We’ve mentioned a lot about data caps, and why they’re not effective methods for controlling congestion, though they’re often sold as such to unwitting consumers. And we’ve done the analysis that shows that the effective speed of a capped plan can be slower than uncapped dialup – at least, when you average it all out.

But Benoit Felton of the Yankee Group went further. Sure, he does the math too, but points out that the users that are labeled as “bandwidth hogs” are hogs because they’re the top 5% of users – not whether those users actually cause performance problems.

The fact is that what most telcos call hogs are simply people who overall and on average download more than others… TCP/IP is by definition an egalitarian protocol. Implemented well, it should result in an equal distribution of available bandwidth in the operator's network between end-users; so the concept of a bandwidth hog is by definition an impossibility.

Now I'm pretty sure that many telcos will disagree with our assessment of this. So here's a challenge for them: in the next few days, I will specify on this blog a standard dataset that would enable me to do an in-depth data analysis into network usage by individual users. Any telco willing to actually understand what's happening there and to answer the question on the existence of hogs once and for all can extract that data and send it over to me, I will analyse it for free, on my spare time. All I ask is that they let me publish the results of said research (even though their names need not be mentioned if they don't wish it to be). Of course, if I find myself to be wrong and if indeed I manage to identify users that systematically degrade the experience for other users, I will say so publicly. If, as I suspect, there are no such users, I will also say so publicly. The data will back either of these assertions.

A great challenge, of course, and the right approach to it: Get the evidence. Make the analysis.

As a follow-up to yesterday’s post, too often both in ISPs and in enterprise networks, social network and video usage gets blamed for problems with network congestion without enough evidence. It’s true that bandwidth consumption can cause problems with network congestion, but if your congestion problems are caused by a misconfigured router or a slow application, blocking YouTube and chastising FaceBookers are not going to solve your network performance problems.

Ann Bednarz’s latest article for Network World wasn’t that surprising in the broad sense – yes, social networks are popular at the workplace, yes, they take up a bunch of bandwidth – but I’m not sure it makes the case that it tries to.

The key to the article is an analysis from managed security services vendor Network Box, which tracked 19 billion URLs and ranked the top five Web sites visited from business addresses by volume of traffic. It recorded that 5.8% of all Web traffic went to Facebook, with Google at 4.1%. That’s by visit – by bandwidth usage, YouTube consumed 7.8% of that bandwidth, with Facebook at 4.4% and Windows Update at 3.8%.

But what gets me is that while these numbers are interesting, they’re not particularly useful. As a metric of what Web sites are popular with people at businesses, it’s okay, but it doesn’t give you any idea about the actual impact of Facebook or YouTube on network performance – in short, it doesn’t tell you whether there’s a problem with Facebook or YouTube in your company, or even in companies overall. Plus, it only looks at Web traffic. Without knowing what percentage of overall enterprise traffic is Web traffic, there’s no way to deduce the overall impact on the network. Even then, some networks might have a very little amount, percentage-wise, of Facebook traffic, and it might cause a problem, or conversely, another network might have a large percentage of their traffic going to Facebook, but their network is able to handle the demand.

As such, it’s hard to use that data in the article to make the case that “Social networks take a bite out of corporate bandwidth.” Does that mean that social networking isn’t taking a lot of bandwidth, or isn’t a concern? No – just that it’s not the right evidence to support the conclusion.

That said, gathering evidence that lets you know whether Web traffic (or any other traffic, really,) is affecting your business critical applications is still a vital part of a nutritious network breakfast.

One of the big problems with trying to communicate with people outside of IT is that – well, people have misconceptions about what computers are and what you can do with them. From the technical support people who are supposed to “see your screen” to the idea that computers can read your thoughts… well, to many people, computers are like magic to them, so they endow computers with magical properties.

It’s kind of a modern folklore, if you will, not too dissimilar from when people believed that witches’ hexes made cows sick, or that sneezing let demons into your body and caused sickness and madness. It’s a sad but true fact of human nature that we’re more likely to believe superstition than to admit ignorance.

