was doing until the Fairfield resident told them and delivered a video depicting him digging through the Dumpsters and sitting in front of a wall in his home he had papered with the documents.
The bank got a restraining order against Hastings on March 20, and detectives from the State Police, on a search-and-seizure warrant, raided his home. He is scheduled to appear in Bridgeport Superior Court Monday and he said he could face prison for violating the order the bank secured from the court to stop Hastings from discussing or distributing any of the material.
The restraining order also came into play Wednesday when Hastings tried to turn over the remaining boxes of documents to Attorney General Richard Blumenthal. The AG's office late Wednesday refused to talk to him until lawyers there investigated the restraining order. It had not made a determination on how it can proceed.
In a series of interviews, Hastings says he's not an identity thief. He says he wants the bank to react to what he calls a serious lapse in security. On Tuesday, he displayed two boxes filled with documents he says he culled from bags of garbage People's United Bank threw away.
People's, however, doesn't see it that way, and said Hastings is attempting to extort money from the bank. It is also demanding the information be turned over to the bank.
Brent DiGiorgio, a People's spokesman, says the bank's primary concern is protecting the customers' information that Hastings has taken.
"We're going to provide one year of free credit monitoring for customers whose information was taken when this gentleman rummaged through our trash," DiGiorgio said. He said the bank notified police immediately when it found out what Hastings had. That notification resulted in a search of Hastings home and the seizure of documents.
Letters are being mailed out to affected customers, DiGiorgio said.
State police sources familiar with the case say they are continuing to investigate.
So how did this thin, 56-year-old home repairman end up facing off with one of New England's largest banks? About four months ago, Hastings says he was driving out of a People's branch parking lot in Fairfield when he saw a Dumpster brimming with garbage bags. When he looked more closely, he saw the clear garbage bags were stuffed with financial documents.
Hastings says he wanted to try to determine the extent of the problem, so he says he worked nights and weekends digging into Dumpsters at People's and other financial institutions.
"I'm disgusted by what I've pulled out of those bags," Hastings says, adding that the paperwork contains information on how much money individuals have in their accounts and where they live. He's got Social Security numbers and more on customers.
"I've got a guy in here that's got $8 million in gold," Hastings says.
He turned over a lot of those documents to police during the raid, but retained some in boxes, he says, that he hoped Blumenthal's office would accept.
During trips to People's branches from Stratford to Stamford, he made a video to, he claims, to protect himself from the charge of extortion. "It needs editing," he said, before turning one of the many discs over to the Connecticut Post. The video shows several nights and days of Hastings going to People's branches and other financial institutions.
Hastings said he found documents from Citibank and Wachovia branches in Dumpsters in Fairfield County, too, although the Post saw evidence of only one slip of paper from Citibank. Neither bank said they had been contacted about the issue.
A Wachovia spokesperson was appalled at the charge and said the bank not only trains employees to not throw out sensitive documents, but uses special trashcans to dispose of such documents at each desk.
Like other banks, Citibank didn't go into detail about its procedures. But spokesperson, Janis Tartar said in an e-mail, "As part of our information security training for new hires and ongoing training for existing employees, we emphasize the importance of safeguarding private customer information. Protecting our customers' accounts and confidential data is a top priority and a matter we take seriously."
The vast majority of material comes from People's, according to Hastings' video. One portion shows bags of materials he says he found in the garbage. There are applications for credit cards, reports on bank deposit and account information.
These are the same kinds of records the bank recommends, on its Web site, that its customers shred and dispose of carefully at home. The Federal Trade Commission recommends the same thing.
Hastings says after several months he contacted People's and the bank set up a meeting with him. On March 19, he met with People's Director of Corporate Security William A Gniazdowski.
Gniazdowski's affidavit of the meeting is on file with the court.
In it, he says Hastings went to the bank's headquarters at Main Street in Bridgeport, met with executives and dropped off DVDs and toy handcuffs. In the video the bank saw, and Hastings confirms, he wears an orange jumpsuit to indicate People's employees should face criminal charges if any of this private information is made public.
Gniazdowski says Hastings asked People's to hire him as a "fraud consultant." When Gniazdowski asked what would happen if the bank didn't comply, Hastings allegedly said he'd take "great pleasure shoving it up their nose."
Hastings said the bank's security chief trapped him in the room and wouldn't let him leave, so Hastings got mad and told the security officer to take the DVDs and shove them up his nose.
As for the charge of extortion, Hastings says, that's the bank trying to protect its reputation.
The fact that the police didn't arrest him when they searched his house shows that it's clear he wasn't trying to extort anything, he says. He adds that if he were a criminal he would have never gone to the bank because he could be living off the information he found. He noted the bank didn't know he was out there until he came to People's.
Hastings, who admits he's concerned about his freedom and reputation, says he wishes he'd never started this, but now that he has he's not going to just roll over.
He volunteered that he has a record. He was arrested and served a two-year probation for trying to secure drugs from a pharmacy by impersonating a doctor, but that was for a painkiller he needed, and he was convicted of drunken driving. The Post confirmed he has a small criminal record.
As for what he offered the bank, Hastings says, "What I said is you need a consultant. You don't need to hire me."
The bank disagrees, and a law professor says he would tend to side with the bank.
Jeffrey Meyer, a Quinnipiac University Law School associate professor and former assistant U.S. attorney, says he's heard of situations like this, but they usually involve computer hackers.
In those scenarios, a hacker finds a weakness in a corporation's Web site, exploits it and sabotages the site. The hacker will do it several times, Meyer says, before contacting the company to suggest it hire him or her as a consultant.
This has resulted in prosecution for extortion, Meyer says.
"It's the quid pro quo," Meyer said, which makes it a problem.
If the person demands payment not to damage the company, "it certainly crosses the legal line," he said.
This is not the first time Hastings says he's investigated a company's procedures and asked to be hired as a consultant. He says he found a problem with a cell phone company and it paid him $10,000 as a consultant in the late 1990s.
"I can't explain it," Hastings said of how he uncovers these kinds of problems. "If you're stealing and you are around me, I'll know it."
Hastings said the bank's Dumpsters aren't properly secured and it isn't shredding documents, he says.
"We believe this is an isolated incident to the greater Bridgeport and greater Stamford," DiGiorgio said. "It's unfortunate."
DiGiorgio says the bank has training on how to safeguard customer information and takes that obligation very seriously. It is reviewing its policies, he said when asked if People's will still throw documents into Dumpsters.
"We do have a policy of how to dispose of customer information," DiGiorgio says, but security reasons prevented him from revealing what those policies are.
The documents the bank has been reviewing from the police raid are a mix of paperwork thrown out by bank employees and customers, DiGiorgio says.
DiGiorgio says that since Hastings went to the bank it has posted "no trespassing" signs and has installed locks on the Dumpsters it controls. But some of those receptacles, the bank shares with other companies and therefore cannot lock.
While the bank is reviewing its procedures, DiGiorgio said it does not believe that Hastings has a right to take the documents to "extort money from the bank."
Blumenthal said Thursday his office is still investigating the matter and attempting to verify Hastings' story.
But he said in an earlier interview banks have a legal responsibility to secure customers' financial information.
Blumenthal questioned how People's could be securing customers' information by throwing it away unshredded or even shredded in a state that could be pieced together.
The bank "might have an explanation," Blumenthal says. "But then again it might want to change its current practices or buy a new shredder."
Staff writer Daniel Tepfer contributed to this report.
http://www.newstimes.com/latestnews/ci_8832842
Siemens to Offer Fingerprint Internet ID
To cut down on hacking of bank accounts, Siemens will introduce an Internet ID which scans the user's fingerprints before allowing him or her access to the bank account
The offense-defense cycle is used by political scientists to explain arms races among states, but the model applies to crime as well: A new type of crime emerges, and an industry is created to offer solutions to it; then a new cycle begins with clever criminals finding new ways to defraud people, and new security solutions offered, and so on. Here is an example: As Internet crime is on the rise, measures are taken to protect bank accounts from online hackers, with the latest being the development of a new Internet ID card that scans a user's fingerprint before allowing them to make a transaction. The card, from Siemens, is the size of an ATM card and incorporates a fingerprint scanner and six optical sensors. Users will initially scan several fingers over the card so their prints will be stored for later identification. It does not need extra software or hard- ware, so is safe from attacks and can be used on any PC. The Week in Review is edited and published by Jack Spratts. To make a transaction, the card will scan the user's finger. The bank's Web site then sends a flicker code, which the ID card sensors register and decrypt. In the process, the monitor displays six rapidly flashing fields that alternate between black and white. The flicker code contains the details of the funds transfer submitted to the bank and the associated transaction number (TAN). Using an integrated cryptographic key, the card decrypts the code and displays the deciphered information on its small screen. The user checks the transaction data is complete, then confirms the transfer by entering the TAN displayed on the screen.
The card contains information from several fingers including one designated as the 'emergency finger', which users can scan if they are being forced to transfer funds under duress. The scan will warn the bank. While the transaction will be completed on the computer monitor, the bank will not actually complete the request. The solution is set for market launch later this year.
http://hsdailywire.com/single.php?id=5904
House Staffers Livid Over Web Site
Financial information being posted is too personal, aides say
Paul Kane
Working from a cramped loft apartment a mile from the Capitol, a small Internet company has sparked a privacy rights battle with hundreds of angry top House staffers upset that the Web site has begun posting details about their personal finances.
In an unusual conflict over constitutional rights, the aides argue that the recent disclosures leave them highly vulnerable to identity theft. But the Web site, LegiStorm, contends that it has a First Amendment right to publish already public information about some of the Capitol's most powerful players -- the high-level staffers -- and is creating a new check against potential corruption.
"Congressional staffers are among the most powerful people in Washington, and in the past they have received very little scrutiny. It's about time there was a little more scrutiny given to what they're doing," said Jock Friedly, president and founder of LegiStorm, which has six employees.
For several years, LegiStorm has published salary and expenditure reports that are released regularly by the House and Senate. The reports, released quarterly by the House and semiannually by the Senate, provide detailed information on how much each lawmaker spends, along with the names, titles and salaries of every employee.
In late February, however, LegiStorm expanded the data it provides by putting the staffers' personal financial disclosure forms online. Those documents, which must be filed by senior aides, contain explicit detail on aides' finances -- including bank accounts and investment portfolios -- as well as some home addresses and signatures.
The posts have enraged top House staffers whose personal finances are now on display for any Internet sleuth to access with a few clicks of a computer mouse. The move has not, however, generated many complaints from Senate aides.
"Who knew it was going to get posted on the Web? It's shocking," said one House Democratic chief of staff, who requested anonymity to discuss her personal finances. "Now that anybody can look it up on the Web, I don't know if I like it anymore."
Her forms for 2006, which were filed last spring, included her home address and 32 pages of detailed statements about bank accounts under the name of her husband and daughter. That prompted her to raise concerns about identity theft at a chiefs of staff meeting in March.
At other similar meetings over the last month, some aides have suggested that the House general counsel should sue LegiStorm, which they accused of trying to profit from the dissemination of their records. Friedly said he is not selling the information on his Web site, which is available free but is supported by advertising.
He also noted that a number of media sites, including washingtonpost.com and Congressional Quarterly, publish similar data for members of Congress.
"Presumably," he predicted, "cooler heads will prevail."
Under federal law, staffers who earn more than $110,000 a year must file financial disclosure forms. In addition to staffers' financial holdings, the documents show any outside income, gifts received and official positions held with outside groups.
Before LegiStorm existed, anyone searching for salary and financial disclosure information had to trek down to the basement of the Cannon House Office Building to rummage through the records. Those searching for financial disclosure forms, either for a lawmaker or a staffer, had to enter their name into a computer database, leaving a record of whose documents they were examining.
The clerk of the House, Lorraine C. Miller, wrote to the more than 2,000 staff members who file disclosure reports, warning them to check whether they reveal any sensitive material, such as bank account or Social Security numbers. That prompted Friedly to uncover more than 20 instances in which such private information was revealed on his Web site, for which he has apologized. The information since has been redacted from the site.
However, Friedly refuses to remove staff home addresses or signatures unless the House pays the roughly $10,000 cost of altering thousands of the forms.
Friedly noted that since his site began publishing the financial information of top aides, the Capitol Hill newspapers Roll Call and the Hill have published articles about questionable transactions by a trio of top staffers, and that the newspapers used LegiStorm to confirm information about the aides.
The financial data is from top aides who are "actually writing the law of the land," he said.
