Friday, January 28, 2005
Russell Simmons wants to do your taxes
Intuit has teamed with hip-hop impresario and business executive Russell Simmons to offer a new tax filing service aimed at young taxpayers.
Using the new service, customers can prepare and electronically file their taxes using Intuit's TurboTax software and receive any refunds within 10 days, Intuit said Thursday. The refunds can be deposited into a bank account or a Rush Visa card from UniRush Financial Services, a company founded by Simmons. By using the Rush Visa card, people can eliminate check-cashing fees, according Simmons.
'A number of young adults either do not have bank accounts, or are at risk of falling into credit card debt,' Simmons said in a statement. 'Through this alliance, we are offering them, along with our existing base of nearly half a million cardholders, the opportunity to e-file their tax returns and receive their refunds via direct deposit onto the Rush card.'
The service, which is available through a new Web site called TTRefund.com, costs $5.95. The fee for Visa card activation is $19.95.
Intuit has been looking for ways to boost sales of its tax products. The company announced Wednesday that season-to-date sales for its tax products and services had declined by 1 percent compared with a year earlier.
Intuit is one of several software companies partnering with the Internal Revenue Service to facilitate electronic filing of tax returns. These companies are targeting their services at different segments of tax-paying citizens.
Intuit teams up with hip-hop king Russell Simmons | CNET News.com:
Using the new service, customers can prepare and electronically file their taxes using Intuit's TurboTax software and receive any refunds within 10 days, Intuit said Thursday. The refunds can be deposited into a bank account or a Rush Visa card from UniRush Financial Services, a company founded by Simmons. By using the Rush Visa card, people can eliminate check-cashing fees, according Simmons.
'A number of young adults either do not have bank accounts, or are at risk of falling into credit card debt,' Simmons said in a statement. 'Through this alliance, we are offering them, along with our existing base of nearly half a million cardholders, the opportunity to e-file their tax returns and receive their refunds via direct deposit onto the Rush card.'
The service, which is available through a new Web site called TTRefund.com, costs $5.95. The fee for Visa card activation is $19.95.
Intuit has been looking for ways to boost sales of its tax products. The company announced Wednesday that season-to-date sales for its tax products and services had declined by 1 percent compared with a year earlier.
Intuit is one of several software companies partnering with the Internal Revenue Service to facilitate electronic filing of tax returns. These companies are targeting their services at different segments of tax-paying citizens.
Intuit teams up with hip-hop king Russell Simmons | CNET News.com:
Tuesday, January 25, 2005
Now is the time to purchase PC-based HDTV receivers (before they are outlawed).
The Federal Communications Commission took a historic step this week toward limiting piracy of digital television signals, enacting regulations that will affect not only consumer-electronics manufacturers, but Silicon Valley companies as well.
Starting in mid-2005, it will become illegal to sell or distribute any product that can receive certain digital TV streams--unless it includes government-approved copy protection.
Former FCC Chairman Michael Powell called Tuesday's decision "an important step toward preserving the viability of free over-the-air television." Commissioner Kathleen Abernathy said that "by protecting against digital piracy, we also encourage entertainment companies to deliver, via free over-the-air broadcast, (their) most valuable programs."
What FCC officials did not stress, but their regulations do, is that the product definitions are broad enough to cover not just TV tuners but also PCs. "This necessarily includes PC and (information technology) products that are used for off-air DTV (digital television) reception," the FCC's order says.
As convergence between media types accelerates and traditional divisions become more porous, the FCC's regulations will expand to sweep in far more than just the television sets in America's living rooms. Media center PCs, handheld devices with television receivers and other gadgets will also be affected and will likely have higher price tags.
This represents a landmark victory for the Motion Picture Association of America (MPAA), which had pressed the FCC to enact regulations that were broad enough to cover more than just digital televisions. The MPAA and TV networks had steadfastly argued that without some form of technological protection, they were unwilling to risk airing high-quality HDTV signals because the broadcasts would be pirated on the Internet. In a statement, the MPAA hailed the decision as "a big victory for consumers and the preservation of high value over-the-air free broadcasting."
Will Rodger, director of public policy at the Computer and Communications Industry Association (CCIA), said the rule is troubling because it means the FCC is encroaching on a technological sector that has flourished in the absence of regulation. (CCIA's members include America Online, Sun Microsystems, Nokia, Kodak and Fujitsu.)
"The immediate effect isn't so huge," Rodger said. "What it really affects is the tuner cards that go into your computer. But there's a real slippery slope here. This is going to draw the FCC into the Internet, unless it makes a conscious decision not to go there...It's difficult to see how the FCC and the government won't get more directly involved in designing hardware, routers and other devices."
From Hollywood's perspective, billions of dollars are at stake in the struggle, with peer-to-peer piracy threatening to erode video sales and make movie theaters a less-attractive option. Its strategy has been to seek anticopying technology in computer and electronics hardware, either through industry deals or government mandates--a move that's anathema to tech companies, which worry about problematic technology requirements and customer rejection.
