Data is assessed by our team members

Investigations can reveal some very sensitive & personal data. This intel is assessed by us & closely guarded used only for the purpose of fullfilling the needs of our clients to achieve the results we are commissioned to undertake More »

Team leader heads a group of professional investigators on the ready

We are proud to have access to the finest team members & discreet qualified persons who pride themselves in obtaining results for our clients where others fail. More »

The latest technology & equipment allow us to keep our finger on the intel pulse

Scientific apparatus & technical staff allow us to get sensitive & usefull information by utilizing the latest technology in getting information for our clients.The storage, use & availability of this data is done with great care More »

Communications between team members & networks is critical

In these days of world wide communications being at a peak of efficiency, the task of passing on & receiving information in the blink of an eye becomes possible between our team members & the network we have access to More »

Team leader & CEO of the intel agencies group is Donna-Lee Sapiecha Eyers

Donna-Lee is here at her graduation law degree ceremony proudly supported by her mother Karen, her sister Sharah-Lee & father Henry More »


Roundtable discussions on Australia’s Indian Ocean Territories

oz-fed-gov-logo image

The Parliament’s External Territories Committee will host a roundtable discussion tomorrow from 9 am to 12:30 pm on the enduring strategic importance of the Indian Ocean Territories.

Committee Chair, Mr Ben Morton MP, said he is looking forward to holding our first hearing for the inquiry and gathering together departmental officials, subject area experts and academics.

“Christmas Island and the Cocos (Keeling) Islands may be small dots in the Indian Ocean, but the territories’ proximity to Asia and major shipping lines means they remain vital to Australia’s defence, trade and security interests,” Mr Morton said.

The Committee will examine different angles including maritime surveillance, military contingencies and regional cooperation, investment in government infrastructure, and implications for the territories’ residents.

Further information about the inquiry, including the submissions received and the hearing program can be accessed via the Committee’s inquiry website.

Media enquiries:
Please contact the Committee Chair, Mr Ben Morton MP on 08 9354 9633

For background:
Please contact the committee secretariat on (02) 6277 4355 or email

Interested members of the public may wish to track the committee via the website. Click on the blue ‘Track Committee’ button in the bottom right hand corner and use the forms to login to My Parliament or to register for a My Parliament account.


Henry Sapiecha

Public hearing on Australian Cyber Security Centre relocation and fit out

aust gov logo white on black

The Parliamentary Standing Committee on Public Works will hold a public hearing in Canberra tomorrow to examine the proposed relocation and fit-out of the Australian Cyber Security Centre (ACSC) by the Department of Defence.

The proposed works will enable the personnel of the various agencies to be co-located, as well as providing additional space to facilitate joint initiatives between the ACSC, industry and academia. The estimated cost of the project is $38 million (excluding GST).

Full details on the project are available on the committee’s website:

NB the Parliamentary Standing Committee on Public Works is neither involved in the tendering process nor the awarding of contracts. Enquiries on those matters should be addressed to the Department of Immigration and Border Protection.

Public Hearing Details: 1:30pm to 2:30pm, Friday 10 February, Committee Room 1R3, Parliament House, Canberra

Members of the public are welcome to attend to observe proceedings. The hearing will also be webcast at

Media enquiries:
Office of the Chair, Mr Scott Buchholz MP (Greg Birkbeck): 0427 421 132

For background:
Parliamentary Standing Committee on Public Works
(02) 6277 4636,,

Interested members of the public may wish to track the committee via the website. Click on the blue ‘Track Committee’ button in the bottom right hand corner and use the forms to login to My Parliament or to register for a My Parliament account.


Henry Sapiecha

After a decade of silence, this SQL Slammer computer worm is back and researchers don’t know why

worms-pack image

A 14 year old computer worm has suddenly made a surprise comeback following a decade of almost no activity – and nobody knows why.

After it first appeared in January 2003, SQL Slammer carried out distributed denial of service (DDoS) attacks against tens of thousands of servers across the globe, using servers and routers to overload over 75,000 networks within 10 minutes of its emergence.

Exploiting a buffer overflow vulnerability in Microsoft SQL Server 2000 or MSDE 2000, the memory resident worm sends a formatted request to UDP port 1434 to infect the server. Once this occures, it rapidly spreads itself by sending its payload to random IP addresses and causing further DDoS attacks.

