My Digital Nightmare: A Hacker Stole My Family Photos and Upended My Life, and It Could Easily Happen to You

In the space of one hour, my entire digital life was destroyed, said Mat Honan of Wired. "First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz.

Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.

Those security lapses are my fault, and I deeply, deeply regret them.

But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.

This isn’t just my problem. Since Friday, Aug. 3, 2012, when hackers broke into my accounts, I’ve heard from other users who were compromised in the same way, at least one of whom was targeted by the same group. The very four digits that Amazon considers unimportant enough to display in the clear on the Web are precisely the same ones that Apple considers secure enough to perform identity verification.

Moreover, if your computers aren’t already cloud-connected devices, they will be soon. Apple is working hard to get all of its customers to use iCloud. Google’s entire operating system is cloud-based. And Windows 8, the most cloud-centric operating system yet, will hit desktops by the tens of millions in the coming year. My experience leads me to believe that cloud-based systems need fundamentally different security measures. Password-based security mechanisms — which can be cracked, reset, and socially engineered — no longer suffice in the era of cloud computing.

I realized something was wrong at about 5 p.m. on Friday. I was playing with my daughter when my iPhone suddenly powered down. I was expecting a call, so I went to plug it back in.

It then rebooted to the setup screen. This was irritating, but I wasn’t concerned. I assumed it was a software glitch. And, my phone automatically backs up every night. I just assumed it would be a pain in the ass, and nothing more. I entered my iCloud login to restore, and it wasn’t accepted. Again, I was irritated, but not alarmed.

I went to connect the iPhone to my computer and restore from that backup — which I had just happened to do the other day. When I opened my laptop, an iCal message popped up telling me that my Gmail account information was wrong. Then the screen went gray, and asked for a four-digit PIN.

I didn’t have a four-digit PIN.

By now, I knew something was very, very wrong. For the first time it occurred to me that I was being hacked. Unsure of exactly what was happening, I unplugged my router and cable modem, turned off the Mac Mini we use as an entertainment center, grabbed my wife’s phone, and called AppleCare, the company’s tech support service, and spoke with a rep for the next hour and a half.

It wasn’t the first call they had had that day about my account. In fact, I later found out that a call had been placed just a little more than a half an hour before my own. But the Apple rep didn’t bother to tell me about the first call concerning my account, despite the 90 minutes I spent on the phone with tech support. Nor would Apple tech support ever tell me about the first call voluntarily — it only shared this information after I asked about it. And I only knew about the first call because a hacker told me he had made the call himself.

At 4:33 p.m., according to Apple’s tech support records, someone called AppleCare claiming to be me. Apple says the caller reported that he couldn’t get into his Me.com e-mail — which, of course was my Me.com e-mail.

In response, Apple issued a temporary password. It did this despite the caller’s inability to answer security questions I had set up. And it did this after the hacker supplied only two pieces of information that anyone with an internet connection and a phone can discover.

At 4:50 p.m., a password reset confirmation arrived in my inbox. I don’t really use my me.com e-mail, and rarely check it. But even if I did, I might not have noticed the message because the hackers immediately sent it to the trash. They then were able to follow the link in that e-mail to permanently reset my AppleID password.

At 4:52 p.m., a Gmail password recovery e-mail arrived in my me.com mailbox. Two minutes later, another e-mail arrived notifying me that my Google account password had changed.

At 5:02 p.m., they reset my Twitter password. At 5:00 they used iCloud’s “Find My” tool to remotely wipe my iPhone. At 5:01 they remotely wiped my iPad. At 5:05 they remotely wiped my MacBook. Around this same time, they deleted my Google account. At 5:10, I placed the call to AppleCare. At 5:12 the attackers posted a message to my account on Twitter taking credit for the hack.

By wiping my MacBook and deleting my Google account, they now not only had the ability to control my account, but were able to prevent me from regaining access. And crazily, in ways that I don’t and never will understand, those deletions were just collateral damage. My MacBook data — including those irreplaceable pictures of my family, of my child’s first year and relatives who have now passed from this life — weren’t the target. Nor were the eight years of messages in my Gmail account. The target was always Twitter. My MacBook data was torched simply to prevent me from getting back in.

Lulz.

I spent an hour and a half talking to AppleCare. One of the reasons it took me so long to get anything resolved with Apple during my initial phone call was because I couldn’t answer the security questions it had on file for me. It turned out there’s a good reason for that. Perhaps an hour or so into the call, the Apple representative on the line said “Mr. Herman, I….”

“Wait. What did you call me?”

“Mr. Herman?”

“My name is Honan.”

Apple had been looking at the wrong account all along. Because of that, I couldn’t answer my security questions. And because of that, it asked me an alternate set of questions that it said would let tech support let me into my me.com account: a billing address and the last four digits of my credit card. (Of course, when I gave them those, it was no use, because tech support had misheard my last name.)

It turns out, a billing address and the last four digits of a credit card number are the only two pieces of information anyone needs to get into your iCloud account. Once supplied, Apple will issue a temporary password, and that password grants access to iCloud.

Apple tech support confirmed to me twice over the weekend that all you need to access someone’s AppleID is the associated e-mail address, a credit card number, the billing address, and the last four digits of a credit card on file. I was very clear about this. During my second tech support call to AppleCare, the representative confirmed this to me. “That’s really all you have to have to verify something with us,” he said.

We talked to Apple directly about its security policy, and company spokesperson Natalie Kerris told Wired, “Apple takes customer privacy seriously and requires multiple forms of verification before resetting an Apple ID password. In this particular case, the customer’s data was compromised by a person who had acquired personal information about the customer. In addition, we found that our own internal policies were not followed completely. We are reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected.”

On Monday, Wired tried to verify the hackers’ access technique by performing it on a different account. We were successful. This means, ultimately, all you need in addition to someone’s e-mail address are those two easily acquired pieces of information: a billing address and the last four digits of a credit card on file. Here’s the story of how the hackers got them.

By exploiting the customer service procedures employed by Apple and Amazon, hackers were able to get into iCloud and take over all of Mat Honan’s digital devices — and data.

On the night of the hack, I tried to make sense of the ruin that was my digital life. My Google account was nuked, my Twitter account was suspended, my phone was in a useless state of restore, and (for obvious reasons) I was highly paranoid about using my Apple email account for communication.

I decided to set up a new Twitter account until my old one could be restored, just to let people know what was happening. I logged into Tumblr and posted an account of how I thought the takedown occurred. At this point, I was assuming that my seven-digit alphanumeric AppleID password had been hacked by brute force. In the comments (and, oh, the comments) others guessed that hackers had used some sort of keystroke logger. At the end of the post, I linked to my new Twitter account.

