Category Archives: Malware

Attack on Nortel Not an Anomaly

In my last post,, I promised to offer a subsequent entry on why public companies are reluctant to publicize breaches of their corporate networks.

I also suggested that such attacks probably are far more common than we realize. What happened to Nortel likely is occurring to a number of other companies right now.

It’s easy to understand why public companies don’t like to disclose that they’ve been the victim of hacking exploits, especially if those attacks result in the theft of intellectual property and trade secrets.

Strong Sell Signals

As public companies, their shares are traded on stock markets. Not without reason, shareholders and prospective investors might be inclined to interpret significant breaches of corporate networks as strong sell signals.

After all, loss of intellectual property — source code, proprietary product designs, trade secrets, and strategic plans — damages brand equity. Upon learning that the company in which they hold shares had its intellectual property pilfered, investors might be inclined to deduce that the stolen assets will later manifest themselves as lost revenue, reduced margins, decreased market share, and diminished competitive advantage.

Hacking exploits that result in perceived or real loss of substantial intellectual property represent an investor-relations nightmare.  A public company that discloses a major cyber breach that resulted in the loss of valuable business assets is far more likely to be met with market dismay than with widespread sympathy.

Downplay Losses

So, if public companies are breached, they keep it to themselves. If, however, a company is compelled by circumstances beyond its control to make a public disclosure about being attacked, it will downplay the severity and the risks associated with the matter.

In early 2010, you will recall, Google announced that it was subjected to a persistent cyber attack  that originated in China. It was part of larger attack, called Operation Aurora, aimed at dozens of other companies.

Some companies acknowledged publicly that they were attacked. Those companies included Adobe Systems, Juniper Networks, and Rackspace. Other companies subjected to the attacks — but which were not as forthcoming about what transpired — reportedly included Yahoo, Symantec, Northrop Grumman, Morgan Stanley, and Dow Chemical.

After the Crown Jewels

At the time of the attacks, Google spun a media narrative that suggested the attacks were designed to spy on human-rights activists by cracking their email accounts. While that might have been a secondary objective of the attacks, the broader pattern of Operation Aurora suggests that the electronic interlopers from China were more interested in obtaining intellectual property and trade secrets than in reading the personal correspondence of human-rights activists.

Indeed, McAfee, which investigated the attacks, reported that the objective of the perpetrators was to gain access to and to potentially modify source-code repositories at the targeted companies. The attackers were after those companies’ “crown jewels.”

The companies that admitted being victims of Operation Aurora all downplayed the extent of the attacks and any possible losses they might have suffered. Perhaps they were telling the truth. We just don’t know.

Transfer of Wealth

Last summer, Dmitri Alperovitch, McAfee’s vice president of threat research, provided the following quote to Reuters:

“Companies and government agencies are getting raped and pillaged every day. They are losing economic advantage and national secrets to unscrupulous competitors. This is the biggest transfer of wealth in terms of intellectual property in history. The scale at which this is occurring is really, really frightening.”

What Alperovitch said might seem melodramatic, but it isn’t. He’s not the only knowledgeable observer who has seen firsthand the electronic pillage and plunder of corporate intellectual property on a vast scale. For the reasons cited earlier in this post, few companies want to put up their hands and acknowledge that they’ve been victimized.

Nortel, in apparently being subjected to a decade-long cyber attack, might have been a special case, but we should not assume that what happened to Nortel is anomalous. For all we know, the largest companies in the technology industry are being violated and plundered as you read this post.

Pondering Intel’s Grand Design for McAfee

Befuddlement and buzz jointly greeted Intel’s announcement today regarding its pending acquisition of security-software vendor McAfee for $7.68 billion in cash.

Intel was not among the vendors I expected to take an acquisitive run at McAfee. It appears I was not alone in that line of thinking, because the widespread reaction to the news today involved equal measures of incredulity and confusion. That was partly because Intel was McAfee’s buyer, of course, but also because Intel had agreed to pay such a rich premium, $48 per McAfee share, 60 percent above McAfee’s closing price of $29.93 on Wednesday.