Microsoft released a patch to prevent SQL Slammer attacks, but now, almost a decade and a half after it first appeared in the wild, cybersecurity researchers at Check Point have noticed a sudden upsurge in this form of cyberattack. The spike is to such an extent SQL Slammer became one of the most common malware attacks during December.

SQL Slammer surged between November 28 and December 4, 2016 and attacked targets in 172 countries across the globe. The US was by far the most common target of the worm, accounting for 26 percent of SQL Slammer attacks, followed by the UK and Israel on seven percent each.

The IP addresses responsible for initiating the largest number of attempted attacks were registered in China, Vietnam, Mexico, and Ukraine, although outside of that there’s no indication of who revived the SQL Slammer attacks or why.

‘Could be an aberration, could be the start of something – it’s hard to speculate!’ said a Check Point spokesperson.

Where the most Slammer attached were launched from-MAP image

SQL Slammer isn’t the only old computer virus which has given organisations issues years after it first appeared; the eight year old Conficker virus is still responsible for a large number of attacks, accounting for over 500,000 incidents in a year.



Henry Sapiecha

Metasploit security kit now hacks IoT devices, hardware

This well supported hacking tool kit can now be linked to everything from fridges to cars in the search for vulnerabilities.

hack-keyboard-pirate-symbol image

The popular Metasploit hacking kit has been upgraded to tackle today’s Internet of Things (IoT) devices, granting researchers the opportunity to scour for bugs in modern vehicles.

Rapid7 Research director of transportation security Craig Smith announced on February 2 that the Metasploit framework can now link directly to hardware, permitting users to develop exploits to test their hardware and conduct penetration testing with less time wasted.

It is hoped that researchers will no longer have to build multiple tools to test today’s modern devices and overcome previous network limitations.

“Metasploit condensed a slew of independent software exploits and tools into one framework and now we want to do the same for hardware,” Smith says.

The open-source penetration testing software, available for free or as an extended, paid-for edition, is over a decade old but is still utilized by thousands of researchers worldwide. The framework currently boasts roughly 1,600 exploits and 3,300 penetration testing modules.

Due to the fresh update to the Hardware Bridge API, users are no longer limited to Ethernet network connections. Instead, researchers can build support directly into firmware or create a relay service through a REST API, which is necessary for some hardware tools including Software Defined Radio (SDR) that cannot communicate over Ethernet.

“Every wave of connected devices, regardless of whether you’re talking about cars or refrigerators, blurs the line between hardware and software. As we like to say, this hardware bridge lets you exit the Matrix and directly affect real, physical things,” said Smith. “We’re working to give security professionals the resources they need to test and ensure the safety of their products, no matter what side of the virtual divide they are on.”

The initial release focuses on IoT, with a particular slant towards automotive penetration testing. The bridge now includes modules for testing vehicle Controller Area Network (CAN) buses and users are also offered interactive commands for gathering information on vehicles being tested, such as speed and inbuilt security systems.

“If you are in security at an automaker, you are challenged to test things that are not exposed to traditional networks,” Smith told Dark Reading. “The hardware bridge allows security teams to add hardware testing to their QA process. It also allows red teams to have a central user interface to all of their hardware tools.”

Additional modules which target embedded, industrial, and hardware devices, including SCADA systems for industrial applications, will be added over time. Rapid7 also plans to add additional BUS systems, such as K-Line, in the future.

Rapid7 is asking users of the initial Metasploit release to provide feedback and suggest new automotive features for future versions.

club libido banner-22

Henry Sapiecha

Hacker Lexicon: A Guide to Ransomware, the Scary Hack That’s on the Rise

Ransomware is malware that locks your keyboard or computer to prevent you from accessing your data until you pay a ransom, usually demanded in Bitcoin. The digital extortion racket is not new—it’s been around since about 2005, but attackers have greatly improved on the scheme with the development of ransom cryptware, which encrypts your files using a private key that only the attacker possesses, instead of simply locking your keyboard or computer.

TL;DR: Ransomware is malware that locks your keyboard or computer to prevent you from accessing your data until you pay a ransom—usually demanded in Bitcoin. A popular and more insidious variation of this is ransom cryptware, which encrypts your files using a private key that only the attacker possesses, instead of simply locking your keyboard or computer.

And these days ransomware doesn’t just affect desktop machines or laptops; it also targets mobile phones. Last week news broke of a piece of ransomware in the wild masquerading as a porn app. The so-called Porn Droid app targets Android users and allows attackers to lock the phone and change its PIN number while demanding a $500 ransom from victims to regain access.

