China’s hacking problem: more sinned against than sinning?

Posted: May 20, 2013 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , | Leave a comment

hackerLast week I finished off an analysis of the China/cyber espionage stories that have been flying around in recent months, with a surprising conclusion – in many circumstances the country may well be as much a victim of attack as a perpetrator.

We are unlikely to ever find out the extent of state-sponsored cyber attacks on the US and its allies, although thanks to several high profile reports which name and shame Beijing it’s clear that the tip of the iceberg is well and truly showing.

However, we can be more clear about how secure or otherwise China’s IP address space is and make some general observations.

I spoke to several information security experts about this and they were all in agreement that China is a particularly attractive place to launch attacks from, simply because there are so many compromised PCs as well as enough bulletproof hosting firms there to use with impunity.

HKCERT senior consultant, SC Leung, explained to me how compromised computers, of bots, in China are helping cyber criminals from outside the country.

“The zombie computer, or bot, steals the data (using its IP address) and sends it back to the attacker. When tracing the compromise police can only find the bot computer IP address. The attacker can further command the bot to send the data to Dropbox or a third party forum, and then retrieved it directly or indirectly.  This long chain of investigation of different servers (probably in different jurisdictions) hampers the investigation.” 

It’s also worth mentioning that not all attacks are being carried out by external forces to compromise Chinese IP addresses which are then used as a staging point to attack other countries. China has a massive internal problem with home-grown cyber crims targeting their own – stealing data, IP, bank credentials and even blackmailing by DDoS or other means.

It’s interesting to note that a week or so after I published this story, the FT ran an interesting piece which reached the same conclusions, claiming that the government is failing to provide coherent oversight on information security matters and that the forensics industry is virtually non-existent in China.

Apart from changing these two problems, there needs to be greater user education and awareness to ensure fewer PCs are vulnerable to outside attack, and a crack down on bulletproof hosters.

At the moment, the Party seems to be happy to close down porn sites in high profile raids, willfully censor its citizens and hit out at any US accusations of cyber subterfuge, but not to get its own house in order.

Cleaning up its address space first would would surely improve China’s standing internationally and may even help foster more cross-border co-operation, rather than the relentless mud-slinging of late.

Data security incidents hit 47,000 in 2012

Posted: May 8, 2013 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , , | Leave a comment

Last week I popped over to the Quarry Bay HQ of Verizon Business in Hong Kong to hear more about the annual Data Breach Investigations Report.

The report’s really come on since I covered it way back in 2008, and this year pulled data from an unprecedented 19 reputable sources including Scotland Yard, the US Department of Homeland Security and many more.

The Register covered the main news from the report when it was launched the week before – that China was responsible for a whopping 96 per cent of state-affiliated attacks – so I was keen to get some other APAC-relevant insight from the team.

Unfortunately there wasn’t much to be had, in fact the report itself only mentions Asia Pacific once as a break-out region, to illustrate the top 20 threat types across the whopping 47,000 security “incidents” recorded over 2012.

What this probably tells us is that methods of collecting the data at the moment are pretty non-standardised across the globe, which makes drawing any clear comparisons difficult between regions.

Another thought that occurred: it’s fairly obvious that organisations across the globe suffer from the same kinds of information security risk – whether hacktivist, financially motivated criminal or state sponsored espionage-related.

As Verizon’s HK VP Francis Yip said: “No one is immune from cyber crime. As long as you have an IP address, you are a target, no matter how long you spend online.”

In this respect, there were no startling new trends as such to pull out of the report, aside from China’s consistent and persistent appearance as number one source of state-sponsored shenanigans.

This is probably good news for under fire CISOs, now tasked not only with deflecting financially motivated cyber crime and attempts from hacktivists to take down their sites and steal credentials, but also under-the-radar information theft from APT-style attacks.

What’s also good news, is Verizon’s assertion that the cloud is no less safe than any other form of computing system, as long as IT teams make sure they carry out due diligence on providers.

“Cloud can actually be more secure, because these providers are doing it on an industrial scale with staff who know what they are doing,” argued Verizon’s APAC head of identity and privacy services, Ian Christofis.