What was Intel Thinking?

That Intel paid such a price tells us a couple things. First, that Intel really felt it had to make this acquisition; and, second, that Intel probably had competition for the deal. Who that competition might have been is anybody’s guess, but check my earlier posts on potential McAfee acquirers for a list of suspects.

One question that came to many observers’ minds today was a simple one: What the hell was Intel thinking? Put another way, just what does Intel hope to derive from ownership of McAfee that it couldn’t have gotten from a less-expensive partnership with the company?

Many attempting to answer this question have pointed to smartphones and other mobile devices, such as slates and tablets, as the true motivations for Intel’s purchase of McAfee. There’s a certain logic to that line of thinking, to the idea that Intel would want to embed as much of McAfee’s security software as possible into chips that it heretofore has had a difficult time selling to mobile-device vendors, who instead have gravitated to  designs from ARM.

Embedded M2M Applications

In the big picture, that’s part of Intel’s plan, no doubt. But I also think other motivations were at play.  An important market for Intel, for instance, is the machine-to-machine (M2M) space.

That M2M space is where nearly everything that can be assigned an IP address and managed or monitored remotely — from devices attached to the smart grid (smart meters, hardened switches in substations, power-distribution gear) to medical equipment, to building-control systems, to televisions and set-top boxes  — is being connected to a communications network. As Intel’s customers sell systems into those markets, downstream buyers have expressed concerns about potential security vulnerabilities. Intel could help its embedded-systems customers ship more units and generate more revenue for Intel by assuaging the security fears of downstream buyers.

Still, that roadmap, if it exists, will take years to reach fruition. In the meantime, Intel will be left with slideware and a necessarily loose coupling of its microprocessors with McAfee’s security software. As Nathan Brookwood, principal analyst at Insight 64 suggested, Intel could start off by designing its hardware to work better with McAfee software, but it’s likely to take a few years, and new processor product cycles, for McAfee technology to get fully baked into Intel’s chips.

Will Take Time

So, for a while, Intel won’t be able to fully realize the value of McAfee as a asset. What’s more, there are parts of McAfee that probably don’t fit into Intel’s chip-centric view of the world. I’m not sure, for example, what this transaction portends for McAfee’s line of Internet-security products obtained through its acquisition of Secure Computing. Given that McAfee will find its new home inside Intel’s Software and Service division, as Richard Stiennon notes, the prospects for the Secure Computing product line aren’t bright.

I know Intel wouldn’t do this deal just because it flipped a coin or lost a bet, but Intel has a spotty track record, at best, when it comes to M&A activity. Media observers sometimes assume that technology executives are like masters of the universe, omniscient beings with superior intellects and brilliant strategic designs. That’s rarely true, though. Usually, they’re just better-paid, reasonably intelligent human beings, doing their best, with limited information and through hazy visibility, to make the right business decisions. They make mistakes, sometimes big ones.

M&A Road Full of Potholes

Don’t take it from me; consult the business-school professors. A Wharton course on mergers and acquisitions spotlights this quote from Robert W. Holthausen, Nomura Securities Company Professor, Professor of Accounting and Finance and Management:

“Various studies have shown that mergers have failure rates of more than 50 percent. One recent study found that 83 percent of all mergers fail to create value and half actually destroy value. This is an abysmal record. What is particularly amazing is that in polling the boards of the companies involved in those same mergers, over 80 percent of the board members thought their acquisitions had created value.”

I suppose I’m trying to say is that just because Intel thinks it has a plan for McAfee, that doesn’t mean the plan is a a good one or, even presuming it is a good plan, that it will be executed successfully. There are many potholes and unwanted detours along M&A road.

Thoma Bravo Sees Promise in SonicWALL’s UTM Plans

A reader asked me to comment on the acquisition of SonicWALL, so that’s what I’ll do now. Yes, I sometimes take requests, just like a washed-up lounge lizard.