Lawyers from the offices of the House Clerk, House General Counsel and ethics committee are trying to craft new forms that will help resolve the issue. "The office of the Clerk is working to ensure that disclosure requirements are met while at the same time protecting confidential or personal information," said Adam Holmes, spokesman for the clerk.
http://www.washingtonpost.com/wp-dyn...040803034.html
Peruse your congressperson’s salary and staff information here – Jack.
The public speaks out about LegiStorm
The Public Has Spoken - and They Appear to Like What We are Doing
Legistorm blog
For several weeks we have been a bit beaten up. Congressional aides spoke of our site in sometimes vitriolic and, frankly, paranoid terms about how we invaded their privacy by publishing financial disclosures.
One staffer accused us of aiding the break-in of a home; others talked darkly about potential kidnappings and Russian gangsters. Many suggested lawsuits against us, at times for disclosing information that was already disclosed in the white pages delivered to homes and in Internet-searchable phone books. To be sure, there were some legitimate privacy issues raised but we have always believed the public right to know has trumped any privacy concerns that we have not already addressed.
When the story was a "local" one, confined to the congressional campus, we sensed the outrage about our publication of personal financial disclosures building to a level of hysteria - where the most absurd claims would be adopted as fact by an angry group of staffers. But the mood began to change dramatically yesterday when the Washington Post published a piece about how staffers were livid. NPR's All Things Considered ran an interview with LegiStorm founder Jock Friedly and American Public Media's Marketplace (also heard on many public radio stations nationwide) ran their own story. Salon and other publications joined in.
An encouraging thing happened: The broader public began to flood us with their private emails of encouragement. Dozens of others wrote complementary comments on our new blog. The Washington Times editorialized in favor of us.
We appreciate the support and we can assure you that we will continue to fight for all reasonable public disclosure measures while taking measures to protect staffer privacy where that does not damage the public's right to konw.
http://www.legistorm.com/blog/the-pu...legistorm.html
FBI Probe: Lieberman Campaign to Blame for Crashing Own Web Site
Brian Lockhart
A federal investigation has concluded that U.S. Sen. Joseph Lieberman's 2006 re-election campaign was to blame for the crash of its Web site the day before Connecticut's heated Aug. 8 Democratic primary.
The FBI office in New Haven found no evidence supporting the Lieberman campaign's allegations that supporters of primary challenger Ned Lamont of Greenwich were to blame for the Web site crash.
Lieberman, who was fighting for his political life against the anti-Iraq war candidate Lamont, implied that joe2006.com was hacked by Lamont supporters.
"The server that hosted the joe2006.com Web site failed because it was overutilized and misconfigured. There was no evidence of (an) attack," according to the e-mail.
A program that could have detected a legitimate attack was improperly configured, the e-mail states.
"New Haven will be administratively closing this investigation," it concluded.
The e-mail, dated Oct. 25, 2006, was included in a technical packet of information recently sent to The Advocate in response to requests under the Freedom of Information Act filed in late 2006 with the offices of state Attorney General Richard Blumenthal and U.S. Attorney Kevin O'Connor.
The Advocate filed the requests after Blumenthal and O'Connor closed the case but declined to divulge details. They stated only that they found no evidence that Lamont supporters were to blame.
Visitors who tried to access Lieberman's site at the time received a message calling on Lamont to "make an unqualified statement denouncing this kind of dirty campaign trick and to demand whoever is responsible to cease and desist immediately."
The Lieberman-Lamont race captured national and international attention.
Blumenthal denied The Advocate's FOI request on the grounds it was a federal matter, and it took more than a year for the FBI and U.S. Department of Justice to respond.
The Lieberman campaign alleged it was the target of a "denial of service attack," which can involve bombarding a Web site with external communications to slow it or render it useless.
"Our Web site consultant assured us in the strongest terms possible that we had been attacked," former Lieberman campaign spokesman Dan Gerstein said in December 2006.
According to the FBI memo, the site crashed because Lieberman officials continually exceeded a configured limit of 100 e-mails per hour the night before the primary.
"The system administrator misinterpreted the root cause," the memo stated. "The system administrator finally declared the server was being attacked and the Lieberman campaign accused the Ned Lamont campaign. The news reported this on Aug. 8, 2006, causing additional Web traffic to visit the site.
"The additional Web traffic then overwhelmed the Web server. . . . Web traffic pattern analysis reports and Web logging that was available did not demonstrate traffic that was indicative of a denial of service attack."
http://www.stamfordadvocate.com/localnews/ci_8859029?
Sequoia Touch-Screen Voting Machines Subpoenaed in NJ
Brad Friedman
Judge Orders Mandatory Testing of Machines After Company Previously Threatened Legal Action Against Princeton Professors if They Dared To Examine Machines...
Just out from the NJ Star-Ledger...
Quote:
Subpoenas were issued in six New Jersey counties today, demanding that officials turn over for testing all voting machines where discrepancies were found in the presidential primary tallies.
Election officials in Bergen, Gloucester, Mercer, Middlesex, Ocean and Union counties were instructed to turn over the machines by April 15. Activists trying to persuade Superior Court Judge Linda Feinberg that electronic voting machines should be discarded succeeded in convincing her that examining these counties' machines is critical to their case.
"In order to succeed in our case and show Sequoia machines are insecure and can be hacked into, we need to look at these machines," Venetis argued. Clerks in the six counties uncovered discrepancies in 60 machines when they doubled check the vote tallies after the Feb. 5 presidential primary.
Michelle Shafer, a spokeswoman for Sequoia in California, said her company would try to have the subpoenas quashed. But no motions were filed today with Superior Court Judge Linda Feinberg, who is presiding over the case in Trenton.
|
In the meantime, we repeat our background detail on this amazing (and sometimes hilarious) story in full below, as we ran it this weekend when one of the Princeton professors threatened by Sequoia found the failures in NJ were even worse than previously thought.
Please note: The same failed Sequoia AVC Advantage touch-screens are scheduled for use in Pennsylvania in the important upcoming Democratic Primary!...
On Super Tuesday, Sequoia's AVC Advantage touch-screen voting machines failed to boot up in many places, forcing the Governor himself to wait 45 minutes before he could cast his vote. After Super Tuesday it was found that the Sequoia AVC Advantage has misreported voter turnouts.
Sequoia offered a feeble excuse for the failure, without offering evidence to support it, which blamed both voters and poll-workers instead of themselves for the multi-million dollar embarrassment. County election officials across NJ then unanimously called for an independent investigation of the machines by Princeton computer profs Felten and Andrew Appel.
Sequoia then threatened legal action against both the professors and the counties should they undertake such a technical review of their self-described "tamperproof" machines. The counties folded to the company's strong-arm tactics, while hoping either the state AG or SoS would commission such a review.
Sequoia's website was then hacked, but not before they could release misleading propaganda claiming they loved third party independent reviews so much they were willing to then sponsor one on their own by selecting and paying an unknown "independent company" named "Kwaidan Consulting" to do one on behalf of Sequoia.
Kwaidan was then revealed by The BRAD BLOG to be no more than a "blonde nymphomaniac"-seeking babe-magnet named Mike Gibbons, who, after being commissioned by Sequoia for this important analysis, suddenly discovered a new-found love for George Bush, Jesus Christ, Albert Einstein, and the U.S. Constitution. The babes and the Jim Beam would have to wait.
Much as those voters and election officials in Pennsylvania, set to use the exact same machines two weeks from now in the upcoming, all-important, Democratic Primary, will have to wait to see if the machines work at all. Then, of course, they will simply have to trust the reported results, no matter what the machines tell them, since it is strictly impossible to discern whether any single vote cast on them was actually recorded as any single voter intended.
http://www.bradblog.com/?p=5880
The New E-spionage Threat
A BusinessWeek probe of rising attacks on America's most sensitive computer networks uncovers startling security gaps
Brian Grow, Keith Epstein and Chi-Chu Tschang
The e-mail message addressed to a Booz Allen Hamilton executive was mundane—a shopping list sent over by the Pentagon of weaponry India wanted to buy. But the missive turned out to be a brilliant fake. Lurking beneath the description of aircraft, engines, and radar equipment was an insidious piece of computer code known as "Poison Ivy" designed to suck sensitive data out of the $4 billion consulting firm's computer network.
The Pentagon hadn't sent the e-mail at all. Its origin is unknown, but the message traveled through Korea on its way to Booz Allen. Its authors knew enough about the "sender" and "recipient" to craft a message unlikely to arouse suspicion. Had the Booz Allen executive clicked on the attachment, his every keystroke would have been reported back to a mysterious master at the Internet address cybersyndrome.3322.org, which is registered through an obscure company headquartered on the banks of China's Yangtze River.
The U.S. government, and its sprawl of defense contractors, have been the victims of an unprecedented rash of similar cyber attacks over the last two years, say current and former U.S. government officials. "It's espionage on a massive scale," says Paul B. Kurtz, a former high-ranking national security official. Government agencies reported 12,986 cyber security incidents to the U.S. Homeland Security Dept. last fiscal year, triple the number from two years earlier. Incursions on the military's networks were up 55% last year, says Lieutenant General Charles E. Croom, head of the Pentagon's Joint Task Force for Global Network Operations. Private targets like Booz Allen are just as vulnerable and pose just as much potential security risk. "They have our information on their networks. They're building our weapon systems. You wouldn't want that in enemy hands," Croom says. Cyber attackers "are not denying, disrupting, or destroying operations—yet. But that doesn't mean they don't have the capability."
A MONSTER
When the deluge began in 2006, officials scurried to come up with software "patches," "wraps," and other bits of triage. The effort got serious last summer when top military brass discreetly summoned the chief executives or their representatives from the 20 largest U.S. defense contractors to the Pentagon for a "threat briefing." BusinessWeek has learned the U.S. government has launched a classified operation called Byzantine Foothold to detect, track, and disarm intrusions on the government's most critical networks. And President George W. Bush on Jan. 8 quietly signed an order known as the Cyber Initiative to overhaul U.S. cyber defenses, at an eventual cost in the tens of billions of dollars, and establishing 12 distinct goals, according to people briefed on its contents. One goal in particular illustrates the urgency and scope of the problem: By June all government agencies must cut the number of communication channels, or ports, through which their networks connect to the Internet from more than 4,000 to fewer than 100. On Apr. 8, Homeland Security Dept. Secretary Michael Chertoff called the President's order a cyber security "Manhattan Project."
But many security experts worry the Internet has become too unwieldy to be tamed. New exploits appear every day, each seemingly more sophisticated than the previous one. The Defense Dept., whose Advanced Research Projects Agency (DARPA) developed the Internet in the 1960s, is beginning to think it created a monster. "You don't need an Army, a Navy, an Air Force to beat the U.S.," says General William T. Lord, commander of the Air Force Cyber Command, a unit formed in November, 2006, to upgrade Air Force computer defenses. "You can be a peer force for the price of the PC on my desk." Military officials have long believed that "it's cheaper, and we kill stuff faster, when we use the Internet to enable high-tech warfare," says a top adviser to the U.S. military on the overhaul of its computer security strategy. "Now they're saying, Oh, shit.'"
Adding to Washington's anxiety, current and former U.S. government officials say many of the new attackers are trained professionals backed by foreign governments. "The new breed of threat that has evolved is nation-state-sponsored stuff," says Amit Yoran, a former director of Homeland Security's National Cyber Security Div. Adds one of the nation's most senior military officers: "We've got to figure out how to get at it before our regrets exceed our ability to react."
The military and intelligence communities have alleged that the People's Republic of China is the U.S.'s biggest cyber menace. "In the past year, numerous computer networks around the world, including those owned by the U.S. government, were subject to intrusions that appear to have originated within the PRC," reads the Pentagon's annual report to Congress on Chinese military power, released on Mar. 3. The preamble of Bush's Cyber Initiative focuses attention on China as well.
Wang Baodong, a spokesman for the Chinese government at its embassy in Washington, says "anti-China forces" are behind the allegations. Assertions by U.S. officials and others of cyber intrusions sponsored or encouraged by China are unwarranted, he wrote in an Apr. 9 e-mail response to questions from BusinessWeek. "The Chinese government always opposes and forbids any cyber crimes including hacking' that undermine the security of computer networks," says Wang. China itself, he adds, is a victim, "frequently intruded and attacked by hackers from certain countries."
Because the Web allows digital spies and thieves to mask their identities, conceal their physical locations, and bounce malicious code to and fro, it's frequently impossible to pinpoint specific attackers. Network security professionals call this digital masquerade ball "the attribution problem."