But it doesn’t help when popular culture presents some of these “technological superstitions” as fact.

Recently, there’s a YouTube video going around – a clip from the CBS TV show “Numb3rs,” talking about IRC. It gets the name right – “Internet Relay Chat,” but everything else…

I recently created a video which shows the clip and explains why they get it so wrong. To you and I, this may seem like “explaining the joke,” and in doing so, losing the humor. But to someone who is unfamiliar with IRC or the Internet, it shows why you shouldn’t take your technology cues from so-called “technology”-themed crime dramas.

U.S. broadband lags behind international competitors.  And yet another study recently showed how much the U.S. lags behind international broadband. 

This is not news.  What is news is that the study was commissioned by the FCC and executed by Harvard University’s Berkman Center, and they came to the conclusion that  the most successful countries in broadband deployment have done one thing very differently from the U.S. – they have made their main carriers open up their networks to competing service providers.

In other words, since the barrier to entry for broadband is so high, by requiring existing carriers to lease out access to their networks, it creates an incentive for competition in the broadband market, leading to lower prices, better service, and better performance. 

By contrast, the FCC, early in this decade, decided not to require open access, based on an idea that forcing broadband providers to lease out their lines would create a disincentive towards investing in higher capacity networks. 

But, according to the study:

“The emphasis other countries place on open access policies appears to be warranted by the evidence.

We  find  that  in countries where an engaged  regulator enforced open  access  obligations,  competitors  that  entered  using  these  open  access  facilities  provided  an important catalyst for the development of robust competition which, in most cases, contributed to strong broadband performance across a range of metrics. Today these competitors continue to play, directly or through  successor  companies,  a  central  role  in  the  competitiveness  of  the  markets  they  inhabit.”

The FCC is now issuing a call for public comments on the study. 

In May of this year, Nemertes Research president Johna Till Johnson wrote in Network World that “The Internet Sky Really Is Falling.”

The next day, we came out with a story about that column, in our much more irreverent style, entitled “That’s great, it starts with an earthquake: Is the Internet dying?”

In that article, we questioned the conclusions that they drew from evidence. To sum up, those conclusions were:

• 
  

  Nemertes believed that YouTube restricting high definition video to developing countries was a sign of the Internet outstripping backbone demand. We pointed out that such restrictions were due to local traffic problems and the lack of profitable business models in many developing markets.

  
  
• 
  

  Nemertes also pointed out that many cable carriers were instituting bandwidth caps and pay-per-byte pricing. We pointed out that we did an entire series on why usage caps don’t help with traffic congestion, and that ISPs that roll them out typically do so in generally non-competitive markets where they have other business interests (like cable TV and phone service) that compete with Internet access, and that there were plenty of counter-examples of companies (like Verizon and Cablevision) offering more bandwidth without caps.

  
  
• 
  

  And Nemertes pointed out the IPv4 shortage, for which there was already a solution, IPv6. (Though adoption rates have been slow, it does not mean the Internet will halt – simply that IPv6 changeovers will be more expensive the longer the delay.)

But the one thing we didn’t question was claim by Nemertes claims that Internet traffic will grow “exponentially” while Internet backbone will grow “linearly,” leading Nemertes to the conclusion that there will come a day when there will be Internet “brownouts.”

Recently, Johna Till Johnson published another column – this time in ComputerWorld, outright claiming that net neutrality legislation would mean the end of the Internet. That’s not hyperbole on my part – the headline is literally: “Hello net neutrality, goodbye Internet.”

And Ars Technica, a Conde Nast publication, decided to take another look at Nemertes’ evidence.

Essentially, Nemertes now claims (in the October article) that Internet growth creates a strain on last-mile access lines (Cable/DSL/FiOS) that makes it “excruciatingly expensive to upgrade,” that network neutrality would mean that you can’t charge different rates for different traffic, so backbone providers and carriers would start charging by the bit – or at least capping and charging for overages. Since bandwidth providers would now charge each other for the traffic on their networks, they would either raise subscriber rates dramatically or disconnect from the Internet entirely, literally killing the Internet as the entire thing breaks down into walled tiers like early 1990s Compuserve, AOL, & Prodigy.

