Wednesday, January 13, 2010
Updated Google plans to curb its controversial practice of censoring search results in China after uncovering a "highly sophisticated and targeted attack" designed to steal information about human rights activists from its Gmail service and at least 20 other large companies.
The attack that hit Google in mid-December originated in China and was aimed at accessing the Gmail accounts of human rights activists. Although only two email accounts appear to have been breached, "accounts of dozens of US-, China- and Europe-based Gmail users who are advocates of human rights in China" have been routinely breached, most likely as a result of phishing or malware attacks, the company said Tuesday.
The discovery came as Google uncovered similar attacks on at least 20 other companies in the financial, technology, media, and chemical industries. Adobe Systems issued a separate statement that reported it and and other companies had also come under attack. In light of the revelations, Google said it is considering shuttering its Chinese operations altogether.
"These attacks and the surveillance they have uncovered - combined with the attempts over the past year to further limit free speech on the web - have led us to conclude that we should review the feasibility of our business operations in China," Google's chief legal officer David Drummond wrote here. "We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all."
Drummond said Google has already used the investigation findings to introduce security improvements. The company is also in the process of sharing its findings with law enforcement authorities and the other targeted sites.
"We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech," Drummond wrote.
He didn't provide details about the two breached Gmail accounts except to say that "activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves." The names of the 20 large companies were also omitted.
Drummond's description of an industry-wide attack carried out from China is reminiscent of a warning issued two years ago by the MI5's director-general. In a letter sent in late 2007 to 300 UK chief executives and security chiefs, Jonathan Evans warned the leaders of British businesses to be on the lookout for state-sponsored Chinese hackers carrying out electronic surveillance attacks.
"This is highly likely to be much wider than even Google knows," said Alan Paller, director of research for the SANS Institute. "Two years is a long time in this business." According to The New York Times 34 companies, most of them high-technology companies in Silicon Valley, have been targeted in the attacks, which attempted to access source code repositories. The attackers used Taiwanese internet addresses, the paper reported, citing James Mulvenon, an expert on Chinese cyberwarfare capabilities.
Adobe, whose Acrobat and Reader apps are frequently targeted by attackers to install malware on the machines of its users said here that early this month it learned of a "computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies." While investigators have no indication customer, employee or financial data was accessed, it said a full accounting of the incident will "take quite some time to complete."
Adobe spokeswoman Wiebke Lips declined to elaborate or say whether the disclosure was related to Google's advisory. Adobe on Tuesday fixed a critical Reader vulnerability that was being narrowly targeted in an unusually sophisticated attack. The timing of Google's warning and the fixing of the Reader bug is already touching off speculation that at least some of the attacks exploited the Adobe flaw.
Lending credibility to that theory was a separate Google post that claimed the attack didn't target the companies' servers.
"The route the attackers used was malicious software used to infect personal computers," Dave Girouard, president of Google Enterprise, wrote. "Any computer connected to the Internet can fall victim to such attacks. While some intellectual property on our corporate network was compromised, we believe our customer cloud-based data remains secure."
Google, whose corporate credo is "Don't be evil," entered the Chinese market in 2006 with the promise to censor search results that were objectionable to the country's government. The pledge has often stuck in the craw of free-speech advocates. While Google remains the uncontested search leader in most regions of the world, its share of the Chinese market is about 30 percent, less than half what Baidu has. ®
WASHINGTON—House and Senate negotiators working on President Barack Obama's health overhaul bill appear likely to drop a proposed income tax increase on high-wage earners and possibly jettison a requirement for large businesses to offer coverage to their employees, Democratic officials said Tuesday.
Negotiators are considering extending the Medicare payroll tax, which now applies only to income from wages, to cover some of the investment earnings of couples making more than $250,000 a year, and individuals earning above $200,000. That could make up lost revenue from dropping the high-wage income tax and scaling back a proposed tax on high-value insurance plans, which is strongly opposed by organized labor and House Democrats.
On another high-profile issue, the negotiators are discussing a hybrid of a proposed national insurance exchange contained in the House bill and the state-by-state approach favored by the Senate. House Democrats are pressing for a national system to apply pressure to the insurance industry after their proposal for a new government-run insurance option was ruled out due to opposition from Senate moderates.
