apple-list

Download

apple-list@lists.umanitoba.ca

March 2009

1 participants
2 discussions

INTEREST: new MacPros: when slower is actually faster
by billing 30 Mar '09

30 Mar '09

...from: http://www.macworld.com/article/139507/2009/03/macpro2009.html?lsrc=mwweek Quad-Core and Eight-Core Mac Pros (2009 editions) New Mac tower boosts performance despite speed drop by James Galbraith, Macworld.com Though you wouldn’t know by looking at it, Apple’s new tower, the Mac Pro, has just received a major overhaul. The two tower models pack a brand-new processor and video system, and feature a reorganized internal design. However, they have lower clock speeds than their predecessors. PRODUCT: Mac Pro Quad-Core/2.66GHz RATING PROS New Nehalem microprocessor; easier to upgrade internal components; lower price. CONS None significant. COMPANY Apple PRICE AS RATED $2,499 BEST CURRENT PRICE $2,388.00 PRODUCT: Mac Pro Eight-Core/2.26GHz RATING PROS New Nehalem microprocessor; easier to upgrade internal components; lower price. CONS Most routine apps perform better with fewer, faster processors. COMPANY Apple PRICE AS RATED $3,299 PEOPLE WHO READ THIS ALSO READ: Avoiding Mac buyer's remorse Six things Apple needs to do right now Why even IT pros are demanding Macs Review: Wolfram Mathematica 7 Psystar rolls out new, compact Mac clone The five most underused Finder tools Last year’s standard Mac Pro () featured a 2.8GHz eight-core Intel Xeon processor based on the Harpertown/Penryn architecture. This year, there are two models: a quad-core system with a 2.66GHz Nehalem Xeon processor, and an eight-core model running two quad-core Xeon processors at 2.26GHz. Also new to the Mac Pros are Nvidia GeForce GT 120 graphics cards and a revamped interior designed to ease user access for upgrading internal components. Similar but different Aside from the second optical-drive slot on the front, the Mac Pro continues to use the same big-handled, aluminum case as the Power Mac G5, introduced nearly five years ago. There are some minor changes to the exterior, though—specifically in the type and number of connections. First, the two FireWire 400 connectors from previous generations have been replaced with backward-compatible FireWire 800 ports, bringing the number of FireWire ports to four—two on the front and two on the back. The five USB 2.0 ports, two on the front and three on the back, remain. On the graphics card, one of the two dual- link DVI connectors at the rear of the system has been replaced with a Mini DisplayPort connector, which lets you connect either to Apple’s 24-inch LED Cinema Display () or, with adapters (not included), to a second DVI display. The new Mac Pros have been remodeled on the inside to provide for easier access to components. Upon opening the case, you immediately notice major changes in the layout of the components. The memory modules are no longer installed on two sliding trays—instead, the memory and processor all rest on a sled at the bottom of the case, which you remove by releasing two latches. The quad-core Mac Pro has four memory slots that ship with 3GB, 6GB, or 8GB of 1,066MHz DDR3 SDRAM modules; the eight-core Mac Pro has eight DIMM slots for a maximum of 32GB of RAM. The memory design no longer requires the large heat sinks. The Mac Pro still has four internal cable-free hard-drive slots, using a sliding tray to attach the drives directly to the motherboard. Now, though, the large plastic piece holding the fan near the front of the Mac Pro is much smaller, giving your fingers more room to grip the hard-drive sleds. This is a small but welcome change. I can’t tell you how many times I’ve struggled over the years to remove that first drive. Another nice design change helps ease the removal of PCI cards from the four full-size PCI Express 2.0 card slots. In the past, to remove a card, you’d first need to turn two large thumbscrews that held a small plate keeping the cards in place. Then you had to feel around behind the card, searching for a little plastic tab mounted on the motherboard, which you needed to lift up in order to release the card. With the new Mac Pro, that second step is much easier. You now simply push a single thin bar that extends across all the PCI Express 2.0 slots to release any or all cards. Apple has also made installation of its add-on Apple RAID card much easier: you just put it into the clearly marked top slot, and you’re ready to go. Installed in the first PCI Express 2.0 slot is the new Nvidia GeForce GT 120 graphics card with 512MB of video RAM; the last generation of Mac Pros came standard with an ATI Radeon HD 2600 XT graphics card with 256MB of memory. 