Archive for May, 2012
No Doubt is officially allowed to sue Activision over its use of band members’ avatars in Band Hero – again . Seriously, we’ve written this piece, like, three times already . This story is bananas. Sorry. No Doubt, the rock band led by singer Gwen Stefani, sued Activision in 2009, claiming it was used to create a “virtual karaoke circus act;” No Doubt says it only signed off on having its likeness portrayed singing its own songs, but the band is unlockable to play through the game’s complete catalog. A Superior Court judge has denied Activision’s attempt to dismiss claims from the case, including fraud, violation of publicity rights and breach of contract, and it is expected to (finally) go to trial later this year. Activision says it has a video recording of No Doubt being told about the unlockable features and it is looking forward to presenting its defense.
Duqu and Stuxnet raised the stakes in the cyber battles being fought in the Middle East – but now we’ve found what might be the most sophisticated cyber weapon yet unleashed. The ‘Flame’ cyber espionage worm came to the attention of our experts at Kaspersky Lab after the UN’s International Telecommunication Union came to us for help in finding an unknown piece of malware which was deleting sensitive information across the Middle East. While searching for that code – nicknamed Wiper – we discovered a new malware codenamed Worm.Win32.Flame.
Flame shares many characteristics with notorious cyber weapons Duqu and Stuxnet: while its features are different, the geography and careful targeting of attacks coupled with the usage of specific software vulnerabilities seems to put it alongside those familiar ‘super-weapons’ currently deployed in the Middle East by unknown perpetrators. Flame can easily be described as one of the most complex threats ever discovered. It’s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage.
For the full low-down on this advanced threat, read on…
What exactly is Flame? A worm? A backdoor? What does it do?
Flame is a sophisticated attack toolkit, which is a lot more complex than Duqu. It is a backdoor, a Trojan, and it has worm-like features, allowing it to replicate in a local network and on removable media if it is commanded so by its master.
The initial point of entry of Flame is unknown – we suspect it is deployed through targeted attacks; however, we haven’t seen the original vector of how it spreads. We have some suspicions about possible use of the MS10-033 vulnerability, but we cannot confirm this now.
Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on. All this data is available to the operators through the link to Flame’s command-and-control servers.
Later, the operators can choose to upload further modules, which expand Flame’s functionality. There are about 20 modules in total and the purpose of most of them is still being investigated.
How sophisticated is Flame?
First of all, Flame is a huge package of modules comprising almost 20 MB in size when fully deployed. Because of this, it is an extremely difficult piece of malware to analyze. The reason why Flame is so big is because it includes many different libraries, such as for compression (zlib, libbz2, ppmd) and database manipulation (sqlite3), together with a Lua virtual machine.
Lua is a scripting (programming) language, which can very easily be extended and interfaced with C code. Many parts of Flame have high order logic written in Lua – with effective attack subroutines and libraries compiled from C++.
The effective Lua code part is rather small compared to the overall code. Our estimation of development ‘cost’ in Lua is over 3000 lines of code, which for an average developer should take about a month to create and debug.
Also, there are internally used local databases with nested SQL queries, multiple methods of encryption, various compression algorithms, usage of Windows Management Instrumentation scripting, batch scripting and more.
Running and debugging the malware is also not trivial as it’s not a conventional executable application, but several DLL files that are loaded on system boot.
Overall, we can say Flame is one of the most complex threats ever discovered.
How is this different to or more sophisticated than any other backdoor Trojan? Does it do specific things that are new?
First of all, usage of Lua in malware is uncommon. The same goes for the rather large size of this attack toolkit. Generally, modern malware is small and written in really compact programming languages, which make it easy to hide. The practice of concealment through large amounts of code is one of the specific new features in Flame.
The recording of audio data from the internal microphone is also rather new. Of course, other malware exists which can record audio, but key here is Flame’s completeness – the ability to steal data in so many different ways.
Another curious feature of Flame is its use of Bluetooth devices. When Bluetooth is available and the corresponding option is turned on in the configuration block, it collects information about discoverable devices near the infected machine. Depending on the configuration, it can also turn the infected machine into a beacon, and make it discoverable via Bluetooth and provide general information about the malware status encoded in the device information.
What are the notable info-stealing features of Flame?
Although we are still analyzing the different modules, Flame appears to be able to record audio via the microphone, if one is present. It stores recorded audio in compressed format, which it does through the use of a public-source library.