The announced transaction has been well documented in the business and trade press. An investor group led by private-equity firm Thoma Bravo, and comprising the Ontario Teachers’ Pension Plan, will acquire SonicWALL in a deal worth approximately $717 million. SonicWALL shareholders will receive $11.50 per share in cash, a 28-percent premium over Wednesday’s close.

The deal already is being challenged by law firms alleging that SonicWALL and its board of directors breached fiduciary duties by agreeing to the proposal before diligently seeking an offer that would have provided better value to shareholders.

I don’t want to step into that fray, because it’s an inherently subjective debate based on market estimates from analysts who might or might not have applied accurate assumptions, methodologies, and statistical models. I have no idea how some analysts arrive at their forecasts — some perform thorough channel checks and build intricate spreadsheets, while others perform Santeria rituals with live chickens on neighborhood baseball diamonds under the cover of darkness.

I think you take my point. That said, I will note that the premium offered looks at least superficially attractive. What’s more, the fevered response to it from the wealth-redistribution agents of the legal profession tells you that SonicWALL is an asset that is not bereft of hope and promise.

Indeed, SonicWALL is a strong UTM-firewall and point-product security vendor in the SMB/SME space and across a number of vertical markets, including government, education, and healthcare. The company has built a strong channel presence, and its channel partners generally have a favorable view of the company.

In its latest quarter, just before this acquisition hit, its results did not suggest obvious signs of distress. You can do the math and employ your multiples based on those numbers, but this deal is about what the buyers think the company is worth going forward, not on what the company has done historically. My point regarding the recent financial results, though, is that SonicWALL’s wheels were not falling off.

SonicWALL faces a lot of competition in an Internet-security market that is consolidating on multiple fronts. Security functionality is consolidating, as evidenced by jack-of-all-trades UTM boxes from the likes of Fortinet and SonicWALL; and the market is consolidating, too. Bigger vendors are buying point-product purveyors in attempts to become one-stop shops for the security needs of SMEs and large enterprises alike.

That’s why SonicWALL’s management chose to do this deal. Thoma Bravo not only brings money to the table, but also a potentially coherent plan as to how SonicWALL fits into its existing stable of Internet-security and infrastructure companies. In previous transactions, Thoma Bravo has acquired security-management firm Attachmate, application and database-tool vendor Embarcadero Technologies, and authentication vendor Entrust. Conceivably, SonicWALL will benefit from access to this technology ecosystem and to its sales channels.

Meanwhile, Thoma Bravo saw considerable growth potential in SonicWALL. The vendor holds its own in the SSL VPN market, where it has about a 20-percent share, but the real promise is in UTM, which really is the next-generation firewall.

According to Frost & Sullivan, the UTM market was worth nearly $2 billion in 2009. The market-research firm expects UTM growth to increase through 2010 and 2011 before moderating in subsequent years.  Nonetheless, if the market researchers are right, the UTM space will reach revenues of $7 billion in 2016. With SMEs and distributed enterprises expected to account for the vast majority of those sales, SonicWALL is well placed to benefit.

This is where we have to come back to the competition, though. The company faces not only Fortinet, which rode to an IPO on its UTM exploits, but also Internet-security heavyweights such as Cisco, Juniper, and, to a lesser extent, Check Point.

One factor that could work in SonicWALL’s favor is that Cisco doesn’t seem as focused on Internet security as it has been. Not only has Cisco suffered from component shortages that deferred and cut into sales of its ASA boxes, but the Internet-gear colossus seems distracted by shinier, glossier market opportunities. Cisco also is less focused on serving SMEs than on catering to its large-enterprise and service-provider customers.

Looking ahead to the changing security demands occasioned by increasing virtualization and the adoption of cloud computing, SonicWALL is developing a new security God-box architecture under an Austin Powers-like moniker, Project SuperMassive. The company describes it as a “next-generation security platform and technology capable of detecting and controlling applications, preventing intrusions, and blocking malware at up to 40 Gbps without introducing latency to the network.”