Ars Technica, on the other hand, points out that the “excruciatingly expensive to upgrade” last-mile bandwidth isn’t exactly excruciatingly expensive compared to the profits that Internet service providers already generate with net neutrality and in most cases, without caps. Verizon, for example, is paying $18 billion for FiOS upgrades, but that’s the most expensive upgrade in the market, and Verizon finds it financially feasible to do so in a net-neutral market. For most ISPs, DOCSIS 3.0 (for Cable) and FTTN (for DSL) are very cheap solutions to increasing last-mile bandwidth.

As for the idea of the Internet fracturing, Ars Technica pointed out that ISP networks all exchange roughly the same amount of bandwidth; and an even trade is an even trade no matter how much it costs. There are many ways to recoup costs – but raising the rates on a competitor who can then turn around and raise rates on you doesn’t make any sense at all.

Or as Sevcik and Wetzel put it in Network World:

“Backbone ISPs and access ISPs must play nicely with each other to satisfy their customers' needs. Why for heaven's sake would they hurt their customers and themselves by balkanizing?”

What’s most worrying however, is that Ars Technica wrote that Nemertes idea of Internet growth outstripping capacity may be flawed.

According to the University of Minnesota MINTS project, the year-over-year growth of Internet traffic is not “50-100%” as Nemertes claimed in the ComputerWorld article, but “50-60%.” (Technically, “50-60%” is within the range of “50-100%” but it’s like estimating that a man that could be 5to 6 feet tall is “between 5 to 10 ft. tall.”) In Canada, where ISPs have to reveal traffic numbers due to network neutrality research by the Canadian government, they find that growth is slowing, year over year. 53% growth in 2006, but 32% growth in 2008.

We’ve found that when it comes to enterprise networks and IT in general, Nemertes Research is a valuable research organization. But in 2007, Nemertes made a prediction – a reasonable one, given the evidence at the time - about the Internet that did not come to pass. Instead of re-examining that prediction, they continue to insist – on openly contested arguments – that they were indeed right all along, even as, less than 3 months away from the ominous “2010” date, the Internet has managed to keep up with the demand of high-bandwidth YouTube HD files, NetFlix streaming, Skype Video-calling, video game downloads, and other high-throughput applications.

I think that what is actually happening, rather than demand for bandwidth outstripping supply, is that the supply of bandwidth creates its own demand, and that the new demand comes primarily from new applications. That is, HD video on the net is only in demand now that the networks have been shown to be able to handle that kind of capacity. YouTube didn’t start until there was enough capacity on the Internet to make SD video distribution feasible. Only later, when capacity grew, did YouTube roll out high quality video, and still later (after Vimeo proved it was feasible) did YouTube roll out 720p video content. When the network capacity can handle streaming 1080p video, then that will be the new standard. But no one is going to roll out 1080p video until the network can handle it.

This is not to be confused with the issues faced by enterprises when trying to allocate resources to business critical traffic over recreational traffic – where supply of recreational network traffic can be artificially restricted through QoS policies and traffic shaping in order to, presumably, lower the strain that recreational traffic puts on the network. Even so, most smart companies engage in capacity planning, making sure they have the bandwidth available to use new applications before those applications are rolled out. Teleconferencing, for example, is a business application that requires a great deal of bandwidth – but it’s of no use to an organization – and therefore not demanded – if the company network can’t support it. Or in other words, if the money saved from teleconferencing isn’t equal to or greater than the increase in network costs, smart companies are not likely to invest in teleconferencing.

In short, the sky is not falling. But keep an eye on your patch of it, anyway.

Cory Doctorow, one of the lead authors of Boing Boing, writes in the technology section of the British newspaper “The Guardian” his thoughts on cloud computing. And those thoughts, summed up, are:

The main attraction of the cloud to investors and entrepreneurs is the idea of making money from you, on a recurring, perpetual basis, for something you currently get for a flat rate or for free without having to give up the money or privacy that cloud companies hope to leverage into fortunes.