Recorded data is sent to the C&C through a covert SSL channel, on a regular schedule. We are still analyzing this; more information will be available on our website soon.
The malware has the ability to regularly take screenshots; what’s more, it takes screenshots when certain “interesting” applications are run, for instance, IM’s. Screenshots are stored in compressed format and are regularly sent to the C&C server – just like the audio recordings.
We are still analyzing this component and will post more information when it becomes available.
When was Flame created?
The creators of Flame specially changed the dates of creation of the files in order that any investigators couldn’t establish the truth re time of creation. The files are dated 1992, 1994, 1995 and so on, but it’s clear that these are false dates.
We consider that in the main the Flame project was created no earlier than in 2010, but is still undergoing active development to date. Its creators are constantly introducing changes into different modules, while continuing to use the same architecture and file names. A number of modules were either created of changed in 2011 and 2012.
According to our own data, we see use of Flame in August 2010. What’s more, based on collateral data, we can be sure that Flame was out in the wild as early as in February to March 2010. It’s possible that before then there existed earlier version, but we don’t have data to confirm this; however, the likelihood is extremely high.
Why is it called Flame? What is the origin of its name?
The Flame malware is a large attack toolkit made up of multiple modules. One of the main modules was named Flame – it’s the module responsible for attacking and infecting additional machines.
Is this a nation-state sponsored attack or is it being carried out by another group such as cyber criminals or hacktivisits?
Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states. Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group. In addition, the geography of the targets (certain states are in the Middle East) and also the complexity of the threat leaves no doubt about it being a nation state that sponsored the research that went into it.
Who is responsible?
There is no information in the code or otherwise that can tie Flame to any specific nation state. So, just like with Stuxnet and Duqu, its authors remain unknown.
Why are they doing it?
To systematically collect information on the operations of certain nation states in the Middle East, including Iran, Lebanon, Syria, Israel and so on. Here’s a map of the top 7 affected countries:
Is Flame targeted at specific organizations, with the goal of collecting specific information that could be used for future attacks? What type of data and information are the attackers looking for?
From the initial analysis, it looks like the creators of Flame are simply looking for any kind of intelligence – e-mails, documents, messages, discussions inside sensitive locations, pretty much everything. We have not seen any specific signs indicating a particular target such as the energy industry – making us believe it’s a complete attack toolkit designed for general cyber-espionage purposes.
Of course, like we have seen in the past, such highly flexible malware can be used to deploy specific attack modules, which can target SCADA devices, ICS, critical infrastructure and so on.
What industries or organizations is Flame targeting? Are they industrial control facilities/PLC/SCADA? Who are the targets and how many?
There doesn’t seem to be any visible pattern re the kind of organizations targeted by Flame. Victims range from individuals to certain state-related organizations or educational institutions. Of course, collecting information on the victims is difficult because of strict personal data collecting policies designed to protect the identity of our users.
Based on your analysis, is this just one variation of Flame and there are others?
Based on the intelligence received from the Kaspersky Security Network, we are seeing multiple versions of the malware being in the wild – with different sizes and content. Of course, assuming the malware has been in development for a couple of years, it is expected that many different versions will be seen in the wild.
Additionally, Flame consists of many different plug-ins – up to 20 – which have different specific roles. A specific infection with Flame might have a set of seven plugins, while another infection might have 15. It all depends on the kind of information that is sought from the victim, and how long the system was infected with Flame.
Is the main C&C server still active? Is there more than one primary C&C server? What happens when an infected machine contacts the C&C server?
Several C&C servers exist, scattered around the world. We have counted about a dozen different C&C domains, run on several different servers. There could also be other related domains, which could possibly bring the total to around 80 different domains being used by the malware to contact the C&C. Because of this, it is really difficult to track usage of deployment of C&C servers.
Was this made by the Duqu/Stuxnet group? Does it share similar source code or have other things in common?
In size, Flame is about 20 times larger than Stuxnet, comprising many different attack and cyber-espionage features. Flame has no major similarities with Stuxnet/Duqu.
For instance, when Duqu was discovered, it was evident to any competent researcher that it was created by the same people who created Stuxnet on the “Tilded” platform.
Flame appears to be a project that ran in parallel with Stuxnet/Duqu, not using the Tilded platform. There are however some links which could indicate that the creators of Flame had access to technology used in the Stuxnet project – such as use of the “autorun.inf” infection method, together with exploitation of the same print spooler vulnerability used by Stuxnet, indicating that perhaps the authors of Flame had access to the same exploits as Stuxnet’s authors.