According to SonicWALL, Project SuperMassive will implement a patented Reassembly-Free Deep Packet Inspection (RFDPI) engine to “provide increased insight into inbound and outbound network content without compromising security or performance.” SonicWALL says its new technology will intercept network threats that come from “anywhere and everywhere” and “scan everything.”

It all seems impressive, but the proof is in the pudding, or — in this case — the UTM. However it turns out, Thoma Bravo is buying a company with no shortage of technological vision.

As a postscript to this note, I will say that HP bears watching in the space. It’s possible, though by no means certain, that HP will acquire a vendor such as Fortinet to fill a gap in its HP Networking security portfolio.

Security Just One Aspect of Google’s Internal Windows Purge

The Financial Times reported yesterday that Google is phasing out internal use of Microsoft’s Windows operating system, ostensibly for security reasons.

I will not suggest that Windows doesn’t have its security problems, most of which have been well documented over the years, though new ones surface regularly. I have no doubt that the security shortcomings of Windows have been real problems for Google and its employees. Early this year, for example, Windows-based PCs running Internet Explorer were breached by Chinese hackers in what became known as Operation Aurora, resulting in a major standoff between Google and China that saw the former ultimately relocate its Chinese search operations to Hong Kong.

Still, we’d be remiss if we didn’t recognize that there’s another aspect to the phasing out of Windows at Google, increasingly a competitor to Microsoft on multiple fronts that extend far beyond search and related advertising.

One of Google’s biggest pushes, of course, is cloud computing, for which it would like to serve as poster child and exemplar. Google has developed application services and even an operating system, Chrome, to better deliver its vision of cloud computing to consumers and enterprises alike. Unlike Windows, Chrome is designed from the ground up to handle web-based applications. Windows, of course, draws its lineage and its market power from a desktop-based model of computing, in which applications run wholly (or in large part) on a personal computer.

Microsoft and Google are competing to deliver their respective visions of cloud computing to consumers and business. Even in the cloud, the operating system is important, in that it frames user engagement with remote application services. While its mandate and responsibilities are changing, the operating system still owns important real estate.

For now, though, Google says its employees are free to use Macs and Linux-based systems, but not Windows-based PCs. Google employees, however, report that the company would like to see its staff, and many others besides, using more Google-based products and services, including Chrome, on a regular basis.

That’s a logical objective for Google to pursue. How can consumers and businesses have confidence in Chrome if Google doesn’t use it internally? Increasingly, for as long and as hard as Google promotes Chrome beyond its own walls, expect the company to adopt it increasingly on its own campuses. As the saying does, Google will have to eat its own dog food.

In the meantime, though, Google employees are free to use their Macs. That will change, I’m sure, as Google pushes a tandem of Chrome and Android at home as well as away.

HP Dumps Cold Water on Smart Grid

If the nascent smart-grid market is afire with hype, HP Is doing its utmost to throw cold water on the blaze.

Speaking at HP’s annual Executive Energy Conference in Dubai this week, Ian Mitton, HP’s utilities industry director and global lead on smart grid technology, said smart-grid security has been an “afterthought” in early deployments and that “projects are not happening fast enough,” according to a report in eWeek Europe.

When it comes to HP and the smart grid, we can go one of two ways with our interpretation. We can conclude that HP is right, that security has been overlooked and that market adoption has been tepid; or we can conclude that HP is denigrating smart-grid security and the overall market because it is late to an increasingly festive party.

Then again, maybe both conclusions are valid. They aren’t mutually exclusive, after all. In some parts of the world, such as Asia and North America, the smart-grid market is exhibiting relatively strong growth, whereas market vitality is less in evidence in many European jurisdictions.