Earlier this year, the FBI issued an alert warning that all types of ransomware are on the rise. Individuals, businesses, government agencies, academic institutions, and even law enforcement agents have all been victims. The malware can infect you via a malicious email or website, or attackers can deliver it straight to your computer if they’ve already infected it with a backdoor through which they can enter.

The Ransom Business Is Booming

Just how lucrative is ransomware? Very. In 2012, Symantec gained access to a command-and-control server used by the CryptoDefense malware and got a glimpse of the hackers’ haul based on transactions for two Bitcoin addresses the attackers used to receive ransoms. Out of 5,700 computers infected with the malware in a single day, about three percent of victims appeared to shell out for the ransom. At an average of $200 per victim, Symantec estimated that the attackers hauled in at least $34,000 that day (.pdf). Extrapolating from this, they would have earned more than $394,000 in a month. And this was based on data from just one command server and two Bitcoin addresses; the attackers were likely using multiple servers and Bitcoin addresses for their operation.

Symantec has estimated, conservatively, that at least $5 million is extorted from ransomware victims each year. But forking over funds to pay the ransom doesn’t guarantee attackers will be true to their word and victims will be able to access their data again. In many cases, Symantec notes, this doesn’t occur.

Ransomware has come a long way since it first showed up in Russia and other parts of Eastern Europe between 2005 and 2009. Many of these early schemes had a big drawback for perpetrators, though: a reliable way to collect money from victims. In the early days, online payment methods weren’t popular the way they are today, so some victims in Europe and the US were instructed to pay ransoms via SMS messages or with pre-paid cards. But the growth in digital payment methods, particularly Bitcoin, has greatly contributed to ransomware’s proliferation. Bitcoin has become the most popular method for demanding ransom because it helps anonymize the transactions to prevent extortionists from being tracked.

According to Symantec, some of the first versions of ransomware that struck Russia displayed a pornographic image on the victim’s machine and demanded payment to remove it. The victim was instructed to make payments either through an SMS text message or by calling a premium rate phone number that would earn the attacker revenue.



The Evolution of Ransomware

It didn’t take long for the attacks to spread to Europe and the US, and with new targets came new techniques, including posing as local law enforcement agencies. One ransomware attack known as Reveton that is directed at US victims produces a pop-up message saying your machine has been involved in child porn activity or some other crime and has been locked by the FBI or Justice Department. Unless you pay a fine—in Bitcoin, of course, and sent to an address the attackers control—the government won’t restore access to your system. Apparently the fine for committing a federal offense involving child porn is cheap, however, because Reveton ransoms are just $500 or less. Victims are given 72 hours to pay up and an email address,, if they have any questions. In some cases they are threatened with arrest if they don’t pay. However improbable the scheme is, victims have paid—probably because the extortionists distributed their malware through advertising networks that operated on porn sites, inducing guilt and fear in victims who had knowingly been perusing pornography, whether it was child porn or not. Symantec determined that some 500,000 people clicked on the malicious ads over a period of 18 days.

CLUB LIBIDO BANNER blonde x 3 in jeans.

In August 2013, the world of ransomware took a big leap with the arrival of CryptoLocker, which used public and private cryptographic keys to lock and unlock a victim’s files. Created by a hacker named Slavik, reportedly the same mind behind the prolific Zeus banking trojan, CryptoLocker was initially distributed to victims via the Gameover ZeuS banking trojan botnet. The attackers would first infect a victim with Gameover Zeus in order to steal banking credentials. But if that didn’t work, they installed the Zeus backdoor on the victim’s machine to simply extort them. Later versions of CryptoLocker spread via an email purporting to come from UPS or FedEx. Victims were warned that if they didn’t pay within four days—a digital doomsday clock in the pop-up message from the attackers counted down the hours—the decryption key would be destroyed and no one would be able to help unlock their files.

In just six months, between September 2013 and May 2014, more than half a million victims were infected with CryptoLocker. The attack was highly effective, even though only about 1.3 percent of victims paid the ransom. The FBI estimated last year that the extortionists had swindled some $27 million from users who did pay.

Among CryptoLocker’s victims? A police computer in Swansea, Massachusetts. The police department decided to pay the ransom of 2 Bitcoins (about $750 at the time) rather than try to figure out how to break the lock.

“(The virus) is so complicated and successful that you have to buy these Bitcoins, which we had never heard of,” Swansea Police Lt. Gregory Ryan told the Herald News.