A CREDIBLE MESSAGE
In written responses to questions from BusinessWeek, officials in the office of National Intelligence Director J. Michael McConnell, a leading proponent of boosting government cyber security, would not comment "on specific code-word programs" such as Byzantine Foothold, nor on "specific intrusions or possible victims." But the department says that "computer intrusions have been successful against a wide range of government and corporate networks across the critical infrastructure and defense industrial base." The White House declined to address the contents of the Cyber Initiative, citing its classified nature.
The e-mail aimed at Booz Allen, obtained by BusinessWeek and traced back to an Internet address in China, paints a vivid picture of the alarming new capabilities of America's cyber enemies. On Sept. 5, 2007, at 08:22:21 Eastern time, an e-mail message appeared to be sent to John F. "Jack" Mulhern, vice-president for international military assistance programs at Booz Allen. In the high-tech world of weapons sales, Mulhern's specialty, the e-mail looked authentic enough. "Integrate U.S., Russian, and Indian weapons and avionics," the e-mail noted, describing the Indian government's expectations for its fighter jets. "Source code given to India for indigenous computer upgrade capability." Such lingo could easily be understood by Mulhern. The 62-year-old former U.S. Naval officer and 33-year veteran of Booz Allen's military consulting business is an expert in helping to sell U.S. weapons to foreign governments.
The e-mail was more convincing because of its apparent sender: Stephen J. Moree, a civilian who works for a group that reports to the office of Air Force Secretary Michael W. Wynne. Among its duties, Moree's unit evaluates the security of selling U.S. military aircraft to other countries. There would be little reason to suspect anything seriously amiss in Moree's passing along the highly technical document with "India MRCA Request for Proposal" in the subject line. The Indian government had just released the request a week earlier, on Aug. 28, and the language in the e-mail closely tracked the request. Making the message appear more credible still: It referred to upcoming Air Force communiqués and a "Teaming Meeting" to discuss the deal.
But the missive from Moree to Jack Mulhern was a fake. An analysis of the e-mail's path and attachment, conducted for BusinessWeek by three cyber security specialists, shows it was sent by an unknown attacker, bounced through an Internet address in South Korea, was relayed through a Yahoo! (YHOO) server in New York, and finally made its way toward Mulhern's Booz Allen in-box. The analysis also shows the code—known as "malware," for malicious software—tracks keystrokes on the computers of people who open it. A separate program disables security measures such as password protection on Microsoft (MSFT) Access database files, a program often used by large organizations such as the U.S. defense industry to manage big batches of data.
AN E-MAIL'S JOURNEY
While hardly the most sophisticated technique used by electronic thieves these days, "if you have any kind of sensitive documents on Access databases, this [code] is getting in there and getting them out," says a senior executive at a leading cyber security firm that analyzed the e-mail. (The person requested anonymity because his firm provides security consulting to U.S. military departments, defense contractors, and financial institutions.) Commercial computer security firms have dubbed the malicious code "Poison Ivy."
But the malware attached to the fake Air Force e-mail has a more devious—and worrisome—capability. Known as a remote administration tool, or RAT, it gives the attacker control over the "host" PC, capturing screen shots and perusing files. It lurks in the background of Microsoft Internet Explorer browsers while users surf the Web. Then it phones home to its "master" at an Internet address currently registered under the name cybersyndrome.3322.org.
The digital trail to cybersyndrome.3322.org, followed by analysts at BusinessWeek's request, leads to one of China's largest free domain-name-registration and e-mail services. Called 3322.org, it is registered to a company called Bentium in the city of Changzhou, an industry hub outside Shanghai. A range of security experts say that 3322.org provides names for computers and servers that act as the command and control centers for more than 10,000 pieces of malicious code launched at government and corporate networks in recent years. Many of those PCs are in China; the rest could be anywhere.
The founder of 3322.org, a 37-year-old technology entrepreneur named Peng Yong, says his company merely allows users to register domain names. "As for what our users do, we cannot completely control it," says Peng. The bottom line: If Poison Ivy infected Jack Mulhern's computer at Booz Allen, any secrets inside could be seen in China. And if it spread to other computers, as malware often does, the infection opens windows on potentially sensitive information there, too.
It's not clear whether Mulhern received the e-mail, but the address was accurate. Informed by BusinessWeek on Mar. 20 of the fake message, Booz Allen spokesman George Farrar says the company launched a search to find it. As of Apr. 9, says Farrar, the company had not discovered the e-mail or Poison Ivy in Booz Allen's networks. Farrar says Booz Allen computer security executives examined the PCs of Mulhern and an assistant who received his e-mail. "We take this very seriously," says Farrar. (Mulhern, who retired in March, did not respond to e-mailed requests for comment and declined a request, through Booz Allen, for an interview.)
Air Force officials referred requests for comment to U.S. Defense Secretary Robert M. Gates' office. In an e-mailed response to BusinessWeek, Gates' office acknowledges being the target of cyber attacks from "a variety of state and non-state-sponsored organizations to gain unauthorized access to, or otherwise degrade, [Defense Dept.] information systems." But the Pentagon declined to discuss the attempted Booz Allen break-in. The Air Force, meanwhile, would not make Stephen Moree available for comment.
The bogus e-mail, however, seemed to cause a stir inside the Air Force, correspondence reviewed by BusinessWeek shows. On Sept. 4, defense analyst James Mulvenon also received the message with Moree and Mulhern's names on it. Security experts believe Mulvenon's e-mail address was secretly included in the "blind copy" line of a version of the message. Mulvenon is director of the Center for Intelligence Research & Analysis and a leading consultant to U.S. defense and intelligence agencies on China's military and cyber strategy. He maintains an Excel spreadsheet of suspect e-mails, malicious code, and hacker groups and passes them along to the authorities. Suspicious of the note when he received it, Mulvenon replied to Moree the next day. Was the e-mail "India spam?" Mulvenon asked.
"I apologize—this e-mail was sent in error—please delete," Moree responded a few hours later.
"No worries," typed Mulvenon. "I have been getting a lot of trojaned Access databases from China lately and just wanted to make sure."
"Interesting—our network folks are looking into some kind of malicious intent behind this e-mail snafu," wrote Moree. Neither the Air Force nor the Defense Dept. would confirm to BusinessWeek whether an investigation was conducted. A Pentagon spokesman says that its procedure is to refer attacks to law enforcement or counterintelligence agencies. He would not disclose which, if any, is investigating the Air Force e-mail.
DIGITAL INTRUDERS
By itself, the bid to steal digital secrets from Booz Allen might not be deeply troubling. But Poison Ivy is part of a new type of digital intruder rendering traditional defenses—firewalls and updated antivirus software—virtually useless. Sophisticated hackers, say Pentagon officials, are developing new ways to creep into computer networks sometimes before those vulnerabilities are known. "The offense has a big advantage over the defense right now," says Colonel Ward E. Heinke, director of the Air Force Network Operations Center at Barksdale Air Force Base. Only 11 of the top 34 antivirus software programs identified Poison Ivy when it was first tested on behalf of BusinessWeek in February. Malware-sniffing software from several top security firms found "no virus" in the India fighter-jet e-mail, the analysis showed.
Over the past two years thousands of highly customized e-mails akin to Stephen Moree's have landed in the laptops and PCs of U.S. government workers and defense contracting executives. According to sources familiar with the matter, the attacks targeted sensitive information on the networks of at least seven agencies—the Defense, State, Energy, Commerce, Health & Human Services, Agriculture, and Treasury departments—and also defense contractors Boeing (BA), Lockheed Martin, General Electric (GE), Raytheon (RTW), and General Dynamics (GD), say current and former government network security experts. Laura Keehner, a spokeswoman for the Homeland Security Dept., which coordinates protection of government computers, declined to comment on specific intrusions. In written responses to questions from BusinessWeek, Keehner says: "We are aware of and have defended against malicious cyber activity directed at the U.S. Government over the past few years. We take these threats seriously and continue to remain concerned that this activity is growing more sophisticated, more targeted, and more prevalent." Spokesmen for Lockheed Martin, Boeing, Raytheon, General Dynamics, and General Electric declined to comment. Several cited policies of not discussing security-related matters.
The rash of computer infections is the subject of Byzantine Foothold, the classified operation designed to root out the perpetrators and protect systems in the future, according to three people familiar with the matter. In some cases, the government's own cyber security experts are engaged in "hack-backs"—following the malicious code to peer into the hackers' own computer systems. BusinessWeek has learned that a classified document called an intelligence community assessment, or ICA, details the Byzantine intrusions and assigns each a unique Byzantine-related name. The ICA has circulated in recent months among selected officials at U.S. intelligence agencies, the Pentagon, and cyber security consultants acting as outside reviewers. Until December, details of the ICA's contents had not even been shared with congressional intelligence committees.
Now, Senate Intelligence Committee Chairman John D. Rockefeller (D-W. Va.) is said to be discreetly informing fellow senators of the Byzantine operation, in part to win their support for needed appropriations, many of which are part of classified "black" budgets kept off official government books. Rockefeller declined to comment. In January a Senate Intelligence Committee staffer urged his boss, Missouri Republican Christopher "Kit" Bond, the committee's vice-chairman, to supplement closed-door testimony and classified documents with a viewing of the movie Die Hard 4 on a flight the senator made to New Zealand. In the film, cyber terrorists breach FBI networks, purloin financial data, and bring car traffic to a halt in Washington. Hollywood, says Bond, doesn't exaggerate as much as people might think. "I can't discuss classified matters," he cautions. "But the movie illustrates the potential impact of a cyber conflict. Except for a few things, let me just tell you: It's credible."
"Phishing," one technique used in many attacks, allows cyber spies to steal information by posing as a trustworthy entity in an online communication. The term was coined in the mid-1990s when hackers began "fishing" for information (and tweaked the spelling). The e-mail attacks on government agencies and defense contractors, called "spear-phish" because they target specific individuals, are the Web version of laser-guided missiles. Spear-phish creators gather information about people's jobs and social networks, often from publicly available information and data stolen from other infected computers, and then trick them into opening an e-mail.
DEVIOUS SCRIPT
Spear-phish tap into a cyber espionage tactic that security experts call "Net reconnaissance." In the attempted attack on Booz Allen, attackers had plenty of information about Moree: his full name, title (Northeast Asia Branch Chief), job responsibilities, and e-mail address. Net reconnaissance can be surprisingly simple, often starting with a Google (GOOG) search. (A lookup of the Air Force's Pentagon e-mail address on Apr. 9, for instance, retrieved 8,680 e-mail addresses for current or former Air Force personnel and departments.) The information is woven into a fake e-mail with a link to an infected Web site or containing an attached document. All attackers have to do is hit their send button. Once the e-mail is opened, intruders are automatically ushered inside the walled perimeter of computer networks—and malicious code such as Poison Ivy can take over.
By mid-2007 analysts at the National Security Agency began to discern a pattern: personalized e-mails with corrupted attachments such as PowerPoint presentations, Word documents, and Access database files had been turning up on computers connected to the networks of numerous agencies and defense contractors.
A previously undisclosed breach in the autumn of 2005 at the American Enterprise Institute—a conservative think tank whose former officials and corporate executive board members are closely connected to the Bush Administration—proved so nettlesome that the White House shut off aides' access to the Web site for more than six months, says a cyber security specialist familiar with the incident. The Defense Dept. shut the door for even longer. Computer security investigators, one of whom spoke with BusinessWeek, identified the culprit: a few lines of Java script buried in AEI's home page, www.aei.org, that activated as soon as someone visited the site. The script secretly redirected the user's computer to another server that attempted to load malware. The malware, in turn, sent information from the visitor's hard drive to a server in China. But the security specialist says cyber sleuths couldn't get rid of the intruder. After each deletion, the furtive code would reappear. AEI says otherwise—except for a brief accidental recurrence caused by its own network personnel in August, 2007, the devious Java script did not return and was not difficult to eradicate.
The government has yet to disclose the breaches related to Byzantine Foothold. BusinessWeek has learned that intruders managed to worm into the State Dept.'s highly sensitive Bureau of Intelligence & Research, a key channel between the work of intelligence agencies and the rest of the government. The breach posed a risk to CIA operatives in embassies around the globe, say several network security specialists familiar with the effort to cope with what became seen as an internal crisis. Teams worked around-the-clock in search of malware, they say, calling the White House regularly with updates.
The attack began in May, 2006, when an unwitting employee in the State Dept.'s East Asia Pacific region clicked on an attachment in a seemingly authentic e-mail. Malicious code was embedded in the Word document, a congressional speech, and opened a Trojan "back door" for the code's creators to peer inside the State Dept.'s innermost networks. Soon, cyber security engineers began spotting more intrusions in State Dept. computers across the globe. The malware took advantage of previously unknown vulnerabilities in the Microsoft operating system. Unable to develop a patch quickly enough, engineers watched helplessly as streams of State Dept. data slipped through the back door and into the Internet ether. Although they were unable to fix the vulnerability, specialists came up with a temporary scheme to block further infections. They also yanked connections to the Internet.