We talk about cloud computing upsides a whole lot. And for companies, being able to essentially outsource your IT needs to an external company is an option that may reduce costs under certain situations. It may increase costs over the long term in others. Knowing which is which – which apps benefit from “cloudification” and which are better left in-house, is a big part of IT management and budgeting these days.

Can you live with the performance downgrade? Cloud computing typically isn’t a solution for “doing more with less,” it is often a solution for “doing less with less” – but that may be all that your company needs. It comes down to knowing what your requirements are, and monitoring your networks to make sure that you can meet them.

But Doctorow points out that the main difference between cloud services and traditional IT is that cloud services are designed to get you to pay-per-X, where X could be Gigabytes, CPU Cycles, storage size, virtual server deployments… and to pay-per-X repeatedly through a rental, rather than ownership model. In other words, what were once capital costs are now being shifted to operational costs.

To the average person, however, Doctorow points out that cloud services are a reversal of the trend that we had been seeing throughout most of the 21^st century so far – the idea of charging per service giving way to ownership of software and dumb Internet pipes bringing you the services you chose to access. Even if that “charge” is indirect – for example, through on-screen advertising – the idea is that you pay something for the cloud service every time you use it.

Personally, cloud computing has its place, but network access has a performance price that I sometimes don’t want to pay.

As I’ve mentioned before, I’m writing a non-fiction book in my spare time, and have gotten 30,000 words done so far. I started out using Google Docs, as I could access Google Docs from anywhere with an Internet connection – my laptop, my work computer, or my desktop, and have access to the most current version of the document.

But around that 30,000 word mark, the document started to slow down, with noticeable lag when I typed. My performance suffered, so I did what, I suppose, was inevitable. I now edit the document in the OpenOffice.org desktop application, using Google Docs more as a storage platform than an editing platform.

It is important to remember that despite the wonderful advances – and they are wonderful – that cloud computing gives us, cloud computing is just one option out of many.

There’s an article on ZDNet talking about a video where Sun Microsystems CTO Lew Tucker talks about how future cloud computing applications will be able to know exactly how much demand there is for the application, and requisition the appropriate amount of computing power. During high demand, the application could grab more resources, preventing application-based slowdowns, and during low demand, the application could release resources back into the cloud, saving the company money.

Of course, ZDNet’s title for the article is “Future Cloud Apps won’t need humans” which conjures up frightening images.

If it’s any indication, dynamic allocation of the needs of information will cause anxious consternation about the continued necessitation of the IT occupation, and frantic desperation. (Of course, that’s just idle speculation.)

But it might be more accurate to suggest that “Future Cloud Apps won’t need humans to babysit them.” That is – all that Tucker talks about is the idea of taking what used to be a manual process – deciding how much processing power any particular application needs – and having the computer make that determination on the fly based on the actual processing power needs. Certainly, humans will be involved in determining how much power is “too much,” how much slowdown is “acceptable,” and – most importantly – how much performance that the end-users can actually use.

This has two main impacts on the networking side of IT – that is, if an application can dynamically allocate more resources during times of excess need, application performance may be limited on the server or on the network, but it eliminates one of the main causes of application performance problems – not assigning enough resources to the application.

Additionally, application performance becomes important independent of the network, as a poorly coded application might need more resources and therefore require more money to operate.

Secondly, when you essentially remove the limits on application performance by simply allowing it enough resources to do the job at any time of the day, you have to continue to look for other bottlenecks. If you have the capacity to do more with what you’ve got, it makes sense to do everything you can to take advantage of that capacity.

Now, before this possibility becomes a reality, cloud computing standards need to be developed, agreed upon, and used in order to have multiple applications cooperate in any dynamically scaling environment. That may be very soon, or a long way off, but it will probably happen, because there’s just too much money to be missed out on if there isn’t a cloud computing interoperability standard.

There are several misconceptions about the Internet. For example, some believe that that the Internet is a very light black box about the size of a handbag with a single light, where the Elders of the Internet keep watch over it from Big Ben.