And then, one of my hackers @ messaged me. He would later identify himself as Phobia. I followed him. He followed me back.

We started a dialogue via Twitter direct messaging that later continued via e-mail and AIM. Phobia was able to reveal enough detail about the hack and my compromised accounts that it became clear he was, at the very least, a party to how it went down. I agreed not to press charges, and in return he laid out exactly how the hack worked. But first, he wanted to clear something up:

“didnt guess ur password or use bruteforce. i have my own guide on how to secure emails.”

I asked him why. Was I targeted specifically? Was this just to get to Gizmodo’s Twitter account? No, Phobia said they hadn’t even been aware that my account was linked to Gizmodo’s, that the Gizmodo linkage was just gravy. He said the hack was simply a grab for my three-character Twitter handle. That’s all they wanted. They just wanted to take it, and fuck shit up, and watch it burn. It wasn’t personal.

“I honestly didn’t have any heat towards you before this. i just liked your username like I said before” he told me via Twitter Direct Message.

After coming across my account, the hackers did some background research. My Twitter account linked to my personal website, where they found my Gmail address. Guessing that this was also the e-mail address I used for Twitter, Phobia went to Google’s account recovery page. He didn’t even have to actually attempt a recovery. This was just a recon mission.

Because I didn’t have Google’s two-factor authentication turned on, when Phobia entered my Gmail address, he could view the alternate e-mail I had set up for account recovery. Google partially obscures that information, starring out many characters, but there were enough characters available, m••••n@me.com. Jackpot.

This was how the hack progressed. If I had some other account aside from an Apple e-mail address, or had used two-factor authentication for Gmail, everything would have stopped here. But using that Apple-run me.com e-mail account as a backup meant told the hacker I had an AppleID account, which meant I was vulnerable to being hacked.

Be careful with your Amazon account — or someone might buy merchandise on your credit card, but send it to their home.

“You honestly can get into any email associated with apple,” Phobia claimed in an e-mail. And while it’s work, that seems to be largely true.

Since he already had the e-mail, all he needed was my billing address and the last four digits of my credit card number to have Apple’s tech support issue him the keys to my account.

So how did he get this vital information? He began with the easy one. He got the billing address by doing a whois search on my personal web domain. If someone doesn’t have a domain, you can also look up his or her information on Spokeo, WhitePages, and PeopleSmart.

Getting a credit card number is tricker, but it also relies on taking advantage of a company’s back-end systems. Phobia says that a partner performed this part of the hack, but described the technique to us, which we were able to verify via our own tech support phone calls. It’s remarkably easy — so easy that Wired was able to duplicate the exploit twice in minutes.

First you call Amazon and tell them you are the account holder, and want to add a credit card number to the account. All you need is the name on the account, an associated e-mail address, and the billing address. Amazon then allows you to input a new credit card. (Wired used a bogus credit card number from a website that generates fake card numbers that conform with the industry’s published self-check algorithm.) Then you hang up.

Next you call back, and tell Amazon that you’ve lost access to your account. Upon providing a name, billing address, and the new credit card number you gave the company on the prior call, Amazon will allow you to add a new e-mail address to the account. From here, you go to the Amazon website, and send a password reset to the new e-mail account. This allows you to see all the credit cards on file for the account — not the complete numbers, just the last four digits. But, as we know, Apple only needs those last four digits. We asked Amazon to comment on its security policy, but didn’t have anything to share by press time.

And it’s also worth noting that one wouldn’t have to call Amazon to pull this off. Your pizza guy could do the same thing, for example. If you have an AppleID, every time you call Pizza Hut, you’ve giving the 16-year-old on the other end of the line all he needs to take over your entire digital life.

And so, with my name, address, and the last four digits of my credit card number in hand, Phobia called AppleCare, and my digital life was laid waste. Yet still I was actually quite fortunate.

They could have used my e-mail accounts to gain access to my online banking, or financial services. They could have used them to contact other people, and socially engineer them as well. As Ed Bott pointed out on TWiT.tv, my years as a technology journalist have put some very influential people in my address book. They could have been victimized too.

Instead, the hackers just wanted to embarrass me, have some fun at my expense, and enrage my followers on Twitter by trolling.

I had done some pretty stupid things. Things you shouldn’t do.

I should have been regularly backing up my MacBook. Because I wasn’t doing that, if all the photos from the first year and a half of my daughter’s life are ultimately lost, I will have only myself to blame. I shouldn’t have daisy-chained two such vital accounts — my Google and my iCloud account — together. I shouldn’t have used the same e-mail prefix across multiple accounts — mhonan@gmail.com, mhonan@me.com, and mhonan@wired.com. And I should have had a recovery address that’s only used for recovery without being tied to core services.

But, mostly, I shouldn’t have used Find My Mac. Find My iPhone has been a brilliant Apple service. If you lose your iPhone, or have it stolen, the service lets you see where it is on a map. The New York Times’ David Pogue recovered his lost iPhone just last week thanks to the service. And so, when Apple introduced Find My Mac in the update to its Lion operating system last year, I added that to my iCloud options too.

After all, as a reporter, often on the go, my laptop is my most important tool.

But as a friend pointed out to me, while that service makes sense for phones (which are quite likely to be lost) it makes less sense for computers. You are almost certainly more likely to have your computer accessed remotely than physically. And even worse is the way Find My Mac is implemented.

When you perform a remote hard drive wipe on Find my Mac, the system asks you to create a four-digit PIN so that the process can be reversed. But here’s the thing: If someone else performs that wipe — someone who gained access to your iCloud account through malicious means — there’s no way for you to enter that PIN.

A better way to have this set up would be to require a second method of authentication when Find My Mac is initially set up. If this were the case, someone who was able to get into an iCloud account wouldn’t be able to remotely wipe devices with malicious intent. It would also mean that you could potentially have a way to stop a remote wipe in progress.

But that’s not how it works. And Apple would not comment as to whether stronger authentification is being considered.

As of Monday, both of these exploits used by the hackers were still functioning. Wired was able to duplicate them. Apple says its internal tech support processes weren’t followed, and this is how my account was compromised. However, this contradicts what AppleCare told me twice that weekend. If that is, in fact, the case — that I was the victim of Apple not following its own internal processes — then the problem is widespread.

I asked Phobia why he did this to me. His answer wasn’t satisfying. He says he likes to publicize security exploits, so companies will fix them. He says it’s the same reason he told me how it was done. He claims his partner in the attack was the person who wiped my MacBook. Phobia expressed remorse for this, and says he would have stopped it had he known.