One member of the emergency team summoned to the scene recalls that each time cyber security professionals thought they had eliminated the source of a "beacon" reporting back to its master, another popped up. He compared the effort to the arcade game Whack-A-Mole. The State Dept. says it eradicated the infection, but only after sanitizing scores of infected computers and servers and changing passwords. Microsoft's own patch, meanwhile, was not deployed until August, 2006, three months after the infection. A Microsoft spokeswoman declined to comment on the episode, but said: "Microsoft has, for several years, taken a comprehensive approach to help protect people online."
There is little doubt among senior U.S. officials about where the trail of the recent wave of attacks leads. "The Byzantine series tracks back to China," says Air Force Colonel Heinke. More than a dozen current and former U.S. military, cyber security, and intelligence officials interviewed by BusinessWeek say China is the biggest emerging adversary—and not just clubs of rogue or enterprising hackers who happen to be Chinese. O. Sami Saydjari, a former National Security Agency executive and now president of computer security firm Cyber Defense Agency, says the Chinese People's Liberation Army, one of the world's largest military forces, with an annual budget of $57 billion, has "tens of thousands" of trainees launching attacks on U.S. computer networks. Those figures could not be independently confirmed by BusinessWeek. Other experts provide lower estimates and note that even one hacker can do a lot of damage. Says Saydjari: "We have to look at this as equivalent to the launch of a Chinese Sputnik." China vigorously disputes the spying allegation and says its military posture is purely defensive.
Hints of the perils perceived within America's corridors of power have been slipping out in recent months. In Feb. 27 testimony before the U.S. Senate Armed Services Committee, National Intelligence Director McConnell echoed the view that the threat comes from China. He told Congress he worries less about people capturing information than altering it. "If someone has the ability to enter information in systems, they can destroy data. And the destroyed data could be something like money supply, electric-power distribution, transportation sequencing, and that sort of thing." His conclusion: "The federal government is not well-protected and the private sector is not well-protected."
Worries about China-sponsored Internet attacks spread last year to Germany, France, and Britain. British domestic intelligence agency MI5 had seen enough evidence of intrusion and theft of corporate secrets by allegedly state-sponsored Chinese hackers by November, 2007, that the agency's director general, Jonathan Evans, sent an unusual letter of warning to 300 corporations, accounting firms, and law firms—and a list of network security specialists to help block computer intrusions. Some recipients of the MI5 letter hired Peter Yapp, a leading security consultant with London-based Control Risks. "People treat this like it's just another hacker story, and it is almost unbelievable," says Yapp. "There's a James Bond element to it. Too many people think, It's not going to happen to me.' But it has."
Identifying the thieves slipping their malware through the digital gates can be tricky. Some computer security specialists doubt China's government is involved in cyber attacks on U.S. defense targets. Peter Sommer, an information systems security specialist at the London School of Economics who helps companies secure networks, says: "I suspect if it's an official part of the Chinese government, you wouldn't be spotting it."
A range of attacks in the past two years on U.S. and foreign government entities, defense contractors, and corporate networks have been traced to Internet addresses registered through Chinese domain name services such as 3322.org, run by Peng Yong. In late March, BusinessWeek interviewed Peng in an apartment on the 14th floor of the gray-tiled residential building that houses the five-person office for 3322.org in Changzhou. Peng says he started 3322.org in 2001 with $14,000 of his own money so the growing ranks of China's Net surfers could register Web sites and distribute data. "We felt that this business would be very popular, especially as broadband, fiber-optic cables, [data transmission technology] ADSL, these ways of getting on the Internet took off," says Peng (translated by BusinessWeek from Mandarin), who drives a black Lexus IS300 bought last year.
His 3322.org has indeed become a hit. Peng says the service has registered more than 1 million domain names, charging $14 per year for "top-level" names ending in .com, .org, or .net. But cyber security experts and the Homeland Security Dept.'s U.S. Computer Emergency Readiness Team (CERT) say that 3322.org is a hit with another group: hackers. That's because 3322.org and five sister sites controlled by Peng are dynamic DNS providers. Like an Internet phone book, dynamic DNS assigns names for the digits that mark a computer's location on the Web. For example, 3322.org is the registrar for the name cybersyndrome.3322.org at Internet address 61.234.4.28, the China-based computer that was contacted by the malicious code in the attempted Booz Allen attack, according to analyses reviewed by BusinessWeek. "Hackers started using sites like 3322.org so that the malware phones home to the specific name. The reason? It is relatively difficult to have [Internet addresses] taken down in China," says Maarten van Horenbeeck, a Belgium-based intrusion analyst for the SANS Internet Storm Center, a cyber threat monitoring group.
TARGET: PRIVATE SECTOR
Peng's 3322.org and sister sites have become a source of concern to the U.S. government and private firms. Cyber security firm Team Cymru sent a confidential report, reviewed by BusinessWeek, to clients on Mar. 7 that illustrates how 3322.org has enabled many recent attacks. In early March, the report says, Team Cymru received "a spoofed e-mail message from a U.S. military entity, and the PowerPoint attachment had a malware widget embedded in it." The e-mail was a spear-phish. The computer that controlled the malicious code in the PowerPoint? Cybersyndrome.3322.org—the same China-registered computer in the attempted attack on Booz Allen. Although the cybersyndrome Internet address may not be located in China, the top five computers communicating directly with it were—and four were registered with a large state-owned Internet service provider, according to the report.
A person familiar with Team Cymru's research says the company has 10,710 distinct malware samples that communicate to masters registered through 3322.org. Other groups reporting attacks from computers hosted by 3322.org include activist group Students for a Free Tibet, the European Parliament, and U.S. Bancorp (USB), according to security reports. Team Cymru declined to comment. The U.S. government has pinpointed Peng's services as a problem, too. In a Nov. 28, 2007, confidential report from Homeland Security's U.S. CERT obtained by BusinessWeek,
"Cyber Incidents Suspected of Impacting Private Sector Networks," the federal cyber watchdog warned U.S. corporate information technology staff to update security software to block Internet traffic from a dozen Web addresses after spear-phishing attacks. "The level of sophistication and scope of these cyber security incidents indicates they are coordinated and targeted at private-sector systems," says the report. Among the sites named: Peng's 3322.org, as well as his 8800.org, 9966.org, and 8866.org. Homeland Security and U.S. CERT declined to discuss the report.
Peng says he has no idea hackers are using his service to send and control malicious code. "Are there a lot?" he says when asked why so many hackers use 3322.org. He says his business is not responsible for cyber attacks on U.S. computers. "It's like we have paved a road and what sort of car [users] drive on it is their own business," says Peng, who adds that he spends most of his time these days developing Internet telephony for his new software firm, Bitcomm Software Tech Co. Peng says he was not aware that several of his Web sites and Internet addresses registered through them were named in the U.S. CERT report. On Apr. 7, he said he planned to shut the sites down and contact the U.S. agency. Asked by BusinessWeek to check his database for the person who registered the computer at the domain name cybersyndrome.3322.org, Peng says it is registered to Gansu Railway Communications, a regional telecom subsidiary of China's Railways Ministry. Peng declined to provide the name of the registrant, citing a confidentiality agreement. "You can go through the police to find out the user information," says Peng.
U.S. cyber security experts say it's doubtful that the Chinese government would allow the high volume of attacks on U.S. entities from China-based computers if it didn't want them to happen. "China has one of the best-controlled Internets in the world. Anything that happens on their Internet requires permission," says Cyber Defense Group's Saydjari. The Chinese government spokesman declined to answer specific questions from BusinessWeek about 3322.org.
But Peng says he can do little if hackers exploit his goodwill—and there hasn't been much incentive from the Chinese government for him to get tough. "Normally, we take care of these problems by shutting them down," says Peng. "Because our laws do not have an extremely clear method to handle this problem, sometimes we are helpless to stop their services." And so, it seems thus far, is the U.S. government.
http://www.businessweek.com/magazine/content/08_16/b4080032218430.htm
In Storing 1’s and 0’s, the Question Is $
John Schwartz
LISTEN. Do you hear it? The bits are dying.
The digital revolution has spawned billions upon billions of gigabytes of data, from the vast electronic archives of government and business to the humblest photo on a home PC. And the trove is growing — the International Data Corporation, a technology research and advisory firm, estimates that by 2011 the digital universe of ones and zeros will be 10 times the size it was in 2006.
But the downside is that much of this data is ephemeral, and society is headed toward a kind of digital Alzheimer’s. What’s on those old floppies stuck in a desk drawer? Can anything be read off that ancient mainframe’s tape drive? Will today’s hard disk be tomorrow’s white elephant?
Data is “the natural resource for the Internet age,” said Francine Berman, director of the San Diego Supercomputer Center at the University of California, San Diego, a national center for high-performance computing resources. But, she added, “digital data is enormously fragile.” It can degrade as it is stored, copied and transferred between hard drives across data networks. The storage systems might not be around or accessible in the future — it is like putting precious information on eight-track tapes.
“It’s very important that we have an awareness that digital preservation has to be a part of our infrastructure,” Dr. Berman said. But as the problem has been studied over the years, researchers have found that “there’s no one-size-fits-all model for preserving data in the digital age,” she added. And there’s an even bigger potential roadblock: how to pay for it. “Economic sustainability,” Dr. Berman said, is “the gorilla in the room.”
The National Science Foundation has begun a $100 million program over the next five years for an initiative, known as DataNet, that will help develop methods and technologies to keep the data we create. The goal is more than safeguarding the family’s digital photo album: it’s to preserve science and engineering data in ways that are “open, extensible and evolvable” — in other words, not just to make sure that bits aren’t lost but also to make them accessible and usable far into the future.
At the same time, a second National Science Foundation-supported effort is finding ways to address the cost of saving digital memories. Dr. Berman leads this two-year task force with Brian Lavoie, a research scientist at the Online Computer Library Center, a nonprofit organization near Columbus, Ohio, that helps more than 60,000 libraries around the world find, share and preserve materials.
Dr. Lavoie said the task force would outline ways that digital preservation could be used in diverse situations, with an eye to economy and sustainability. “The common thing among all of them is that somebody has to pay for it,” he said.
For all their qualities, electrons can seem awfully feeble when compared with a good old-fashioned book. “With the right kind of paper and the right kind of stewardship,” Dr. Berman said, “you can keep a book for 100 years or more.” The interface is as simple as it gets: open the book and look at the page.
By contrast, in the hundred years that a book might have spent on the shelf, technology might have gone through “dozens of generations of storage media,” she said.
No one is suggesting that we try to hold on to every bit of data lingering in every obsolete corner. Choices must be made about the kind of material that should be kept fresh and accessible for 5 years, or 50, or 1,000. Census data? Put it on the “forever” drive, please. To-do lists? A little less crucial.
Dr. Berman identifies collections like the Protein Data Bank, run by the Research Collaboratory for Structural Bioinformatics. A repository of information on protein structures, it represents a research investment of more than $80 billion, said Dr. Berman, whose supercomputer center is a collaborating institution. That kind of data, which could lead to new understanding of the body’s functions and to new drugs, is also a keeper.
Those in the digital-preservation field have talked for years about technologies that will achieve their goals. In a world where steeply falling hardware prices allow companies like Google to create vast server farms, preservationists have come up with ideas for electronic depositories, big and small, that businesses or government could build.
But the talk goes well beyond simple storage to true preservation, which ensures that information remains accessible. The plans therefore include making data retrievable with technologies like format migration, in which outdated files could be made readable in a more generic format, and computer emulation, in which one machine would pretend to be an older computer that could make sense of old files.
All that work is going on, Dr. Lavoie said, but “that misses the point” that the task force was formed to examine: ensuring that the various technologies make economic sense. “You can have the most elegant technological solution to the digital-preservation problem, but if there’s no economics underpinning it, then there’s no solution at all,” he said.
So while it is important to develop technologies that will make digital preservation simple and inexpensive, Dr. Lavoie said that the field was “not about picking winners and losers at all.”
He described an economic framework that would follow the course of the evolution of the computer-security market. In that case, private companies emerged to handle the needs of industry and government to protect against hacking, while others developed products and services that smaller organizations and even consumers could use. Some companies developed their own expertise and did the work in house as well.
The government spurred development, too, through tax breaks, monetary penalties for lax security practices in the financial industry and paying for security initiatives like the CERT center at Carnegie Mellon University, which monitors computer attacks.