While all this is certainly true I definitely got the impression from the briefing that many firms are still failing on the security basics.

“Could try harder” is probably a suitable report card take-away for businesses from 2012.

Huawei the crouching tiger ready to bare its enterprise fangs

Posted: April 25, 2013 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , | Leave a comment

huawei campus shenzhenI spent the first part of the week at Huawei’s global analyst summit just across the border in sunny Shenzhen. There wasn’t an awful lot of news per se, but a good many bold financial predictions from the fast-growing firm, which is trying to manage the unheard of triple whammy of success in carrier, enterprise IT and consumer device markets.

No firm has managed to succeed in all three, but Huawei is certainly going the right way about it. The firm stands third in the worldwide smartphone market, is breathing down Ericsson’s neck in the carrier space and has big plans to grow its enterprise business. On that front we heard the firm expects 45 per cent growth this year, and a CAGR of around the same to reach $10bn in revenue by 2017.

It’s not all hunky dory at the Shenzhen headquartered vendor though. Alternate CEO and EVP Eric Xu effectively said at the event that it had given up on the US as a potential growth market. Now that’s not to say it wouldn’t like that to change in the future, but given the intractable stance of Congress on this it’s not likely. So where’s the enterprise growth to come from?

Analysts told me developing markets like Indonesia and Myanmar represent potential but not immediate revenue growth at the moment – for that it needs to tap developed regions. China still represents the major slice of the enterprise pie for Huawei and that’s all dandy, but there are mutterings that local government spending may tighten in the near future, which would be bad news for the firm.

“In enterprise, Huwaei is strong in the networking and infrastructure segment. It also has other products around unified communications, contact centre and security, but overall market share is very small outside China,” Frost & Sullivan analyst Pranabesh Nath told me.

“Like the Japanese firms of the post-world war era, it is mostly positioned as a value oriented player, but is trying to improve its products to move up the value chain.”

A potential roadblock on this journey is a perceived lack of clarity around its product lines, according to IDC’s Ian Song. He said the Fusion datacentre brand in particular has caused some confusion amongst the analyst community, which view Huawei’s enterprise message as a “work in progress”.

That said, its technology is sound, R&D spend is massive and it’s got a great base to start with its strength in the carrier space. IBM, Cisco, HP et al won’t be breaking into a sweat just yet but they’d be foolish not to see the crouching tiger hidden in plain sight.

On the device front, we heard from CMO Shao Yang about Huawei’s plans to shift 60 million smartphones this year. This won’t exactly propel it into the top two among Samsung and Apple, but it’s a pretty clear statement of intent. In this industry, brand perception is all-important, and it’s something Huawei, which didn’t really have a brand until it launched the Ascend line last year, has historically struggled in.

That said, it’s learning fast and the high-end handsets its coming out with are pretty slick, so expect a whole lot more on the marketing front this year and an increasing number of Huawei-branded devices to manage as part of your BYOD strategy.

North Korea: business as usual for IT supply chain

Posted: April 12, 2013 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , | Leave a comment

kim jong unThere’s a great deal of ambulance chasing that goes on in the IT press. Spot any major geopolitical news event and some vendor will try and shoehorn in a thinly veiled sales pitch for their products and services in the most blatant way possible.

There are certain events which do bear closer analysis, though, and I think the situation in North Korea is one of them. Given the impact of the earthquake and tsunami in Japan 2011 and the Thai floods of that same year, on the ICT supply chain, it’s clear that major events in Asia can have knock-on effects.

The major impact of a possible conflict in Korea would be on Samsung, which is the world’s largest supplier of LCD panels, Flash and DRAM and a major producer of lithium-ion batteries and chips. However, if China were brought into the conflict, this may also spread risk to the huge number of tech manufacturers in the People’s Republic.

So are suppliers getting twitchy? Are staff and assets being moved around to minimise risk? Are customers spending their money on cans of tinned food and bomb shelters rather than Galaxy Notes?

Well, as I reported in The Reg, none of that so far actually. The main message has been one of “business as usual”, with a caveat of continued monitoring of the situation.