2.66GHz Quad-Core/2.26GHz Eight-Core Mac Pro Speedmark Scores Longer bars are better. Blue bars in italics represent reference systems. Macworld Lab testing by James Galbraith, Chris Holt, and Helen Williamson. New processor The new Mac Pro uses Intel’s Xeon 3500 or 5500 quad-core processors, part of the new Nehalem family of microprocessors. Several major architectural innovations have the new processors featuring all four cores on a single die, making its 8MB of L3 cache available to any and all processing cores. The memory controller is now on-chip, giving the processor faster access to the main memory, and eliminating memory latency by up to 40 percent. Previously, the Mac Pro had 12MB of L2 cache per processor, with 6MB shared between pairs of processing cores. Each processor now has full access to 8MB of L3 as well as a small amount of dedicated L2 cache, whereas the previous Mac Pro had no L3 cache. A technology called Hyper-Threading creates two virtual cores per each physical core, allowing each physical core to run two processes at once, which helps use the available processing power more efficiently. Also new to the Nehalem processors is a technology Intel calls Turbo Boost. Turbo Boost helps speed up the majority of applications that haven’t been written to take full advantage of multicore processors by allowing the system to spin down idle processing cores while increasing the speed of the processors in use. This lets a 2.93GHz Xeon, for example, run at speeds as high as 3.33GHz, Apple says. Performance So do all of these innovations translate to better performance? The 2.66GHz quad-core Mac Pro posted faster speeds in Photoshop, Compressor, iMovie, iTunes, and 3-D game benchmarks than the previous standard eight-core Mac Pro. That’s pretty impressive considering that the new Mac Pro is using only half the number of processing cores as last year’s standard configuration—and at a slower speed. The new quad- core’s score in our overall system performance suite, Speedmark 5, was 16 percent faster than that of the previous 2.8GHz eight-core Mac Pro. It was also 27 percent faster in our Photoshop tests, and 20 percent faster at Compressor than the older system. 2.66GHz Quad-Core/2.26GHz Eight-Core Mac Pro benchmarks Speedmark 5 Adobe Photoshop CS3 Cinema 4D XL 10.5 Compressor iMovie HD iTunes 7.5 Quake 4 Finder OVERALL SCORE SUITE RENDER MPEG ENCODE AGED EFFECT MP3 ENCODE FRAME RATE ZIP ARCHIVE Mac Pro 2.66GHz Quad-Core (Nehalem) 348 0:35 0:18 0:47 0:29 0:46 81.2 3:27 Mac Pro 2.26GHz 8-Core (Nehalem) 343 0:36 0:13 0:57 0:34 0:47 70.8 3:55 Mac Pro 2.8GHz 8-Core (Harpertown, 3GB RAM) 301 0:48 0:16 0:59 0:34 0:49 74.5 3:49 Mac Pro 2.8GHz 8-Core (Harpertown, 6GB RAM) 319 0:39 0:16 0:59 0:33 0:49 75.0 3:47 Mac Pro 2.66GHz Quad-Core (Woodcrest) 262 0:44 0:28 1:19 0:40 0:54 54.7 4:01 24-inch iMac Core 2 Duo/3.06GHz (March 2009) 308 0:39 0:41 1:25 0:37 0:50 85.6 3:24 Power Macintosh 2.5GHz Quad-Core G5 226 1:10 0:32 1:30 0:39 0:48 41.6 4:40 >Better <Better <Better <Better <Better <Better >Better <Better Best results in bold. Reference systems in italics. Speedmark 5 scores are relative to those of a 1.5GHz Core Solo Mac mini, which is assigned a score of 100. Adobe Photoshop, Cinema 4D XL, iMovie, iTunes, and Finder scores are in minutes:seconds. All systems were running Mac OS X 10.5.6 with the Mac Pro 2.66GHz Quad Core outfitted with 3GB of RAM, and the Mac Pro 2.26GHz 8-Core with 6GB of RAM. The Photoshop Suite test is a set of 14 scripted tasks using a 50MB file. Photoshop’s memory was set to 70 percent and History was set to Minimum. We recorded how long it took to render a scene in Cinema 4D XL. We used Compressor to encode a 6minute:26second DV file using the DVD: Fastest Encode 120 minutes - 4:3 setting. In iMovie, we applied the Aged Film Effect from the Video FX menu to a one minute movie. We converted 45 minutes of AAC audio files to MP3 using iTunes’ High Quality setting. We used Quake's average-frames-per-second score; we tested at a resolution of 1,024x768 pixels at the Maximum setting with both audio and graphics enabled. We created a Zip archive in the Finder from two 1GB files.To compare Speedmark 5 scores for various Mac systems, visit our Mac Hardware Guide.—MACWORLD LAB TESTING BY JAMES GALBRAITH, CHRIS HOLT, AND HELEN WILLIAMSON. 