“The question, I think, is articulating that full menu of models” so that the development of a preservation market will be encouraged, Dr. Lavoie said. “That’s something we’re really missing now.”
Margaret Hedstrom, associate professor at the School of Information at the University of Michigan, has been preaching preservation for 30 years, ever since she got a job organizing Wisconsin state records. But in a throwaway culture, it’s been a hard argument to make stick.
Now, she said, “one of the things that’s changing, finally, is people in places like the National Science Foundation are paying enough attention to this problem and understand its scale to start making investments that can make a difference.”
The concern is about more than losing any particular set of data, Dr. Hedstrom said. “The issue is about losing the ability, in a systematic way, of being able to preserve anything.”
Yes, people know how to keep data, she said, but she added that it was just as important “to preserve the right information” well enough to keep it meaningful and accessible.
“There might be 100 versions of a report on a company’s hard drive, but which one was the final draft?” Dr. Hestrom said. “How was the underlying data used? Which architectural drawings of the many versions generated for a project were actually used to erect the building, and what was the chain of decisions that led to the brick-and-mortar result?
“It’s not that the bits aren’t lying around,” she continued. “They may or may not be lying around. But being able to understand how they were collected,” and being able to ascertain how the underlying data was used, makes the information useful. People think that because the cost of storage is dropping “we can save everything,” she said. “But that’s based on a naďve view of what ‘everything’ actually is.”
Efforts like the Internet Archive (archive.org), which trolls and collects billions of pages from the World Wide Web, are laudable but merely represent “the surface Web,” she said. The underlying data that enriches understanding isn’t present in that kind of collection, she said. “The Internet Archive is great for what it is,” she said, “but we’re not going to solve the preservation problem with one small not-for-profit organization” and volunteers.
She said she was thrilled, therefore, to see serious projects coming from the National Science Foundation and heartened that many approaches were being considered. “If everybody’s doing the same thing, we might all be making the same mistake,” she said.
She added that she hoped the movement to hold on to our digital memories would finally succeed. “It’s taken longer than I would have liked,” she said, “but I think we’re getting there.”
http://www.nytimes.com/2008/04/09/technology/techspecial/09store.html
Storing Every Life Memory in a Surrogate Brain
Microsoft researchers are developing a way to enable you to capture every moment of your life and store it on your computer
Sharon Gaudin
Remember walking in to start your first job out of college? Or that diner you stopped in when you were on a road trip with your friends? The way the sky looked when you made that one perfect ski run, or the song that was playing when your daughter took her first step?
Gordon Bell, a long-time veteran of the IT industry and now principal researcher with Microsoft's research arm, is developing a way for everyone to remember those special moments.
Actually, Bell himself wants to remember - well, everything.
With memories piling up and continually slipping away, Bell is working to capture every moment of his life, so he can store it on his computer - a Dell laptop with a dual-core processor. He wants the ability to pull up any picture, phone call, e-mail or conversation any time he wants.
The nine-year project, called MyLifeBits, has Bell supplementing his own memory by collecting as much information as he can about his life. He's trying to store a lifetime on his laptop.
For Bell, a key engineer and vice president of research and development at minicomputer pioneer Digital Equipment for 23 years and later a founder of the Computer History Museum, the effort is about not forgetting, not deleting and holding onto all the bits of your life. In essence, it's about immortality.
"I believe this is the quest for what a personal computer really is," Bell said. "It's to capture one's entire life. A personal computer wouldn't be a machine that just sits on my desk. It's a repository. I think of the system as a personal memory. I feel immensely free by having all the information there."
Bell isn't talking about plastering a MySpace or Facebook page with information about the last cool restaurant he went to or details of a conversation with another industry luminary. For him, recording memories is immensely personal.
"A lot of people put their lives on the Web. I'm not an advocate of that," he said, adding that he thinks revealing too much personal information online can be dangerous. "We're not life loggers because we're not publicly disclosing or talking about ourselves. This was built to be entirely personal, to aid the individual. You will leave a personal legacy - a record of your life."
The project took seed in the late'90s when Bell decided to scan all of his books, articles, clippings and memos into a digital format. All of his paper records would be transformed. Just as his scanning project got underway, Bell read Bill Gates' book The Road Ahead, in which the Microsoft founder wrote about his belief that someday people will be able to record and recall everything they've ever heard or seen.
"It all just kind of triggered me," said Bell. "How much information do you end up with in your life? If you have it, how much does it cost and what good is it? That really was the genesis of getting started. I thought it was important to run an experiment for an individual to really do it and see what all is there and how valuable it is."
Bell said he began the scanning effort in 1999, and then in 2001, his friend and Microsoft colleague Jim Gray convinced that he was going to need a large database that could easily access information. With Gray acting as inspiration and co-conspirator, Bell began storing more and more aspects of his life - videos of lectures he'd given, CDs, correspondence and an avalanche of photos.
He's gone on to collect images of every Web page he's ever visited, television shows he's watched, recorded phone conversations, and images and audio from conference sessions, along with his e-mail and instant messages.
In 2003, Bell even began wearing a SenseCam, a wearable digital camera designed to automatically take pictures without any user interaction. Created by scientists in Microsoft Research's England lab, the camera hangs around Bell's neck and snaps pictures with a fish-eye lens every 30 seconds or whenever it senses someone approaching.
So far, Bell has stored about 160 megabytes of information about his life, including 100,000 photos. Calculating that he saves about a gigabyte of information every month, he noted that he tries to only save photos of a megabyte or less. Bell figures one could store everything about his life, from start to finish, using a terabyte of storage.
Microsoft Research's Jim Gemmell and Roger Lueder developed the MyLifeBits software, which uses hyperlinks, fast search, annotations and saved queries. The software can record web pages and IM transcripts, along with radio and television programs, according to Microsoft.
When Gray disappeared a little more than a year ago, the experience of his loss gave Bell a new perspective on their project. Gray failed to return from a sailboat trip in the Pacific Ocean off the US west coast.
"We'd all like to see an immortal Jim," said Bell. "All of us have various pieces or an understanding of him. Jim had various theorems and books and metrics he created, so those things will last. But how close can we come to having something that would actually let people see who he was as a person?
It's trying to make it more personal."
With such a personal project, the good and the bad parts of his life are being recorded equally. And Bell said he's just fine with that, and hasn't fallen victim to any urges to delete something that was painful or might not put him in the best light.
"People worry about that. So far I have not," he said, laughing. "I tend to leave everything there. There are some things I'm not so happy with, but what the hell? The value is in giving people a full view of what you're all about. There are various unpleasantries that are on there. There are some unpleasant characters that I've been involved with and it's more,'Oh, god. I remember that episode or that board meeting.' "
Bell said he backs up his data, which is not encrypted, in the Microsoft Research lab and a copy is taken offsite for safekeeping. As for security, he said his main concerns are around physical security for his laptop. He doesn't travel with it, taking a tablet PC with him instead.
In 20 years, digitizing our memories will be standard procedure, according to Bell. "It's my supplemental memory and brain," he noted. "It's one of my most valuable possessions. I look at this thing and think,'My whole life is there.'"
http://www.computerworld.com.au/index.php/id;363346268;fp;;fpid;;pf;1
Clive Thompson on Why the Next Civil Rights Battle Will Be Over the Mind
Trolling down the street in Manhattan, I suddenly hear a woman's voice.
"Who's there? Who's there?" she whispers. I look around but can't figure out where it's coming from. It seems to emanate from inside my skull.
Was I going nuts? Nope. I had simply encountered a new advertising medium: hypersonic sound. It broadcasts audio in a focused beam, so that only a person standing directly in its path hears the message. In this case, the cable channel A&E was using the technology to promote a show about, naturally, the paranormal.
I'm a geek, so my first reaction was, "Cool!" But it also felt creepy.
We think of our brains as the ultimate private sanctuary, a zone where other people can't intrude without our knowledge or permission. But its boundaries are gradually eroding. Hypersonic sound is just a portent of what's coming, one of a host of emerging technologies aimed at tapping into our heads. These tools raise a fascinating, and queasy, new ethical question: Do we have a right to "mental privacy"?
"We're going to be facing this question more and more, and nobody is really ready for it," says Paul Root Wolpe, a bioethicist and board member of the nonprofit Center for Cognitive Liberty and Ethics. "If the skull is not an absolute domain of privacy, there are no privacy domains left." He argues that the big personal liberty issues of the 21st century will all be in our heads — the "civil rights of the mind," he calls it.
It's true that most of this technology is still gestational. But the early experiments are compelling: Some researchers say that fMRI brain scans can detect surprisingly specific mental acts — like whether you're entertaining racist thoughts, doing arithmetic, reading, or recognizing something. Entrepreneurs are already pushing dubious forms of the tech into the marketplace: You can now hire a firm, No Lie MRI, to conduct a "truth verification" scan if you're trying to prove you're on the level. Give it 10 years, ethicists say, and brain tools will be used regularly — sometimes responsibly, often shoddily.
Both situations scare civil libertarians. What happens when the government starts using brain scans in criminal investigations — to figure out if, say, a suspect is lying about a terrorist plot? Will the Fifth Amendment protect you from self-incrimination by your own brain? Think about your workplace, too: Your boss can already demand that you pee in a cup. Should she also be allowed to stick your head in an MRI tube as part of your performance review?
But this isn't just about reading minds; it's also about bombarding them with messages or tweaking their chemistry. Transcranial magnetic stimulation — now used to treat epilepsy — has shown that it can artificially generate states of empathy and euphoria. And you've probably heard of propranolol, a drug that can help erase traumatic memories.
Let's say you've been assaulted and you want to take propranolol to delete the memory. The state needs that memory to prosecute the assailant. Can it prevent you from taking the drug? "To a certain extent, memories are societal properties," says Adam Kolber, a visiting professor at Princeton. "Society has always made claims on your memory, such as subpoenaing you." Or what if you use transcranial stimulation to increase your empathy. Would you be required to disclose that? Could a judge throw you off a jury? Could the Army turn you away?
I'd love to give you answers. But the truth is no one knows. Privacy rights vary from state to state, and it's unclear how, or even if, the protections would apply to mental sanctity. "We really need to articulate a moral code that governs all this," warns Arthur Caplan, a University of Pennsylvania bioethicist.
The good news is that scholars are holding conferences to hash out legal positions. But we'll need a broad public debate about it, too. Civil liberties thrive only when the public demands them — and understands they're at risk. That means we need to stop seeing this stuff as science fiction and start thinking about how we'll react to it. Otherwise, we could all lose our minds.
http://www.wired.com/techbiz/people/magazine/16-04/st_thompson
Sweat Ducts May Act as Giveaway 'Antennas'
Flora Graham
Our skin may contain millions of tiny "antennas" in the form of microscopic sweat ducts, say researchers in Israel. In experiments, they found evidence that signals produced by bouncing electromagnetic waves off the tiny tubes might reveal a person's physical and emotional state from a distance.
The research might eventually result in lie detectors that require no physical contact with the subject.
Human skin contains millions of sweat glands, which are connected to pores at the surface by tiny ducts. These ducts were originally thought of as straight tubes, but detailed images produced in recent years have revealed that they are actually helical.
"When you look at this through the eyes of an electrical engineer, it is very familiar," says Aharon Agranat of the Hebrew University of Jerusalem. "It immediately ignited the thinking that perhaps they also behave as helical antenna."
To function in this way, the ducts would need to conduct a current. And since the ducts are filled with sweat, they do indeed conduct when hit with an electromagnetic wave, although not at the very high frequencies needed.
And yet, experiments performed by the Israeli researchers suggest that they do somehow work as antennas.
Proton hopping
Yuri Feldman, who initiated the research, says current may be conducted within the ducts at high frequencies through a mechanism known as "proton hopping," with protons jumping rapidly – in the order of hundreds of femtoseconds – through hydrogen bonds near the surface of cells lining each duct.
Treating the skin as an array of helical antennas could open up a new way of measuring physiological changes from a distance, the researchers say.
This is because perspiration should change the conductivity of each sweat duct. And, since perspiration is linked to other physiological parameters, such as blood pressure and pulse rate, measuring this change would reveal a person's health and mental state.
In experiments, the team beamed electromagnetic waves with a frequency range of about 100 gigahertz at the hands of test subjects.
They measured the frequency of the electromagnetic waves reflecting off the subjects' skin while they relaxed and then after exercise. The reflected signal closely matched their modelled results for skin containing an array of tiny helical antennas.
Remote lie detector
Initially, the experiments were carried out in contact with the subjects' hands, to reduce diffraction effects. But even at a distance of 22 centimetres, the researchers found a strong correlation between subjects' blood pressure and pulse rate, and the frequency response of their skin.