“We didn’t observe any significant drop in consumer sentiment so far and don’t expect any major changes unless North Korea really launches a missile. There has been no big changes in Korea’s import, export and sales activity but tourism and foreign capital inflow could be impacted,” IDC analyst YoungSo Lee told me.

“The tension in Korea won’t ease that quickly and there are people who have started stocking up on daily necessities and even pulled out some money from the banks. There is talk of some foreign vendors making plans to send senior executives back to their home countries but there is no concrete evidence of that yet. All of the above are sensible precautions in response to continued uncertainty over how the crisis might develop.”

That said, just because there is widespread public apathy towards the kinds of threats being uttered daily by Pyongyang doesn’t mean nothing will happen – it only takes one piece of military or political misjudgement to spark a full-on confrontation which could impact IT channels.

“There are low expectations of anything serious happening, perhaps only a minor skirmish in disputed seas between the North and South,” Canalys APAC MD Rachel Lashford told me. “But of course low expectations does not mean that the risk is definitely zero.”

So, long story short – no panic yet, but worth keeping an eye on for future developments. One thing North Korea is not known for is it’s predictability.

Hi-tech horse racing wizardry down at Happy Valley

Posted: April 5, 2013 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , | Leave a comment

happy valley racecourseI was at Hong Kong’s world famous Happy Valley racecourse the other week to get the low-down on the IT set up there.

IT leaders at the Hong Kong Jockey Club are frequent participants in local technology-related events and with good reason.

The unique pressures of not only running an organisation with over 20,000 employees but also an infrastructure which needs to support the storage, management and delivery of vast quantities of real-time racing data, as well as secure betting transactions, must be enough to keep anyone awake at night.

HKJC apparently has to deal with something like six million bets on a typical race day, so the system needs to be able to hold its own.

I was shown around the non-profit’s latest project – the IBU (Interactive Best for You) table – by director of programme management, Scarlette Leung.

She explained that the table was designed from scratch in a process starting back in 2009.

The fully touchscreen affair is designed to attract a younger, professional group to the sport – people who aren’t familiar with form and just want to have a fun night out, with a bit of betting in between food and drinks.

Although pretty much a novice at this sort of thing, it didn’t take me long to get used to the drag and drop interface, which displayed info by four easy to understand parameters – ability, jockey and trainer, fitness and draw. Payment is via a PIN-locked smart card, which makes it even more user-friendly, and even I managed to win a few dollars.

IBU table

More interesting to me was the infrastructure behind it. Leung explained that the most challenging bit of the project was integrating the front end IBU and video displays with back-end infrastructure including smart card account management, odds and racing stats, security etc. The whole project was pushed through using Agile and Waterfall methodologies with a US manufacturer responsible for building the IBUs.

Leung was coy on future plans for the Club, but I could imagine seeing a few more of these tables on the way, and for the smart card system to be made more ubiquitous for payments at the ground and Sha Tin.

Given the SOA is reusable, the same simplified IBU betting experience could also potentially be pushed out in a mobile app form.

Either way, Happy Valley is world’s away from the kind of horse racing experience most UK betting fans are likely to see – but whether this kind of hi-tech whizz bangery will catch on in Blighty remains to be seen.

Not all bad: Huawei outlines corporate social responsibility push

Posted: March 21, 2013 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , | 1 Comment

huawei campus shenzhenNot content with breathing down Ericsson’s neck in the telecoms equipment space and making huge gains in the global smartphone market, Chinese giant Huawei now has its sights set on becoming a leader in corporate social responsibility, but maintains it’s definitely not part of a soft power push.

Speaking at a media event in Hong Kong on Wednesday, the firm’s head of CSR, Holy Ranaivozanany, revealed that it would be extending its Telecoms Seeds for the Future project to Australia this year.

“We thought that we needed to use the expertise in the company to bring something to the community. After stakeholder dialogue we saw there was a high expectation on us to help local schools and universities improve ICT education,” she said of the genesis of the project.

“There’s a gap between what is learned at school and what is learned in the industry, so we looked at how to bridge that gap. That’s why we launched this program in 2008.”