Industry experiments with copy-protection schemes have faltered in the past. Copy protection was wildly popular among software vendors in the 1980s, but fell out of favor after hard drives replaced floppy drives, rendering anticopying technology less effective. In the late 1990s, Circuit City attempted a pay-per-view variation of DVD known as Divx, but quickly shuttered the experiment when customers failed to materialize. More recently, music labels have issued CDs with copy locks that have led to complaints from some customers over incompatibility with some CD player models and alleged damage to computers.
The FCC's order represents a rekindling of the cold war between Hollywood and Silicon Valley. Tempers flared early last year when Sen. Fritz Hollings, D-S.C., and the MPAA suggested forcibly implanting copy-protection technology in any device with a microprocessor--from digital watches to handheld devices and full-fledged multimedia PCs. After Silicon Valley CEOs stridently opposed the measure, reminding Congress and anyone else who would listen that technology companies flourish in a market without government-mandated protocols and designs, the measure stalled.
Hardware makers hurt
Three computer hardware makers contacted by CNET News.com on Wednesday said that the FCC's order would require them to redesign or stop selling their current products.
"This was designed to absolutely kill the computer," said Cliff Watson, a senior engineer at Digital Connection, a small business in Huntington Beach, Calif., which sells an HDTV PCI card. "It will kill the computer because the actual implementation of the ruling is so bloody restrictive."
According to the FCC's 72-page order, every product sold in the United States that can receive either DTV broadcasts or DTV streams must be able to recognize an ATSC DTV "broadcast flag." Broadcasters are not required to flag their content, and the FCC rejected suggestions that news shows and educational programming must be broadcast without the flag.
Watson, who says Digital Connection will stop selling its card after the FCC's deadline, said the order "totally eliminates the ability to send that (HDTV) data over a PCI bus to a Firewire port or to a digital VHS recorder--except in analog format." PC HDTV cards typically sell for between $150 and $350 each.
After July 2005, it will become illegal to "sell or distribute" any product capable of receiving broadcast-flagged shows unless the product complies with the FCC's regulations. Such products may only handle flagged broadcasts in specific ways set by the government. Those essentially include delivering analog output without copy protection, digital output to a few low-end displays, or high-quality digital output to devices that also adhere to the broadcast flag specification.
In general, consumers will be able to record broadcast-flagged shows and movies, but will only be able to play them back on the same device. The regulations specify that all devices must uniquely link "such recording with a single covered demodulator product, using a cryptographic protocol or other effective means, so that such recording cannot be accessed in usable form by another product."
Dewey Weaver, president of HDTV card-maker accessDTV, said he's still studying the FCC's order. But he warned that "now is the time to purchase PC-based HDTV receivers (before they are outlawed). Ultimately, the increased cost and inconvenience of broadcast-flag implementation will be borne by the consumer."
Hauppauge Computer Works will be forced to redesign its WinTV-HD product so it will no longer permit the recording of HDTV video to a computer hard drive, CEO Ken Plotkin said.
Plotkin said that, thanks to the FCC, consumers will enjoy fewer features as a result. "This will eliminate the ability to 'program pause' TV shows with the broadcast flag," he said. "And Electronic Program Guides might try to record a program, but if the program is broadcast with the broadcast flag, when the user tries to play the program back it will not be available.
The FCC explicitly precluded sending unencrypted video to a PC. Protected broadcasts may not be "passed in unencrypted, compressed form via a User Accessible Bus," the regulations say, where such a bus is defined as a PCMCIA or PCI card that "facilitates end user access."
Raise the flag and see who salutes
Under the FCC's 3-2 decision, which drew partial dissents from Commissioners Michael Copps and Jonathan Adelstein, covered products must comply with the requirements by July 1, 2005.
The future of the FCC's regulations is hardly certain, however. Some members of Congress say the commission has gone beyond its charter and is making decisions that should properly be handled on Capitol Hill.
The rules "may impact the Copyright Act and involve my subcommittee's jurisdiction," Rep. Lamar Smith, R-Texas, chairman of the House subcommittee that oversees copyright law, said in a statement Wednesday. "The subcommittee will reserve judgment until we undertake a complete review of the published rule and determine if the Copyright Act is affected." That echoes similar statements from Smith in June.
In a September interview with CNET News.com, FCC Chairman Powell said he has "actually had more pressure from Congress to act than not, partly because it's just really been something the industry has been unable to solve." On Wednesday, House Energy and Commerce Committee Chairman Billy Tauzin, R-La., applauded the FCC regulations as "yet another important step to bring digital television to American consumers."
CCIA and other opponents, such as the Consumer Electronics Association and the nonprofit group Public Knowledge, had urged the FCC to curb the rules' scope and also argued that existing copyright law limits the commission's ability to impose technological mandates on IT hardware makers. The FCC rejected those requests.
