Total Pageviews

Two-Step Computer Security, Beyond the A.T.M.

Doing the Two-Step, Beyond the A.T.M.

BANK A.T.M.'s embody decades-old technology. A four-digit PIN? What a seemingly crude security system. Where are the uppercase and lowercase letters and the random punctuation that we are continually told are crucial to hacker-resistant passwords?

In fact, though, the four-digit numbers required to use cash machines are one element of an extremely strong security model that most of today's Web sites fall well short of matching.

Think about it: An A.T.M. requires the presentation of both a physical card and a correct PIN. Web sites can and should follow this general principle of requiring two dissimilar things before access is granted.

After supplying the password, that second thing could be a code that arrives as a text message on one's phone. A thief would find that stealing your password for a Web site was useless without also having your phone in hand.

The technical term for requiring something you know and something you have when trying to log into an online account is “two-factor authentication.” It's also known as two-step verification.

If this system, using passwords and smartphones, were used on all limited-access Web sites, the passwords wouldn't have to be long and complex. But many Web users have easy-to-guess passwords in just one-step verification, which is highly imprudent.

Nick Berry, president of DataGenetics, a consulting firm in Seattle, has analyzed the large password databases that hackers who have broken into various Web sites have publicly released. Among 30.3 million passwords he has found 3.4 million consisting of nothing but four digits. (It's astounding that there are still Web sites that permit these. I always encounter password requirements that force me to choose ever longer, more complex strings of characters, numbers and punctuation marks.)

Some four-digit passwords are far more popular than others: “1234” alone accounts for almost 11 percent of these passwords; “1111,” an additional 6 percent. Repetitive patterns occupy many of the other spots among the 20 most frequent numbers. Lower on the list are numbers that are likely to be a year of birth or the four-digit rendering of the month and day of a birthday.

We can speculate that some of the four-digit passwords found in Web sites' databases were first conceived as PINs for A.T.M.'s. They may also be serving as the users' PINs for unlocking smartphones. Mr. Berry says he also saw a number of instances of what he calls “finger walking” on a keypad, in which the sequence comes from a geometric pattern, like “2580” - moving from top to bottom in the keypad's center.

The bank customer who chooses the year of her birth as her cash-machine PIN isn't putting her savings in great jeopardy. The thief who picks up a lost wallet with an A.T.M. card in it would have to guess the PIN correctly in just the first few tries, or the system would shut down the account. Even if successful, the thief would be limited by the ceiling on daily A.T.M. withdrawals. And, in cases of theft, the customer would be made whole by the bank for the loss.

When that short PIN is used as a password on the Web, however, without a second form of verification, it is just about the worst possible choice, almost as bad as choosing “password” as one's password. “Using an A.T.M. PIN in the context of the online world is unwise,” says Marty Jost, a product marketing manager at Symantec, the computer security company. “Using an easy-to-remember PIN is even more unwise because it's easy to guess.”

Mr. Jost says Web sites should use multiple layers of security so that “the password is not the only authentication mechanism.”

Users of Gmail and other Google services, for example, can elect to have a two-step verification system to protect their accounts. When the system is activated, the user fills in the boxes for user name and password, as usual, but then is sent to another page where a verification code must be typed in. Users may choose to have this arrive as a text message, or they can obtain it by using an app on their smartphone. There's a backup method, too, in case their smartphone is lost or stolen.

PayPal and Dropbox also offer their users the option of requiring two-step verification for added peace of mind. Many corporate networks have long used this security model, too.

YES, it's a bit cumbersome. Jeff Atwood, a software developer, author, and co-founder of the programming question-and-answer site Stack Overflow, acknowledged this when he urged readers of his blog in April to use Gmail's two-step verification option.

But, he wrote, this process “is inconvenient in the same way that bank vaults and door locks are. The upside is that once you enable this, your e-mail becomes extremely secure.”

That feeling of security originates not with a long master password, which may fall into the hands of a bad actor, but with the elegantly simple two-step verification. The designers of A.T.M.'s were on to something.

Two-step verification for Gmail or other Web services can't work for us, however, unless we set it up. And there's no better time than the present to do so. “Not tomorrow. Not next week,” Mr. Atwood wrote. Now.

Randall Stross, a professor of business at San Jose State University, is the author of “The Launch Pad,” published last month.

