U.S. Teen Hacks AOL, Infects Systems

A New York teenager broke into AOL LLC networks and databases containing customer information and infected servers with a malicious program to transfer confidential data to his computer, AOL and the Manhattan District Attorney's Office allege.

In a complaint filed in Criminal Court of the City of New York, the DA's office alleges that, between December 24, 2006 and April 7, 2007, 17-year old Mike Nieves committed offenses like computer tampering, computer trespass and criminal possession of computer material.

Among his alleged exploits:

-- Accessing systems containing customer billing records, addresses and credit card information

-- Infecting machines at an AOL customer support call center in New Delhi, India, with a program to funnel information back to his PC

-- Logging in without permission into 49 AIM instant message accounts of AOL customer support employees

-- Attempting to break into an AOL customer support system containing sensitive customer information

-- Engaging in a phishing attack against AOL staffers, through which he gained access to over 60 accounts from AOL employees and subcontractors

Nieves faces four felony charges and one misdemeanor charge. He was arraigned on Monday and remains detained, a DA's office spokesman said. His next court date is Friday for a procedural hearing to determine the next step in the case, the spokesman said. Nieves' attorney didn't immediately return a call seeking comment.

The alleged acts cost AOL over US$500,000. It's not clear whether customer data was stolen. AOL declined to comment. The DA's office spokesman said the investigation into Nieves' alleged acts continues. "It's too early to tell exactly what [data] he compromised or not," he said.

The complaint states that Nieves admitted to investigators that he committed the alleged acts because AOL took away his accounts. "I accessed their internal accounts and their network and used it to try to get my accounts back," the defendant is quoted as saying in the complaint. He also admitted to posting photos of his exploits in a photo Web site, according to the complaint.

One doesn't have to be a computer genius to carry out the alleged acts, thanks to the free availability of multiple hacking tools, said Mark Rasch, managing director of technology at FTI Consulting Inc., in Washington, D.C. "Even a disgruntled kid working alone can throw a virtual tantrum and cause a significant amount of damage to a large technology corporation," Rasch said. "Welcome to the new world."

If the defendant was honest about his motivation in his reported confession, it's safe to assume that he wasn't interested in stealing data for financial gain, Rasch said. Still, it'll be interesting to find out what steps AOL is taking if customer data was in fact compromised, he said.

There aren't enough facts available to judge whether AOL could have done more to prevent the alleged intrusion. "We'll learn more as the case goes on," he said. "AOL has had pretty good security over the years."

Authorities arrested Nieves after AOL provided them with information from an internal investigation into the alleged acts. AIM subscriber information and IP address data involved in the acts led AOL to Nieves, whose address and phone number AOL had on file, according to the complaint.

Microsoft's Vista sales boost 3Q profit

Windows Vista buoyed Microsoft Corp.'s quarterly results, easing fears that the new operating system is too pricey, requires too many hardware upgrades and doesn't work with other companies' applications.

For the quarter ended March 31, Microsoft's profit jumped 65 percent to $4.93 billion, or 50 cents per share, from $2.98 billion, or 29 cents per share, in same period last year, boosted by sales of Vista and Office 2007, and by upgrade coupons issued over the holidays.

Excluding one-time items, profit totaled 49 cents per share, ahead of Wall Street's view for 46 cents per share, according to Thomson Financial.

Shares rose $1.20, or 4.1 percent, to $30.30 in extended trading after the results were released Thursday. The shares had gained 11 cents to close at $29.10 on the Nasdaq Stock Market.

Revenue for the fiscal third quarter rose 32 percent to $14.4 billion. Analysts were looking for $13.89 billion in sales.

Vista Security

In late March, when security researchers stumbled upon drive-by download attacks exploiting yet another serious Windows hole, they had an eye-opening surprise: The vulnerability--caused by the way Windows handled animated cursor (.ani) files--didn't affect just Windows XP. It also hit Vista, Microsoft's new security-centric operating system.

Security experts still proclaim Vista a major improvement over previous Windows versions, and readily say that its important new safety features--including an improved firewall, a "Protected Mode" for Internet Explorer, and User Account Control--make it much more resistant to the most common forms of spyware and malware.

However, this latest flaw (now fixed) is a major black eye for Microsoft; along with two other critical security patches issued for Vista in its first three months on shelves, the problem has tarnished Vista's security sheen (see "Vista's Vulnerabilities" for details). The new OS may be safer, but its users must still be on their guard.