On the other hand, we can’t exclude that the current variants of Flame were developed after the discovery of Stuxnet. It’s possible that the authors of Flame used public information about the distribution methods of Stuxnet and put it to work in Flame.
In summary, Flame and Stuxnet/Duqu were probably developed by two separate groups. We would position Flame as a project running parallel to Stuxnet and Duqu.
You say this was active since March 2010. That is close to the time when Stuxnet was discovered. Was this being used in tandem with Stuxnet? It is interesting they both exploit the printer-spooler vulnerability.
One of the best pieces of advice in any kind of operation is not to put all your eggs in one basket. Knowing that sooner or later Stuxnet and Duqu would be discovered, it would make sense to produce other similar projects – but based on a completely different philosophy. This way, if one of the research projects is discovered, the other one can continue unhindered.
Hence, we believe Flame to be a parallel project, created as a fallback in case some other project is discovered.
In your analysis of Duqu you mentioned “cousins” of Duqu, or other forms of malware that could exist. Is this one of them?
Definitely not. The “cousins” of Duqu were based on the Tilded platform, also used for Stuxnet. Flame does not use the Tilded platform.
This sounds like an info-stealing tool, similar to Duqu. Do you see this as part of an intelligence-gathering operation to make a bigger cyber-sabotage weapon, similar to Stuxnet?
The intelligence gathering operation behind Duqu was rather small-scale and focused. We believe there were less than 50 targets worldwide for Duqu – all of them, super-high profile.
Flame appears to be much, much more widespread than Duqu, with probably thousands of victims worldwide.
The targets are also of a much wider scope, including academia, private companies, specific individuals and so on.
According to our observations, the operators of Flame artificially support the quantity of infected systems on a certain constant level. This can be compared with a sequential processing of fields – they infect several dozen, then conduct analysis of the data of the victim, uninstall Flame from the systems that aren’t interesting, leaving the most important ones in place. After which they start a new series of infections.
What is Wiper and does it have any relation to Flame? How is it destructive and was it located in the same countries?
The Wiper malware, which was reported on by several media outlets, remains unknown. While Flame was discovered during the investigation of a number of Wiper attacks, there is no information currently that ties Flame to the Wiper attacks. Of course, given the complexity of Flame, a data wiping plugin could easily be deployed at any time; however, we haven’t seen any evidence of this so far.
Additionally, systems which have been affected by the Wiper malware are completely unrecoverable – the extent of damage is so high that absolutely nothing remains that can be used to trace the attack.
There is information about Wiper incidents only in Iran. Flame was found by us in different countries of the region, not only Iran.
Functionality/Feature Questions about the Flame Malware
What are the ways it infects computers? USB Sticks? Was it exploiting vulnerabilities other than the print-spooler to bypass detection? Any 0-Days?
Flame appears to have two modules designed for infecting USB sticks, called “Autorun Infector” and “Euphoria”. We haven’t seen them in action yet, maybe due to the fact that Flame appears to be disabled in the configuration data. Nevertheless, the ability to infect USB sticks exists in the code, and it’s using two methods:
Autorun Infector: the “Autorun.inf” method from early Stuxnet, using the “shell32.dll” “trick”. What’s key here is that the specific method was used only in Stuxnet and was not found in any other malware since.
Euphoria: spread on media using a “junction point” directory that contains malware modules and an LNK file that trigger the infection when this directory is opened. Our samples contained the names of the files but did not contain the LNK itself.
In addition to these, Flame has the ability to replicate through local networks. It does so using the following:
The printer vulnerability MS10-061 exploited by Stuxnet – using a special MOF file, executed on the attacked system using WMI.
Remote jobs tasks.
When Flame is executed by a user who has administrative rights to the domain controller, it is also able to attack other machines in the network: it creates backdoor user accounts with a pre-defined password that is then used to copy itself to these machines.
At the moment, we haven’t seen use of any 0-days; however, the worm is known to have infected fully-patched Windows 7 systems through the network, which might indicate the presence of a high risk 0-day.
Can it self-replicate like Stuxnet, or is it done in a more controlled form of spreading, similar to Duqu?
The replication part appears to be operator commanded, like Duqu, and also controlled with the bot configuration file. Most infection routines have counters of executed attacks and are limited to a specific number of allowed attacks.