The project could involve scholarships and internships at local Huawei offices where students get mentored by a Huawei engineers, lectures by Huawei staff at local universities and even the creation of training centres. In Malaysia the firm is spending $30m over several years to build out such a centre, she said.

However, head of international media affairs, Scott Sykes, refuted any suggestions that this global CSR strategy might be part of an effort to soften the image of the company abroad, especially in countries like Oz which have been rather hostile to it in the recent past.

“Our top objective is not soft diplomacy but us realising our responsibility as a leading ICT company. We’re not just selling kit, we’re benefitting the communities we operate in,” he argued.

“In one sense our technology is enriching lives, making affordable high quality broadband services. Beyond that we bring jobs. 150,000 work at Huawei including 50,000 non-Chinese outside China – and that number is growing each day. In addition there’s the ecosystem. Last year we spent $6bn in the US, $3bn in Europe, $3bn in Taiwan and $1bn in Japan, so when we win this ecosystem around our business wins.”

Still, it can’t hurt the firm to show it has the interests of local communities at heart, after all the negative stories of it as a national security risk and shadowy agent of the Chinese government that usually follow it and Shenzhen rival ZTE around, especially in Australia and the US.

Ranaivozanany was even magnanimous enough to say that the firm wasn’t necessarily hoping to train up future Huawei engineers with its Telecom Seeds program, but simply “nurture a pool of talent to … keep the industry going”.

In many ways, Huawei is still learning the ropes when it comes to CSR – something that doesn’t come naturally to Chinese companies.

Ranaivozanany admitted there was “no specific measure of RoI” on Huawei’s CSR efforts, but that it was now “integral to what we do”, while Sykes emphasised that the firm was simply coming good at last on expectations of what a large multi-national industry-leading vendor should be doing in this area.

“We’re still a young company. We were only founded about 25 years ago while some of our competitors were founded 100 years back. Our focus on our core business has probably been to the detriment of other things, like communicating properly,” he admitted.

“We’re not saying we have the best ideas regarding CSR. We acknowledge we’re a newcomer in this area, but we’re building our muscle.”

For the record, Ranaivozanany outlined the “four pillars” by which Huawei defines its CSR activities as follows .

Creating and maintaining reliable networks, especially in the event of natural disasters; helping close the digital divide by connecting those in rural areas; building greener products; and the rather wooly  “realising common development with stakeholders”, which basically means improving the livelihoods of employees and citizens in the countries it operates.

How cloud computing will let loose the Asian dragon

Posted: March 14, 2013 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , | Leave a comment

chinese dragonAsia’s unique combination of large numbers of entrepreneurs and software developers offers tremendous opportunities for dynamic cloud growth, while European and Australian companies continue to lag in the shadow of the US.

That’s the view of Nigel Beighton, VP of technology and product, for managed hosting-cum-open cloud company Rackspace, who was in Hong Kong this week to discuss how the “sleeping software giant” of Asia will soon awake.

He argued that European and Australian firms are 18 months to 2 years behind their US rivals and suffer from the same issues around legacy infrastructure.

“Asia is fascinating because it doesn’t track what happens in the US. It has its own culture and personality and if you think about software development in Asia it’s different. Even the code they write looks different. The way people think about mathematics and structure and architecture is different,” he said.

“Cloud enables business to be agile and Asia is very good at that – at being entrepreneurial. At the same time it’s cool to be a software developer here and cloud is enabling software developers to do what they want to do immediately.”

The US market, while it still has a “degree of creativity”, is very much in a phase of consolidation at the moment, dealing with legacy infrastructure and looking at changing business models, Beighton argued.

To an extent, Europe and Australian firms are in a similar boat – held back by a large legacy application estate going back 10-15 years which makes it difficult to scale vertically in the cloud, he added.

However, there aren’t many examples of cutting edge cloud innovation in the region – he gave China’s indigenous search engine companies led by Baidu as one – because it’s still early days. As a result, education remains an important part of the cloud provider’s role.