Starting in mid-2005, it will become illegal to sell or distribute any product that can receive certain digital TV streams--unless it includes government-approved copy protection.
Former FCC Chairman Michael Powell called Tuesday's decision "an important step toward preserving the viability of free over-the-air television." Commissioner Kathleen Abernathy said that "by protecting against digital piracy, we also encourage entertainment companies to deliver, via free over-the-air broadcast, (their) most valuable programs."
What FCC officials did not stress, but their regulations do, is that the product definitions are broad enough to cover not just TV tuners but also PCs. "This necessarily includes PC and (information technology) products that are used for off-air DTV (digital television) reception," the FCC's order says.
As convergence between media types accelerates and traditional divisions become more porous, the FCC's regulations will expand to sweep in far more than just the television sets in America's living rooms. Media center PCs, handheld devices with television receivers and other gadgets will also be affected and will likely have higher price tags.
This represents a landmark victory for the Motion Picture Association of America (MPAA), which had pressed the FCC to enact regulations that were broad enough to cover more than just digital televisions. The MPAA and TV networks had steadfastly argued that without some form of technological protection, they were unwilling to risk airing high-quality HDTV signals because the broadcasts would be pirated on the Internet. In a statement, the MPAA hailed the decision as "a big victory for consumers and the preservation of high value over-the-air free broadcasting."
Will Rodger, director of public policy at the Computer and Communications Industry Association (CCIA), said the rule is troubling because it means the FCC is encroaching on a technological sector that has flourished in the absence of regulation. (CCIA's members include America Online, Sun Microsystems, Nokia, Kodak and Fujitsu.)
"The immediate effect isn't so huge," Rodger said. "What it really affects is the tuner cards that go into your computer. But there's a real slippery slope here. This is going to draw the FCC into the Internet, unless it makes a conscious decision not to go there...It's difficult to see how the FCC and the government won't get more directly involved in designing hardware, routers and other devices."
From Hollywood's perspective, billions of dollars are at stake in the struggle, with peer-to-peer piracy threatening to erode video sales and make movie theaters a less-attractive option. Its strategy has been to seek anticopying technology in computer and electronics hardware, either through industry deals or government mandates--a move that's anathema to tech companies, which worry about problematic technology requirements and customer rejection.
Industry experiments with copy-protection schemes have faltered in the past. Copy protection was wildly popular among software vendors in the 1980s, but fell out of favor after hard drives replaced floppy drives, rendering anticopying technology less effective. In the late 1990s, Circuit City attempted a pay-per-view variation of DVD known as Divx, but quickly shuttered the experiment when customers failed to materialize. More recently, music labels have issued CDs with copy locks that have led to complaints from some customers over incompatibility with some CD player models and alleged damage to computers.
The FCC's order represents a rekindling of the cold war between Hollywood and Silicon Valley. Tempers flared early last year when Sen. Fritz Hollings, D-S.C., and the MPAA suggested forcibly implanting copy-protection technology in any device with a microprocessor--from digital watches to handheld devices and full-fledged multimedia PCs. After Silicon Valley CEOs stridently opposed the measure, reminding Congress and anyone else who would listen that technology companies flourish in a market without government-mandated protocols and designs, the measure stalled.
Hardware makers hurt
Three computer hardware makers contacted by CNET News.com on Wednesday said that the FCC's order would require them to redesign or stop selling their current products.
"This was designed to absolutely kill the computer," said Cliff Watson, a senior engineer at Digital Connection, a small business in Huntington Beach, Calif., which sells an HDTV PCI card. "It will kill the computer because the actual implementation of the ruling is so bloody restrictive."
According to the FCC's 72-page order, every product sold in the United States that can receive either DTV broadcasts or DTV streams must be able to recognize an ATSC DTV "broadcast flag." Broadcasters are not required to flag their content, and the FCC rejected suggestions that news shows and educational programming must be broadcast without the flag.
Watson, who says Digital Connection will stop selling its card after the FCC's deadline, said the order "totally eliminates the ability to send that (HDTV) data over a PCI bus to a Firewire port or to a digital VHS recorder--except in analog format." PC HDTV cards typically sell for between $150 and $350 each.
After July 2005, it will become illegal to "sell or distribute" any product capable of receiving broadcast-flagged shows unless the product complies with the FCC's regulations. Such products may only handle flagged broadcasts in specific ways set by the government. Those essentially include delivering analog output without copy protection, digital output to a few low-end displays, or high-quality digital output to devices that also adhere to the broadcast flag specification.
In general, consumers will be able to record broadcast-flagged shows and movies, but will only be able to play them back on the same device. The regulations specify that all devices must uniquely link "such recording with a single covered demodulator product, using a cryptographic protocol or other effective means, so that such recording cannot be accessed in usable form by another product."
Dewey Weaver, president of HDTV card-maker accessDTV, said he's still studying the FCC's order. But he warned that "now is the time to purchase PC-based HDTV receivers (before they are outlawed). Ultimately, the increased cost and inconvenience of broadcast-flag implementation will be borne by the consumer."