“yea i really am a nice guy idk why i do some of the things i do,” he told me via AIM. “idk my goal is to get it out there to other people so eventually every1 can over come hackers”

I asked specifically about the photos of my little girl, which are, to me, the greatest tragedy in all this. Unless I can recover those photos via data recovery services, they are gone forever. On AIM, I asked him if he was sorry for doing that. Phobia replied, “even though i wasnt the one that did it i feel sorry about that. Thats alot of memories im only 19 but if my parents lost and the footage of me and pics i would be beyond sad and im sure they would be too.”

But let’s say he did know, and failed to stop it. Hell, for the sake of argument, let’s say he did it. Let’s say he pulled the trigger. The weird thing is, I’m not even especially angry at Phobia, or his partner in the attack. I’m mostly mad at myself. I’m mad as hell for not backing up my data. I’m sad, and shocked, and feel that I am ultimately to blame for that loss.

But I’m also upset that this ecosystem that I’ve placed so much of my trust in has let me down so thoroughly. I’m angry that Amazon makes it so remarkably easy to allow someone into your account, which has obvious financial consequences. And then there’s Apple. I bought into the Apple account system originally to buy songs at 99 cents a pop, and over the years that same ID has evolved into a single point of entry that controls my phones, tablets, computers and data-driven life. With this AppleID, someone can make thousands of dollars of purchases in an instant, or do damage at a cost that you can’t put a price on."

Additional reporting by Roberto Baldwin and Christina Bonnington. Portions of this story originally appeared on Mat Honan’s Tumblr.
- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!



Virtual Princeton: A Guide to Free Online Ivy League Classes

Elite universities are opening their classrooms' doors to anyone with an Internet connection — for free! The company Coursera has teamed up with 16 universities (including Stanford, Duke, and Princeton) to offer more than 100 free online courses to anyone with Internet access.

Why are colleges offering free classes?
They don't want to be left behind in the digital revolution that has already transformed the way we consume news, music, and books. Stanford, Duke, Princeton, and Johns Hopkins are among the 16 universities that have partnered with a newly launched company called Coursera to offer more than 100 free online courses this academic year; MIT, Harvard, and the University of California, Berkeley, are following suit through a nonprofit venture called edX. Now people anywhere in the world can take Stanford's "Introduction to Mathematical Thinking," learn the "Principles of Obesity Economics" at Johns Hopkins, or have Duke University behavioral economist Dan Ariely lead them through "A Beginner's Guide to Irrational Behavior"—all without paying the $50,000 usually required to attend these world-class universities. More than 1 million people from scores of countries have already enrolled in the free classes, which some believe could transform the mission and model of higher education. Anant Agarwal, president of edX, calls it "the single biggest change in education since the printing press."

What's in it for colleges?
Prestige now, and possibly profit later. Schools say they're willing to give their product away for free so they don't miss the chance to be among the first to develop new forms of education. "The potential upside for this experiment is so big that it's hard for me to imagine any large research university that wouldn't want to be involved," said Richard DeMillo, director of the Center for 21st Century Universities at Georgia Tech. One day the schools will likely try to make some money, too, possibly by charging students for credits or allowing companies to sponsor courses. But universities recognize that they could be jeopardizing their hard-won reputations and their time-tested business model, said Jason Wingard, a vice dean of the University of Pennsylvania's Wharton School. "You run the risk of potentially diluting your brand."

How do the classes work?
Much like a typical college lecture course, but with an audience in the tens or even hundreds of thousands. At a time of their choosing, students watch videos of lectures by respected professors, and complete interactive quizzes and regular homework to prove they grasp the material. The Web videos incorporate graphics and virtual games, and students can pose questions and debate one another in online discussion groups. Professors say it's thrilling to reach so many students at once, from teenagers in India to baby boomers in Indiana. Coursera co-founder Andrew Ng, a Stanford computer science professor, recently taught an online class to more than 100,000 students. To reach that many people, Ng said, "I would have had to teach my normal Stanford class for 250 years."

Are the classes effective?
Some educators doubt that virtual classes can match the experience of face-to-face learning. Online education "tends to be a monologue and not a real dialogue," said University of Virginia English professor Mark Edmundson. There's also an extremely high attrition rate: Of the 160,000 people who enrolled in a Stanford artificial intelligence course last year, only 23,000 finished the work. But the feedback that could improve these courses is just beginning to roll in, and there's already some evidence that students who stick with online courses learn just as much as those in conventional classes. "This is the Wild West," said Agarwal. "There's a lot of things we have to figure out."

Will this trend make college cheaper?
There are grounds for hope. Since 1985, U.S. college tuition rates and fees have grown by 559 percent. In theory, online courses could cut costs by enabling universities to outsource coursework to the Internet and do away with or share some academic departments. Fewer students would need campus housing and other services. Universities have so far opposed giving credit for free classes, instead conferring certificates that don't count toward a degree. But that's already starting to change, with the University of Washington offering credit for Coursera classes this fall.

Could the web replace universities?
Not anytime soon. "Why do people pay $50,000 a year to attend an institution like Caltech?" Ng said. "The real value is the interactions with professors and other equally bright students." Still, even a remote dose of elite education can have great value to students who have no chance of setting foot on an Ivy League campus. And lessons drawn from the courses could reshape how colleges approach teaching, turning the ability to offer a mix of online and face-to-face learning into the new gold standard for top-notch educators. Sebastian Thrun, a Stanford research professor who offers free online computer science classes, predicts that there will be only 10 higher-education institutions in the world in 50 years. "It's pretty obvious that degrees will go away," he said. "The idea of a degree is that you spend a fixed time right after high school to educate yourself for the rest of your career. But careers change so much over a lifetime now that this model isn't valid anymore." In the future, he says, people will return to college throughout their lives, updating what they know through online courses.

A fresh start for the jobless
Free online courses might have millions of immediate beneficiaries among unemployed workers who need job retraining. Even with a law degree from the University of Chicago, Dennis Cahillane, 29, couldn't get hired. But after taking several free Stanford courses in building databases, he recently landed a job as a programmer for a media website. And now he is planning to work his way through Coursera classes in his spare time until he's earned "the equivalent of a B.A. in computer science from Stanford," he told Fast Company. Andy Rice, who owns a weather forecasting company in Minnesota, says he's heartened when he sees resumes from job applicants listing free courses. "I definitely want to hire people who are always questing for new knowledge," he said. "Life's not about what you learn when you're 22."

- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!