It’s worth bearing in mind here that even though it now has a successful enterprise business, Rackspace began life serving entrepreneurial SMB-type companies, which is why the firm is always keen to enthuse about this end of the market. It’s also part of the reason why it located a regional datacentre in Hong Kong rather than rival IT hub of Singapore which is geared more towards servicing larger financial organisations, according to Beighton.

“For us the entrepreneurial aspect of Hong Kong was really interesting, and how that would work in conjunction with China,” he said, adding that public cloud capabilities from the datacentre would be available in Q4 this year.

Rackspace is not the only cloud provider waxing lyrical about the huge potential in the Asia region. EMC Greater China president Denis Yip argued at a conference in Hong Kong last summer that China is actually trumping the US and the rest of the world at the cutting edge of cloud computing deployments.

However, despite huge building projects by local government in China, there is a real risk datacentre capacity will lie idle because not enough thought has gone into working out what to use it all for and how to generate profits once the infrastructure is completed.

Big Data: time to believe the hype?

Posted: March 1, 2013 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , | Leave a comment

big dataI was in Singapore this week for a big Intel announcement, ably covered by my Reg colleague Timothy Prickett Morgan here. That left me with no news but a bit of wriggle room to consider the bigger picture: just where is Big Data headed, what’s the big deal with Hadoop and is Intel really a software company now?

Well, let’s take the last question first. Yup, Intel has been a software company for several years now actually. It was the $7.6bn acquisition of security giant McAfee which really sealed the deal though and its roadmap for taking security capabilities down to the OS and chip level is taking shape nicely. This week’s big news was that Intel is getting into the Hadoop game with its own distribution of the open source Big Data management framework.

It’s a smart move for Chipzilla, helping to drive extra revenue and boost take-up of its Xeon chips. According to global director of Enterprise Computing, Pat Buddenbaum, however, there was another reason for the move, namely “to instill confidence that Hadoop will remain open”.

“One of the concerns was that its primarily driven by start-ups with venture backed direction, which may fork from the 100 per cent standardised open source path,” he told me.

Intel as open source saviour? Well you can be sure that commercial interests were probably its primary motivator here, and it has no plans to make similar moves for other open source frameworks which may be at risk of forking.

So what about Big Data? Should you believe the hype? Well, although even Buddenbaum admitted it was a bit of a buzz word, the premise behind it is sound. It’s about organisations making sense of the vast quantity of data – be it internal or external, customer-related data – literally inundating their  datacentres, in order to drive business growth and improve agility in realtime. Analysts I spoke to are in agreement that the Big Data trend is a positive one and Intel’s move will benefit the industry. Now it’s up to the OEMs, SIs, and ISVs to play their part and enable the democratisation of Big Data by pushing Hadoop down to the mass market via their products and services.

Don’t hold your breath though. The industry is at such a nascent stage that, according to Intel’s APAC Datacentre Products GM Jason Fedder, it’s not even clear which region if any is ahead of the curve. In the meantime the hype will continue as long as IT vendors (excluding Intel, of course) think they can flog some extra units on the back of this latest buzz word. But I’m pretty confident that in a few years’ time we won’t be talking about Big Data anymore – not because it will have fallen from favour but because it will be ubiquitous.

Cameron’s Indian deal exposes outsourcing security failings

Posted: February 21, 2013 | Author: | Filed under: Uncategorized | Tags: , , , , , , , , , , , , , | Leave a comment

taj mahalEarlier this week David Cameron signed a deal designed to elevate the Indo-British relationship to an “unprecedented level of co-operation” on cyber security issues. It came as part of the PM’s three day trade mission to India and is certainly to be welcomed, but the agreement also implies some rather worrying things about the cyber readiness of the country’s big outsourcing firms.

The deal will essentially mean two things. Firstly, UK technical know-how and expertise in the cyber security sphere will be shared with Indian outsourcers, essentially to help protect the vast amounts of data from UK consumers and businesses which are now held on servers in the country.

Secondly, the agreement will see the two countries share relevant threat intelligence in order to thwart attacks on their systems, whether they’re coming from the UK, India or elsewhere.