Why is the program several MBs of code? What functionality does it have that could make it so much larger than Stuxnet? How come it wasn’t detected if it was that big?
The large size of the malware is precisely why it wasn’t discovered for so long. In general, today’s malware is small and focused. It’s easier to hide a small file than a larger module. Additionally, over unreliable networks, downloading 100K has a much higher chance of being successful than downloading 6MB.
Flame’s modules together account for over 20MB. Much of these are libraries designed to handle SSL traffic, SSH connections, sniffing, attack, interception of communications and so on. Consider this: it took us several months to analyze the 500K code of Stuxnet. It will probably take year to fully understand the 20MB of code of Flame.
Does Flame have a built-in Time-of-Death like Duqu or Stuxnet ?
There are many different timers built-in into Flame. They monitor the success of connections to the C&C, the frequency of certain data stealing operations, the number of successful attacks and so on. Although there is no suicide timer in the malware, the controllers have the ability to send a specific malware removal module (named “browse32”), which completely uninstalls the malware from a system, removing every single trace of its presence.
What about JPEGs or screen-shots? Is it stealing those too?
The malware has the ability to regularly take screenshots. What’s more, it takes screenshots when certain “interesting” applications are run, for instance, IM’s. Screenshots are stored in compressed format and are regularly sent to the C&C server, just like the audio recordings.
We are still analyzing this component and will post more information when it becomes available.
We will share a full list of the files and traces for technical people in a series of blog posts on Securelist during the next weeks.
What should I do if I find an infection and am willing to contribute to your research by providing malware samples?
We would greatly appreciate it if you could contact us by e-mail at the previously created mailbox for Stuxnet/Duqu research: firstname.lastname@example.org.
Update 1 (28-May-2012):
According to our analysis, the Flame malware is the same as “SkyWiper”, described by the CrySyS Lab and by Iran Maher CERT group where it is called “Flamer”.
Google is adding a new entree to its menu: free restaurant ratings from the Zagat review service.
Zagat, which Google bought in September, was charging $25 annually or $5 monthly for online access to its survey of diners. Those diners have rated about 35,000 restaurants in more than 100 cities around the world.
The reviews will be available for free on Zagat.com as well as several services on Google’s website as part of a change announced Wednesday.
“Now, the world’s highest-quality reviews are available to more people, whether they are at their desks or on the go,” Zagat founders Nina and Tim Zagat wrote Wednesday on their Google Plus social-networking page.
Zagat will still charge $10 a year for using an application designed for Apple Inc.’s iPhone and iPad, although Google indicated it may eventually drop that fee. After a six-month free trial, Zagat charges $25 annually to see reviews on its app for mobile devices running on Google’s Android software.
The Internet fees helped protect sales of the burgundy-colored guides that Zagat has been putting out since its 1979 inception. For now, Zagat still intends to publish the guides, which were listed Wednesday on Amazon for $8.75 to $16.
Google Inc. acquired Zagat for $151 million in September to compete against Yelp’s popular online rating service. Google and Yelp Inc. are battling to attract more traffic to spur more sales of ads to neighborhood merchants.
Yelp explored a possible sale to Google for a reported $500 million in 2009 before deciding to go its own way. The two companies have since become prickly rivals, driven by Yelp’s allegations that Google rigs its search results to favor its own services over its competitors.
The Federal Trade Commission is looking into the complaints lodged against Google by Yelp and other Internet companies as part of a broad antitrust investigation.
The decision to turn Zagat into a free online service comes as part of Google’s expanded local business listings in its search results and the Plus service. The overhaul is being billed as “Google Plus Local” as the company continues to promote a social networking alternative to Facebook’s popular online hangout.
A search request for a restaurant that has been reviewed by Zagat will now trigger a listing that includes a breakdown of the service’s ratings. Zagat’s scoring system provides separate ratings on a 30-point scale for the quality of food, decor and service in a restaurant.
The new business listings, which will also appear on Google’s online mapping service and mobile device applications, will also include any pertinent recommendations from within a user’s contacts on Plus.
BANGALORE: The world’s second-largest PC-maker Hewlett Packard on Wednesday unveiled its first net-zero energy data centre that promises to significantly reduce data centre power costs and energy requirements.
In an interview with ET, Chandrakant Patel, senior fellow and director (interim) at HP Laboratories, said the new model would require no net energy from traditional power grids. HP data centre plans to make use of solar and alternative renewable energy sources.