What’s interesting, though, is that 3Com’s H3C, which HP now owns, is said to be well positioned to benefit from booming smart-grid expenditures in China. As the 3Com integration proceeds, HP’s tune on the smart grid might change.

Google-China Conflict Must Be Viewed in Context of Bigger Story

As the old saw goes, we sometimes can’t see the forest for the trees. What’s happening is hidden in plain sight, but we don’t see it, either because we’re focusing too closely on an incidental element or because we don’t want to confront an unpalatable reality.

I feel that way as I watch the Google-China conflict play out. In truth, the dispute between Google and China is a symptom of a larger problem, one that has far-reaching implications for Western economies and entire industries, including the technology sector.

No, censorship is not the core issue. Censorship is a MacGuffin, a plot device that keeps the story moving in the media but doesn’t get to the heart of what’s really happening. As much as we like to think our companies value human rights above all else, it’s simply not true. Companies are businesses, and they behave like businesses. They’re guided by the profit motive, and they seek to grow revenue and earnings. It’s what they do.

Occasionally, ethical and moral considerations play a role in corporate strategies. There are companies that practice enlightened self-interest, and Google is one of them.

Google knows, for instance, that its search engine is more popular and valuable if it is seen to be objective, delivering the best possible results, not beholden to the solicitations of commercial interests or the fiats of oppressive governments. Paradoxically, by refusing to capitulate to those who would have Google skew its search results, Google actually makes its search engine more valuable to everybody, including Google. That’s enlightened self-interest.

So, what’s really happening? What’s the big picture? Google is one of dozens of Western multinational companies finding that China, though the fastest-growing major economy in the world, will not provide them with the riches they had anticipated. That’s because of China’s nationalist mercantilism, as reflected in its “indigenous innovation” industrial policies.

A story in today’s Wall Street Journal is instructive. Titled “Business Sours on China,” the article explores the growing disillusionment of foreign businesses in China. These businesses are discovering that Chinese authorities are increasingly favoring homegrown state-owned companies across a range of industries, including almost all involving technology-related growth sectors.

What follows is a salient excerpt from the WSJ story:

“The Google issue has had a crystallizing effect,” says Lester Ross, managing partner in Beijing for U.S. law firm Wilmer Cutler Pickering Hale and Dorr. “It raised the consciousness of government and of the boardrooms and other stakeholders” about the difficulties of doing business in China, he says.

Foreign investors have long complained about China’s haphazard legal system and regulation.

These were mere annoyances when China was an emerging market. Today, the huge Chinese market is increasingly fundamental to the health of large Western multinationals. Lose here, say Western executives, and multinationals are weakened globally.

So, as you can see, the stakes are huge. Companies that have built robust Chinese growth into their business models and revenue projections are increasingly anxious — and for good reason.

It doesn’t help that China’s systematic efforts to create state-backed, homegrown, market-leading behemoths doesn’t stop at “indigenous innovation.”

Remember that these issues are being raised by foreign transnationals in the immediate aftermath of what McAfee calls Operation Aurora, an outbreak of corporate espionage that allegedly saw China-based hackers attempt to purloin the source code, product formulas, and other intellectual property in “software configuration management systems” of at least 20 (and perhaps as many as 100) US-based companies. (Yes, Google was one of them, and that’s how and when his latest conflagration with China began.)

We don’t know what intellectual property was stolen from which companies. That information is not being volunteered. What’s not at issue is that somebody was trying to get what McAfee’s calls the corporate “crown jewels.”

I’m not saying censorship and human-rights abuses are not important issues. I wish they were more important than they are. But the fact is, this story is even bigger, with ramifications that could affect the health of Western economies as well as the profitability of the corporations they host.

Reconsidering China’s Market Allure

We should know by now that Google’s conflict with China isn’t about censorship. Instead, it’s about intellectual property. Google wants to defend and protect its intellectual property, whereas hackers based in China seem intent on plundering it.