In June 2014, the FBI and partners were able to seize command-and-control servers used for the Gameover Zeus botnet and CryptoLocker. As a result of the seizure, the security firm FireEye was able to develop a tool called DecryptCryptoLocker to unlock victims’ machines. Victims could upload locked files to the FireEye web site and obtain a private key to decrypt them. FireEye was only able to develop the tool after obtaining access to a number of the crypto keys that had been stored on the attack servers.

Prior to the crackdown, CryptoLocker had been so successful that it spawned several copycats. Among them was one called CryptoDefense, which used aggressive tactics to strong-arm victims into paying. If they didn’t fork over the ransom within four days, it doubled. They also had to pay using the Tor network so the transactions were anonymized and not as easily traced. The attackers even provided users with a handy how-to guide for downloading and installing the Tor client.

But they made one major mistake—they left the decryption key for unlocking victim files stored on the victim’s machine. The ransomware generated the key on the victim’s machine using the Windows API before sending it to the attackers so they could store it until the victim paid up. But they failed to understand that in using the victim’s own operating system to generate the key, a copy of it remained on the victim’s machine.

The “malware author’s poor implementation of the cryptographic functionality has left their hostages with the key to their own escape,” Symantec noted in a blog post.

The business of ransomware has become highly professionalized. In 2012, for example, Symantec identified some 16 different variants of ransomware, which were being used by different criminal gangs. All of the malware programs, however, could be traced back to a single individual who apparently was working full time to program ransomware for customers on request.

The Ransomware to Watch Out for Now

Recently Fox-IT catalogued what they consider to be the top three ransomware families in the wild today, which they identify as CryptoWall, CTB-Locker, and TorrentLocker. CryptoWall is an improved version of CryptoDefense minus its fatal flaw. Now, instead of using the victim’s machine to generate the key, the attackers generate it on their server. In one version of CryptoWall they use strong AES symmetric cryptography to encrypt the victim’s files and an RSA-2048 key to encrypt the AES key. Recent versions of CryptoWall host their command server on the Tor network to better hide them and also communicate with the malware on victim machines through several proxies.

CryptoWall can not only encrypt files on the victim’s computer but also any external or shared drives that connect to the computer. And the shakedown demand can range anywhere from $200 to $5,000. CryptoWall’s authors have also established an affiliate program, which gives criminals a cut of the profit if they help spread the word about the ransomware to other criminal buyers.

CTB-Locker’s name stands for curve-Tor-Bitcoin because it uses an elliptic curve encryption scheme, the Tor network for hosting its command server, and Bitcoin for ransom payments. It also has an affiliate sales program.

TorrentLocker harvests email addresses from a victim’s mail client to spam itself to other victims. Fox-IT calculated at one point that TorrentLocker had amassed some 2.6 million email addresses in this manner.

Protecting against ransomware can be difficult since attackers actively alter their programs to defeat anti-virus detection. However, antivirus is still one of the best methods to protect yourself against known ransomware in the wild. It might not be possible to completely eliminate your risk of becoming a victim of ransomware, but you can lessen the pain of being a victim by doing regular backups of your data and storing it on a device that isn’t online.

club libido banner-5

Henry Sapiecha

Yahoo hack: Email accounts of Australian politicians, public figures,police and judges compromised in massive breach, dataset has revealed

Yahoo suffers world’s biggest hack with data stolen from ONE BILLION users – including over 150,000 US government and military employees

  • Hackers stole data from more than one billion user accounts in August 2013
  • A different breach from one disclosed in September of 500 million accounts
  • Stolen info includes names, emails, phone numbers and dates of birth
  • The company still doesn’t know how the data from the accounts was stolen

yahoo-ceo-on-stage image

The stolen database contains email addresses,

Key points:

  • Private email addresses, passwords belonging to politicians were obtained by hackers
  • AFP officers, judges and magistrates were also affected
  • Security experts warns the hack has the potential to cause serious embarrassment for officials

Data provided by US security company InfoArmor, which alerted the Department of Defence of the massive data breach last October, reveal more than 3,000 log-in credentials for private Yahoo services were linked to Australian Government email accounts.

InfoArmor, an Arizona-based cybersecurity firm which investigates data theft for law enforcement agencies, said the data was stolen from Yahoo in 2013 by a hacker organisation from Eastern Europe.