“If you look at some of the large data centres, they use about 7 megawatts of diesel generation. That is the amount of electricity which around 7,000 houses consume,” says Patel who has spent several decades of his career studying thermo-mechanical architecture and efficient energy usages.
“By setting up such a data centre you would be paying 2-3 times the total cost for electricity. That is what we wanted to change,” he added.
At a time when data centres continue to be one of the largest sources of IT carbon emissions, HP’s net-zero energy innovation hopes to operate using local renewable resources. This eliminates several factors such as location constraints, energy supply and costs. According to Patel and his team, this opens up the possibility of introducing IT services to organisations of all sizes.
“The vegetable vendor who visits my home in Baroda, the large refineries in the outskirts and sugarcane farmers in Gujarat will get to access the same advanced technology. With this, demand for bigger and better data centres are going to go up,” he added.
The data centre at HP Labs headquarters in Palo Alto in California, which uses solar and other local renewable sources, has served as the initial test bed for building this model. But what surprised Patel and his team was a recent visit to the nearby dairy farm — where 1,200 dairy cows could produce 500 kilowatts power.
“Livestock manure is better than probably all the other utilities. Large dairy farms and municipal waste dumps across India can take advantage of this,” he said. In winter, when the solar output falls significantly in California, the HP centre makes use of alternate energy sources, including gobar gas and wind.
If the sustainable data-centres team at HP Labs are able to convince organisations to switch to these zero-net energy data centres, Indian technology firms could significantly reduce their existing data-centre power costs and energy requirements, and explore newer ways of power generation.
The $2-billion market for information technology infrastructure in India, comprising servers, data-centres, storage and networking equipment, will benefit from this. The Indian IT infrastructure market is expected to grow over 10.3% over the next one year, according to research firm Gartner.
“Indian organisations are heavily focusing on optimising their infrastructure capacity by implementing virtualisation and incorporating newer ways of data centre design,” Gartner’s Research Director Aman Muglani wrote in a report earlier this month. The IT infrastructure market in India is expected to reach $3.01 billion by 2016.
According to HP, the zero-net energy centres also introduce a first-of-its-kind demand-management approach that allows the scheduling of IT workloads based on resource availability and requirements. For instance, non-critical and delay-tolerant work could be scheduled during daylight for data centres equipped with photovoltaic energy generation.
In recent years, an increasing number of companies have launched energy efficient data centres. In 2010, Britain based IT-hosting firm UKFast claimed to set up the world’s first carbon neutral data-centre, while Morgan Stanley proposed to build a centre that will be powered by tidal energy in the same year.
Search engine giant Google too has talked about this by investing over $800 million in clean energy projects. If reports are to be believed, iPad-maker Apple plans to convert its primary data-centre in the US entirely with renewable energy by end of this year.
Like some errant Necromorph, a new video has suddenly popped up on the Dead Space website . Entitled “Dead Space Graphic Novel Short,” the video showcases the story of John Carver, an Earthgov Seargent, as he “witnesses an attack on the Marker Site he guards which changes his life forever.” There’s also a countdown on the site – coded in Dead Space’s alien language – set to expire in six days. Electronic Arts’ E3 press conference, meanwhile, is set to take place on Monday, curiously only five days away. Despite the video’s title, there’s reason to believe this is all tied to Dead Space 3 . As noticed by fans on the Dead Space Facebook page , the website’s source code contains numerous references to “ds3.” The site adds that this is “just the start of John Carver’s saga in the Dead Space Universe,” implying that something grander than merchandising is on the way. Perhaps Carver is a new protagonist? One way or another, we’ll find out next week.
You could have the most powerful smartphone around, but that amounts to naught if it dies out on you every few hours. ET offers a few simple tips and apps and to maximise your phone’s battery.
1. Screen Brightness
Although most phones come with a light sensor that is used to automatically adjust brightness of the display, you need to manually set the brightness as low as possible to maximise battery life. The automatic setting constantly alters the brightness and that leads to higher consumption. Also, keep the screen time out as short as possible to save more battery.
2. Wireless Connectivity
Functions such as EDGE, 3G, Wi-Fi, Bluetooth and GPS are important to phone usage, but they are the biggest battery hogs as well. You can increase your battery life by switching off functions that you don’t need. Even switching from 3G to 2G (if available) will give your battery life a huge boost.