A version of this article appeared in print on October 14, 2012, on page BU3 of the New York edition with the headline: Doing the Two-Step, Beyond the A.T.M..

Do Not Track? Advertisers Respectfully Disagree

Do Not Track? Advertisers Say ‘Don't Tread on Us'

THE campaign to defang the “Do Not Track” movement began late last month.

Do Not Track mechanisms are features on browsers - like Mozilla's Firefox - that give consumers the option of sending out digital signals asking companies to stop collecting information about their online activities for purposes of targeted advertising.

First came a stern letter from nine members of the House of Representatives to the Federal Trade Commission, questioning its involvement with an international group called the World Wide Web Consortium, or W3C, which is trying to work out global standards for the don't-track-me features. The legislators said they were concerned that these options for consumers might restrict “the flow of data at the heart of the Internet's success.”

Next came an incensed open letter from the board of the Association of National Advertisers to Steve Ballmer, the C.E.O. of Microsoft, and two other company officials. Microsoft had committed a grievous infraction, wrote executives from Dell, I.B.M., Intel, Visa, Verizon, Wal-Mart and other major corporations, by making Do Not Track the default option in the company's forthcoming Internet Explorer 10 browser. If consumers chose to stay with that option, the letter warned, they could prevent companies from collecting data on up to 43 percent of browsers used by Americans.

“Microsoft's action is wrong. The entire media ecosystem has condemned this action,” the letter said. “In the face of this opposition and the reality of the harm that your actions could create, it is time to realign with the broader business community by providing choice through a default of ‘off' on your browser's ‘do not track' setting.”

So far, Microsoft has shrugged off advertisers' complaints. In an e-mailed statement, Brendon Lynch, Microsoft's chief privacy officer, said a recent company study of computer users in the United States and Europe concluded that 75 percent wanted Microsoft to turn on the Do Not Track mechanism.

“Consumers want and expect strong privacy protection to be built into Microsoft products and services,” Mr. Lynch wrote.

The tone of the industry offensive may seem a bit strident, given that the W3C has yet to decide how to implement the don't-track-me mechanisms - or even what they signify. For the moment, that means the browser buttons are little more than digital bumper stickers whose sentiments companies are free to embrace or entirely ignore.

But what is really at stake here is the future of the surveillance economy.

The advent of Do Not Track threatens the barter system wherein consumers allow sites and third-party ad networks to collect information about their online activities in exchange for open access to maps, e-mail, games, music, social networks and whatnot. Marketers have been fighting to preserve this arrangement, saying that collecting consumer data powers effective advertising tailored to a user's tastes. In turn, according to this argument, those tailored ads enable smaller sites to thrive and provide rich content.

“If we do away with this relevant advertising, we are going to make the Internet less diverse, less economically successful, and frankly, less interesting,” says Mike Zaneis, the general counsel for the Interactive Advertising Bureau, an industry group.

But privacy advocates argue that in a digital ecosystem where there may be dozens of third-party entities on an individual Web page, compiling and storing information about what a user reads, searches for, clicks on or buys, consumers should understand data mining's potential costs to them and have the ability to opt out.

“If you are looking up the word ‘cancer' ” on a health site, says Dan Auerbach, a staff technologist at the Electronic Frontier Foundation, a digital rights group in San Francisco, “there's a high probability that you have cancer or are interested in that. This is the sort of data that can be collected.” He adds: “Consumers absolutely have a right to know how their information is being used and to opt out of having their information used in ways they don't like.”

But the two sides seem to have reached an impasse. When the W3C met recently in Amsterdam to hammer out Do Not Track standards, as my colleague Kevin J. O'Brien reported in an article earlier this month, advertising industry executives and privacy advocates accused each other of trying to stymie the process.

“There is a strong concern that the W3C is not the right forum to be making this decision,” says Rachel Thomas, the vice president of government affairs at the Direct Marketing Association, a trade group based in Manhattan. “The attempt to set public policy is entirely outside their area of expertise.”

During the Amsterdam meeting, Ms. Thomas proposed that Do Not Track signals should actually permit data collection for advertising purposes, the very thing the mechanisms were designed to control. That provocative idea went over with European privacy advocates about as well as a smoker lighting up in a no-smoking zone full of asthmatics.

Indeed, some prominent consumer advocates have interpreted the industry's proposal as an act of bad faith.