It said the hacker group then sold the Yahoo accounts to cyber criminals and a suspected foreign intelligence agency for $US300,000 each.

Yahoo revealed late last year that it believed hackers had stolen data from more than 1 billion user accounts in August 2013, in what is thought to be the largest data breach at an email provider.

A Department of Defence spokesperson confirmed key events to the ABC, including:

  • Defence was notified of the breach last October via an intermediary from NSW Police, two months before Yahoo announced the data breach to the public
  • It then notified its own affected employees of the breach

It remains unclear whether affected staff from other Commonwealth agencies have also been notified by their departments.

The stolen database contains email addresses, passwords, recovery accounts, and other personal identifying data belonging to a startling array of senior Australian officials.

Among those affected were Social Services Minister Christian Porter, Shadow Treasurer Chris Bowen, Victorian Premier Daniel Andrews, Liberal MP Andrew Hastie, opposition health spokesperson Catherine King and Liberal senator Cory Bernardi.

It is unclear how many of the accounts are still active.

The ABC was able to identify officials in the dataset because they had used their government emails as backups if they forgot their passwords.

Last week, the ABC approached each of these affected politicians’ offices, as well as some public servants, seeking confirmation of the authenticity of these log-in credentials. Most declined to do so.

The compromised accounts do not exclusively relate to clients of Yahoo’s email service, but also Yahoo-affiliated web services such as the microblogging site Tumblr and the photo sharing site Flickr.

A spokeswoman for Mr Porter said “as far as the Minister is aware he has never used a Flickr account”.

A spokesperson for Senator Bernardi said “to the best of his knowledge, [Senator Bernardi] doesn’t have a Yahoo account.”

One advisor told the ABC it was possible some accounts linked to politicians were set up by former staffers.

Others who did respond confirmed the log-in credentials are accurate.

Do you know more about this story? Email

Accounts linked to police, judges also compromised

Other government officials compromised include those carrying out sensitive roles such as high-ranking AFP officers, AusTrac money laundering analysts, judges and magistrates, political advisors, and even an employee of the Australian Privacy Commissioner.

“Perhaps records of transactions of purchases, or discussions or things they’ve done. Private conversations that they didn’t want to do on a government server. Perhaps they’ve engaged in some sort of shady activity. Or just expenses for politicians, for example, that they might have tried to keep out of official channels.

“Blackmail information is very valuable to other governments for nudging or persuading people to do things.”

Another challenge facing the Government is how to deal with compromised private accounts belonging to some Australian diplomats and special defence personnel posted overseas. Many of the officials featured in the dataset are employed in roles with security clearances that are intended to be low-profile.

“If I was in a position where my relationship with the government wasn’t to be known by others, then absolutely you shouldn’t be linking a government account to your personal accounts,” Mr MacGibbon said.

Hackers have had years to exploit data

A further problem is the protracted period between the Yahoo data breach itself, which dates back to March 2013, to the eventual public confirmation of Yahoo, over three years later.

Andrew Komarov, InfoArmor’s chief intelligence officer, said malicious hackers would have had literally years to exploit the users’ data.

“The bad actors had enough time to compromise any records they wanted as it’s a pretty significant time frame,” Mr Komarov said.

“That’s why today is pretty hard to figure out what exactly happened and how many employees in government could be compromised.”

According to InfoArmor, the hacker group responsible are an Eastern European cyber-criminal organisation motivated by profit, rather than a state-sponsored entity.

“This group has no presence on any forums or marketplaces. In the past they used two proxies: one for the Russian-speaking underground and another one for the English-speaking,” Mr Komarov said.

“They sell their data indirectly using some trusted channels, contacts and proxies. Not through any marketplaces or forums because of their security measures. They don’t need it.

“They have pretty serious contacts in the underground and some trusted rounds of various cybercriminals with whom they work.”

CLUB LIBIDO BANNER blonde on floor

Henry Sapiecha

Federal Court rejects application for Telstra to supply ‘personal’ metadata

A long-running battle over whether or not telcos should have to provide stored metadata to customers on request — which evolved over numerous appeals into a battle over which data should be considered personal — appears to have come to an unsatisfying end this week in Australia’s Federal Court.