How Teens’ Texts Lead to Unsafe Sex

Teenagers who engage in sexting—sending sexually explicit texts—are far more likely to begin having intercourse at an early age and engage in other risky behavior, a new study has found.
The study of 1,800 Los Angeles high school students shows that one in seven has sent a “sext” message, and that those who have are seven times more likely to be sexually active. Teens who sext—especially girls— are also more likely to have unprotected sex, sleep with multiple partners, and use drugs or alcohol before having intercourse.
“What we really wanted to know is, is there a link between sexting and taking risks with your body? And the answer is a pretty resounding ‘yes,’” study author Eric Rice, a researcher at the University of Southern California, tells Reuters.com. The fact that some teen girls have suffered humiliation when ex-boyfriends widely distributed photos of them naked doesn’t seem to be registering.
“There is an emerging sense of normalcy around sexting behavior,” Rice says. Some 54 percent of teens say they have a friend who sexts, which makes them 17 times more likely to try it themselves. “If their friends do it,” Rice says, “they’re going to do it.”
- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!

The Digital 100: The World's Most Valuable Private Tech Companies in 2012

Business Insider evaluated private tech companies and ranked the top 100 by value. Their rankings are based on several metrics, including revenue, users, market opportunities, growth rates, and the perception of investors and tech gurus.




Here they are, The Digital 100, enjoy!
1. Alibaba
2. Bloomberg
3. Twitter
4. 360Buy
5. Palantir
6. Dropbox
7. Square
8. MLB.com
9. Softlayer
10. Vente-Privee
11. VANCL
12. Airbnb
13. Pinterest
14. Datapipe
15. Spotify
16. Craigslist
17. Flipkart
18. Ozon Group
19. Coupang
20. Wonga
21. Hulu
22. Klarna
23. Kaspersky Lab
24. Rovio
25. Conduit
26. Aricent Group
27. Survey Monkey
28. Mu Sigma
29. ZocDoc
30. Just Eat
31. Gilt Groupe
32. Everyday Health
33. Evernote
34. LivingSocial
35. Criteo
36. Zulily
37. Zoosk
38. Redfin
39. Qualtrics
40. Seamless
41. Media Ocean
42. JustDial
43. 10gen
44. AppNexus
45. GitHub
46. Tumblr
47. Box.net
48. Glam Media
49. Stella & Dot
50. Marketo
51. Etsy
52. One Kings Lane
53. Nasty Gal
54. Klout
55. Automattic
56. Xiu
57. Manta
58. Eventbrite
59. Sugar, Inc
60. Kickstarter
61. Apptio
62. Fresh Direct
63. eHarmony
64. Veracode
65. Wix
66. Turn
67. Quantcast
68. Nest
69. Fab
70. Foursquare
71. Storm8
72. Flipboard
73. Vibrant Media
74. Rubicon Project
75. OpenX
76. Return Path
77. Quora
78. Snapdeal
79. Tremor Video
80. RightScale
81. Whaleshark/RetailMeNot
82. Break Media
83. Tagged
84. Yext
85. Stripe
86. Rocket Fuel
87. Mind Candy
88. AddThis
89. SoundCloud
90. Xirrus
91. Federated Media
92. Say Media
93. Yodle
94. Coupons.com
95. Path
96. Shazam
97. Plenty of Fish
98. Warby Parker
99. Thrillist
100. Vox Media


- As seen in
Business Insider
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!

How to Clean Up Your Online Image

You would never let your front porch or storefront become dilapidated. You would never hand out a crumpled resume or business card. And you would never show up to an big meeting with mismatched socks a stain on your shirt. These days, maintaining your digital footprint can be just as important. So how do you go about cleaning up your online image? Here's how:

1. Assess the damage. Now there's a reason to spend hours Googling yourself or better yet, to plug your name into 123people.com, which digs up harder-to-find info. You can tackle minor stains yourself but if there's a lot to bury, hire a pro like Reputation.com or ElixirInteractive.com

2. Start cleaning. Scour your Twitter, Facebook, and other social networking accounts and delete and dodgy photos or comments you've posted. If necessary, close down questionable accounts.

3. Push the positives. Blogs rank high in Google's algorithms so consider starting a blog about your interests. If you don't have time to post regularly, start a personal Web site instead, using a template from Wix.com or Webs.com. To find free, comprehensive advice on building a positive online presence, check out BrandYourself.com.
- As seen in Details
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!

Meet Baxter: The Humanoid Robot to Revolutionize U.S. Manufacturing

Rethink Robotics unveils Baxter, a robot that can work alongside humans. According to Valentin Schmid at The Epoch Times, Baxter could revolutionize the way American companies operate as they shift production back to the United States using the humanoid robot to save on costs. Rethink Robotics unveiled its flagship product to the public September 18, 2012.

“Roboticists have been successful in designing robots capable of super-human speed and precision. What’s proven more difficult is inventing robots that can act as we do—in other words, that are able to inherently understand and adapt to their environments,” said company founder Rodney Brooks, an artificial intelligence legend and robotics pioneer having spent much of his life teaching at MIT. Rethink was founded in 2008 with the purpose of designing a robot like Baxter and carries a few other products. It is currently owned by venture capital firms and Brooks.

He further notes that providing a flexible and inexpensive solution—the robot costs only $22,000—Rethink specifically hopes to contribute to a revival in American manufacturing. “We believed that if we could cross that chasm with the manufacturing environment specifically in mind, we could offer new hope to the millions of American manufacturers who are looking for innovative ways to compete in our global economy.”
Baxter Solves Problem of Safety, Adaptability, and Programming

Baxter, which is exclusively produced in the United States and will first ship in October, aims to solve some of the long-standing issues with automation. The most important one is safety, as most industrial robots on assembly lines operate far away from humans or need to be caged to prevent injury. Rethink’s robot, which has a screen as a head and big flexible arms, is also equipped with Sonar sensors and software that help it detect human activity. In addition, it is programmed to stop its relatively gentle movements as soon as it detects resistance. A promotional video shows the robot standing on a fixed platform and the company has not commented on whether it can also walk.

“The class of products that can work side by side with people without any protection, those would be important developments. They could take robots from a factory environment … where people would have to be kept away, into more areas … some outside of factories,” says Jeff Burnstein, president of the Robotic Industries Association, an organization that provides education and information for companies interested in automating workflows.

Another big advantage is the ease of use. Normally, industrial robots need technical personnel to be programmed to perform a limited amount of tasks in an effort that involves special software and more often than not can take up to a full day. Baxter, which can be employed in less than an hour after being delivered, can be trained by any type of personnel by merely showing it how to perform a wide range of tasks, such as material handling, line loading, light assembly, or packing products.