“While many advertisers do support privacy, there is clearly a rogue element of advertising networks that wants to subvert the process,” says Jon D. Leibowitz, the chairman of the Federal Trade Commission. “Or so it seems to me.”

Earlier this year at a White House event, the Digital Advertising Alliance, or D.A.A., an industry consortium, pledged to honor don't-track-me signals so long as the systems required consumers to make an affirmative choice. But last Tuesday, the consortium published guidelines saying that it viewed Microsoft's latest browser setting as an automatic, machine-driven choice preselected by a company - not a choice actively made by an individual consumer. During the installment process, Microsoft's new software actually does give users a choice of whether to keep the mechanism on, or to turn it off. Nevertheless, the consortium said it would not require members to honor the forthcoming browser's don't-track-me signals.

Besides, the D.A.A. has already established its own program for consumers who want to opt out of receiving ads tailored to their online behavior, says Mr. Zaneis, whose own group is a member of that consortium. The consortium remains committed to incorporating browser signals into its program, he says, provided that the systems require consumers to make affirmative choices and give them information on the potential effects of eschewing tailored ads.

“We have self-regulation. It's working very well,” he says. “Why don't we give that a chance to succeed?”

SOME government officials vehemently disagree. In a letter to the F.T.C. earlier this month, Senator John D. Rockefeller IV, Democrat of West Virginia, called the industry program an “ineffective regime” riddled with exceptions.

“To date, self-regulation for the purposes of consumer privacy protection has failed,” Mr. Rockefeller wrote.

Now regulators are warning that opposition to Do Not Track could backfire on advertisers, by giving browsers more incentive to empower frustrated users.“We might see a technology arms race with browsers racing to see - by letting consumers block ads - who can be the most privacy-protective,” says Mr. Leibowitz of the F.T.C. “Maybe that's not a bad thing.”

E-mail: slipstream@nytimes.com.

A version of this article appeared in print on October 14, 2012, on page BU3 of the New York edition with the headline: Do Not Track? Advertisers Say ‘Don't Tread on Us'.

Fab Revamps Mobile Shops Ahead of Holidays

For most Internet companies, mobile is synonymous with the future. For Fab, an online shop that sells designer furniture, housewares and other items, it's synonymous with “right now.”

The company opened up the Android and iOS versions of its shop last October. Now nearly 33 percent of the company's daily visits and sales are handled by those applications.

“There's too much distraction on the Web, multiple browsers and tabs that take away from your focus. The mobile experience captures your full attention,” said Jason Goldberg, one of the founders and the chief executive of Fab. “At some point, we think it'll be 50 percent.”

To capitalize on that, Fab is giving its mobile applications a face-lift, one that it is rolling out for shoppers beginning on Thursday.

The freshly minted applications include more sophisticated browsing, including searches by color, and social features that let shoppers see what items their friends are saving and p urchasing. The company hopes that these will encourage people to buy more and linger longer, which they already do on the iPad. That device is the most popular of all the mobile shopping portals, capturing nearly 40 percent of all its mobile sales.

The redesign is meant in part to appeal to holiday shoppers. To prepare for the season, Fab is stocking a warehouse in New Jersey with goods and nearly 200 workers to ensure that orders are delivered within a few days. In the company's early days, orders were shipped out by their respective vendors and could take weeks to arrive.

Fab, which says it will sell $150 million worth of items this year alone, is hoping to drive up its sales even further and push toward profitability. That goal has been elusive, given how much the company spends on advertising and marketing. Mr. Goldberg declined to say how much money the company was likely to lose this year, although he did say that it was expected to be profitable in the ne xt few years.

“We would break even now if we didn't spend a third of our budget on advertising,” Mr. Goldberg said. The company has spent $15 million on Facebook advertisements and is dipping a toe into television ads, which will start running after the election.

Mr. Goldberg said that given the company's traction with users, he was not worried about the finances of the business, especially given its venture backing. In July the company raised more than $100 million, adding to the $56 million in financing that it had already landed. Its site has close to eight million members, and 50 percent of those joined in the last three months, according to Mr. Goldberg.



Browser Tools Can Help Block Tracking by Social Networks

Those small buttons on Web sites that are designed to let you share what you've read with your social networks have an equally important function: They let the social networks track your travels on the Web, whether or not you click on them. Now, there are a growing number of start-ups offering tools that help consumers keep that kind of tracking at bay.