These officials also said key lawmakers and the White House were hoping to include more money to protect state governments from the cost of an expansion of the federal-state Medicaid insurance program for the poor. That issue flared after Sen. Ben Nelson, D-Neb., the critical 60th vote for the health care bill in the Senate, got a deal for the federal government to pay the full cost of Medicaid expansion in his state forever, whereas other states would have to pick up part of the tab after a few years.
The officials spoke on condition of anonymity, saying they were not free to disclose details of the negotiations.
The developments came as the pace of negotiations on health care legislation quickened with House members returning to Washington on Tuesday from a holiday recess. The White House wants a final bill for Obama to sign in time for his State of the Union address early next month.
House Speaker Nancy Pelosi, Senate Majority Leader Harry Reid and other Democratic leaders were scheduled to meet with Obama at the White House on Wednesday to narrow the numerous issues that remain unresolved. The president has weighed in forcefully in recent days, telling lawmakers he wants at least a pared-down tax on high-cost insurance plans as well as a commission with authority to order cuts to Medicare spending under limited circumstances -- both measures designed to hold down spiraling health care costs.
The House-passed bill included an income tax increase on individuals making more than $500,000 a year and couples making over $1 million, as well as a requirement for large businesses to cover their workers. The Senate bill contained neither. It included a tax on high-value insurance plans and a modest increase in the Medicare payroll tax. Instead of requiring employers to offer health coverage, the Senate bill penalized businesses if any of their workers obtained government-subsidized health care.Continued...
Overall, prime RMBS 60+ days delinquencies rose to 9.2% for December 2009, up almost three times compared to the same period last year (3.2% in December 2008). The 2006/2007 vintages combined rose to 12.7% from 4.3%.
The five states with the highest volume of prime jumbo loans outstanding (California, New York, Florida, Virginia, and New Jersey) comprise approximately two-thirds of the loans in question. Prime jumbo RMBS 60+ days delinquencies for these states at December 2009 compared to December 2008, and their approximate share of the $388 billion market, are as follows:
--California: 10.8%, up from 3.5% (44% share)
--New York: 5.8%, up from 1.8% (7% share)
--Florida: 16%, up from 7.3% (6% share)
--Virginia: 5.4%, up from 2.3% (5% share)
--New Jersey: 7.1%, up from 2.3% (4% share)
Prime jumbo borrowers that were current on their mortgage the previous month but missed a payment the following month (roll rates) averaged about 1% a month for the last 12 months, reaching a seasonal high of 1.3% in December 2009. 'While some of these borrowers caught up, many either remained a payment late or became more delinquent in the succeeding months,' said Managing Director Vincent Barberio.
Despite some improvement in home prices and a slowdown in employment loss, roll rates have not improved primarily due to the number of prime jumbo borrowers who owe more on their mortgages than their home is worth. 'Over one-third of prime jumbo borrowers that are current on their mortgages also are 'underwater' on their mortgages,' said Barberio.
Fitch's RMBS Performance Metrics combines loan level data from Fitch Ratings and LoanPerformance to include delinquency trends, roll rate movement, and prepayment rates and modified loan levels across vintage, sector, and mortgage type. RMBS Performance Metrics are available at 'www.fitchratings.com' under the following headers:
Sectors >> RMBS >> Tools >> Performance Metrics
Fitch plans to release its Performance Metrics updates monthly to keep the market abreast of regional and overall residential mortgage delinquency trends.
The lawsuit filed by the Securities and Exchange Commission in U.S. District Court in Manhattan sought an order requiring Bank of America to pay a civil penalty for not telling shareholders it was losing $15.3 billion in the fourth quarter of 2008.
Bank of America spokesman Robert Stickler called the charges "totally without merit."
He said the company believes it provided sufficient and appropriate disclosure to shareholders prior to their vote approving the combination.
"We look forward to presenting the facts in court," Stickler said. "What we would note is that there were no charges against individuals and no charges of fraud. We were pleased with that."