In practice this would mean that the employee would move Baxter’s arms to perform the desired process and chose one of several preprogrammed options by way of twisting a few dials. The robot can also adapt to changes in the environment, for example if it drops an object, it knows to get another before trying to finish the task, unlike other robots, which have been seen picking air for a whole day, if no human supervises them.

“This class of robots doesn’t need a whole lot of programming. … That’s important. There are a number of companies that either don’t have the in-house expertise or they don’t want to pay for outside assistance,” said Burnstein in an Epoch Times interview.

“Because of its versatility and the short amount of time it takes to retrain, Baxter can be easily moved by production personnel to different and varying tasks over the course of a day, week, and month,” says the company’s press release. Most of the claims that the company makes in the press release can be tracked in a promotional video and also have been tried in practice when Baxter was on loan at Vanguard Plastics, a small manufacturer based in Connecticut, writes Will Knight of technologyreview.com.

Jeff Burnstein cautions, however, that the ultimate success will be determined after the product is rolled out. “Until these products are out in big numbers you don’t know if they are safe or not.”

If Baxter or similar robots can be rolled out on a large scale, it could mean big things for American manufacturing. Given the fact that robots like Baxter are inexpensive, flexible, and do not need much maintenance in terms of programming, they can be used in companies of all sizes that face tough options in competing with low-wage countries. AFL-CIO, the umbrella federation for 56 U.S. unions cites Bureau of Labor Statistics data saying that 5.5 million jobs were lost in the process of offshoring.

“This development will either save or create new jobs,” believes Burnstein. “We would hope that companies that would have otherwise either closed down because they can’t compete or sent manufacturing jobs overseas will decide to automate in order to keep jobs in the United States.”

Bob Baugh, executive director of the AFL-CIO industrial union council, representing the manufacturing unions within the umbrella organization agrees: “If you are more productive this way, you can share the benefits. … The productivity is shared with the workforce and the community and the country in a sense that people earn better wages and income. They are compensated for these productivity gains that come with the interface with human interaction with technology to produce goods.”

The idea is as follows: A humanoid robot would boost human labor productivity in such a way that it would reduce costs and boost output without reducing employment here. Increased output at lower costs would mean more capital accumulated and wages paid in the United States, leading to greater economic prosperity, even outside manufacturing.

A simple example would see an American company closing its factory in China, because it is upset with intellectual property theft and corrupt business practices as well as rising wages over there. It would then reopen production in the United States, hiring workers and supplementing them with flexible automation solutions. Jobs and output are created in the United States, leading to more jobs and output created in the United States.

Jeff Burnstein sees numerous reasons why reshoring makes sense: “When you build domestically you are closer to your customers, you don’t have to deal with political instability … the fear of your IP being stolen. There are a lot of reasons if all things are equal why you would want to build domestically. … Automation and robotics in particular is allowing companies to do that, we are seeing signs of that.”

According to Bob Baugh, automation is also seen as a positive by the unions, as long as some standards are met: “Workers need to be compensated well and have a good work environment where they do these things and that they have the skills to operate the technology and equipment.” These new developments in automation seem to be a win-win situation that might even lead to American companies becoming export leaders again one day in the not too distant future.
- As seen in The Epoch Times
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!

U.S. is Tightening Web Privacy Rule to Protect Young

Federal regulators are about to take the biggest steps in more than a decade to protect children online. According to Natasha Singer of The New York Tiems, the moves come at a time when major corporations, app developers and data miners appear to be collecting information about the online activities of millions of young Internet users without their parents’ awareness.
Some sites and apps have also collected details like children’s photographs or locations of mobile devices; the concern is that the information could be used to identify or locate individual children. For example, McDonald’s invites children who visit HappyMeal.com to upload their photos so they can make collages or videos.

These data-gathering practices are legal. But the development has so alarmed officials at the Federal Trade Commission that the agency is moving to overhaul rules that many experts say have not kept pace with the explosive growth of the Web and innovations like mobile apps. New rules are expected within weeks.

“Today, almost every child has a computer in his pocket and it’s that much harder for parents to monitor what their kids are doing online, who they are interacting with, and what information they are sharing,” says Mary K. Engle, associate director of the advertising practices division at the F.T.C. “The concern is that a lot of this may be going on without anybody’s knowledge.”

The proposed changes could greatly increase the need for children’s sites to obtain parental permission for some practices that are now popular — like using cookies to track users’ activities around the Web over time. Marketers argue that the rule should not be changed so extensively, lest it cause companies to reduce their offerings for children.

“Do we need a broad, wholesale change of the law?” says Mike Zaneis, the general counsel for the Interactive Advertising Bureau, an industry association. “The answer is no. It is working very well.”

The current federal rule, the Children’s Online Privacy Protection Act of 1998 (COPPA), requires operators of children’s Web sites to obtain parental consent before they collect personal information like phone numbers or physical addresses from children under 13. But rapid advances in technology have overtaken the rules, privacy advocates say.

Today, many brand-name companies and analytics firms collect, collate and analyze information about a wide range of consumer activities and traits. Some of those techniques could put children at risk, advocates say.

Under the F.T.C.’s proposals, some current online practices, like getting children under 13 to submit photos of themselves, would require parental consent.

Children who visit McDonald’s HappyMeal.com, for instance, can “get in the picture with Ronald McDonald” by uploading photos of themselves and combining them with images of the clown. Children may also “star in a music video” on the site by uploading photos or webcam images and having it graft their faces onto dancing cartoon bodies.

But according to children’s advocates, McDonald’s stored these images in directories that were publicly available. Anyone with an Internet connection could check out hundreds of photos of young children, a few of whom were pictured in pajamas in their bedrooms, advocates said.

In a related complaint to the F.T.C. last month, a coalition of advocacy groups accused McDonald’s and four other corporations of violating the 1998 law by collecting e-mail addresses without parental consent. HappyMeal.com, the complaint noted, invites children to share their creations on the site by providing the first names and e-mail addresses of their friends.

“When we tell parents about this they are appalled, because basically what it’s doing is going around the parents’ back and taking advantage of kids’ naivete,” says Jennifer Harris, the director of marketing initiatives at the Yale Rudd Center for Food Policy and Obesity, a member of the coalition that filed the complaint. “It’s a very unfair and deceptive practice that we don’t think companies should be allowed to do.”

Danya Proud, a spokeswoman for McDonald’s, said in an e-mail that the company placed a “high importance” on protecting privacy, including children’s online privacy. She said that McDonald’s had blocked public access to several directories on the site.

