Issue No.11 - Nov. (2012 vol.45)
Published by the IEEE Computer Society
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MC.2012.383
Topics include the gaming industry's financial problems, IPv4-address trading and hoarding, a researcher cracking the Flame botnet's encryption, a huge cyberattack on US banks, a new spray-on battery, and researchers building a supercomputer for $4,000.
Gaming Industry Threatened by Financial Problems
For years, gaming has been seen as a growth industry with a bright financial future. Things have looked good for developers of both games and consoles. However, the industry has now fallen upon hard times.
In the lucrative US market, computer-game sales dropped 8 percent in 2011 to about $17 billion, and have fallen another 20 percent through August of 2012. According to the Gamasutra website ( www.gamasutra.com), which covers the gaming industry, US sales have declined each year since reaching a record $22 billion in 2008. Gamasutra said totals in 2012 could reach about $18 billion if there is a "miracle" turnaround the rest of this year, $15 billion if sales don't pick up, and about $12.5 billion in a "worst case" scenario.
Video-game console sales have also declined steadily since 2008.
As a result of these problems, gaming-company stock values have plummeted.
Numerous industry observers say the worldwide economic problems have contributed to the downturn. They also cite the increasing availability of cheap games that can be accessed via downloads, largely to smartphones, as opposed to more-costly games accessed via discs that must be played on relatively expensive consoles.
Experts also say that developers have made creative mistakes in their designs and that the big gaming companies have failed to come up with enough blockbuster products.
In addition, there hasn't been a new console on the market for about six years, which has limited the buzz surrounding gaming. Nintendo plans to release its Wii U controller in mid-November, in time for the holiday shopping season.
However, some observers predict that the traditional sale of games on discs for use in consoles may be on its way out.
They say the key to gaming's future will depend on the creativity of smaller developers of downloadable games.
Need a Battery? Just Spray It on
Rice University scientists have developed a spray-on battery that, they say, could be applied to almost any surface. This technology could provide portable power to many devices that have trouble accommodating a traditional battery.
The new spray-on lithium-ion battery is applied via layers of paint. Each layer contains a necessary element of a conventional battery, including current collectors, a cathode, an anode, and a polymer separator. The separator keeps the positive and negative electrodes apart to avoid short circuits while permitting the transport of ionic charge carriers that complete the circuit.
Rice graduate student Neelam Singh led the research team that developed the spray-on battery.
To test their invention, the scientists performed an experiment in which they connected nine batteries sprayed onto bathroom tiles. One included a solar cell that converted power from a light. When fully charged by both the solar cell and standard building electricity, the batteries produced 2.4 volts and powered 40 LEDs that spelled out "Rice" for six hours.
The research team has also painted batteries onto surfaces such as stainless steel, flexible polymers, and glass.
Singh said spray painting is already a process used in many industries, so the technique will be easy for companies to implement.
The Rice team is continuing its research and hopes to develop versions of the battery that could include painted tiles that could be fitted together and configured in multiple ways to meet the needs of individual products and projects.
IPv4 Shortage Causes Address Trading, Hoarding
Some strange things are happening in the normally routine world of IP addresses, thanks to the growing shortage of IPv4 addresses.
For example, companies have begun participating in informal secondary markets in which they sell the addresses they don't need to organizations that don't have enough.
These developments are important because the vast majority of Internet traffic is still based on IPv4, despite growing calls over the last few years for IPv6 adoption in light of the shrinking number of available IPv4 addresses.
Within North America, about 25 percent of all new IPv4 address blocks that new users have obtained have been traded between organizations, according to a recent study by Syracuse University and Delft University of Technology researchers.
This trading has occurred even though the regional internet registry for North America, called the American Registry for Internet Numbers, still reportedly has millions of IPv4 addresses available for ISPs and users. Among other activities, the five RIRs manage the allocation and registration of IP addresses.
Traditionally, organizations return unneeded addresses to their area's RIR, which then gives them to organizations that want them.