The case between the Privacy Commissioner and Telstra was sparked two years ago when the former ordered the telco to supply metadata on request, on the grounds that it was the personal data of the customer. With this latest decision, Telstra will not be obliged to obey that order.

telstra-logos-on-site image

As the government was preparing to introduce new rules in 2013 that would oblige telcos to store the data generated when customers used their services (for example not your voice or articles you read online, but information on your calls, location and IP addresses of sites you visit), Ben Grubb, then a journalist at Fairfax Media, asked his telco Telstra for a copy of the data.

Telstra provided some information, but not the complete set it would be required to give to law enforcement if asked under the retention laws.

In 2015 the Privacy Commissioner ruled against Telstra, ordering it to provide the missing data, but the decision was overturned when Telstra appealed to the Administrative Appeals Tribunal (AAT).

A counter appeal from the Privacy Commissioner saw the issue taken to the Federal Court, where it was ultimately dismissed this week.

“It’s obviously a disappointing outcome,” Grubb says, “but I’m really grateful that the Privacy Commissioner followed this through by going to the Federal Court to appeal it”.

Grubb says he believes the protracted, public legal stoush may have influenced the system to change for the better, even if Telstra was ultimately vindicated.

“The point of this case was to get my telco to hand over what they were already providing to law-enforcement agencies on a case-by-case basis. In effect, the case achieved most of this, with Telstra eventually allowing consumers to access a lot of what they had on file about their users,” Grubb says, referring to a change the telco made in 2015.

Still, this week’s decision means his original request for metadata will ultimately not be fulfilled.

“At first, Telstra refused me access to information beyond my billing information. They then provided further information, but not all of what I was requesting. Wednesday’s decision means that I won’t be provided with that further information, which included, among other information, IP addresses, URLs, and specific cell tower location information,” Grubb says.

“I still worry about scope creep with regards to data retention. The recent discussion paper put out just before Christmas by the government to enable even more entities to access our highly personal information is worrying, and something many privacy advocates warned would likely end up happening once the data retention laws were passed.”

Anna Johnston, director of Salinger Privacy and former deputy privacy commissioner for NSW, says people shouldn’t interpret this week’s decision as the court “gutting” the definition of what “personal information” is. Rather, the court has just declined to resolve questions still up in the air.

In a detailed blog post explaining the case, Johnston argues that the AAT’s interpretations in its decision in favour of Telstra were “ridiculous”, and “completely undermined our privacy laws”. The AAT’s view that some metadata was not personal information, and so need not be provided to customers, hinged on the fact that the data was about connections between mobile devices, rather than about a person.

But, Johnston writes, surely the data can be both things at once.

“Even car repair records, which certainly have been created for the primary purpose of dealing with a car rather than a human being, will have information about the car owner”, like their address, phone number and car make, Johnston writes.

In this case, though, the Privacy Commissioner failed to make this distinction in its appeal to the Federal Court.

“Instead of arguing that information could be ‘about’ more than one thing, i.e. that metadata could be ‘about’ both the delivery of a network service and the customer receiving that service,” Johnston wrote, “the Privacy Commissioner’s legal team argued that the phrase ‘about an individual’ was redundant, and should simply be ignored,” and the argument was ultimately rejected by the court.

Speaking to Fairfax Media, Johnston said the situation is complicated by the fact that definitions in the Telecommunications (Interception And Access) Act have changed in the time since Grubb first lodged his complaint.

Johnston believes Telstra was in the wrong in refusing to supply the information, but the privacy commissioner went the wrong way about setting things right (although she says the door is not closed for a fix to come in future with another complaint).

With the rules as they currently are, Johnston believes the case could be made for information to be provided if the complainant could show why the data was personal.

“I would argue that the Federal Court left open the possibility that the data Ben Grubb and Telstra were arguing about would be ‘personal information’, because they said that the individual needs to be a subject matter, not the subject, as the AAT said,” Johnston says.

“The judges stressed the need to consider “the totality of the information”. In other words, linkability to an identifiable individual might still make something ‘personal information’, and thus within the scope of our privacy laws.”


Henry Sapiecha

Tech giants circle over big data as antitrust regulators take note

Wealth and influence in the technology business have always been about gaining the upper hand in software or the machines that software ran on.

Now data – gathered in those immense pools of information that are at the heart of everything from artificial intelligence to online shopping recommendations – is increasingly a focus of technology competition. And academics and some policymakers, especially in Europe, are considering whether big internet companies like Google and Facebook might use their data resources as a barrier to new entrants and innovation.