Questions remain as to whether and how the hackers are affiliated with China’s government. We might never get complete answers, though circumstantial evidence suggests official approval for, if not direct complicity in, the illicit exploits.

It’s worth noting that Google wasn’t the only company victimized. More than 30 other companies were similarly breached, including notable technology vendors such as Adobe, Juniper, Symantec, Yahoo, and Intel.

Intel claims it wasn’t severely affected by what transpired. A spokesman for the company said: “To the best of my knowledge, no intellectual property was lost,” Intel has downplayed the incident, even though the company admits it was subject to a sophisticated attack.

Other technology companies have acknowledged being attacked, but have been reticent to say whether they suffered losses of intellectual property. Google, for its part, has conceded that its intellectual property was stolen by the hackers, but it hasn’t specified what was taken.

We do know that theft of intellectual property, depending on what was purloined, could have serious consequences for victimized companies. All of the aforementioned companies face competition from Chinese vendors who already have home-field advantage in their native market. What’s more, Chinese vendors often develop and produce commodity products at lower prices than their foreign rivals. The lower prices can confer competitive advantage in export markets.

If Chinese vendors were to gain illicit access to trade secrets and intellectual property of their Western rivals, technological differentiation would be more difficult for Western vendors to maintain. The edge these companies have over their Chinese counterparts is predicated on intellectual property derived from capital-intensive research and development. If that edge is mitigated severely or, even worse, eliminated by theft of intellectual property, the potential repercussions are manifold and profound.

Uncomfortable questions arise, but we ignore them at our peril. Arguably the biggest question is whether Western technology companies could lose more than they stand to gain from direct involvement in the Chinese market. The Chinese market, with its vast promise, is as alluring as a Siren song, but one has to wonder whether Google, Juniper, and others will meet the same fate as the shipwrecked sailors in Greek mythology. Ironically, the draw of Chinese lucre could result in the pauperization of companies that pursue it.

Some might charge me with exaggeration on that point, but I would ask that you turn your attention not only to the recent rash of hack attacks but also to Chinese policies regarding domestic government procurement and industrial practices.

A recent Computerworld story spotlighted the policy straitjacket China is tailoring for foreign technology purveyors:

U.S. business associations this week wrote a letter to the Obama administration requesting its help on China’s recent intellectual property rules, which the letter said give significant preference for Chinese government procurement to products whose intellectual property is developed and owned in China. The rules run counter to Chinese pledges to avoid protectionism and mark “an unprecedented use of domestic intellectual property as a market-access condition,” said the letter, which was posted on the Web site of the Business Software Alliance.

The new requirements would make it virtually impossible for foreign companies to win Chinese government contracts, said Xiang Wang, a Beijing-based intellectual-property partner at law firm Orrick, Herrington & Sutcliffe. To comply with them, multinational companies would have to change their global model for managing intellectual property rights, transferring ownership of the rights to their Chinese subsidiaries rather than just licensing rights to them, he said.

Tough regulatory issues are likely to increase for foreign companies in China as the country keeps rising economically, Wang said.

A recent item in the Financial Times addresses many of the same issues.

Taken together, these measures amount to a disastrous scenario for a range of foreign companies, including software makers, semiconductor companies and producers of telecommunications gear, computers and smartcards.

“The stuff the Chinese government is asking for is stuff we don’t give to governments,” says a US executive. “If we were to comply and it became known that we disclosed our source codes to Chinese labs, it would damage our standing in other markets.”

One way or another, it seems, China will get the source code and intellectual property it craves. Once China has what it wants, impoverished Western companies will fail to reap commercial benefits from China and the country won’t require that they have a presence there.

The U.S. and other nations seem to have no answer for China’s “indigenous innovation” policies. As a Reuters story points out, Washington has difficulty mounting a legal challenge to China’s indigenous innovation policy because Beijing has not joined the World Trade Organization’s government procurement pact.

As Mike Elgan wrote in Datamation, it makes one wonder whether China is the market paradise Western technology companies believe it to be.