Last year, the F.T.C. filed a complaint against W3 Innovations, a developer of popular iPhone and iPod Touch apps like Emily’s Dress Up, which invited children to design outfits and e-mail their comments to a blog. The agency said that the apps violated the children’s privacy rule by collecting the e-mail addresses of tens of thousands of children without their parents’ permission and encouraging those children to post personal information publicly. The company later settled the case, agreeing to pay a penalty of $50,000 and delete personal data it had collected about children.

It is often difficult to know what kind of data is being collected and shared. Industry trade groups say marketers do not knowingly track young children for advertising purposes. But a study last year of 54 Web sites popular with children, including Disney.go.com and Nick.com, found that many used tracking technologies extensively.

“I was surprised to find that pretty much all of the same technologies used to track adults are being used on kids’ Web sites,” said Richard M. Smith, an Internet security expert in Boston who conducted the study at the request of the Center for Digital Democracy, an advocacy group.

Using a software program called Ghostery, which detects and identifies tracking entities on Web sites, a New York Times reporter recently identified seven trackers on Nick.com — including Quantcast, an analytics company that, according to its own marketing material, helps Web sites “segment out specific audiences you want to sell” to advertisers.

Ghostery found 13 trackers on a Disney game page for kids, including AudienceScience, an analytics company that, according to that company’s site, “pioneered the concept of targeting and audience-based marketing.”

David Bittler, a spokesman for Nickelodeon, which runs Nick.com, says Viacom, the parent company, does not show targeted ads on Nick.com or other company sites for children under 13. But the sites and their analytics partners may collect data anonymously about users for purposes like improving content. Zenia Mucha, a spokeswoman for Disney, said the company does not show targeted ads to children and requires its ad partners to do the same.

Another popular children’s site, Webkinz, says openly that its advertising partners may aim at visitors with ads based on the collection of “anonymous data.” In its privacy policy, Webkinz describes the practice as “online advanced targeting.”

If the F.T.C. carries out its proposed changes, children’s Web sites would be required to obtain parents’ permission before tracking children around the Web for advertising purposes, even with anonymous customer codes.

Some parents say they are trying to teach their children basic online self-defense. “We don’t give out birth dates to get the free stuff,” said Patricia Tay-Weiss, a mother of two young children in Venice, Calif., who runs foreign language classes for elementary school students. “We are teaching our kids to ask, ‘What is the company getting from you and what are they going to do with that information?’ ”

- As seen in The New York Times
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!

Squishy Robots That Can Hide and Seek

Researchers have built soft-bodied robots that can either blend into or stand out in their environment by changing their color. According to Sindya Bhanoo of The New York Times, these silicone-based robots can also glow in the dark.

The rubbery, four-legged robots mimic the behavior of soft-bodied creatures like sea stars and squid. Most robots today are large and rigid and mimic the movements of mammals.

“Starfish and things of this kind are simpler than mammals,” said George M. Whitesides, a chemist at Harvard who is involved in the research. “Less able to pick up a door, but maybe able to perform other tasks.”

He and his colleagues published their findings in the current issue of the journal Science.

The soft robots are made of a silicone-based polymer called polydimethylsiloxane, or PDMS. They were created using 3-D printers, as were the recently added “color layers.”

The color layers were built with channels into which researchers could pump colored liquids to change the colors and patterns of the robots as desired.

By pumping heated or cooled liquids into the channels, the researchers were also able to camouflage the robots in the infrared.

The coloration feature may one day be useful in building search-and-rescue robots, Dr. Whitesides said. By using color, the robots can serve as a visual marker to help search crews.

“They are very light and can make their way across mud in a way that a heavy robot would have trouble with,” Dr. Whitesides said. “A way of seeing a robot there is to make it very visible in the infrared.”

The robots can also pick up fragile objects, like uncooked eggs and fruits, he said — or even a live mouse.

As a bonus, the soft-bodied robots are inexpensive to build. The current prototypes cost less than $10 each.

- As seen in The New York Times
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!

Naive Online Daters Turn into Drug Mules

Seriously? YCMTSU! One fine day, Sharon's and Catherine's online dates, called "Frank" and "Marc," asked them to finally meet in person, but not before one last favor: going to Argentina to pick up some sensitive documents. Red flag numero uno...

The two women eventually agreed, thinking their dream had finally come true. However, the documents, hidden in a secret compartment of their luggage, turned out instead to be cocaine. That's how Sharon Mae Armstrong, 55, former deputy chief executive of the Maori Language Commission from New Zealand, and Catherine Blackhawk, 49, an American nurse, suddenly and unknowingly became the final links in a drug trafficking chain. Astonished, they ended up behind bars in the same federal prison on the outskirts of Buenos Aires, in April and June 2011, respectively.

Their cases reveal that dating deceits -- which rose by 150 percent in 2011 alone, fraud protection agency Iovation reveals -- are moving beyond the simple take-the-money-and-run scheme.

"Cartels are looking for people who clearly can't focus properly to realize what kind of business they have been thrown into," Claudio Izaguirre, president of the Argentine Anti-Drugs Association, told Metro. "People like Sharon are thrown into the fray with a luggage where the cocaine is easily detectable; she is just a decoy, a scapegoat. The real mules are behind her, managing to get through while the attention falls on her," he added.

In January of this year, a third person fell into the same cyber-trap and got caught at Buenos Aires airport: Paul Howard Frampton, 69, a distinguished professor of physics and astronomy based at University of North Carolina at Chapel Hill. Frampton has said he was lured into meeting a woman he thought he had been chatting with on the Internet, Czech-born lingerie model Denise Milani. He was given luggage to carry by someone claiming to be Milani's intermediary; the case had 2 kilograms of cocaine inside.

Just like Armstrong and Blackhawk, Frampton was perceived to be vulnerable and financially secure.
Julieta Lacroze, Sharon's lawyer from Buenos Aires-based law firm Estudio Durrieu, believes they are just the tip of an iceberg, but admits it is hard to find exact figures on the dating scam trend.

"It is easy for criminal organizations -- they just have to sit down and chat," she said. "Three months of work via the Internet, and that's it. For 5 kilos of cocaine, it's a fairly good deal."

Normally, dating website rip-offs tend to go unreported due to victims feeling embarrassed or humiliated.

The unwitting drug mules detained in Argentina now fight a battle behind bars to raise awareness about their plight.

Drug smuggling 2.0

A well-educated Western professional feeling lonely and looking for a mate on a dating website: That’s the perfect profile for the next-generation drug mule. Watch out: That seductive, sweet-talking cyber-mate might in fact just turn out to be a cover for a drug cartel in need of smugglers who are beyond suspicion.