2.66GHz Quad-Core/2.26GHz Eight-Core Mac Pro benchmarks Quake 4 Quake 4 Call of Duty 4 Call of Duty 4 Call of Duty 4 Mathematica Compressor 1,024x768 1,600x1,200 1,024x768 1,344x880 1,920x1,200 MathematicaMark 7 ProRez 422 to H.264 Mac Pro 2.66GHz Quad-Core (Nehalem) 81.2 41.6 68.1 39.6 24.3 10.1 9:38 Mac Pro 2.26GHz 8-Core (Nehalem) 74.5 41.1 77.7 38.1 24.1 16.8 8:14 Mac Pro 2.8GHz 8-Core (Harpertown, 3GB RAM) 75.0 21.5 77.8 28.7 16.9 9.7 9:02 Mac Pro 2.66GHz Quad-Core (Woodcrest) 54.7 19.8 26.1 10.5 6.1 6.9 12:52 24-inch iMac Core 2 Duo/3.06GHz (March 2009) 85.6 73.2 73.7 58.1 42.2 4.1 28:32 >Better >Better >Better >Better >Better >Better <Better Best results in bold. Reference systems in italics. We used Quake 4's timedemo run at 1,024x768 at high quality settings and antialialsing off, we then ran it again at 1,600x1,200 at Ultimate quality settings with 2X antialialsing enabled. For Call of Duty 4, we ran a self-recorded timedemo at 1,024x768 and antialiasing and shadows turned off, we then ran it again at both 1,344x880 and 1,920x1,200 with Shadows on and 4X antilaliasing enabled. We ran Mathematica 7's built-in benchmark, MathematicaMark. We used Compressor to encode a 6minute:26second ProRes file to the application's H.264 for iPod/ iPhone 640x480 preset with QMaster set to create a cluster comprised of the maximum number of instances per system.—MACWORLD LAB TESTING BY JAMES GALBRAITH, CHRIS HOLT AND HELEN WILLIAMSON. The new 2.26GHz eight-core Mac Pro has twice as many processing cores as the 2.66GHz quad-core model, but each core runs 15 percent slower than the cores in that 2.66GHz quad-core Mac Pro. Because many applications have a difficult time using even four processors efficiently, the advantage of having eight was not apparent in most of the application tests that make up our Speedmark benchmark test suite. In fact, the new eight-core system posted a lower Speedmark score than the quad-core system, and bested it in just one test—Cinema 4D, where it posted a 28 percent faster time. Pro app testing We run Speedmark on all Mac systems, so the suite is light on the few industrial-strength professional applications that take full advantage of multicore processors. Speedmark tests are also run one at a time, which can mask the advantage of increased RAM. For those reasons, we decided to add a couple of tests to the suite to better test the Mac Pro, namely Mathematica() and a ProRes Compressor test. In these tests, the applications recognized and used all 16 virtual cores of the new eight-core Mac Pro. In MathematicaMark 7, the new quad-core Mac Pro received a score of 10.1, nearly identical to the 9.7 score of last year’s eight-core 2.8GHz Mac Pro. The new 2.26GHz Mac Pro scored 16.8, or 73 percent higher than last year’s eight-core Mac Pro. In our ProRes encode test to Compressor’s H.264 iPod/iPhone 640 by 480 preset, the new 2.66GHz Mac Pro took 9 minutes and 38 seconds to convert our 6 minute and 41 second clip, about 6.6 percent longer than the older eight-core 2.8GHz system did. The new 2.26GHz Mac Pro was about 8.9 percent faster than last year’s model. The new Mac Pro’s graphics performance showed much improvement when running 3- D games at high resolution. With the Nvidia GeForce GT 120 graphics, the new Mac Pros were able to push through 44 percent more frames per second than last year’s standard 2.8GHz eight-core Mac Pro when running Call of Duty 4 at 1,920 by 1,200 pixels, and nearly twice as many frames per second when running Quake 4 at high resolution. The new 3.06GHz 24-inch iMac (), with its Nvidia GeForce 130 graphics chip, beat both Mac Pros in our most of our graphics tests. Macworld’s buying advice The new Mac Pros, with their cutting-edge Nehalem processor technology, are able to execute more tasks at a faster clip, despite lower processor speeds. And their new internal design makes adding hard drives, memory cards, and PCI Express 2.0 cards easier than ever. Apple’s most expandable Mac is the pro platform for power users. With its improved graphics, memory bandwidth, and reduced memory latency, the 2.66GHz quad-core Mac Pro was faster than the 2.8GHz eight-core Mac Pro, and at $2,499 costs $300 less. It would be a fine purchase for anyone replacing an older Mac or buying a new one for the first time. That is especially true for people who work with processorintensive apps such as video or graphics. It’s harder to recommend that people spend $800 more for the new $3,299 2.26GHz eight-core Mac Pro if they don’t run software written for the top-of-the-line Mac Pro’s eight processor cores. Though the 2.26GHz model was faster at most individual tasks than the previous eightcore 2.8GHz Mac Pro, and very fast in a few of our professional applications tests, it was slower than the new quad-core model at the majority of our application tests.