I never get tired of linking to that video. In fact, the entire TV show “The IT crowd” is based around the idea that to most of the world, networking is a mystery, the Internet a “magic” box that gives you sneezing pandas on demand, and no one cares. Until, of course, it’s time to PANIC!

In Australia, Channel Seven’s “Sunrise” morning news show had a computer expert with, Pete Blasina, talking about how the Internet is “filling up.”

According to the news report, a report where the anchor freely admits that he “doesn’t know how this Internet business works, I thought it just went through the air,” I “learned” the following things:

• Scientists (who are not named in the piece) are warning that video sharing sites such as YouTube are putting a “major strain on cyberspace.”


• By 2012, the Internet could get “full.”


• Blasina is surprised that the Internet hasn’t “run out of space” earlier, and the fact that it hasn’t done so is “remarkable.”


• The Internet is about 13 years old, and it hasn’t broken down once. (For those counting, that means the Internet was invented in 1996.)


• The Internet is probably “the most perfect machine we’ve built as humans.” (It clearly outshines, of course, the lever, inclined plane, wheel and axle, screw, wedge, or pulley.)


• With “video going down the Internet, and so much entertainment and social networking, it’s virtually at capacity now.”


• “It’s called Cyberspace, so we think it just appears out of the air.”


• The problem with The Internet being “full” is not the pipes, because “the pipes are fine.”


• “Optic fiber is infinitely extensible.”


• “The issue is that all the information has to be resident somewhere.”


• “The issue is with the switches that transmit down the fiber connection.”


• “There are massive server farms, or computer farms, where the information is resident. And that’s where the clog happens.”


• “We almost now are at the point where we need to go back down to the foundation and rebuild the infrastructure from the ground up.”

At the risk of insulting Australia Channel Seven’s news staff, this is frozen concentrated stupid juice.

Seriously, if this wasn’t an actual news show, it would sound like an Onion skit.

The segment goes on for four minutes and in that time, the expert asserts the Internet will become “full” but doesn’t quite explain why, blaming YouTube and video applications for the problem, then blaming server storage space for the problem, then blaming problems with delay in the switches, then goes back full circle and talks about YouTube and other video applications and the massive amounts of data they deal with.

Now, as a network performance vendor, one of the reasons we have an end-to-end solution and integrated suite of tools is because we’ve heard of situations where problems are first blamed on the network group, then on the server group, then on the application group. However, this is the first time I’ve seen a single person flip single-handedly from one to the other to the next. And, like adding a marichino cherry on this banana split of confusion, he does it all without actually mentioning what the problem is.

He doesn’t even mention who is saying the Internet is getting full by 2012. “Who” is literally the first thing taught in journalism school, followed by the next five things, “What, When, Where, Why, and How.”

It is bad enough that there is so much complex information out there that is misunderstood and mishandled. Oversimplification is one thing, but at least oversimplification tells you what the problem is and a simple, easy to understand, wrong solution. I don’t even know what the hell the problem is or what they’re trying to say. I’d offer to summarize and re-write it to explain the problem, but I don’t even have enough information to even do that.

But I can get outraged about it because I know enough about computers to know that that was pure nonsense; what worries me is that “the internet will get full” becomes conventional wisdom because that’s all that the non-savvy TV viewer will take away from this piece. After all, Blasina must know what he’s talking about, because “he’s on television.”

And while I’ve never been on TV, I have acted in Pete Blasina’s capacity, not just as editor of this blog and contributor to HardOCP. I’ve also been a tech expert on the Marcus Lush radio programme in New Zealand, and have been interviewed by the New York Times TechTalk podcast.

Maybe I need a pink Hawaiian shirt.

Network World recently published an article, “U.S. isn’t falling behind in broadband,” in its news section of its LANs & WANs page. The article is written by James Lakely of the Heartland Institute, a conservative public policy think tank based in Chicago.

In it, Lakely argues that spending on improving the nation’s telecommunication infrastructure – specifically the spending in

Obama’s stimulus package – isn’t necessary because, contrary to popular belief, America is not falling behind in broadband.