Google aims to expand China market share

Google Inc., No. 2 in China's Web search market, is giving its local managers more autonomy and investing more in China in an effort to make up for its late entry and take the lead in the industry, CEO Eric Schmidt said Friday.

"We are catching up. Our investment is working and we will eventually be the leader," Schmidt told reporters.

Google has 21.7 percent of China's search market, well behind industry leader Baidu.com Inc., which has 55 percent, according to market data company iResearch Inc.

Schmidt said Google was gaining market share but he declined to give figures. He expressed confidence that its greater financial and technical resources would help close the gap.

Google came to China after other Internet services such as Yahoo Inc. (Nasdaq:YHOO - news), launching its China-based search site, Google.cn, in January 2006. Google opened a Beijing research center one year ago.

Schmidt said Google plans to give its China operation, led by Kai-Fu Li, a former Microsoft Corp. vice president, greater autonomy to develop new products and respond to the local market.

"One of the big projects this year is to push more autonomy and more decision-making to Kai-Fu and his team," Schmidt said. Asked for details, he would say only that it involved more decision-making power.

China has the world's second-largest population of Internet users, with 137 million people online, and is on track to surpass the United States as the largest online population in two years.

Baidu has tried to expand its appeal in recent months by striking deals with Viacom Inc.'s MTV Networks to distribute music videos online and with recording company EMI Group PLC for streaming music.

Industry analysts say Google's handicaps in China include its failure to aggressively promote online music and to offer its G-Mail service on Google.cn. The company refrained from offering e-mail in China after the controversy over Yahoo Inc.'s China arm providing information that led to a reporter's being imprisoned.

AOL One Step Behind Again: New Home Page Identical To Yahoo

AOL has started beta testing a new home page (the main AOL.com portal). AOL Senior Product Manager (and occasional TechCrunch contributor) Frank Gruber introduced it on his personal blog earlier today, although he is not the product manager for the product.

Nice portal…but it is nearly identical to Yahoo home page, which was redesigned last year. Click on the image above for a larger view. Internally, I’m hearing AOLers refer to the new portal as “the Yahoo Portal” although its official name is AOL 3.0.

Internet companies like to copy things from their competitors that work, but as we’ve seen even the largest companies sometimes get caught copying a little too much.

AOL says they are building best of breed products, not simply copying things from Google, Yahoo and others that are proven to work and porting them to its less cutting-edge audience. In the past year, though, we’ve seen them largely copy digg and then release a new mail product that would have been awesome two years ago but which stacks up poorly to the current versions of Gmail and Yahoo Mail.

David Liu, Senior Vice President of Portals & Personal Media at AOL, has told me that a number of new products in development are going to be impressive. I’ve seen early demos and wireframes of some of them, and I think he’s right. The company needs a category killer to get some street cred

Steve Jobs: “People want to own their music”

Apple’s Steve Jobs, perhaps the most important person in the music industry today, says again that Apple is not planning on selling music via a subscription model like many of his competitors.

The strategy certainly makes sense as long as as Jobs continues to win territory in his war against DRM, and the subscription music services fail to lure a critical mass of consumers.

More than 2.5 billion songs have now been purchased from iTunes and they control 85% or so of the download music market. DRM free songs on iTunes cost 30 cents more, almost certainly creating greater margin for Apple per song.

The subscription music services are highly competitive, leaving little profit for the providers. As long as Apple can keep selling tracks for a dollar or more per track, they’ll resist entering this market.

Akamai Releases FoxTorrent 1.0 - Firefox BitTorrent Add-on

Red Swoosh (acquired by Akamai for $15 million earlier this month) released v1.0 of FoxTorrent today. This is a fully functional BitTorrent client for Firefox that works cross platform (Windows, Mac, Linux) and has a very cool additional feature - the ability to stream files as they are downloading.

This is no Azureus (my BitTorrent client of choice), but it does the job and saves time by allowing you to manage torrents directly from the browser. I tested it on a few (non-copyright infringing, of course) files and it worked great on the standard BitTorrent functionality. Streaming just didn’t work, although with the way the BitTorrent protocol breaks files into pieces and reconstructs them in a non linear way means you may have to wait until the file is mostly complete to even begin streaming. I’ll try it again once the files are nearly complete.