Agranat emphasises that the research is at an early stage, but recognises potential applications. "You could make a lie detector that does not require any connections to the person being tested," he says.
Not everyone is convinced, however. "It's a really interesting idea," says Philip Chadwick, director and researcher at MCL, a company that consults on the effects of electromagnetic fields on humans.
But Chadwick is concerned that the resonance shown in the experimental data seems too sharp to be biological. "People are made of squishy wet stuff, and any resonance will be very damped out," he explains. "This sort of sharp resonance at this frequency has never been observed before."
Agranat admits that his team is reporting a new phenomenon but explains that no-one has considered the shape of the skin ducts before. "The response is governed, not by the chemical composition of the tissue, but by the morphology – because it looks like a coil, it behaves the way it behaves."
http://technology.newscientist.com/channel/tech/dn13589-sweat-ducts-may-act-as-giveaway-antennas.html
'Big Brother' Buildings Offer Less Invasive Security
Mason Inman
Tracking people's every move using buildings packed with motion sensors is more effective than CCTV, and less invasive to privacy, say researchers who tried the technique on their own colleagues.
"We want to have a god's eye view of the entire space," says Yuri Ivanov of the Mitsubishi Electric Research Laboratories (MERL), who led the project with colleague Christopher Wren.
That may sound like the desire of George Orwell's fictional "Big Brother" in 1984. But the MERL system should actually preserve people's privacy better than CCTV and make buildings safer and more secure, says Ivanov.
All-seeing eyes
As digital video cameras get cheaper and smaller, CCTV systems are becoming more common. But as well as raising privacy concerns, Ivanov and Wren say, the footage is difficult to search through or interpret quickly.
As an alternative, the two researchers used arrays of small, cheap motion detectors to watch over people instead, with their officemates as guinea pigs. They fitted their 3000 square metre office building with an array of 215 simple detectors placed along the hallways at 2-metre intervals.
The detectors collect much less information than the cameras. "It's not going to catch you picking your nose. You can only tell that some person went by," Wren explains, "maybe this is better than living under thousands of cameras."
But the motion-detector system still collects a lot of information. To find unusual or interesting patterns in the data, the researchers developed software to display movements of people around the building on a map in real time. People show up as a bright spot trailing a tail of lights that slowly fade away (see video, right).
Another view summarises data from sensors across a period of time, for example a week, month or year, in a way that makes it possible to see patterns or anomalies at a glance.
Identity parade
The system also includes a handful of cameras, at selected spots in the building. Footage of passers by can be used to identify people, who can then be tracked around the building using the motion sensor data.
Users can select a certain path on the map – for example from the office drinks machine to the front door – to call up motion and video data from the path at a particular time and reveal who used the route. "A target audience for this was security," says Ivanov, "but that's not the only use."
Data collected during a fire evacuation drill revealed that almost everyone in the building left through one exit; the two other doors nearby went largely unused. Understanding how people use spaces like this could help improve safety, they argue.
Longer-term patterns, like how late people stay at work or where they tend to congregate, have other uses. "It has large implications for energy savings," Ivanov adds, saying that heating or air-conditioning use could be informed by the data.
Marauder's map
"I've not seen this approach before in journals or at conferences," says Marimuthu Palaniswami at the University of Melbourne in Australia. "But I have seen it in fiction, for example the Marauder's map in Harry Potter."
The technique appears simple and usable, he says. "They have produced a system that could be implemented with little difficulty and would be very useful for security monitoring."
Daniel Keim of the University of Konstanz in Germany agrees that usability is a big advantage. Most techniques for analysing data from sensor networks depend on automatically detecting certain behaviours specified ahead of time, making spotting unexpected features difficult, he says.
http://technology.newscientist.com/article/dn13632-big-brother-buildings-offer-less-invasive-security.html
Administration Set to Use New Spy Program in U.S.
Congressional critics want more assurances of legality
Spencer S. Hsu
The Bush administration said yesterday that it plans to start using the nation's most advanced spy technology for domestic purposes soon, rebuffing challenges by House Democrats over the idea's legal authority.
Homeland Security Secretary Michael Chertoff said his department will activate his department's new domestic satellite surveillance office in stages, starting as soon as possible with traditional scientific and homeland security activities -- such as tracking hurricane damage, monitoring climate change and creating terrain maps.
Sophisticated overhead sensor data will be used for law enforcement once privacy and civil rights concerns are resolved, he said. The department has previously said the program will not intercept communications.
"There is no basis to suggest that this process is in any way insufficient to protect the privacy and civil liberties of Americans," Chertoff wrote to Reps. Bennie G. Thompson (D-Miss.) and Jane Harman (D-Calif.), chairmen of the House Homeland Security Committee and its intelligence subcommittee, respectively, in letters released yesterday.
"I think we've fully addressed anybody's concerns," Chertoff added in remarks last week to bloggers. "I think the way is now clear to stand it up and go warm on it."
His statements marked a fresh determination to operate the department's new National Applications Office as part of its counterterrorism efforts. The administration in May 2007 gave DHS authority to coordinate requests for satellite imagery, radar, electronic-signal information, chemical detection and other monitoring capabilities that have been used for decades within U.S. borders for mapping and disaster response.
But Congress delayed launch of the new office last October. Critics cited its potential to expand the role of military assets in domestic law enforcement, to turn new or as-yet-undeveloped technologies against Americans without adequate public debate, and to divert the existing civilian and scientific focus of some satellite work to security uses.
Democrats say Chertoff has not spelled out what federal laws govern the NAO, whose funding and size are classified. Congress barred Homeland Security from funding the office until its investigators could review the office's operating procedures and safeguards. The department submitted answers on Thursday, but some lawmakers promptly said the response was inadequate.
"I have had a firsthand experience with the trust-me theory of law from this administration," said Harman, citing the 2005 disclosure of the National Security Agency's domestic spying program, which included warrantless eavesdropping on calls and e-mails between people in the United States and overseas. "I won't make the same mistake. . . . I want to see the legal underpinnings for the whole program."
Thompson called DHS's release Thursday of the office's procedures and a civil liberties impact assessment "a good start." But, he said, "We still don't know whether the NAO will pass constitutional muster since no legal framework has been provided."
DHS officials said the demands are unwarranted. "The legal framework that governs the National Applications Office . . . is reflected in the Constitution, the U.S. Code and all other U.S. laws," said DHS spokeswoman Laura Keehner. She said its operations will be subject to "robust," structured legal scrutiny by multiple agencies.
http://www.washingtonpost.com/wp-dyn/content/article/2008/04/11/AR2008041103655.html?nav=rss_politics
Open Source 3D Printer Copies Itself
Self-replicating printer frees-up 3D printing under GNU
Ulrika Hedquist
Based in the Waitakeres, in West Auckland, software developer and artist Vik Olliver is part of a team developing an open-source, self-copying 3D printer. The RepRap (Replicating Rapid-prototyper) printer can replicate and update itself. It can print its own parts, including updates, says Olliver, who is one of the core members of the RepRap team.
The 3D printer works by building components up in layers of plastic, mainly polylactic acid (PLA), which is a bio-degradable polymer made from lactic acid. The technology already exists, but commercial machines are very expensive. They also can’t copy themselves, and they can’t be manipulated by users, says Olliver.
RepRap has a different idea. The team, which is spread over New Zealand, the UK and the US, develops and gives away the designs for its much cheaper machine, which also has self-copying capabilities. It wants to make the machine available to anybody — including small communities in the developing world, as well as people in the developed world, says Olliver.
Accordingly, the RepRap machine is distributed, at no cost, under the GNU (General Public Licence).
RepRap’s open-source project aims to keep on improving the machine. “So it can do what people want it to do”, says Olliver. Improvements will go back to users and, in this way, the machine as a whole evolves, he says. The idea of evolution is important, he adds. The device Olliver is creating now will probably bear very little resemblance to the device that will appear on everybody’s desks in the future, he says.
“We want to make sure that everything is open, not just the design and the software you control it with, but the entire tool-chain, from the ground up,” he says.
Olliver works for Catalyst IT, a Wellington-based open-source business system provider. He is fortunate enough to get “Google-time” from the company, which means he is allowed to work on his own research projects one day a week — just like employees at Google. This has led to considerable developments in the RepRap project in the last six months, his says.
New features include, for example, heads that can be changed for different kinds of plastic. A head that deposits low melting-point metal is in development, he says. The metal melts at a lower temperature than that at which plastic melts, which means the metal can be put inside plastic, says Olliver. “That means, in theory, we could build structures like motors.”
RepRap also allows people to build circuits in 3D, as well as various shapes, with the result that objects, such as a cell phone, don’t have to be flat, he says.
There are at least seven copies of the RepRap machine in the world that Olliver knows about. The 3D printer also allows for a new and fascinating way of communicating: Olliver can design something at home in New Zealand, which then appears on another researcher’s desk, in Bath, in the UK, or the other way around.
At the moment, the RepRap uses two different kinds of plastic — PLA, a relatively rigid plastic, which is ideal for making objects such as corner brackets; and a more flexible plastic for making, for example, iPod cases, he says.
But having the machine copy itself is the most useful thing the team can make it do, and that is the primary goal of the project, says Olliver. However, it can also be used to make other things, such as wine glasses — definitely water-tight, he adds — and plastic parts for machines. When Computerworld talked to him, Olliver had just printed out a small part to fix his blender.
“We know that people are going to use the printer to try to make weapons [and] sex toys and drug paraphernalia,” he says. “This is obviously not what we’re hoping they are going to build. We are hoping they are going to build more and better RepRaps.”
http://computerworld.co.nz/news.nsf/tech/2F5C3C5D68A380EDCC257423006E71CD
Katie Couric May Leave CBS News, Report Says
The Wall Street Journal, citing unnamed CBS News executives and people close to Katie Couric, said Wednesday she could leave her job as anchor of the low-rated CBS Evening News well before her contract expires in 2011.
CBS and Couric both issued statements downplaying the Journal story while stopping short of an outright denial.
The report comes as CBS continues to lag in third place in the network news ratings, far behind behind NBC and ABC, 19 months after Couric's much ballyhooed debut as the first woman solo anchor of a major U.S. evening newscast — for a salary reportedly worth $15 million a year.
Couric, 51, who gained celebrity status during 15 years as co-host of America's top-rated morning show, NBC's Today, may leave CBS as early as next January, soon after the U.S. presidential inauguration, the Journal said in its online edition.
Her five-year contract is set to expire in 2011, the newspaper said, adding that it was possible Couric could survive in her job if a major news event lifted her viewership or some other shift occurred at CBS.
CBS and Couric said they have no plans to alter the evening newscast.
"We are very proud of the CBS Evening News particularly our political coverage, and we have no plans for any changes regarding Katie or the broadcast," the network said in a statement.
A separate statement attributed to Couric said: "I am working hard and having fun. My colleagues continue to impress me with their commitment to the newscast, and I am very proud of the show we put on every day."
Despite the heavy promotion of Couric's hiring and the huge amount of media attention it garnered, CBS has made little headway in its bid for supremacy among the Big Three network newscasts.
For the week ended March 31, the CBS Evening News averaged 5.9 million viewers, compared to 8.3 million for NBC's Nightly News with Brian Williams and 8 million for ABC's World News with Charles Gibson, according to Nielsen Media Research.
At stake in the competition is roughly $450 million in annual advertising revenue.
Following an initial boost in her ratings, Couric's nightly audience has generally lagged well behind that of her immediate predecessor, Bob Schieffer.
He had taken over as host on a temporary basis after veteran anchor Dan Rather, Walter Cronkite's successor, stepped down in the aftermath of his discredited 60 Minutes report on the military service record of George W. Bush.
In the marketing blitz for Couric's CBS debut, the network sought to promote her as a more "accessible" journalist who also possessed the experience to carry its flagship newscast. But after trying various format changes to accentuate Couric's more casual style, the network has returned to a more traditional presentation.
The Wall Street Journal suggested Couric's next job might be to succeed veteran TV interviewer Larry King at CNN, who is 74 and whose contract with his network expires next year.
http://www.usatoday.com/money/media/2008-04-09-couric-may-quit-cbs_N.htm?csp=34
MySong: Automatic Accompaniment for Vocal Melodies
Ian Simon, Dan Morris, Sumit Basu
Like to Write Music?
Most folks never get a chance to answer this question, since writing music takes years of experience... if you don't play an instrument or spend lots of time around music, you'll probably never get to write a song.