Lakely attacks the methodology used in the OECD’s [Organisation for Economic Co-operation and Development] broadband penetration numbers, and in this he has a point. The U.S. ranked 15^th in the world in “broadband penetration” measured by a per capita rate of people who subscribe to broadband services. I too have a problem with using that measurement; broadband subscription rates are not the same as broadband availability rates, and other countries’ cultures might place more emphasis on the value of being online.

My mother still refuses to use the Internet for anything other than basic e-mail, and even then it’s pulling teeth.

Lakely, however, criticizes the OECD study due to the old argument that the countries with better broadband have higher population densities. That is the only argument he brings forward which speaks to his thesis rather than tangential information.

And it’s faulty logic – while the U.S. population density (31/km²) compares unfavorably to France’s (113/km²), the population of certain states, like, for example, California, comes closer to France. If the population density theory is true, California’s broadband should rival France, and the technology in New York City should rival that of Tokyo or Seoul. Or perhaps most telling, Finland, at #3 on the list, has a population density of only 16/km².

As for that tangential information, he points out that the United States has the most consumers of high-speed Internet when talking raw numbers. (We also have a population eight times that of South Korea, six times that of France, and twice that of Japan – in fact, the only countries that have more people are China and India.)

He also mentions new technologies, such as Verizon’s FIOS:

A new study by consulting firm RVA Market Research pegs the annual growth rate of "fiber to the home" networks — the latest, fastest and most competitive broadband technology — at 76% on this side of the pond.

Of course, since we’re just now getting the fiber-optic connections that our counterparts in Japan have had for months or years, our growth rate is bound to be higher.

And finally, Lakely offers this tidbit of “information”:

If worry-warts want to get their hard drives heated up over comparisons between the United States and other countries, they can try this one on for size: A survey released this month by the German broadband association Bitkom found 84% of respondents there between the ages of 19 and 29 would rather ditch their spouses than their broadband connections.

Now that's a troubling study. "Catching up" with the rest of the world isn't always such a good idea.

Is Lakely seriously arguing that America’s broadband stagnation leads to healthier marriages? Even so, Lakely’s got his facts wrong: Germany has a divorce rate of 2.3 per 1000 population, the United States has a divorce rate of 3.6 per 1,000 population.

Of course, all of this is completely irrelevant to the real issue – that is, that we shouldn’t be concerned so much with broadband adoption at this point but at broadband performance. We are moving beyond streaming video applications to live video applications – cloud computing has come to gaming, for crying out loud – and this gives technological advantage to those countries who can leverage the technologies behind virtualization and cloud computing because they’ve laid groundwork with infrastructure.

In short, we need not worry about what percentage of Americans have broadband speeds, but rather, how good and how fast is the broadband when they get it? South Korea has an average speed of 15Mbps compared to 3.9Mbps in the U.S. Japan’s fastest broadband service is 150Mbps – for $60 a month.

What irks me about the Heartland Institute making these claims in Network World is not that it’s in any way a reasoned critique of the Obama stimulus infrastructure spending. In other words, this is not an argument that “the free market can solve the problem better than government intervention can.” This is an argument that “there is no problem.”

That’s frustrating to me because recognizing a problem is the first step to dealing with it. Even free market solutions mean that someone has to be aware that there is a problem in order to capitalize on fixing it.

The Heartland Institute has been involved in other, similar campaigns where they argue that problems that are publically perceived as problems are not, in fact, problems at all. Before 2005, the Heartland Institute had a number of funding organizations which may have resulted in a conflict of interest, as of 2005, the Heartland Institute insists on secrecy for funding sources.

In May, 1998, Stephen Glass, who then worked at The New Republic, wrote an article called called “Hack Heaven,” about a 15-year old hacker named Ian Restil.  According to that story, Ian Restil used a computer at his high school library to hack into software firm “Jukt Micronics.”  Jukt decided it would be cheaper to hire Restil to tell them how he did it rather than have their in-house engineers determine how he did.  Glass claimed that stories like Restil’s were “common” and that “Computer Insider,” a newsletter for hackers, estimated that 900 hackers were hired.

