Hacking

SPOTLIGHT ON SECURITY

Did Google’s Wardriving Ways Give It a Competitive Edge?

Last week, the U.S. Federal Communications Commission (FCC) let Google off with a tap on the wrist for hindering the commission’s efforts to investigate allegations that Google was slurping information from WiFi networks with its fleet of mapping vehicles. [*Correction – April 23, 2012]

The search giant’s punishment — a US$25,000 fine leveled on Google by the FCC — earned criticism from privacy advocates as too meek a response to the company’s sins.

However, Google’s competitors should be steamed too, argued John Bumgarner, chief technology officer for the U.S. Cyber Consequences Unit.

The information collected by Google with its “wardriving” activities — information like MAC addresses — gave it an edge over competitors like Microsoft and Yahoo, he contended.

“These guys were able to go out and pick up WiFi signals and based on those WiFi signals pinpoint information about users, ” he told TechNewsWorld. “That gave them a huge advantage over Microsoft because then they could do better targeted marketing.”

“It was an unfair competitive advantage,” he said.

Google declined to comment for this item, but spokesperson Christine Chen said the company explained its position on its WiFi snooping in a company blog written two years ago.

“So how did this happen?” asked Google Senior Vice President for Engineering & Research Alan Eustace wrote in that blog. “Quite simply, it was a mistake.

“In 2006 an engineer working on an experimental WiFi project wrote a piece of code that sampled all categories of publicly broadcast WiFi data,” he explained. “A year later, when our mobile team started a project to collect basic WiFi network data like SSID information and MAC addresses using Google’s Street View cars, they included that code in their software …”

Glitch Could Affect Dot-Anything

The lords of the Internet, also known as the Internet Corporation for Assigned Names and Numbers (ICANN), have been struggling for more than a week now trying to iron out a problem with its domain application system that allowed some users to view application information filed on the system by others.

The glitch, which affected the application process for ICANN’s new generic Top Level Domain (gTLD) program, could delay the announcement of hundreds of new domains scheduled for April 30.

Under the new program, applicants with deep pockets — applications cost $185,000 a pop — need no longer be confined by .com, .net, etc., but instead can use their own brand. Coca-Cola, for example, could use the Internet address “coca-cola.coke.”

The glitch, MarkMonitor Chief Marketing Officer Fred Felman told TechNewsWorld, “is probably going to delay it.”

Luckily, he explained, the glitch occurred on the last day of the application process. “So it’s still possible that they could reveal the names on the 30th,” he added.

As to the severity of the glitch, Felman, whose firm specializes in protecting company brands on the Internet, observed: “The likelihood of widescale fraud or bad activity is relatively low. It remains to be seen, though, who was revealed what.”

Security Distrust

It’s probably not surprising to learn that IT pros have a low opinion of end users when it comes to security practices, but just how low was starkly revealed in a survey released last week by Sophos, a maker of cybersecurity solutions.

Ninety-six percent of global IT pros said they do not trust their end users to make sound IT security decisions, according to the survey.

“It’s really hard for IT,” Sophos Senior Security Consultant Carole Theriault told TechNewsWorld. “Their jobs is to secure their networks, but they can’t impact productivity doing it.”

What’s more, end users are continually clamoring to use the latest technologies — social networking, smartphones and such. “All those things can be a headache for your typical IT person,” Theriault said.

Sophos surveyors also found:

  • Nearly half of the respondents (48 percent) said they had to fix at least one security issue a week caused by end user negligence.
  • More than a quarter (26 percent) of IT pros said senior management commit the worst IT security offenses.
  • However, 19 percent of the respondents said IT commits the worst security offenses.

Breach Diary

  • April 14: Texas A&M University informed nearly 4,000 alumni that their personal information, including Social Security numbers, were exposed to the public when an attachment containing the information was accidentally emailed to an unauthorized party. The party notified the university of the mistake and the error was corrected.
  • April 18: Emory Healthcare disclosed it lost 10 computer backup disks containing personal and health information of 315,000 patients. 228,000 of the records contained Social Security numbers.
  • April 18: The University of Hawaii settled a class action lawsuit stemming from data breaches in 2009 and 2011 that exposed personal information for nearly 100,000 students, faculty, alumni and staff. The university agreed to pay for two years of credit monitoring for everyone in the class action.
  • April 19: The South Carolina Department of Health and Human Services revealed an employee working with the Medicaid program transferred personal information of some 228,000 beneficiaries to his personal email account. The employee was fired and later arrested in connection with the event.

Calendar


*ECT News Network editor’s note – April 23, 2012: The original version of this story stated that Google was fined for data snooping. In fact, the $25,000 fine leveled by the FCC was punishment for hindering the commission’s investigation into data snooping allegations.

John Mello is a freelance technology writer and former special correspondent for Government Security News.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Hacking

What's your outlook for the business climate in 2025?
Loading ... Loading ...

Technewsworld Channels