3. Push Notifications
If push notifications are turned on, your phone constantly pings various services to check for updates. Therefore, data connectivity or Wi-Fi is constantly being used to check for updates. Some devices even play a sound and display a notification on the screen. The number of different notifications you leave on will have a direct impact on the phone’s battery life.
4. Background Tasks
By default, pressing the home button does not exit apps, it just moves them to the background – this helps with quicker multitasking on a smartphone. Problem is, even background apps consume hardware resources (except on iOS where the apps are completely suspended). Use a task manager to exit apps completely and give a boost to battery life.
5. Haptic Feedback
Many touchscreen phones offer haptic feedback – a slight vibration while typing, pressing an on-screen button or in some phones, every time the screen registers a touch. Check if you can turn this feature off or control when the vibration occurs. You can also choose to turn off the vibrate notification for calls/SMS when the ringer is on.
Apps to Enhance Battery Life
BB: Battery Saver Pro
Provides a clean graphical user interface with features to monitor processes, optimise usage for display/wireless connections, set alerts for low battery and can show a battery usage graph.
iOS: Battery Life Pro
This app has a beautiful user interface and shows you system info & graphs for memory usage. It also gives you one-touch access to switch on/off Wi-Fi, Bluetooth, 3G & push notifications.
Windows Phone: BatterySaver
BatterySaver lets you pin live tiles on your home screen to quickly toggle between various battery consuming functions such as Wi-Fi, Bluetooth & GPS.
This app offers balanced, aggressive or extreme battery saving presets. Select one and it automatically manages phone features to improve battery life. You can even customise individual options to create a preset of your own.
Accessories for power users
Cases like Mophie’s Juice Pack (Rs 3,000 onwards) have a builtin battery – the case connects with the charging port on the phone and keeps the internal battery topped up.
These handy gadgets usually come with different charger pins and are priced at Rs 3,000 onwards. Most of them are good enough to provide two full charges to a phone.
Manufacturers provide replacement batteries – either the same or larger capacity than the original. Get a spare battery and keep it charged as a reserve.
iPhone Specific Tips
Some apps use location services to deliver relevant content and services. This could be via GPS, Wi-Fi or cell tower location – either way, battery life is adversely affected. Go to Settings and disable location for apps that don’t need it.
The iPhone 4S’s voice assistant Siri comes on when you raise the phone to your ear. Switch off this ‘raise-tospeak’ function from the Settings – it keeps the phone’s proximity sensor in an always on state – thus consuming more battery.
Go to Settings > Location Services > System Services. Here, switch off location based iAds, diagnostics & usage, traffic and automatic time zone update. All these functions use GPS/Wi-Fi/network location which are battery hogs.
Android Specific Tips
Check Battery Usage
Go to Settings > Applications, tap on Battery Use and find out what is consuming the most battery on your device. You can then close or uninstall the apps that you don’t use too often and figure out how to better utilise battery life.
Android has always offered live wallpaper as well as various third-party animated widgets. There’s no denying that some effects make the phone look pretty, but they also make the processor work overtime which drains the battery.
Android location settings use wireless networks or GPS satellites (or both) to detect your position. If you do not want pinpoint accuracy, head to Settings > Location & Security. Switch off ‘Use GPS Satellites’, ‘Assisted GPS’ and ‘Sensor Aiding’.
CALIFORNIA: A Silicon Valley city where Facebook has opened its new headquarters voted Tuesday to support an environmental impact report and development agreement for a project that will allow the social media giant to employ thousands more people at the campus.
Under the deal, Facebook could base about 6,600 workers at the sprawling headquarters in Menlo Park, up from the current limit of 3,600 employees that was placed on the campus’ previous occupant, Sun Microsystems. Facebook moved its headquarters to the campus from Palo Alto last year and now has about 2,200 employees at the site.
In exchange, Facebook will pay the city an average of $850,000 a year over 10 years to cover the impact of the additional workers on city infrastructure. Facebook also will make a one-time payment of more than $1 million for capital improvements, establish a $500,000 community improvement fund and set up high school internship and job training programs.
Facebook eventually wants to expand to another campus across the street that would allow it to employ a total of 9,400 people. The company plans to construct five new buildings totaling approximately 440,000 square feet (41,000 square meters) as part of that project, which was included in the environmental impact report approved Tuesday.
All five members of the Menlo Park City Council voted yes at the lengthy meeting Tuesday night.
“Welcome to Menlo Park and we’re happy to have you here,” Mayor Kirsten Keith told company representatives.