1 0

INTEREST: Canadian/UK research firms find sophisticated "social malware" at work
by billing 29 Mar '09

29 Mar '09

...from: http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.html The snooping dragon: social-malware surveillance of the Tibetan movement Shishir Nagaraja, Ross Anderson University of Cambridge March 2009, 12 pages Abstract In this note we document a case of malware-based electronic surveillance of a political organisation by the agents of a nation state. While malware attacks are not new, two aspects of this case make it worth serious study. First, it was a targeted surveillance attack designed to collect actionable intelligence for use by the police and security services of a repressive state, with potentially fatal consequences for those exposed. Second, the modus operandi combined social phishing with high-grade malware. This combination of well-written malware with well-designed email lures, which we call social malware, is devastatingly effective. Few organisations outside the defence and intelligence sector could withstand such an attack, and although this particular case involved the agents of a major power, the attack could in fact have been mounted by a capable motivated individual. This report is therefore of importance not just to companies who may attract the attention of government agencies, but to all organisations. As social-malware attacks spread, they are bound to target people such as accounts-payable and payroll staff who use computers to make payments. Prevention will be hard. The traditional defence against social malware in government agencies involves expensive and intrusive measures that range from mandatory access controls to tiresome operational security procedures. These will not be sustainable in the economy as a whole. Evolving practical low-cost defences against social-malware attacks will be a real challenge. ...and from the full text: "We monitored the network traﬃc on its mail service in California and immediately observed that gaining access to emails would have been straightforward for anyone who could monitor this circuit, since the traﬃc was unencrypted. The email server could be contacted via POP, IMAP and HTTP in insecure modes, with passwords and mail passing in plain text. We also noted that some passwords chosen by [the users] were easily broken with a dictionary attack[...] in about 15 minutes [3]. The ‘standard’ security-consultant advice might therefore have been that [users] turn on TLS encryption to their mail server, and adopt a password policy. However such a superﬁcial diagnosis and prescription would not have given much of a defence. It turned out that the attackers used a diﬀerent route. 2.1 The attack vector Email attachments appear to have been the favoured strategy to deliver malicious pay-loads. This worked because the attackers took the trouble to write emails that appeared to come from fellow Tibetans and indeed from co-workers. The use of carefully-written email lures based on social context to get people to visit bogus websites has been called ‘social phishing’; in this incident, such email was used to spread malware and we therefore call this strategy social malware. [...] We then examined samples of email attachments from the local ﬁle systems them with the expert help of Mikko Hypponen at F-Secure Corporation, who determined that they could support ﬁle search and retrieval operations and also function as keyloggers. This conﬁrms that the attackers had pretty much full access to the data on the infected computers. (In fact, one monk claimed that he actually ‘saw’ the bot open his Outlook Express and send infected attachments to others without any action on his part!) [...] ... there is nothing in the modus operandi that prevents [these attacks] from being carried out by a smaller opponent. For example, we saw no evidence that the initial break involved wiretapping the backbone traﬃc from Dharamsala to California [...]. There was no need, given the tools and methods they actually employed. In fact, even a capable motivated individual could have carried out the attacks we describe here. Until recently, one might have assumed that it would take a ‘geek’ to write good malware, and someone with interpersonal skills to do the social manipulation. But the industrialisation of online crime over the past ﬁve years means that capably-written malware, which will not be detected by anti-virus programs, is now available on the market. All an attacker needs is the social skill and patience to work the malware from one person to another until enough machines have been compromised to complete the mission. What’s more, the ‘best practice’ advice that one sees in the corporate sector comes nowhere even close to preventing such an attack. Thus social malware is unlikely to remain a tool of governments. Certainly organisations of interest to governments should take proper precautions now, but other ﬁrms had better start to think about what it will mean for them when social malware attacks become widespread. [...] So what are the broader implications? How can social malware be dealt with? [...] One thing we predict, though, is that the social response to the threat of social malware will be slow and ineﬀective. This