How to dig your own grave

Being a professional cyber-love scammer requires an outrageously creative brain. Investigators believe that the organization that tricked Sharon used her own money to pay for the whole operation: In more than four months of a virtual relationship with “Frank,” Sharon agreed to send him $20,000 in different installments via Western Union.

“Every time, he had a different excuse,” her lawyer, Lacroze, pointed out.

“Who in Argentina would ever accept to send this much money to a stranger? No one.”

Nigerian and Russian criminal organizations are infamous to experts and drug enforcement agencies around the world. Websites like Romancescam.com are dedicated to raising awareness over the issue and help people detect their scammers before it becomes too late.

- As seen NY Metro
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!

Why Young People Should Create Their Own 4-Hour Work Week

Young people shouldn't bother "fighting over the remaining scraps of the old economy," said Walter Russell Mead. Now is a fantastic time to "find new routes into the uncharted wilderness of the 21-century economy."

Start-up costs for new ventures are incredibly low; a 24-year-old with an Internet connection has "the kind of information and access that only large corporations used to be able to afford." And there are vast sums of money to be made in providing "customized and tailored services" to increasingly busy Americans."

If you can figure out ways to take necessary chores off peoples' hands at a reasonable price, many will pay what you ask and thank you for the help." In particular, Americans want help bottling the "hose of the Internet"--there's simply too much on the Web these days for most people to handle, opening huge opportunities for "filtering, organizing, and customizing" this torrent of information.

My advice for young people: Build a small business around what your friends and neighbors need and want. It'll be more satisfying and "substantially more remunerative that anything a traditional, off-the-shelf career has to offer."

Read the full article "Finding the Jobs of the Future" here >> http://blogs.the-american-interest.com/wrm/2012/07/15/finding-the-jobs-of-the-future/

- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!

5 New Rules to Pick a Cell Phone Carrier

There are more variables than ever to consider when signing-up for cell phone service (or shall I say tracker service ;-) New shared plans offered by AT&T and Verizon are changing the economics of how individuals and families access voice, data and texting services. Additionally, as 4G phones become commonplace, understanding which carriers offer reliable 4G connections becomes all the more critical.


Before signing-up for a new cell phone plan for you or your family, chew over these five new rules for picking a cell phone carrier.

1) Determine whether a shared plan will save money for you and your family

In August, 2012, AT&T is scheduled to debut its Mobile Share plan for new and existing subscribers. This follows Verizon’s Share Everything plan, which was introduced in June 2012. Both plans offer unlimited voice and texting services for a fixed fee, and charge extra based on the number of devices included and how much overall data is consumed. While the pricing and services for each plan are generally similar, the biggest distinction is that AT&T gives its subscribers the option to choose between Mobile Share and other existing plans. New Verizon subscribers, however, have no other choice but to sign-up for Share Everything.

So how can you determine whether a shared plan is cost-effective versus individual plan options? Consumer Reports advises AT&T subscribers with “low or moderate” data needs to stick with individual plans as this point. Individuals with one smartphone connected to the Mobile Share share plan are charged $95/month plus taxes and penalties for 1GB of data. Overage fees thereafter are $15 for each GB. In comparison, individual voice and data plans on AT&T range between $59/month (450 minutes and 300MB of data) to $99/month (unlimited voice/texting and 3GB of data).

So the benefits of shared plans from both AT&T and Verizon only come into effect as you connect more devices (smartphones, feature phones, tablets, connected laptops) to your plan. Both AT&T and Verizon offer attractive packages that connect two smartphones with two feature phones and 4GB of data for $210. From there, the packages get more cost-effective as you add more devices and data to them.

While Sprint and T-Mobile also provide opt-in shared and family plans, their packages have not changed as dramatically in recent months. However, if AT&T and Verizon are successful with their new offerings, expect the two other major carriers to follow suit.

2) Monitor your data consumption – but don’t pay for more than you need


One additional and unfortunate wrinkle in Verizon’s Share Everything plan is that existing subscribers who enjoy grandfathered unlimited data plans will not be able to upgrade their phones at subsidized prices. That means that new and shiny smartphone you want to buy for $199 will actually run you more than $500. For most of us, that negates the benefits of having an unlimited data plan. Verizon is not the only carrier getting stingier with its data. Earlier this year, AT&T confirmed that subscribers still on their unlimited plans (no longer available to new customers) could see data speeds slow down after 3GB are consumed in a billing cycle. T-Mobile’s “Classic Unlimited Plan” for $95/month reduces high speed data after 5GB are consumed in a billing cycle. At this point, Sprint is the only remaining major U.S carrier to offer unlimited data plans.

But is not having access to unlimited data really the end of the world? According to Nielsen, the average smartphone owner consumes less than 500MB of data each month. So if you are a relatively light data user who likes to email, browse the web and maybe play the occasional game or two, you can save $10 to $50 per month or more on AT&T, Verizon and T-Mobile with plans that offer 1GB of data. Paying for unlimited data, or as much as 5GB of data per month, is best for family plans or individuals who constantly play games and/or watch videos on their smartphones without wireless Internet connections.

3) Research coverage maps for the best 4G networks in your area

As we increasingly treat our cell phones like handheld computers, the speed and reliability of the networks they are carried on become more important than ever. If you are about to purchase a new phone and things like high-speed Internet connections, video conferencing and HD gaming are important to you, than you should research which carrier in your area offers the best 4G connection. While AT&T is lauded by PCWorld and others as having the fastest 4G download speeds, the other carriers got a head start in offering nationwide 4G coverage. Before choosing a provider, check out the coverage maps offered online by Verizon, AT&T, Sprint and T-Mobile, as well as other regional providers you can access. You don’t want to shell out the big bucks for a state-of-the-art phone and two-year plan, and not have access to the fastest network possible.

4) Be mindful of your privacy before downloading certain applications


Advances in mobile media technology offer great benefits like the ability to identify nearby retail sales or happy hours in our area, as well as what our friends and contacts might be doing at any particular time. Of course, the counter-effect is that we sacrifice elements of our privacy to make these things possible. While many of us are proactive about deciding what personal information we are willing to give up for these services and conveniences, many third-party applications are not always forthright about what they are doing with our information.

Earlier this year, it was discovered that many popular apps like Path, Twitter and Yelp were uploading iPhone users’ address books to its servers without explicit permission. There is no evidence that the companies were doing anything nefarious with that information, and the offending app developers immediately revised their practices once they were revealed. Still, in this era where the technology is moving so quickly and so many new services are available at our fingertips, there is a good chance some of the information on our phones is stored by unknown third parties. Proceed with caution, and research the background and user and professional reviews of unknown applications before downloading them.