Social “widgets,” as they are called, have proliferated across the Web: a “like” button from Facebook or a cheery blue bird from Twitter. They act as eyes on the Web. They watch you as you read the day's news, say, or research health information, or shop for rain boots.

Facebook is especially ubiquitous. Academic researchers in France and Australia recently found that more than 20 percent of the 10,000 most popular Web sites have a Facebook widget. That widget allows the social networking giant to keep track of which Web sites they visit, whether or not the Internet user is logged on to Facebook at the t ime.

Twitter goes one step further. Its “tweet” button can be found on 7 percent of the top sites, the same study found. One of the tracking cookies set by Twitter allows it to track users who have never even visited Twitter.com, let alone have a Twitter account. “Twitter is still waiting for them,” Mohamed Ali Kaafar, of the National Institute for Research in Computer Science and Control, known as Inria, in France.

The latest widget-scrubbing tool was released this week from PrivacyChoice, of Santa Cruz, Calif. It is a browser extension that monitors how tight your privacy settings are on Facebook and Google, including the option of disabling Facebook and Google Plus share buttons. In the first 24 hours, its president, Jim Brock, said, 50,000 used the tool, which the company calls PrivacyFix and offers for free.

“Our No. One job here is to educate, not to push people to particular choices,” said Mr. Brock. “I don't think your average user ha s any idea that those little buttons are listening posts.”

Disconnect.Me, a Menlo Park, Calif., start-up, likewise, offers a browser extension for Google Chrome and lets users see just how many companies are tracking them on every Web site they visit. Those trackers include analytics companies, advertising networks and social networks.

Brian Kennish, a former Google engineer who started Disconnect.me, said it has drawn 850,000 active users. It is free.

Another company, called Ghostery, offers several browser extension to allow users to keep track of the trackers, including social network plug-ins. For instance, it found six trackers when I opened my Firefox browser to The New York Times's home page, including from Google and Facebook.

Social network widgets can help Web site publishers because they help their visitors share content with their friends online.



A Start-Up Helps Tourists Plan Vacations and Local Businesses Sell Tickets

Booking flights and hotels online is easy, but what about planning your daily itinerary once you arrive at your destination? Peek, a San Francisco start-up that opens to the public Thursday, tries to help with that.

Peek is for discovering and booking vacation activities. To start, it covers California and Hawaii, but plans to expand soon to other destinations in the United States, then Mexico, Europe and elsewhere.

“It is intended to be comprehensive, so you can forget about looking at magazines and guidebooks,” said Ruzwana Bashir, Peek's co-founder and chief executive. “We are fixing a piece of the market that is very large.”

Ms. Bashir came up with the idea for Peek after planning a trip to Istanbul with friends, and having a typically difficult time finding things to do. After reading guidebooks and magazines and searching a couple dozen Web sites, she had to call local businesses to make reservations or buy tickets because they were not avai lable online.

Exploring Peek feels a bit like flipping through a travel magazine. There are big, beautiful photographs - if Peek is not happy with those that the businesses provide themselves, they find others or send photographers to take new ones - and the layout is clean, with short, informative descriptions. It pulls reviews from sites like Yelp, TripAdvisor and Fodor's. Peek users can also write reviews.

The activities vary from mainstream, like Disneyland, to obscure, like a wine blending lesson near Napa. There are free activities, like a walk across the Golden Gate Bridge, but most are paid, from museum tickets to hot-air balloon rides.

Peek has partnerships with these businesses, and keeps a hefty portion of the ticket price, between 15 and 30 percent. For small businesses that do not have online booking or even Web sites, Peek offers them those services. Because tourists spend an average $200 per person per day in a place like Hawaii, Ms. Bashir s aid, and usually buy more than one ticket for activities, Peek's commissions add up.

The site caters to women, Ms. Bashir said, because they do the majority of travel planning, and offers activities aimed at relatively affluent people in their 30s and 40s.

People can sort activities by interest - like food, family or adventure - and well-known local people describe their ideal days. Piers Morgan, the TV host, offers his favorite activities in San Diego (he likes kayaking and Mexican food); Jack Dorsey, the Twitter and Square co-founder, shares a tour of San Francisco; and Tory Burch, the clothing designer, describes an ideal day on Oahu.