is because of elementary security economics. Banks will try to shift the blame to accounting system providers, and vice versa. The accounting vendors will advise customers to lock down user PCs, without being too explicit about how. Companies seeking redress will ﬁnd themselves up against standard terms and conditions whereby both banks and vendors disclaim liability; in many markets they are oligopolistic suppliers, so may be able to defend these contract terms for some time. The banking regulators have shown that they believe whatever the banks tell them, that they are uninterested in protecting bank customers, and in any case they have no expertise in information security. The initial attacks will aﬀect only a minority of ﬁrms, so the rest will prefer to blame the attacks on the victims’ negligence rather than acknowledging that their own policies need to change. Many companies will rely for advice on their auditors, and big audit ﬁrms, being ponderous and bureaucratic, give the same advice year-in year- out until litigation or regulation forces change. In short, we predict that the criminals who adapt social malware to fraud will enjoy many years of rich pickings. Indeed, if either of us were inclined to crime, this would be what we’d go for. [...] 4 Conclusions [The attackers] used social phishing to install rootkits on a number of machines and then downloaded sensitive data. People in Tibet may have died as a result. The compromise was detected and dealt with, but its implications are sobering. It shows how diﬃcult it is to defend sensitive information against an opponent who uses social engineering techniques to install malware. We have described this social malware attack here and considered its consequences. [...] the techniques used are available even to private individuals and are quite shockingly eﬀective. In fact, neither of the two authors is conﬁdent that we could keep secrets on a network- connected machine that we used for our daily work in the face of determined interest from a capable motivated opponent. The necessary restrictions on online activity would not be consistent with eﬀective academic work. Organisations that maintain sensitive information on network-attached computers and that may have such opponents had better think long and hard. The implications are serious already for people and groups who may become the target of hostile state surveillance. In the medium term we predict that social malware will be used for fraud, and the typical company has really no defence against it. We expect that many crooks will get rich before eﬀective countermeasures are widely deployed. = - = - = - = ...from: http://www.nytimes.com/2009/03/29/technology/29spy.html?_r=1&th&emc=th Vast Spy System Loots Computers in 103 Countries By JOHN MARKOFF Published: March 28, 2009 TORONTO — A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded. Tim Leyes for The New York Times The Toronto academic researchers who are reporting on the spying operation dubbed GhostNet include, from left, Ronald J. Deibert, Greg Walton, Nart Villeneuve and Rafal A. Rohozinski. Vast Reach of ‘GhostNet’ In a report to be issued this weekend, the researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved. The researchers, who are based at the Munk Center for International Studies at the University of Toronto, had been asked by the office of the Dalai Lama, the exiled Tibetan leader whom China regularly denounces, to examine its computers for signs of malicious software, or malware. Their sleuthing opened a window into a broader operation that, in less than two years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama’s Tibetan exile centers in India, Brussels, London and New York. The researchers, who have a record of detecting computer espionage, said they believed that in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries. Intelligence analysts say many governments, including those of China, Russia and the United States, and other parties use sophisticated computer programs to covertly gather information. The newly reported spying operation is by far the largest to come to light in terms of countries affected. This is also believed to be the first time researchers have been able to expose the workings of a computer system used in an intrusion of this magnitude. Still going strong, the operation continues to invade and monitor more than a dozen new computers a week, the researchers said in their report, “Tracking ‘GhostNet’: Investigating a Cyber Espionage Network.” They said they had found no evidence that United States government offices had been infiltrated, although a NATO computer was monitored by the spies for half a day and computers of the Indian Embassy in Washington were infiltrated. The malware is remarkable both for its sweep — in computer jargon, it has not been merely “phishing” for random consumers’ information, but “whaling” for particular important targets — and for its Big Brother-style capacities. It can, for example, turn on the camera and audio-recording functions of an infected computer, enabling monitors to see and hear what goes on in a room. The investigators say they do not know if this facet has been employed. The researchers were able to monitor the commands