Hauppauge Computer Works will be forced to redesign its WinTV-HD product so it will no longer permit the recording of HDTV video to a computer hard drive, CEO Ken Plotkin said.
Plotkin said that, thanks to the FCC, consumers will enjoy fewer features as a result. "This will eliminate the ability to 'program pause' TV shows with the broadcast flag," he said. "And Electronic Program Guides might try to record a program, but if the program is broadcast with the broadcast flag, when the user tries to play the program back it will not be available.
The FCC explicitly precluded sending unencrypted video to a PC. Protected broadcasts may not be "passed in unencrypted, compressed form via a User Accessible Bus," the regulations say, where such a bus is defined as a PCMCIA or PCI card that "facilitates end user access."
Raise the flag and see who salutes
Under the FCC's 3-2 decision, which drew partial dissents from Commissioners Michael Copps and Jonathan Adelstein, covered products must comply with the requirements by July 1, 2005.
The future of the FCC's regulations is hardly certain, however. Some members of Congress say the commission has gone beyond its charter and is making decisions that should properly be handled on Capitol Hill.
The rules "may impact the Copyright Act and involve my subcommittee's jurisdiction," Rep. Lamar Smith, R-Texas, chairman of the House subcommittee that oversees copyright law, said in a statement Wednesday. "The subcommittee will reserve judgment until we undertake a complete review of the published rule and determine if the Copyright Act is affected." That echoes similar statements from Smith in June.
In a September interview with CNET News.com, FCC Chairman Powell said he has "actually had more pressure from Congress to act than not, partly because it's just really been something the industry has been unable to solve." On Wednesday, House Energy and Commerce Committee Chairman Billy Tauzin, R-La., applauded the FCC regulations as "yet another important step to bring digital television to American consumers."
CCIA and other opponents, such as the Consumer Electronics Association and the nonprofit group Public Knowledge, had urged the FCC to curb the rules' scope and also argued that existing copyright law limits the commission's ability to impose technological mandates on IT hardware makers. The FCC rejected those requests.
Tuesday, January 18, 2005
Police can add GPS to your car without you knowing
Gotta love GPS. But I’d also be the first to admit that GPS has vast potential for abuse in the wrong hands, and by this, I mean of course, government and law-enforcement agencies. News.com has a good analysis of current privacy and civil rights issues related to the use of GPS by cops and Feds, including last week’s ruling by a New York judge that it’s okay for cops to plant GPS units on people they want to tail, without getting a court order or notifying the suspect. And experts quoted by News.com say they expect the Supreme Court to eventually validate such decisions. “The court has a very narrow and crabbed understanding of privacy. If something’s not totally secret, you don’t have a reasonable expectation of privacy,” says Dan Solove, a law professor at George Washington University. Looks like you’d better get ready for Big Brother to be with you 24/7, wherever you go.
Monday, January 17, 2005
Rat cells grown on silicon: Let the twisted experiments begin
A group of scientists have successfully grafted rat cells onto silicon, creating mini cyber beasts that move as the living cells contract. What’s more, the living cells are successfully growing on the microscopic silicon chips. They say this could be the beginning of a whole new kind of creature, half silicon, half biological cell. We don’t have any pictures, but the descriptions are straight out of a Cronenberg nightmare: “A microdevice had two ‘legs’ extending from the body at 45-degree angles; each leg had a ‘foot’ extending at a 45-degree angle.” Yum.
Thursday, January 13, 2005
Yahoo! It's a Boy! SIKE!!!!
A Romanian tabloid says it has fired a reporter for making up a story about a couple who named their son Yahoo as a sign of gratitude for meeting over the Internet. Earlier this month, major Bucharest daily Libertatea published a story saying two Romanians had named their baby Yahoo and printed a picture of his birth certificate. The news was widely picked up on the Internet.
"It was the reporter's child's birth certificate, which he modified," said Simona Ionescu, Libertatea's deputy editor-in-chief on Monday. "We fired him." She said Ion Garnod, who had worked for the paper for several years, had admitted inventing the story to look good. "If it were real, it would have been a good story indeed," Ionescu said. Garnod was not available for comment.
-------- DONT BELIEVE EVERYTHING YOU READ
"BUCHAREST (Reuters) - A Romanian couple named their son Yahoo as a sign of gratitude for meeting over the Internet, a Bucharest newspaper said Thursday.
Daily Libertatea said Cornelia and Nonu Dragoman, both from Transylvania, met and decided they were meant for each other following a three-month relationship over the net.
They married and had a baby this Christmas, whom they decided to name after one of the worldwide web's most popular portals. 'We named him Lucian Yahoo after my father and the net, the main beacon of my life,' Cornelia Dragoman was quoted as saying."