Google data centre in Oklahoma. image

In recent years, Google, Facebook, Apple, Amazon and Microsoft have all been targets of tax evasion, privacy or antitrust investigations. But in the coming years, who controls what data could be the next worldwide regulatory focus as governments strain to understand and sometimes rein in US tech giants.

The European Commission and the British House of Lords both issued reports last year on digital “platform” companies that highlighted the essential role that data collection, analysis and distribution play in creating and shaping markets. And the Organisation for Economic Cooperation and Development held a meeting in November to explore the subject, “Big Data: Bringing Competition Policy to the Digital Era.”

As government regulators dig into this new era of data competition, they may find that standard antitrust arguments are not so easy to make. Using more and more data to improve a service for users and more accurately target ads for merchants is a clear benefit, for example. And higher prices for consumers are not present with free internet services.

“You certainly don’t want to punish companies because of what they might do,” said Annabelle Gawer, a professor of the digital economy at the University of Surrey in England, who made a presentation at the Organisation for Economic Co-operation and Development meeting. “But you do need to be vigilant. It’s clear that enormous power is in the hands of a few companies.”

Maurice Stucke, a former Justice Department antitrust official and a professor at the University of Tennessee College of Law, who also spoke at the gathering, said one danger was that consumers might be afforded less privacy than they would choose in a more competitive market.


The competition concerns echo those that gradually emerged in the 1990s about software and Microsoft. The worry is that as the big internet companies attract more users and advertisers, and gather more data, a powerful “network effect” effectively prevents users and advertisers from moving away from a dominant digital platform, like Google in search or Facebook in consumer social networks.

Evidence of the rising importance of data can be seen from the frontiers of artificial intelligence to mainstream business software. And certain data sets can be remarkably valuable for companies working on those technologies.

A prime example is Microsoft’s purchase of LinkedIn, the business social network, for $US26.2 billion last year. LinkedIn has about 467 million members, and it houses their profiles and maps their connections.

Microsoft is betting LinkedIn, combined with data on how hundreds of millions of workers use its Office 365 online software, and consumer data from search behaviour on Bing, will “power a set of insights that we think is unprecedented,” said James Phillips, vice president for business applications at Microsoft.

In an email to employees, Satya Nadella, Microsoft’s chief executive, described the LinkedIn deal as a linchpin in the company’s long-term goal to “reinvent productivity and business processes” and to become the digital marketplace that defines “how people find jobs, build skills, sell, market and get work done.”

IBM has also bet heavily on data for its future. Its acquisitions have tended to be in specific industries, like its $US2.6 billion purchase last year of Truven Health, which has data on the cost and treatment of more than 200 million patients, or in specialised data sets useful across several industries, like its $US2 billion acquisition of the digital assets of Weather Co.


IBM estimates that 70 per cent of the world’s data is not out on the public web, but in private databases, often to protect privacy or trade secrets. IBM’s strategy is to take the data it has acquired, add customer data and use that to train its Watson artificial intelligence software to pursue such tasks as helping medical researchers discover novel disease therapies, or flagging suspect financial transactions for independent auditors.

“Our focus is mainly on non-public data sets and extending that advantage for clients in business and science,” said David Kenny, senior vice president for IBM’s Watson and cloud businesses.

At Google, the company’s drive into cloud-delivered business software is fuelled by data, building on years of work done on its search and other consumer services, and its recent advances in image identification, speech recognition and language translation.

For example, a new Google business offering – still in the test, or alpha, stage – is a software service to improve job finding and recruiting. Its data includes more than 17 million online job postings and the public profiles and résumés of more than 200 million people.

Its machine-learning algorithms distilled that to about 4 million unique job titles, ranked the most common ones and identified specific skills. The job sites CareerBuilder and Dice are using the Google technology to show job seekers more relevant openings. And FedEx, the giant package shipper, is adding the service to its recruiting site.

That is just one case, said Diane Greene, senior vice president for Google’s cloud business, of what is becoming increasingly possible – using the tools of artificial intelligence, notably machine learning, to sift through huge quantities of data to provide machine-curated data services.

“You can turn this technology to whatever field you want, from manufacturing to medicine,” Greene said.

Fei-Fei Li, director of the Stanford Artificial Intelligence Laboratory, is taking a sabbatical to become chief scientist for artificial intelligence at Google’s cloud unit. She sees working at Google as one path to pursue her career ambition to “democratise AI,” now that the software and data ingredients are ripe.

“We wouldn’t have the current era of AI without the big data revolution,” Li said. “It’s the digital gold.”