However, that's not possible now in some regions. For example, two RIRs—the Asia-Pacific Network Information Centre and Réseaux IP Européens (European IP networks) Network Coordination Centre—are running out of IPv4 addresses.
Thus, organizations are trading addresses among themselves where such activity is permitted. They reportedly are trading for about $10 each.
Meanwhile, the UK Department for Work and Pensions recently found a block of 16.8 million IPv4 addresses that are not connected to the Internet. However, the agency has decided to hold onto these addresses.
Sponsors of a public campaign are trying to fight this by convincing the UK government to auction off the block to users who want to use the addresses to link to the Internet.
Some observers say the addresses could be worth $1.5 billion on the open market, given that they comprise the last unused block of its size in the European-Middle East region.
Researcher Cracks Encrypted Password for Flame-Botnet Server
A researcher with security vendor Kaspersky Lab cracked the encryption protecting the password for a command-and-control server used by the Flame cyberespionage botnet, which infected and then compromised thousands of computers in the Middle East.
Having the password allowed security officials to access the server and learn more about Flame, as well as possibly identify its operators.
Kaspersky analyst Dmitry Bestuzhev broke the hash after security vendor Symantec failed to do so with brute-force attacks and asked for help. Symantec, the International Telecommunication Union's International Multilateral Partnership against Cyber Threats (ITU-IMPACT), and the German Federal Office for Information Technology Security's Computer Emergency Response Team for federal agencies (CERT-Bund/BSI) have been conducting an investigation into Flame.
Flame infected Windows computers and gave the resulting botnet's operators access to the machines. The software encrypted information on the computers and sent it to command-and-control servers for subsequent decryption offline.
Experts say Flame was highly sophisticated and was behind an April 2012 attack that caused Iranian officials to disconnect their oil-industry computers from the Internet.
The malware was discovered in May and eventually executed a suicide command that wiped it off of infected machines. Many victims had already cleaned up their computers.
Nonetheless, security researchers say, information on command-and-control servers indicates the malware could strike again.
Cyberattack on US Banks One of Biggest Ever
Recent distributed denial-of-service assaults on several major US banks represented one of the biggest such cyberattacks ever, according to security experts.
The DDoS attacks shut down websites belonging to Bank of America, Chase Bank, Wells Fargo, US Bank, Citibank, and PNC Bank after flooding them with huge amounts of traffic. The hackers didn't steal any data from the banks or damage their transactional systems.
To set up their attacks, the hackers compromised thousands of high-bandwidth webservers—not the PCs usually used in such assaults—via several DDoS tools, including a new one called itsoknoproblembro (It's OK, no problem, bro.). They used the resulting botnet to create traffic storms—based on the User Datagram Protocol, TCP, HTTP, and HTTP Secure—of up to 60 gigabits per second.
The attackers utilized multiple approaches—such as targeting routers, servers, and applications—to bring down the banks' websites. They switched the techniques around regularly depending on the results they were achieving and the defenses that targets deployed. In the past, security experts say, hackers have tended to use just one DDoS approach.
The assaults were particularly effective because by law, US banks must provide encryption, protected login systems, and other types of security. These applications are prone to bottlenecks, which make them especially susceptible to DDoS attacks.
The itsoknoproblembro tool can run on compromised servers even if the hackers can't acquire administrative or root access. This gives hackers more machines to work with.
Before most of the assaults, online posts correctly named the targets and the days they would be hit. However, experts say, they can't find information that supports claims in the posts that the Izz ad-Din al-Qassam Brigades, Hamas' military branch, were responsible.
And as intricate as the attacks were, security investigators add, there was nothing sophisticated enough to indicate that a country had to be behind them. They note that criminal organizations sometimes launch DDoS attacks on banks as a distraction while they steal money from account holders.
According to experts, administrators must better secure their webservers to keep attackers from being able to use their machines in DDoS attacks.
They also warn that the hackers could launch more of the same attacks.