5) Consider a prepaid plan

While prepaid cell phone plans that don’t require two-year commitments have long been available, their biggest drawback was that they didn’t typically offer higher-end devices. This is no longer the case. Last month, prepaid plans for the iPhone debuted for the Cricket and Virgin Mobile USA networks. Those carriers and others are also beginning to offer among the best Android and Windows devices. There are still various pros and cons you should consider before investing in a prepaid plan. But if you resisted in the past because of poor handset selections, now is a great time to consider prepaid options.

- As seen in Yahoo! News
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!

When Rachel became the Office Robot

Telepresence robots, which retail for about $9,700, just may be the future of work.

For several weeks in the summer of 2012, I was a robot in the office, said Rachel Emma Silverman in The Wall Street Journal. Literally. I work remotely from Austin, but I used the QB-82, a wheeled robot that showed my face and emitted my voice, to wheel around our New York headquarters.

These “telepresence robots,” which retail for about $9,700, are designed to allow “far-flung workers to collaborate with peers and log face time at the office.” They just may be the future of work.

Oddly, research has found that employees are more open with human-operated robots than with human colleagues. As I rolled around the hallways using my laptop’s arrow keys, I spoke with colleagues I’d never met before. But I also “nearly careened into glass walls, got stuck in an elevator,” and got dinged in my virtual cranium by a Nerf ball. Glitches aside, Robot Rachel was a hit.

- As seen in The Week
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!

Cyberwarfare Emerges From Shadows for Public Discussion by U.S. Officials

Defense Secretary Leon E. Panetta warned Thursday, Oct 11, 2012 that the United States was facing the possibility of a “cyber-Pearl Harbor” and was increasingly vulnerable to foreign computer hackers who could dismantle the nation’s power grid, transportation system, financial networks and government. According to Elisabeth Bumiller and Thom Shanker of The New York Times, Defense Secretary Panetta's warnings of a dire threat of cyberattack on the U.S. is being voiced now as he seeks new standards to protect vital infrastructure.

In a speech at the Intrepid Sea, Air and Space Museum in New York, Mr. Panetta painted a dire picture of how such a cyberwar might unfold. He said he was reacting to increasing aggressiveness and technological advances by the nation’s adversaries, which officials identified as China, Russia, Iran and militant groups.

“An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical switches,” Mr. Panetta said. “They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”

Defense officials insisted that Mr. Panetta’s words were not hyperbole, and that he was responding to a recent wave of cyberattacks on large American financial institutions. He also cited an attack in August on the state oil company Saudi Aramco, which infected and made useless more than 30,000 computers.

But Pentagon officials acknowledged that Mr. Panetta was also pushing for legislation on Capitol Hill. It would require new standards at critical private-sector infrastructure facilities — like power plants, water treatment facilities and gas pipelines — where a computer breach could cause significant casualties or economic damage.

In August, a cybersecurity bill that had been one of the administration’s national security priorities was blocked by a group of Republicans, led by Senator John McCain of Arizona, who took the side of the U.S. Chamber of Commerce and said it would be too burdensome for corporations.

The most destructive possibilities, Mr. Panetta said, involve “cyber-actors launching several attacks on our critical infrastructure at one time, in combination with a physical attack.” He described the collective result as a “cyber-Pearl Harbor that would cause physical destruction and the loss of life, an attack that would paralyze and shock the nation and create a profound new sense of vulnerability.”

Mr. Panetta also argued against the idea that new legislation would be costly for business. “The fact is that to fully provide the necessary protection in our democracy, cybersecurity must be passed by the Congress,” he told his audience, Business Executives for National Security. “Without it, we are and we will be vulnerable.”

With the legislation stalled, Mr. Panetta said President Obama was weighing the option of issuing an executive order that would promote information sharing on cybersecurity between government and private industry. But Mr. Panetta made clear that he saw it as a stopgap measure and that private companies, which are typically reluctant to share internal information with the government, would cooperate fully only if required to by law.

“We’re not interested in looking at e-mail, we’re not interested in looking at information in computers, I’m not interested in violating rights or liberties of people,” Mr. Panetta told editors and reporters at The New York Times earlier on Thursday. “But if there is a code, if there’s a worm that’s being inserted, we need to know when that’s happening.”

He said that with an executive order making cooperation by the private sector only voluntary, “I’m not sure they’re going to volunteer if they don’t feel that they’re protected legally in terms of sharing information.”

“So our hope is that ultimately we can get Congress to adopt that kind of legislation,” he added.

Mr. Panetta’s comments, his most extensive to date on cyberwarfare, also sought to increase the level of public debate about the Defense Department’s growing capacity not only to defend but also to carry out attacks over computer networks. Even so, he carefully avoided using the words “offense” or “offensive” in the context of American cyberwarfare, instead defining the Pentagon’s capabilities as “action to defend the nation.”

The United States has nonetheless engaged in its own cyberattacks against adversaries, although it has never publicly admitted it. From his first months in office, Mr. Obama ordered sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment plants, according to participants in the program. He decided to accelerate the attacks, which were begun in the Bush administration and code-named Olympic Games, even after an element of the program accidentally became public in the summer of 2010.

In a part of the speech notable for carefully chosen words, Mr. Panetta warned that the United States “won’t succeed in preventing a cyberattack through improved defenses alone.”

“If we detect an imminent threat of attack that will cause significant physical destruction in the United States or kill American citizens, we need to have the option to take action against those who would attack us, to defend this nation when directed by the president,” Mr. Panetta said. “For these kinds of scenarios, the department has developed the capability to conduct effective operations to counter threats to our national interests in cyberspace.”

The comments indicated that the United States might redefine defense in cyberspace as requiring the capacity to reach forward over computer networks if an attack was detected or anticipated, and take pre-emptive action. These same offensive measures also could be used in a punishing retaliation for a first-strike cyberattack on an American target, senior officials said.

Senior Pentagon officials declined to describe specifics of what offensive cyberwarfare abilities the Defense Department has fielded or is developing. And while Mr. Panetta avoided labeling them as “offensive,” other senior military and Pentagon officials have recently begun acknowledging their growing focus on these tools.

The Defense Department is finalizing “rules of engagement” that would put the Pentagon’s cyberweapons into play only in case of an attack on American targets that rose to some still unspecified but significant levels. Short of that, the Pentagon shares intelligence and offers technical assistance to the F.B.I. and other agencies.


- As seen in The New York Times
Brought to you by
NetLingo: Improve Your Internet IQ
Subscribe to the NetLingo Blog via Email or RSS
here!