"It was the reporter's child's birth certificate, which he modified," said Simona Ionescu, Libertatea's deputy editor-in-chief on Monday. "We fired him." She said Ion Garnod, who had worked for the paper for several years, had admitted inventing the story to look good. "If it were real, it would have been a good story indeed," Ionescu said. Garnod was not available for comment.
-------- DONT BELIEVE EVERYTHING YOU READ
"BUCHAREST (Reuters) - A Romanian couple named their son Yahoo as a sign of gratitude for meeting over the Internet, a Bucharest newspaper said Thursday.
Daily Libertatea said Cornelia and Nonu Dragoman, both from Transylvania, met and decided they were meant for each other following a three-month relationship over the net.
They married and had a baby this Christmas, whom they decided to name after one of the worldwide web's most popular portals. 'We named him Lucian Yahoo after my father and the net, the main beacon of my life,' Cornelia Dragoman was quoted as saying."
Wednesday, January 12, 2005
Hacker penetrates T-Mobile systems
A sophisticated computer hacker had access to servers at wireless giant T-Mobile for at least a year, which he used to monitor U.S. Secret Service e-mail, obtain customers' passwords and Social Security numbers, and download candid photos taken by Sidekick users, including Hollywood celebrities, SecurityFocus has learned.
Twenty-one year-old Nicolas Jacobsen was quietly charged with the intrusions last October, after a Secret Service informant helped investigators link him to sensitive agency documents that were circulating in underground IRC chat rooms. The informant also produced evidence that Jacobsen was behind an offer to provide T-Mobile customers' personal information to identity thieves through an Internet bulletin board, according to court records.
Jacobsen could access information on any of the Bellevue, Washington-based company's 16.3 million customers, including many customers' Social Security numbers and dates of birth, according to government filings in the case. He could also obtain voicemail PINs, and the passwords providing customers with Web access to their T-Mobile e-mail accounts. He did not have access to credit card numbers.
The case arose as part of the Secret Service's "Operation Firewall" crackdown on Internet fraud rings last October, in which 19 men were indicted for trafficking in stolen identity information and documents, and stolen credit and debit card numbers. But Jacobsen was not charged with the others. Instead he faces two felony counts of computer intrusion and unauthorized impairment of a protected computer in a separate, unheralded federal case in Los Angeles, currently set for a February 14th status conference.
The government is handling the case well away from the spotlight. The U.S. Secret Service, which played the dual role of investigator and victim in the drama, said Tuesday it couldn't comment on Jacobsen because the agency doesn't discuss ongoing cases-- a claim that's perhaps undermined by the 19 other Operation Firewall defendants discussed in a Secret Service press release last fall. Jacobsen's prosecutor, assistant U.S. attorney Wesley Hsu, also declined to comment. "I can't talk about it," Hsu said simply. Jacobsen's lawyer didn't return a phone call.
T-Mobile, which apparently knew of the intrusions by July of last year, has not issued any public warning. Under California's anti-identity theft law "SB1386," the company is obliged to notify any California customers of a security breach in which their personally identifiable information is "reasonably believed to have been" compromised. That notification must be made in "the most expedient time possible and without unreasonable delay," but may be postponed if a law enforcement agency determines that the disclosure would compromise an investigation.
Company spokesman Peter Dobrow said Tuesday that nobody at T-Mobile was available to comment on the matter.
Cat and Mouse Game
According to court records the massive T-Mobile breach first came to the government's attention in March 2004, when a hacker using the online moniker "Ethics" posted a provocative offer on muzzfuzz.com, one of the crime-facilitating online marketplaces being monitored by the Secret Service as part of Operation Firewall.
"[A]m offering reverse lookup of information for a t-mobile cell phone, by phone number at the very least, you get name, ssn, and DOB at the upper end of the information returned, you get web username/password, voicemail password, secret question/answer, sim#, IMEA#, and more," Ethics wrote.
The Secret Service contacted T-Mobile, according to an affidavit filed by cyber crime agent Matthew Ferrante, and by late July the company had confirmed that the offer was genuine: a hacker had indeed breached their customer database,
At the same time, agents received disturbing news from a prized snitch embedded in the identity theft and credit card fraud underground. Unnamed in court documents, the informant was an administrator and moderator on the Shadowcrew site who'd been secretly cooperating with the government since August 2003 in exchange for leniency. By all accounts he was a key government asset in Operation Firewall.
On July 28th the informant gave his handlers proof that their own sensitive documents were circulating in the underground marketplace they'd been striving to destroy. He'd obtained a log of an IRC chat session in which a hacker named "Myth" copy-and-pasted excerpts of an internal Secret Service memorandum report, and a Mutual Legal Assistance Treaty from the Russian Federation. Both documents are described in the Secret Service affidavit as "highly sensitive information pertaining to ongoing USSS criminal cases."
At the agency's urging, the informant made contact with Myth, and learned that the documents represented just a few droplets in a full-blown Secret Service data spill. The hacker knew about Secret Service subpoenas relating to government computer crime investigations, and even knew the agency was monitoring his own ICQ chat account.