In the AI race, better software algorithms can put you ahead for a year or so, but probably no more, said Andrew Ng, a former Google scientist and adjunct professor at Stanford. He is now chief scientist at Baidu, the Chinese internet search giant, and a leading figure in artificial intelligence research.

Rivals, he added, cannot unlock or simulate your data. “Data is the defensible barrier, not algorithms,” Ng said.

New York Times


Henry Sapiecha

Donald Trump speech at CIA memorial risks fueling intelligence feud

In first official act, Trump pledges support for agency he has attacked

  • Former director ‘angered’ by political speech at wall for dead officers

Trump makes first speech as president to CIA audience in Virginia.


Henry Sapiecha

Trump concedes Russia likely hacked DNC, attacks USA intelligence agencies over leaks

US President-elect Donald Trump acknowledged for the first time Wednesday that he believes Russian operatives hacked the Democratic Party during the election, but he continued to dispute intelligence reports that Moscow acted to help him win.

During an at times rancorous press conference, he angrily denounced the publishing of claims he had been caught in a compromising position in Russia and attacked news organisations for publishing the claims, while also lashing US intelligence agencies over the leak of an explosive but unverified dossier.

“I think it was Russia,” Mr Trump conceded at the press conference in New York when asked who was responsible for the leaks of Democratic emails during the campaign.

But Mr Trump said he believes Russia would have released damaging information about him had they obtained such information.

Mr Trump also addressed questions about his relationship with Russian President Vladi­mir Putin, saying “If Putin likes Donald Trump, guess what folks, that’s an asset not a liability. I don’t know if I’ll get along with Vladi­mir Putin. . .but even if I don’t does anyone in this room think Hillary Clinton will be tougher on Putin than me? Give me a break.”

Mr Trump made his remarks in his first news conference as President-elect, ending a period of 167 days since he has fielded questions from the full media contingent. Past winners of the presidency have traditionally faced the press far earlier.


On Wednesday morning the president-elect angrily denounced news reports about a dossier of potentially compromising information Russia has allegedly gathered about him, citing denials from the Kremlin that it has any such intelligence.

The president-elect also charged via Twitter that his “crooked opponents” are trying to undermine his electoral victory. He accused the intelligence community of leaking the information to get in “one last shot at me,” saying, “Are we living in Nazi Germany?”

President-elect Donald Trump listens to a question during a news conference in the lobby of Trump Tower in New York image

At the news conference on Wednesday he attacked US intelligence agencies over the leak of the dossier, which was published in full by the news and entertainment website Buzzfeed on Tuesday.

“I think it was disgraceful, disgraceful that the intelligence agencies allowed any information that turned out to be so false and fake out there,” Mr Trump told the news conference. He called the dossier that makes salacious claims about him “fake news” and “phony stuff.”

Mr Trump acknowledged Russia was likely behind the hack of the DNC image

“I think it’s a disgrace … That’s something that Nazi Germany would have done,” the Republican said days ahead of his inauguration.

Mr Trump’s comments follow the revelation Tuesday night that a classified report delivered to Mr Trump and President Obama last week, according to US officials, included a section summarising allegations that Russian intelligence services have compromising information about Mr Trump’s personal life and finances.

The officials said that US intelligence agencies have not corroborated those allegations but believed the sources involved in the reporting were credible enough to warrant inclusion of their claims in the highly classified report on Russian interference in the presidential campaign.

Earlier Wednesday, a spokesman for Russian President Vladimir Putin called the allegations that Russia has collected compromising information about Trump an “absolute fantasy.”

Soon after, Mr Trump tweeted: “Russia just said the unverified report paid for by political opponents is ‘A COMPLETE AND TOTAL FABRICATION, UTTER NONSENSE.’ Very unfair!”

Most media organisations reported only on the existence of the report and that intelligence officials had included a summary of it in their briefings with Mr Trump and Mr Obama on Russia’s attempts to sway the election. But BuzzFeed News published a document supposedly created by a former British intelligence official. The information it contains has not been verified.

Mr Trump and other officials appeared to focus on BuzzFeed’s publication of the report, denying that the document possesses any truth.

Mr Trump said Wednesday morning that he had no relationship with Russia that could compromise him.

“Russia has never tried to use leverage over me,” he said. “I HAVE NOTHING TO DO WITH RUSSIA — NO DEALS, NO LOANS, NO NOTHING!”

The Washington Post with Reuters