MySong, introduced in our CHI 2008 paper, automatically chooses chords to accompany a vocal melody, allowing a user with no musical training to rapidly create accompanied music. MySong is a creative tool for folks who like to sing but would never get a chance to experiment with creating real original music. Come on, you know who you are... you sing in the car, or in the shower, or you go to karaoke clubs, or you just once in a while find yourself singing along with catchy commercial jingles. MySong is also a great tool for songwriters who want to quickly experiment with melodies and accompaniments.
Our CHI 2008 paper: [
pdf ]
Our CHI 2008 video: [ .
mov (30MB) ] [ .
wmv (30MB) ]
© ACM, 2008. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in CHI 2008.
And just a quick word on what MySong isn't, particularly in response to the various forum posters who are (appropriately) very suspicious of anyone who thinks songwriting can be automated. MySong does not automate songwriting. No one will ever write, record, and produce a top-40 hit with any version of MySong. What MySong does do is give many folks who would never even taste songwriting a great opportunity to just get a glimpse of music creation. Is the output from MySong ready for radio? No. But is it more than good enough, when coupled with a style-based arrangement tool (i.e. when not using just the simple piano part you hear in our video) to give someone a feeling that they've created something musical for the first time? Absolutely. Is it more than good enough to make a cute birthday song for Mom or a Valentine's Day song for your significant other, even if you don't play an instrument? Absolutely.
Furthermore, for songwriters, is MySong going to replace the craft of songwriting? Never. Could it be a super-useful scratchpad for exploring new melodies and ideas? Definitely. If you're a songwriter, you've probably had the experience of coming up with a melody and finding the nearest object with a “record” button on it just to get your idea down. Imagine that first quick experience also letting you explore some chords and styles... lots of songwriters have told us they'd love to have that! Then of course you'd work with other tools, other people, instruments, etc. to really develop a song, but this could be a great tool that lets you play with new melodies in places where you couldn't before (on the go, on the bus, in the airport, etc.).
Now before we get to all the detailed examples and results, let's finally hit you with a typical audio example of something created with MySong. Here a singer just sang into MySong, twiddled some sliders, and pressed “play”; we also show you the results we get when we take our chords and fire them through Band-in-a-Box, a style-based arrangement tool that takes chords as input.
As part of the evaluation presented in our CHI 2008 paper, we had 13 non-musically-trained participants come into our lab to try out MySong. They got a 5-minute tutorial on the system, then had 10 minutes per song to play with it. Since we figured participants would be sufficiently uncomfortable singing in a stranger's office, we didn't ask people to work with new melodies; instead, we had them bring in a few of their favorite pop songs. However, we stress that from MySong's perspective, these were completely new songs.
In the following table, the files linked in the first column of audio contain melodies performed by participants in our evaluation. The files linked in the second column of audio contain accompanied versions of those melodies, created with MySong's chord-generation algorithm and MySong's simple piano pattern. The files linked in the third column of audio contain the same chords - generated with MySong - fed through Band-in-a-Box, a commercial software package that assembles pre-recorded sequences of instrmental "styles" to generate audio for a set of chords. MySong is able to automated Band-in-a-Box for final audio rendering. We show this to give you a complete picture of what users can create with MySong.
These accompaniments were created using MySong in less than ten minutes by participants who had absolutely no familiarity with chords or harmony. All participants featured on this page consented to the release of these recordings. For copyright reasons, this information is reproduced at the end of each audio file. For the same copyright reasons, we can only show you a small handful of the recordings that were made. Contact us if you'd like to hear more; also check out our video (above), and the results from our other evaluation (which used non-copyrighted songs) (below).
In the following table, we present examples from the comparative-rating study described in our paper. Here we had experts create accompaniments - in five minutes or less - for a large number of melodies, using (a) MySong, (b) whatever tools a musician would normally use to accompany a melody (instruments), and (c) a commercial sytem that creates accompaniments for instrumental (not vocal) melodies (to show the value of our vocal-specific innovations). The songs we present here were selected solely based on copyright permissions and not on the quality of the generated accompaniments.
Each selection is presented as an isolated vocal recording in left-most column. The next three columns present, for each melody, the vocal audio along with accompaniments prepared using three systems for selecting chords: (1) MySong (the system presented in our paper) (2) manual assignment by musicians, and (3) Band-in-a-Box1 (a state-of-the-art system for accompanying instrumental melodies). Note that these systems were used only for selecting chords; the selected chords were rendered to piano accompaniments using an identical system for each condition.
The number below each icon is the mean of the subjective scores assigned to the corresponding accompaniment. Scores were assigned independently by 30 musicians.
1 Band-in-a-Box (BIAB) is, to our knowledge, the only commercially-available system for generating chord sequences from melodies. BIAB is primarily a system for generating accompaniment audio from chords, but includes a module for determining chords from a melody. The BIAB system represents the state of the art in determining chords from a musical melody, but was not designed for vocal input, which cannot yet be reliably and automatically converted to a "clean" musical melody. We therefore are not evaluating the quality of BIAB's chord selection mechanism per se; rather, we use this comparison to highlight the importance of designing a chord-selection system specifically for vocal audio. In fact, BIAB does a great job generating chords for instrumental melodies. Our evaluation should thus not be used to judge the quality of this component of BIAB.
http://research.microsoft.com/~dan/mysong/
Concert Industry Is Banking on a Festive Summer
Jeff Leeds
Rock fans across the country who can brave the heat will have ample opportunities to see acts like Jack Johnson, Radiohead, Nine Inch Nails and the Raconteurs take the stage in an array of unconventional settings as part of the concert industry’s increasing wager on summer music festivals.
Faced with an audience that has been atomized by the dizzying music choices available online, concert promoters are straining to book diverse shows in whatever open space is available, be it a ranch in Michigan, a soccer field in Colorado or a racetrack in Maryland.
In a slumping music business such events pack a box office punch: the top five American festivals generated a combined $60 million in ticket sales last year, according to Billboard magazine’s estimates.
At least four new festivals will make their debuts this summer, raising the total to more than a dozen. Various concert promoters are already warning of the dangers of oversaturation, and point to the clutch of stars headlining multiple festivals.
The most extreme case: Jack Johnson, the laid-back singer-songwriter who has released the top-selling album of the year so far, is booked for at least five festivals, including two on the second weekend in August: the inaugural All Points West event in Jersey City and the Virgin Mobile Festival in Baltimore.
The risk of overlapping talent lineups means that each promoter must try to suffuse his event with a distinct flair. In Michigan, where organizers of the first Rothbury festival (July 3 to 6) have booked the Dave Matthews Band, John Mayer and Snoop Dogg, fans can attend yoga sessions or sit in on a discussion of energy independence with a Stanford professor.
But there is no guarantee that all the events will survive. Promoters of a planned festival in Vineland, N.J., canceled it to avoid direct competition with All Points West. Sales at some of the new events have been uneven, promoters say. The Mile High Music Festival in Denver (July 19 and 20), featuring the Dave Matthews Band and John Mayer, is regarded as a breakout hit; the outlook for All Points West, featuring Radiohead for two nights and Mr. Johnson on the third, is more uncertain, based on early ticket sales.
The established festivals do not appear to be suffering much. Lollapalooza, which was reimagined as a two-day festival in the lakeside Grant Park in Chicago in 2005 after sputtering as a touring attraction, is seen as an especially strong draw this year (Aug. 1 to 3), with Radiohead, Nine Inch Nails, Rage Against the Machine and Kanye West among the acts.
Charlie Walker, a partner in C3 Presents, Lollapalooza’s promoter, said sales were roughly 15 percent ahead of last year, with three-day tickets selling for $175 to $205.
“It’s a big marketplace,” he said. “We’ve got a little ways to go before we see any saturation.”
The Coachella Valley Music and Arts Festival, which began in 1999 at a polo field in the desert two hours from Los Angeles, stunned fans this week by adding Prince to a lineup that had been branded as underwhelming. (The event’s previously announced headliners included Roger Waters, Portishead and Mr. Johnson). Organizers of the festival, which runs from April 25 to 27 and customarily draws as many as 60,000 people a day, said before the Prince announcement that they were not concerned that it had not yet sold out. Last year’s edition sold out in February, mainly because of its booking of a reunited Rage Against the Machine, an event that Coachella’s promoter, Paul Tollett, called “an anomaly.”
All the festivals, however, are coping with another X factor: whether the faltering economy will dampen ticket sales. That has not stopped organizers from trying to woo well-heeled fans and corporate clients. Lollapalooza offers private cabanas, with an all-day buffet, for $25,000 and up for parties of 20 or more. Bonnaroo, held on several hundred acres of Tennessee farmland, where fans camp for the weekend (June 12 to 15), is marketing V.I.P. passes, which include access to a private prefestival party and special restroom and shower facilities, for $1,169.50 per pair. (Scheduled bands include Pearl Jam and Metallica.)
In general, rock festivals have built their reputations by offering fans the chance to pack months of club crawling into one weekend and discover new favorites. But some talent managers caution against the idea that emerging acts can build their names through playing the full complement of festivals, where artist sets are sometimes abbreviated, and fans can be distracted.
Mike Martinovich, who manages the rock group My Morning Jacket, said the band had agreed to play the two most established festivals, Coachella and Bonnaroo, and turned down other offers to keep from seeming like too much of a commodity. “Doing a whole tour of festivals would be disastrous,” he said.
And some promoters worry that similar talent lineups will limit the festivals’ collective appeal. Mr. Tollett said the fear was “that it could become homogenized, and everyone have the same bill and the same sort of feel at the festival.”
“If every one of them is just a McFranchise,” he added, “there’s a specialness that’ll be lost.”
http://www.nytimes.com/2008/04/11/ar...ic/11fest.html
Does Streaming Lift Music Sales?
Greg Sandoval
Free streaming music turns people on to new music and encourages them to buy, says social-networking site Last.fm. In the music industry, this will not come as a huge revelation.
Last.fm, acquired by CBS last May, announced Wednesday that since the company launched its on-demand streaming service two months ago, CD and download sales through its partnership with Amazon.com have more than doubled.
So what does that mean?
Music discovery continues to be one of digital music's greatest vulnerabilities. Nobody has come up with a sure or simple way to help people wade through the millions of tracks available on the Web. Last.fm's numbers seem to confirm long-held beliefs of many that enabling people to sample full-length tracks is one way to spur demand.
So Last.fm can take pride in knowing it was early to an offering that some music fans might find useful--albeit one that isn't exclusive to Last.fm.
Indeed, when it comes to allowing users to test drive music before they buy, Last.fm is definitely in the back seat. Imeem offers unlimited plays while London-based Last.fm only allows a user to listen to an individual song three times.
In addition, MySpace.com is preparing to launch its own streaming service that will offer unlimited plays.
Christian Ward, a Last.fm spokesman, said the company is talking to the labels about rolling back some of the restrictions, presumably the three-play rule.
"We wanted to see how this service works first," Ward said. "(The spike in sales) will encourage more discussion about pushing those limits back."
Ward added that his company isn't worried much about competitors. He said what separates Last.fm from the others is its music-discovery engine that can suggest songs based on what a user has listened to in the past.
"Offering free access to music is one thing but finding your way through all that is another," Ward said. "Music discovery is a lot easier on Last.fm."
http://www.news.com/8301-10784_3-991...l?tag=nefd.top
Mariah Carey Surpasses Elvis With New #1 Single
FMQB
Mariah Carey has made history with her latest single "Touch My Body." Carey toppled Elvis Presley's 50+ year Billboard Hot 100 record by achieving the 18th #1 single of her career. Presley had held the #2 spot with 17 #1 singles since Billboard's inception of the Hot 100 in 1958. Mariah is now well on pace to surpass the current record holders, The Beatles, who have 20 #1 hit songs.
"Touch My Body" had a record-setting debut sales week of 286,000 downloads on the Billboard digital hot songs chart, and reached a Hot 100 Airplay radio audience of over 115 million. All the attention is sure to pave the way for impressive sales of her new album E=MC˛, which hits stores April 15. Fans who currently pre-order the album on iTunes will instantly receive a copy of "Touch My Body."
Mariah is scheduled for two American Idol appearances this month (April 9 and 16) as well as a visit on the all mighty Oprah show on April 14.
E=MC˛ is Mariah's 11th studio album and was executive produced by the singer and Island Def Jam Chairman Antonio "LA" Reid. Guest producers include Jermaine Dupri, DJ Toomp, Stargate, will.i.am, Bryan Michael Cox, Nate "Danjahandz" Hills and James Poyser.
http://fmqb.com/Article.asp?id=641741
Music Social Networking Site Imeem Buys Snocap
AP
Music social networking Web site operator imeem Inc. said Monday it has agreed to acquire Snocap Inc., the digital content tracking company founded by Napster creator Shawn Fanning.