Myth refused to identify the source of his informational largesse, but agreed to arrange an introduction. The next day Myth, the snitch, and a third person using the nickname "Anonyman" met on an IRC channel. Over the following days, the snitch gained the hacker's trust, and the hacker confirmed that he and Ethics were one and the same. Ethics began sharing Secret Service documents and e-mails with the informant, who passed them back to the agency.
Honeypot Proxy
By August 5th the agents already had a good idea what was going on, when Ethics made a fateful mistake. The hacker asked the Secret Service informant for a proxy server -- a host that would pass through Web connections, making them harder to trace. The informant was happy to oblige. The proxy he provided, of course, was a Secret Service machine specially configured for monitoring, and agents watched as the hacker surfed to "My T-Mobile," and entered a username and password belonging to Peter Cavicchia, a Secret Service cyber crime agent in New York.
Cavicchia was the agent who last year spearheaded the investigation of Jason Smathers, a former AOL employee accused of stealing 92 million customer e-mail addresses from the company to sell to a spammer. The agent was also an adopter of mobile technology, and he did a lot of work through his T-Mobile Sidekick -- an all-in-one cellphone, camera, digital organizer and e-mail terminal. The Sidekick uses T-Mobile servers for e-mail and file storage, and the stolen documents had all been lifted from Cavicchia's T-Mobile account, according to the affidavit. (Cavicchia didn't respond to an e-mail query from SecurityFocus Tuesday.)
By that time the Secret Service already had a line on Ethic's true identity. Agents had the hacker's ICQ number, which he'd used to chat with the informant. A Web search on the number turned up a 2001 resume for the then-teenaged Jacobsen, who'd been looking for a job in computer security. The e-mail address was listed as ethics@netzero.net.
The trick with the proxy honeypot provided more proof of the hacker's identity: the server's logs showed that Ethics had connected from an IP address belonging to the Residence Inn Hotel in Buffalo, New York. When the Secret Service checked the Shadowcrew logs through a backdoor set up for their use -- presumably by the informant -- they found that Ethics had logged in from the same address. A phone call to the hotel confirmed that Nicolas Jacobsen was a guest.
Snapshots Compromised
Eight days later, on October 27th, law enforcement agencies dropped the hammer on Operation Firewall, and descended on fraud and computer crime suspects across eight states and six foreign countries, arresting 28 of them. Jacobsen, then living in an apartment in Santa Ana in Southern California, was taken into custody by the Secret Service. He was later released on bail with computer use restrictions.
Jacobsen lost his job at Pfastship Logistics, an Irvine, California company where he worked as a network administrator, and he now lives in Oregon.
The hacker's access to the T-Mobile gave him more than just Secret Service documents. A friend of Jacobsen's says that prior to his arrest, Jacobsen provided him with digital photos that he claimed celebrities had snapped with their cell phone cameras. "He basically just said there was flaw in the way the cell phone servers were set up," says William Genovese, a 27-year-old hacker facing unrelated charges for allegedly selling a copy of Microsoft's leaked source code for $20.00. Genovese provided SecurityFocus with an address on his website featuring what appears to be grainy candid shots of Demi Moore, Ashton Kutcher, Nicole Richie, and Paris Hilton.
The swiped images are not mentioned in court records, but a source close to the defense confirmed Genovese's account, and says Jacobsen amused himself and others by obtaining the passwords of Sidekick-toting celebrities from the hacked database, then entering their T-Mobile accounts and downloading photos they'd taken with the wireless communicator's built-in camera.
The same source also offers an explanation for the secrecy surrounding the case: the Secret Service, the source says, has offered to put the hacker to work, pleading him out to a single felony, then enlisting him to catch other computer criminals in the same manner in which he himself was caught. The source says that Jacobsen, facing the prospect of prison time, is favorably considering the offer.
SecurityFocus HOME News: Hacker penetrates T-Mobile systems
Twenty-one year-old Nicolas Jacobsen was quietly charged with the intrusions last October, after a Secret Service informant helped investigators link him to sensitive agency documents that were circulating in underground IRC chat rooms. The informant also produced evidence that Jacobsen was behind an offer to provide T-Mobile customers' personal information to identity thieves through an Internet bulletin board, according to court records.
Jacobsen could access information on any of the Bellevue, Washington-based company's 16.3 million customers, including many customers' Social Security numbers and dates of birth, according to government filings in the case. He could also obtain voicemail PINs, and the passwords providing customers with Web access to their T-Mobile e-mail accounts. He did not have access to credit card numbers.
The case arose as part of the Secret Service's "Operation Firewall" crackdown on Internet fraud rings last October, in which 19 men were indicted for trafficking in stolen identity information and documents, and stolen credit and debit card numbers. But Jacobsen was not charged with the others. Instead he faces two felony counts of computer intrusion and unauthorized impairment of a protected computer in a separate, unheralded federal case in Los Angeles, currently set for a February 14th status conference.