given to infected computers and to see the names of documents retrieved by the spies, but in most cases the contents of the stolen files have not been determined. Working with the Tibetans, however, the researchers found that specific correspondence had been stolen and that the intruders had gained control of the electronic mail server computers of the Dalai Lama’s organization. The electronic spy game has had at least some real-world impact, they said. For example, they said, after an e-mail invitation was sent by the Dalai Lama’s office to a foreign diplomat, the Chinese government made a call to the diplomat discouraging a visit. And a woman working for a group making Internet contacts between Tibetan exiles and Chinese citizens was stopped by Chinese intelligence officers on her way back to Tibet, shown transcripts of her online conversations and warned to stop her political activities. The Toronto researchers said they had notified international law enforcement agencies of the spying operation, which in their view exposed basic shortcomings in the legal structure of cyberspace. The F.B.I. declined to comment on the operation. Although the Canadian researchers said that most of the computers behind the spying were in China, they cautioned against concluding that China’s government was involved. The spying could be a nonstate, for-profit operation, for example, or one run by private citizens in China known as “patriotic hackers.” “We’re a bit more careful about it, knowing the nuance of what happens in the subterranean realms,” said Ronald J. Deibert, a member of the research group and an associate professor of political science at Munk. “This could well be the C.I.A. or the Russians. It’s a murky realm that we’re lifting the lid on.” A spokesman for the Chinese Consulate in New York dismissed the idea that China was involved. “These are old stories and they are nonsense,” the spokesman, Wenqi Gao, said. “The Chinese government is opposed to and strictly forbids any cybercrime.” The Toronto researchers, who allowed a reporter for The New York Times to review the spies’ digital tracks, are publishing their findings in Information Warfare Monitor, an online publication associated with the Munk Center. [...] In any case, it was suspicions of Chinese interference that led to the discovery of the spy operation. Last summer, the office of the Dalai Lama invited two specialists to India to audit computers used by the Dalai Lama’s organization. The specialists, Greg Walton, the editor of Information Warfare Monitor, and Mr. Nagaraja, a network security expert, found that the computers had indeed been infected and that intruders had stolen files from personal computers serving several Tibetan exile groups. Back in Toronto, Mr. Walton shared data with colleagues at the Munk Center’s computer lab. One of them was Nart Villeneuve, 34, a graduate student and self- taught “white hat” hacker with dazzling technical skills. Last year, Mr. Villeneuve linked the Chinese version of the Skype communications service to a Chinese government operation that was systematically eavesdropping on users’ instant-messaging sessions. Early this month, Mr. Villeneuve noticed an odd string of 22 characters embedded in files created by the malicious software and searched for it with Google. It led him to a group of computers on Hainan Island, off China, and to a Web site that would prove to be critically important. In a puzzling security lapse, the Web page that Mr. Villeneuve found was not protected by a password, while much of the rest of the system uses encryption. Mr. Villeneuve and his colleagues figured out how the operation worked by commanding it to infect a system in their computer lab in Toronto. On March 12, the spies took their own bait. Mr. Villeneuve watched a brief series of commands flicker on his computer screen as someone — presumably in China — rummaged through the files. Finding nothing of interest, the intruder soon disappeared. Through trial and error, the researchers learned to use the system’s Chinese-language “dashboard” — a control panel reachable with a standard Web browser — by which one could manipulate the more than 1,200 computers worldwide that had by then been infected. Infection happens two ways. In one method, a user’s clicking on a document attached to an e-mail message lets the system covertly install software deep in the target operating system. Alternatively, a user clicks on a Web link in an e-mail message and is taken directly to a “poisoned” Web site. The researchers said they avoided breaking any laws during three weeks of monitoring and extensively experimenting with the system’s unprotected software control panel. They provided, among other information, a log of compromised computers dating to May 22, 2007. They found that three of the four control servers were in different provinces in China — Hainan, Guangdong and Sichuan — while the fourth was discovered to be at a Web-hosting company based in Southern California. Beyond that, said Rafal A. Rohozinski, one of the investigators, “attribution is difficult because there is no agreed upon international legal framework for being able to pursue investigations down to their logical conclusion, which is highly local.”

1 0