San Francisco-based Imeem did not disclose financial terms of the deal.
Snocap developed a digital fingerprinting technology that checks media files uploaded to a Web site against a registry of copyrighted works to determine if a song has been cleared for playback in its entirety online.
It also tracks payments to record labels and artists whose music is streamed on sites like imeem.
In addition, Snocap powers technology that lets users of News Corp.'s MySpace sell downloads of original music directly through their MySpace Web pages.
Snocap's technology for buying music downloads on MySpace will continue to be operated by imeem.
Fanning, who created the Napster online file-sharing service as a college student, founded Snocap in 2002.
He was a member of the board of directors but had not been active in the company in recent years.
In October, the San Francisco-based company cut its work force by nearly half so it could focus on selling itself.
http://www.siliconvalley.com/news/ci_8841580
Facebook to Settle Thorny Lawsuit Over Its Origins
Brad Stone
Facebook is close to putting an uncomfortable and embarrassing legal episode behind it.
A person briefed on the status of dueling lawsuits between Facebook and the competing site ConnectU said on Sunday that Facebook was finalizing a settlement with the founders of ConnectU — brothers Cameron and Tyler Winklevoss and their colleague, Divya Narendra.
The ConnectU founders were accusing Mark Zuckerberg and the original crew behind Facebook of pilfering their profitable idea back in 2003, when they were all Harvard students. Facebook had filed a countersuit, accusing ConnectU of unfair business practices.
Terms of the settlement were not disclosed. In the meantime, all motions in the case against ConnectU have been terminated.
ConnectU did not immediately respond to an e-mail message requesting comment. A California federal judge had ordered the parties into mediation last year.
The ConnectU founders asserted that they hired Mr. Zuckerberg, then a sophomore at Harvard, in 2003 to help create a campus-wide dating site called Harvard Connection. They say that he stalled on the project for months while nurturing his own idea and ultimately starting TheFacebook.com. The case cast doubts on Mr. Zuckerberg’s ingenuity, and discovery efforts turned up some embarrassing material — like his diary. Facebook clearly needed to make the suit go away before a widely expected initial public offering that could come as early as next year.
A Facebook spokeswoman said the company would not comment on legal matters. But the person briefed on the status of the negotiations said motions to dismiss the cases were expected to be filed “within weeks.”
http://bits.blogs.nytimes.com/2008/0.../index.html?hp
Is Content Worthless?
Jonathan Handel
"Content is king," many people believe, meaning that films, television shows, music, news and information are more profitable assets than the technology used to deliver them. But there's an older, cautionary aphorism that applies as well: "Uneasy lies the head that wears the crown." Content may be king, but, ironically, its perceived value today is being driven towards zero. In the eyes of consumers, content is becoming a commodity -- more a commoner than a king.
Everyone focuses on piracy, but there actually six related reasons for the devaluation of content. The first is supply and demand. Demand -- the number of consumers and their available leisure time - is relatively constant, but supply -- online content -- has grown enormously in the last decade. Some of this is professional content set free from boundaries of time and space, now available worldwide, anytime, and usually at no cost (whether legally or not). Even more is user generated content (UGC) -- websites, blogs, YouTube videos -- created by non-professionals who don't care whether they get paid, and who themselves pay little or nothing to create and distribute it.
The second is the loss of physical form. It just seems natural to value a physical thing more highly than something intangible. Physical objects have been with us since the beginning of time; distributable intangible content has not. Perhaps for that reason, we tend to focus on per-unit costs (zero for an intangible such as a movie download), while forgetting about fixed costs (such as the cost of making the movie in the first place). Also, and critically, if you steal something tangible, you deny it to the owner; a purloined DVD is no longer available to the merchant, for instance. But if you misappropriate an intangible, it's still there for others to use. That's why, even before the Internet, sneaking into movie theaters -- stealing the right to view a movie -- seemed a mere rite of passage, whereas shoplifting a video did not.
The third reason is that acquiring content is increasingly frictionless. It's often easier, particularly for young people, to access content on the Internet than through traditional means. When it's easier to get something -- when transaction costs decline -- the thing costs less and loses value.
Fourth is that most new media business models are ad-supported rather than pay per view or subscription. If there's no cost to the user, why should consumers see the content as valuable, and if some content is free, why not all of it? True, ads impose a cost in the form of user attention, but many online ads are easily ignored, and, today, even television advertisements can be skipped using TiVo.
Fifth is market forces in the technology industry. Computers, web services, and consumer electronic devices are more valuable when more content is available. In turn, these products make content more usable by providing new distribution channels. Traditional media companies are slow to adopt these new technologies, for fear of cannibalizing revenue from existing channels and offending powerful distribution partners. In contrast, non-professionals, long denied access to distribution, rush to use the new technologies, as do pirates of professional content. As a result, technological innovation reduces the market share of paid professional content.
Finally, there's culture. A generation of users has grown up indifferent or hostile to copyright, particularly in music, movies and software. The reasons for this vary, but in music, for instance, some blame lies at the feet of the music labels, which maintained unrealistically high CD prices and attempted to sue piracy out of existence. Only now, almost ten years after Napster, are the labels offering the non-copy protected MP3's that consumers demand.
All these developments have led to a migration away from paid media. Why buy music when there's so much free music available, albeit much of it pirated? Buy a movie or watch TV on a conventional set? No need, when YouTube and BitTorrent make videos, and pirated movies and TV, free for the asking. Subscribe to a newspaper or magazine? Don't bother; most are free online, and there are literally millions of other sources for news, ranging from blogs like the Huffington Post to user generated content. (Full disclosure: I'm a blogger, which makes me part of the problem.) The TV news? Also becoming irrelevant. And books, magazines and journals? So much information is available online that whole categories of publications seem less important.
It's true that people still consume media the old-fashioned way -- but fewer and fewer do so every day. Most of the content industries are seeing flat or declining revenues and audiences. And these trends are particularly notable among younger people. As a result, the music industry is a shambles; the film and television businesses are running scared; and newspapers are disappearing or instituting cutbacks and layoffs. The handwriting is on the wall, or the laptop screen.
User generated content is often a poor substitute for professional content or traditional media. But that's little comfort. Alternate goods don't have to be perfect substitutes in order to acquire market share at the expense of the competition. And, yes, in some cases, new media make money for creators and companies - but the money's much less than it used to be. As NBC Universal's Jeff Zucker lamented, the content industries are being forced to "trade today's analog dollars for digital pennies."
Another effect is that the market for professional content is becoming more concentrated and less diverse. Thus, at least in some media, audiences are shifting more of their spending to hit properties -- the most popular movies and books, for instance -- to the detriment of specialized content such as art house films and mid-list titles. Similarly, in a trend that predates the Internet but continues today, media businesses are consolidating and becoming conglomerates, as individual companies find it harder and harder to compete.
Some commentators welcome these changes. "Information wants to be free," they say, and more content is good for users. Persuasively, they point to the variety of viewpoints that new technologies bring. That development is indeed valuable -- very much so, in a democracy premised on freedom of speech. But when everyone's a creator, there's less room for high-quality professional content. It's a dilemma with no easy answers. The future of traditional media is murky, but one thing is clear: disruptive change will be with us for many years to come.
http://www.huffingtonpost.com/jonath...s_b_96195.html
In Princeton, an Offline Haven for Music Shoppers Thrives
Peter Applebome
For better or worse, it’s all here.
The used CD of Bruce Springsteen’s “The Rising” already marked down to $1.99 and the five-LP set of Wagner’s “Lohengrin” for $5. That beloved dub (a more heavily produced version of reggae, if that helps) CD by Sly and Robbie and the ancient Big Mama Thornton album with the quietly eloquent title, “Jail.”
There’s plenty of contemporary rap, metal, Goth and hip-hop; DVDs, laser discs, computer games and Blu-rays. But the main appeal of the Princeton Record Exchange is vinyl for all conceivable tastes and then some. The original 3-D album cover of the Stones’ “Their Satanic Majesties Request.” “Cha Cha with Tito Puente at Grossinger’s.” “Brigitte Bardot Sings.” “Hi-Fi Zither.” “The Supremes Sing Rodgers and Hart.”
You can find the Crests, the Clovers, the Aquatones and all the rest somewhere in the 150,000 or so titles scattered around the atmospheric time capsule that Barry Weisfeld started in 1980.
Which makes one wonder, given the supposed broadband pace of change and cultural extinction, what to make of the grungy bustle of Mr. Weisfeld’s place. Of course, we’re more likely to honor things when they’re long past their prime — witness Bob Dylan’s honorary Pulitzer Prize this week, and Martin Scorsese’s homage to the Stones, “Shine a Light.” Still, the lesson of Mr. Weisfeld’s store seems to be that if you’re going to be a dinosaur, be a serious dinosaur.
“A lot of people who come here are obsessed,” said Mr. Weisfeld, a resolutely low-tech guy wearing an incongruous orange Yahoo! cap. “I’ll give you an example. One year, we got a very bizarre collection, world music, international music, whatever you call it, very unusual stuff. We let our customers know, and we sold 500 of the 1,000 in three days. They’re not people looking for Michael Jackson’s ‘Thriller’ or something by Billy Joel.”
The Princeton Record Exchange isn’t the last of the hard-core independents, but it’s definitely part of a dwindling breed. Mr. Weisfeld, 54, got his start, after graduating from the University of Hartford in 1975, on the road, selling LPs at 27 campuses, from Dartmouth College in New Hampshire south to American University in Washington. He slept in his Chevy van and showered at the school gyms before they had morphed into high-security, high-end health emporiums.
He knew he could do that for only so long. He almost opened a shop in Hicksville, on Long Island, then picked Princeton, figuring it was halfway between New York and Philadelphia, had a downtown that people walked around and plenty of students, his prime clientele. Princeton students today are more likely to download music than riffle through stacks of it at a store, and the main drag of Nassau Street these days is filled mostly with pricey boutiques and cafes and upscale chains like Panera Bread and Ralph Lauren, not funky alternative music or bookstores.
But over the years, the Princeton Record Exchange gained a following of local customers and obsessives from near and far — Gene, who plays for a symphony orchestra in Ohio and drives over every few months; Ralph, who owns about 20,000 classical vocal records and takes the train from New Haven once a month. The customers the other night were a varied lot: Chris Roff, a very serious 12-year-old who likes everything but country; Molly Levine and Jessica Hundley, 20-somethings who were friends from high school and looking for modern rock; Chris Gibson, a 43-year-old pharmaceutical salesman from Pittsburgh whose shopping cart was populated by Bill Evans, Warren Zevon and Steely Dan.
Amazingly, the current, appealingly ratty, location, situated just off Nassau on South Tulane Street and decorated in early-dorm room with dorky posters, wood-plank ceiling, gray linoleum and an emaciated gray carpet, is considered a huge improvement from earlier days. That’s also said to be true for the behavior of Mr. Weisfeld’s 20 employees, who pride themselves, like the characters in Nick Hornby’s novel “High Fidelity,” on having way too much knowledge of useless musical trivia. “They don’t roll their eyes anymore,” said Matthew Hersh, 31, a Princeton native and longtime shopper. “They used to be holier than thou. They might still be, but they don’t show it as much.”
In fact, “High Fidelity,” which was made into a movie starring John Cusack, is sort of PREX’s evil twin and bęte noire, the obvious reference point for a place full of obscure music, peopled by a virtually all-male staff of music wonks who can debate the fine points of the Lehigh Valley punk scene. But Jon Lambert, the general manager, says the comparison goes only so far. “That store was always empty,” he noted. “How did it stay in business? You can’t really keep a place like this going if people spend all their time sitting around making lists of their 10 favorite ’60s records about doughnuts and dogs.”
Mr. Lambert said he wondered for years when the bottom would fall out and the store would finally be washed away by the wonders of the digital age. But last year, Mr. Weisfeld signed a new 10-year lease. Mr. Lambert figures that in the end, people may like downloads, but they also like to browse, appreciate something tangible, like the weird cult-like atmospherics of a store full of like-minded obsessives. Lots of things change, but not everything does.
“It’s a cold, sterile world on the Internet, and people get an experience here you can’t get online,” he said. “If there are five stores left standing, I think we can be one of them.”
http://www.nytimes.com/2008/04/10/nyregion/10towns.html
Until next week,
-
js.
Current Week In Review
Recent WiRs -
April 5th,
March 29th,
March 22nd,
March 15th,
March 8th,
March 1st
Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments or questions in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.
"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public." - Hugo Black