The government is handling the case well away from the spotlight. The U.S. Secret Service, which played the dual role of investigator and victim in the drama, said Tuesday it couldn't comment on Jacobsen because the agency doesn't discuss ongoing cases-- a claim that's perhaps undermined by the 19 other Operation Firewall defendants discussed in a Secret Service press release last fall. Jacobsen's prosecutor, assistant U.S. attorney Wesley Hsu, also declined to comment. "I can't talk about it," Hsu said simply. Jacobsen's lawyer didn't return a phone call.
T-Mobile, which apparently knew of the intrusions by July of last year, has not issued any public warning. Under California's anti-identity theft law "SB1386," the company is obliged to notify any California customers of a security breach in which their personally identifiable information is "reasonably believed to have been" compromised. That notification must be made in "the most expedient time possible and without unreasonable delay," but may be postponed if a law enforcement agency determines that the disclosure would compromise an investigation.
Company spokesman Peter Dobrow said Tuesday that nobody at T-Mobile was available to comment on the matter.
Cat and Mouse Game
According to court records the massive T-Mobile breach first came to the government's attention in March 2004, when a hacker using the online moniker "Ethics" posted a provocative offer on muzzfuzz.com, one of the crime-facilitating online marketplaces being monitored by the Secret Service as part of Operation Firewall.
"[A]m offering reverse lookup of information for a t-mobile cell phone, by phone number at the very least, you get name, ssn, and DOB at the upper end of the information returned, you get web username/password, voicemail password, secret question/answer, sim#, IMEA#, and more," Ethics wrote.
The Secret Service contacted T-Mobile, according to an affidavit filed by cyber crime agent Matthew Ferrante, and by late July the company had confirmed that the offer was genuine: a hacker had indeed breached their customer database,
At the same time, agents received disturbing news from a prized snitch embedded in the identity theft and credit card fraud underground. Unnamed in court documents, the informant was an administrator and moderator on the Shadowcrew site who'd been secretly cooperating with the government since August 2003 in exchange for leniency. By all accounts he was a key government asset in Operation Firewall.
On July 28th the informant gave his handlers proof that their own sensitive documents were circulating in the underground marketplace they'd been striving to destroy. He'd obtained a log of an IRC chat session in which a hacker named "Myth" copy-and-pasted excerpts of an internal Secret Service memorandum report, and a Mutual Legal Assistance Treaty from the Russian Federation. Both documents are described in the Secret Service affidavit as "highly sensitive information pertaining to ongoing USSS criminal cases."
At the agency's urging, the informant made contact with Myth, and learned that the documents represented just a few droplets in a full-blown Secret Service data spill. The hacker knew about Secret Service subpoenas relating to government computer crime investigations, and even knew the agency was monitoring his own ICQ chat account.
Myth refused to identify the source of his informational largesse, but agreed to arrange an introduction. The next day Myth, the snitch, and a third person using the nickname "Anonyman" met on an IRC channel. Over the following days, the snitch gained the hacker's trust, and the hacker confirmed that he and Ethics were one and the same. Ethics began sharing Secret Service documents and e-mails with the informant, who passed them back to the agency.
Honeypot Proxy
By August 5th the agents already had a good idea what was going on, when Ethics made a fateful mistake. The hacker asked the Secret Service informant for a proxy server -- a host that would pass through Web connections, making them harder to trace. The informant was happy to oblige. The proxy he provided, of course, was a Secret Service machine specially configured for monitoring, and agents watched as the hacker surfed to "My T-Mobile," and entered a username and password belonging to Peter Cavicchia, a Secret Service cyber crime agent in New York.
Cavicchia was the agent who last year spearheaded the investigation of Jason Smathers, a former AOL employee accused of stealing 92 million customer e-mail addresses from the company to sell to a spammer. The agent was also an adopter of mobile technology, and he did a lot of work through his T-Mobile Sidekick -- an all-in-one cellphone, camera, digital organizer and e-mail terminal. The Sidekick uses T-Mobile servers for e-mail and file storage, and the stolen documents had all been lifted from Cavicchia's T-Mobile account, according to the affidavit. (Cavicchia didn't respond to an e-mail query from SecurityFocus Tuesday.)
By that time the Secret Service already had a line on Ethic's true identity. Agents had the hacker's ICQ number, which he'd used to chat with the informant. A Web search on the number turned up a 2001 resume for the then-teenaged Jacobsen, who'd been looking for a job in computer security. The e-mail address was listed as ethics@netzero.net.
The trick with the proxy honeypot provided more proof of the hacker's identity: the server's logs showed that Ethics had connected from an IP address belonging to the Residence Inn Hotel in Buffalo, New York. When the Secret Service checked the Shadowcrew logs through a backdoor set up for their use -- presumably by the informant -- they found that Ethics had logged in from the same address. A phone call to the hotel confirmed that Nicolas Jacobsen was a guest.