Facebook’s plans have raised concerns about traffic among some residents who live in the company’s shadow.
Facebook has said it will encourage employees to carpool, take public transit or walk or bike to work. Tuesday’s vote will have to be seconded by the city council next week before it could go into effect, McIntyre said.
Jerusalem, May 29: An unprecedented “cyber espionage worm” considered the most sophisticated spyware virus yet may have been unleashed by Israel to hit Iran and other Middle Eastern countries, with the possible aim of crippling Tehran’s nuclear ambitions.
Security experts discovered the new data-stealing virus dubbed Flame which they say has lurked inside thousands of computers across the Middle East for as long as five years as part of a sophisticated cyber warfare campaign.
Russia-based Internet security company Kaspersky Lab that uncovered the virus ‘Flame’ said it has attacked computers in Iran and elsewhere in Middle East and may have been designed to collect and delete sensitive information.
Israeli vice Prime Minister Moshe Ya’alon’s comments justifying such a measure triggered speculations that Flame may have originated from his country.
“Anyone who sees the Iranian threat as a significant threat – it’s reasonable [to assume] that he will take various steps, including these, to harm it,” Ya’alon told the Army Radio in an interview today.
In Tehran, Iranian authorities admitted that the malicious software dubbed “Flame” has attacked its computer and systems and instructed to run an urgent inspection of all cyber systems in the country.
Iran’s MAHER Center, which is part of the Islamic Republic’s Communication ministry, said that the Flame virus “has caused substantial damage” and that “massive amounts of data have been lost,” Ynetnews reported.
But Iran’s telecommunications ministry also claimed that it had developed software to clean this malware. Kaspersky, one of the world’s biggest producers of anti- virus softwares, said the bug had infected computers in Iran, the West Bank, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
Flame is “actively being used as a cyber weapon attacking entities in several countries,” Kaspersky said in a statement, describing its purpose as “cyber espionage”.
“The complexity and functionality of the newly discovered malicious programme exceed those of all other cyber menaces known to date,” the statement said.
The Internet security company also said that Flame contained a specific element that was used in the Stuxnet worm and which had not been seen in any other malware since.
On its blog, Kaspersky called Flame a “sophisticated attack toolkit,” adding that it was much more complex than Duqu, the vehicle used to deliver Stuxnet.
The Stuxnet bug, discovered in June 2010, targeted primarily Iranian computers.
Iran admitted that the worm had damaged centrifuges operating at an uranium enrichment facility at Nantaz.
Google will try to win more converts to a computer operating system revolving around its popular Chrome Web browser with a new wave of lightweight laptops built by Samsung Electronics.
Tuesday’s release of the next-generation Chromebooks will give Google and Samsung another opportunity to persuade consumers and businesses to buy an unconventional computer instead of machines running on familiar software by industry pioneers Microsoft Corp. and Apple Inc.
Unlike most computers, Google’s Chromebooks don’t have a hard drive. They function like terminals dependent on an Internet connection. The laptops come with 16 gigabytes of flash memory — the kind found in smartphones, tablet computers and some iPods. Two USB ports allow external hard drives and other devices to be plugged into the machines.
Chromebooks haven’t made much of a dent in the market since their debut a year ago. In that time, more people have been embracing Apple’s iPad and other tablet computers — a factor that has contributed to a slowdown in sales of personal computers.
The cool reception to Chromebooks has raised questions about whether Google misjudged the demand for computers designed to quickly connect to its dominant Internet search engine and ever-expanding stable of other online services, ranging from email to a recently introduced file-storage system called Drive.
“The Chromebooks have had less to offer than tablets, so they haven’t been that interesting to consumers,” said Gartner analyst Mika Kitagawa.
Google says it always intended to take things slowly with the Chromebooks to give its engineers time to understand the shortcomings of the machines and make the necessary improvements.
“This release is a big step in the journey to bringing (Chromebooks) to the mainstream,” said Sundar Pichai, Google’s senior vice president of Chrome and apps.
The upgraded laptop, called “Series 5 550,” is supposed to run two-and-half times faster than the original machines, and boasts higher-definition video. Google also added features that will enable users to edit documents offline, read more content created in widely used Microsoft applications such as Word and Excel, and retrieve material from another computer at home or an office. More emphasis is being placed on Chrome’s Web store, which features more than 50,000 applications.