Now, as mentioned, any kind of international co-operation on cyber threat protection is a step in the right direction, and Cameron certainly can’t be faulted for his assertion that “other countries securing their data is effectively helping us secure our data”.

My surprise is that big name outsourcers like Wipro, HCL, Mahindra and Infosys – firms which have built their business presumably on the quality (and security) of their BPO offerings – need an extra hand.

Any CIO worth his salt would surely relegate to the scrap heap a potential outsourcing provider who could not satisfy his or her list of pre-determined security requirements.

Sure, the smaller outsourcers will benefit most from this deal, but the big boys too?

Well, yes, according to Forrester’s New Delhi-based analyst Katyayan Gupta.

“Even larger Indian firms like Infosys, TCS, etc. will also benefit because now they will have an additional layer of security against cyber criminals,” he told me.

“This is not to say that these firms do not have good security right now. But the question really is – is it enough to keep all attackers out? Probably not.”

Now I know in this age of APTs and highly targeted attacks no firm can claim to be impervious, but it’s slightly worrying when those with huge resources – in an industry where reputational damage following a data breaches could hit hard – are apparently getting expertise flown in from the UK that they haven’t obtained anyway.

Also, as Gupta argued, the deal will still do nothing to stop perhaps the biggest threat to UK data residing on these firms’ servers: corrupt insiders.

It may be time to revisit those SLAs.

Most of China’s tech producers die in their teens

Posted: February 7, 2013 | Author: | Filed under: Uncategorized | Tags: , , , , , , , | Leave a comment

factoryAn interesting bit of research cropped up on one of the few English language sites covering Chinese news in this region, Taiwan’s WantChinaTimes, claiming the average lifespan of a Chinese electronics manufacturer is a shade over 13 years.

Now this sounded pretty low to me, not having anything to compare it to, but it struck as an interesting stat which serves to illuminate a lot of the pressures Chinese manufacturers are facing today, and where the country wants to be in a few decades time.

The research itself came from a Chinese manufacturer called Global Market Group, which interviewed over 1,000 firms in the economic zones of the Pearl River Delta and the Yangtze River Delta. It’s not a huge sample, given the sheer size of the industry in the PRC, but it’ll have to do.

The first thing to note is that 13.2 years is much longer than the average for survey respondents of 11.1 years – the report argues that this could be because electronics makers are forced to adapt quickly to changing tech to keep afloat.

More generally, though, 13.2 years doesn’t seem like a long time for a firm to be in business. But it does illustrate the rapid pace of change in the tech industry – where many fall by the way side in time because they simply can’t keep up with the latest trends.

It also shows, as Forrester analyst Dane Anderson told me, the intense pressure on Chinese manufacturers burdened with rising labour and energy costs and competition from other low cost suppliers in Asia.

US politicians and loathsome right wing media outlets often make out China to be the bad guy – taking American jobs by offering  brand owners by far the lowest cost of production. However, increasingly it’s becoming a more complex picture than this.

“The perception in the West is often that the manufacturing industry in China is a bullet-proof juggernaut, but this view is inaccurate,” said Anderson. “It is a dynamic and highly competitive sector squeezed by thin margins and demanding customers.”

Too true.

But as China looks to move up the stack, away from being a land of contract manufacturers mass producing at low prices in incredibly competitive market conditions, things might change, according to IDG’s senior research manager William Lee.

“The electronics industry is typically a high clockspeed industry, meaning the average product lifecycle time span is shorter than say automotive, aerospace, industrial equipment. So electronics manufacturing companies’ lifespan is typically shorter than other companies in other industry,” he told me.

“However when the manufacturing industries mature and many of these companies begin to evolve to brand owners, the average lifespan will increase.”

With China still some way behind Taiwan, South Korea and other countries, it will be a while before this happens, but it surely will, as this is the direction the Chinese government wants it to go in. It recently announced ambitious plans to create eight super-companies in the tech space each the size of Lenovo ($100bn in revenues per year), which would have globally recognised brands.

When that finally happens, and the sweat-shops move out to Vietnam, Indonesia and elsewhere, maybe the US will have to invent another bogeyman.

← Older Entries
Newer Entries →