Snapshots Compromised
Eight days later, on October 27th, law enforcement agencies dropped the hammer on Operation Firewall, and descended on fraud and computer crime suspects across eight states and six foreign countries, arresting 28 of them. Jacobsen, then living in an apartment in Santa Ana in Southern California, was taken into custody by the Secret Service. He was later released on bail with computer use restrictions.
Jacobsen lost his job at Pfastship Logistics, an Irvine, California company where he worked as a network administrator, and he now lives in Oregon.
The hacker's access to the T-Mobile gave him more than just Secret Service documents. A friend of Jacobsen's says that prior to his arrest, Jacobsen provided him with digital photos that he claimed celebrities had snapped with their cell phone cameras. "He basically just said there was flaw in the way the cell phone servers were set up," says William Genovese, a 27-year-old hacker facing unrelated charges for allegedly selling a copy of Microsoft's leaked source code for $20.00. Genovese provided SecurityFocus with an address on his website featuring what appears to be grainy candid shots of Demi Moore, Ashton Kutcher, Nicole Richie, and Paris Hilton.
The swiped images are not mentioned in court records, but a source close to the defense confirmed Genovese's account, and says Jacobsen amused himself and others by obtaining the passwords of Sidekick-toting celebrities from the hacked database, then entering their T-Mobile accounts and downloading photos they'd taken with the wireless communicator's built-in camera.
The same source also offers an explanation for the secrecy surrounding the case: the Secret Service, the source says, has offered to put the hacker to work, pleading him out to a single felony, then enlisting him to catch other computer criminals in the same manner in which he himself was caught. The source says that Jacobsen, facing the prospect of prison time, is favorably considering the offer.
SecurityFocus HOME News: Hacker penetrates T-Mobile systems
Wednesday, January 05, 2005
SBC to sell Web-enabled home entertainment system
SBC to sell Web-enabled home entertainment system | CNET News.com: "SBC to sell Web-enabled home entertainment system
Published: January 3, 2005, 12:34 PM PST By Reuters
SBC Communications said on Monday it would offer a television set-top box that can handle music, photos and Internet downloads, as part of the company's efforts to expand into home entertainment.
SBC, the No. 2 U.S. telecommunications company, plans to spend about $5 billion over the next three years to build and connect customers to a high-speed data network designed to handle video, voice and Internet access over one line.
The set-top box, which SBC will build in a joint venture with privately owned equipment maker 2Wire, will be sold starting in mid-2005 as an add-on to SBC's current high-speed Internet services as well as to SBC customers who buy Echostar Communications DISH satellite service.
SBC said the 2Wire-designed box will record and save TV programs, and can access music and photos stored on home computers. Owners will be able to control the box remotely over an Internet connection, which will also provide access to streaming music and video downloads through SBC's deal with Yahoo.
SBC said future enhancements will allow the box to be controlled through a Cingular wireless phone, and allow SBC's local phone customers to see caller ID and call logs on their TV sets.
The company did not release detailed pricing for the box. SBC spokesman Michael Coe said customers would be charged a one-time leasing fee, with additional fees for some services.
SBC and other large telephone companies have committed billions of dollars toward launching video services to offset growing competition in telephone services from cable companies such as Comcast."
Published: January 3, 2005, 12:34 PM PST By Reuters
SBC Communications said on Monday it would offer a television set-top box that can handle music, photos and Internet downloads, as part of the company's efforts to expand into home entertainment.
SBC, the No. 2 U.S. telecommunications company, plans to spend about $5 billion over the next three years to build and connect customers to a high-speed data network designed to handle video, voice and Internet access over one line.
The set-top box, which SBC will build in a joint venture with privately owned equipment maker 2Wire, will be sold starting in mid-2005 as an add-on to SBC's current high-speed Internet services as well as to SBC customers who buy Echostar Communications DISH satellite service.
SBC said the 2Wire-designed box will record and save TV programs, and can access music and photos stored on home computers. Owners will be able to control the box remotely over an Internet connection, which will also provide access to streaming music and video downloads through SBC's deal with Yahoo.
SBC said future enhancements will allow the box to be controlled through a Cingular wireless phone, and allow SBC's local phone customers to see caller ID and call logs on their TV sets.
The company did not release detailed pricing for the box. SBC spokesman Michael Coe said customers would be charged a one-time leasing fee, with additional fees for some services.
SBC and other large telephone companies have committed billions of dollars toward launching video services to offset growing competition in telephone services from cable companies such as Comcast."
Tuesday, January 04, 2005
Cingular successfully tests new 3G network
It seems Cingular has the network running. Working with Lucent, Cingular has successfully tested their new 3G network. They used High-Speed Downlink Packet Access (HSDPA) technology to sustain rates of more than 3Mbps during the tests. The new technology will supposedly allow for rates up to 14Mpbs. Look for Cingular to roll out the new network later in 2005.