The price: $449 for models that only connect to the Internet through Wi-Fi and $549 for a machine that connects on a 3G network. Samsung’s original Chromebooks started out with prices ranging from $429 to $499. Like the original Chromebooks, the next-generation machines feature a 12.1-inch screen display and run on an Intel processor.
Google Inc. and Samsung also are introducing a “Chromebox” that can be plugged into a display monitor to create the equivalent of desktop computer. The box will sell for $329.
The latest Chromebook and new Chromebox will be available online only, beginning in the U.S. on Tuesday, followed by a Wednesday release in the United Kingdom. The products will go on sale in brick-and-mortar stores for the first time in still-to-be-determined Best Buy locations next month.
The expansion beyond Internet-only sales signals Google’s determination to attract a mass audience to its Chromebooks, just as it’s done with smartphones running on its Android software. More than 300 million mobile devices have been activated on Android since the software’s 2008 release.
Without providing specifics, Pichai said several other computer manufacturers will release Chromebooks later this year. Google plans to back the expanded line of Chromebooks with a marketing blitz during the holiday shopping season in November and December.
One reason Google is confident Chromebooks will eventually catch on is because the Chrome Web browser has attracted so many fans in less than four years on the market. The company says more than 200 million people worldwide currently are using the Chrome browser.
Like other laptop and desktop computers, the Chromebooks will have to contend with the accelerating shift to the iPad and other tablets. The iPad 2, an older version of Apple’s tablet line, sells for as little as $399, undercutting the new Chromebook. Other low-cost tablets are expected to hit the market later this year. One of them might even be made by Motorola Mobility, a device maker that Google bought for $12.5 billion earlier this month. Google so far hasn’t commented on Motorola’s future plans for the tablet market.
The new Chromebooks also are hitting the market at a time when some prospective computer buyers may be delaying purchases until they can check out machines running on Windows 8, a makeover of Microsoft’s operating system that is expected to be released in September or October. Microsoft designed Windows 8 so it can be controlled through touch as well as keyboards. That versatility is expected to inspire the creation of hybrid machines that are part laptop, part tablet.
Google shares added $2.81 Tuesday to close at $594.34.
Source: Michael Liedtke/AP Technology Writer
WASHINGTON: Facebook has received notice that US antitrust regulators will give its proposed purchase of the popular photo-sharing app maker Instagram a lengthy investigation, an industry source told Reuters on Tuesday.
Facebook has received a “second request” from the Federal Trade Commission, essentially a request for relatively large amounts of data that the regulators will sift through to ensure that the deal complies with antitrust law.
A prolonged review adds another headache to the No. 1 social network, whose shares on Tuesday slid below $29 to a new low as nervous investors continued to show their concerns about Facebook’s long-term business prospects and rich initial public offering price of $38.
Ahead of its rocky May 18 market debut, Facebook announced in April that it would purchase Instagram for $1 billion in cash and stock, its largest-ever acquisition.
The purchase of the photo-sharing service on the Internet is a crucial part of Facebook’s strategy to bolster its mobile offerings at a time when consumers are increasingly accessing the Internet through smartphones.
Google and Twitter are among companies that have also been asked about the deal, a second source had previously told Reuters.
The FTC’s questions about the deal to tech companies had indicated that it was in a very early stage in its investigation, according to a Reuters story on May 10. The agency was asking in Silicon Valley what concerns tech companies might have about the Facebook purchase of Instagram.
The “second request” letter from the FTC is dated May 16, Tuesday’s source said.
Facebook declined to comment, as did the FTC. The FTC or Justice Department automatically review any acquisition worth $68.2 million or larger.
Facebook earlier this month extended its estimate of how long the review of the deal would take, saying in a regulatory filing that the deal would likely close this year instead of the second quarter as it previously indicated.
Antitrust experts said that the FTC’s interest could well have been piqued by the high price that Facebook offered for 2-year-old Instagram. Instagram closed a funding round days before the Facebook deal was announced that valued it at $500 million.
Experts have speculated that Facebook might be trying to absorb a potential rival or at least prevent it from falling into the hands of a major competitor like Twitter or Google.
“When the dominant firm is paying clearly an excessive price to take out a rival, it gets the closest scrutiny of all,” said David Balto, a former FTC policy director now in private practice.
A second antitrust expert said the deal would likely be approved in the end.
“I think the hype over the antitrust review is greater than reality,” said this expert, who asked to speak privately to protect business relationships. “Everything Facebook is electric right now with the agencies.”