It was a compelling story, and one which resonated with the 1998 audience of The New Republic – the idea of hacker protection rackets.  Except, none of it was true.  Restil was fiction.  Jukt Micronics was fiction.  Computer Insider was fiction.  There was no “Center for Interstate Online Investigations,” no radio advertisement against hacker protection in Nevada, no “Uniform Computer Security Act,” no “National Assembly of Hackers.” Even Jukt Micronics Web site was a (pathetic) fake one set up by Glass on members.aol.com.    This was revealed by Adam Penenberg, then working at Forbes Digital, (a milestone for internet journalism – as an online news site took down the star reporter of one of the most storied print magazine publications.) 

I mention this story, because that story bears a bit of a resemblance to this one, published by the Associated Press on Mar. 25th: “Teen Hacker turns corporate cyber-crime consultant.”

WELLINGTON, New Zealand - A New Zealand teenager who helped a crime gang hack into more than 1 million computers worldwide and skim millions of dollars from bank accounts has a new job as a security consultant for a telecom company….

[Owen] Walker pleaded guilty last July — when he was 18 — to a raft of charges connected to his work for an international network that the FBI estimated infiltrated 1.3 million computers and skimmed bank accounts or damaged computer systems to the tune of more than $20 million.

The charges against Walker… were dismissed and he was released without a criminal record after paying a fine and forfeiting cash paid by the criminal group for his expertise.

But after contacting Telstra Clear, the telecom company in question, spokesman Chris Mirams explained that the story was “fairly accurate with the following exceptions”:

“Owen Walker was contracted to be one of three speakers for us at two seminars delivered to customers and prospective customers last October and November. Those audiences included IT, security and senior management. We also used his image for a targeted advertising campaign for our specialist security unit, DMZ Global.”

“He has not presented any seminars to TelstraClear staff, used any computer equipment or had access to our network. He was contracted for those duties only, a period of around two months, and was not, and is not, a fulltime employee…”

“Prior to contracting Owen the company consulted the Police case officer, who was positive in his feedback, and read both the Judge and probation service reports filed with the court. He was, you might remember, not convicted and the Police later publicly stated the outcome was fair.”

The unnamed AP reporter is not the next Stephen Glass, and the main problem with the story seems to be one of semantics and implication rather than facts: “new job” implies full time employment, but does not explicitly state it, and makes it sound like Walker absconded or destroyed $20M. In fact, he was the “ringleader” only so far as he designed the software used in the attack – in short, a botnet author.  In fact, his share of the damage to UPenn’s computer system came to a reasonably low $9526 according to the judge in the case who asked him to pay restitution.

“Black Hat” hackers have gone “White Hat” before – Kevin Mitnick now operates a security consulting company – and similarly to Walker, produced a keynote presentation on computer security called “Art of Deception”, and Kevin Poulsen now writes “Threat Level” and identified 744 registered sexual offenders with MySpace profiles. 

What is different is, perhaps, the methodology – Mitnick and Poulsen, not to romanticize their crimes – operated at a time when hacking was, essentially, a game, and operated primarily alone for the challenge of it – “disorganized crime,” if you will.  On the other hand, Walker used botnets, an attack that only the broadband era would make feasible.  To strain a metaphor, Mitnick and Poulsen targeted individual companies and corporations; while botnets target the general public – the difference between cat burglary and mugging.  Well, mugging a whole bunch of people.

Additionally, the strain that botnets can put on both public Internet and private enterprise networks has placed emphasis on computer security and computer networking working hand in hand – in the field of network behavior analysis.  So… it’s… like mugging a whole bunch of people and making them late for work – okay, the metaphor is falling apart. 

But back to the point at hand – in order to protect the general public from computer-security related problems, like botnets, what we need is level-headed, non-sensational reporting from the mass media (and it doesn’t get any more mass media than the Associated Press.)  Botnets thrive on technical ignorance and misinformation; and it is the role of the press to fight both ignorance and misinformation. 

I just think that the press should be doing a better job here.