Travel is an area that many Web companies, including big ones like Google and Microsoft, are trying to tackle. Peek has raised $1.4 million from angel investors. A few other sites offer vacation activities, including Expedia, Viator and Vayable, though the first two are very broad and a bit cluttered, and the last includes only niche activities.



A New iPad Browser Surfs the Web So You Don\'t Have To

What if your Internet browser showed you what it thought you wanted to see online, instead of waiting for you to direct it?

That is what Rockmelt's new browser for the iPad does. The browser, which became available in the App Store Thursday, does not look like a browser at all. Instead, it is full of boxes showing you things you might like from around the Web.

“The Internet is vast,” said Eric Vishria, Rockmelt's co-founder and chief executive. “We are trying to take the portion of the Internet that is interesting to you and pull it together.”

Rockmelt landed with a splash when it introduced its desktop browser in 2010, in large part because it was founded and financed by Netscape alumni who know a thing or two about browsers. They include Marc Andreessen, Netscape's co-founder and a Rockmelt investor, and Tim Howes, a Netscape executive and Rockmelt's co-founder.

Yet it has been slow to get traction. Four million people have downloaded it, the company says, and a few hundred thousand of them use it daily. That is tiny compared with usage of the biggest browsers - Chrome, Internet Explorer, Safari and Firefox. But still, Mr. Vishria said, active users seem to like it, keeping it open seven hours and 15 minutes a day.

The idea was that people need a browser for the social era, with updates from friends and social networks incorporated. The new iPad version goes a step further, filling the blank space in a typical browser with images, posts and articles from around the Web. Browsers should incorporate new visual interfaces on sites like Fab and Pinterest and new ways of communication on sites like Facebook and Twitter, Mr. Vishria said.

“If you think about how we all use the Web today, it's radically different from 10 years ago,” he said. “But browsers are the same dumb window they were.”

People log in to Rockmelt's new iPad browser with their Facebook credentials. Over time, Rockmelt le arns what people are interested in based on what they click and share, to construct a stream of content, and users can manually add feeds as well. They can save tabs or pages to read later, and those tabs or pages are stored in the cloud for access from another device.

Though it sounds similar to other apps like Flipboard and Zite, Mr. Vishria said it was different because it tapped into the whole Internet and there was a search bar to travel elsewhere on the Web. Other companies, like Google, are also trying to fold social networking information into Web results and show people what it thinks they want before they ask for it.

Still, it is unclear that people want to slap together a browser, social media and their favorite sites. It can be distracting to see an avalanche of content every time you open a browser. And while some people do not even know what a browser is, they have an option to download one different from the one their computer or iPad came with.

That is one reason Rockmelt's users so far are young people who have grown up online, Mr. Vishria said. Two-thirds are under 25 and 83 percent are under 35.



The Dangers of Allowing an Adversary Access to a Network

Schoolchildren learn the tale of the Trojan Horse, the giant gift in which Odysseus and a platoon of 30 Greek soldiers hid to gain access to the heavily defended city.

Thousands of years later, it remains a thoroughly modern concept that is increasingly found at the heart of cyberwarfare strategies. Modern Trojan horses are computer code or vulnerabilities hidden in software or hardware that would allow a spy or an attacker to gain access to an adversary's computers and networks. Find a way to be invited into the computers of your enemy's weapons and military systems and you can render them useless in the face of an attack.

For more than a decade, Pentagon officials have been anxious about the growing reliance by the United States electronics industry on Chinese manufacturers. As the Internet has become the nation's critical infrastructure weaving together commerce and power systems and even military command and control, it has become increasingly unthinkable t o have a foreign presence in the network. Their fear is that those building and maintaining the network could build in a Trojan horse.

Thus it was striking that the word “Trojan” was not mentioned in a 52-page report issued Monday by the House Permanent Select Committee on Intelligence focusing on the activities of two giant Chinese telecommunications firms, Huawei and ZTE, which have long been suspected of having links to the Chinese government. Beijing has been suspected of trying to steal American corporate and government secrets through computer espionage.

Stuxnet, a surreptitious program that was reportedly designed by United States and Israeli intelligence agencies to afflict the Iranian nuclear enrichment program, had many of the properties of a highly sophisticated Trojan horse. The program was at the heart of a concerted effort to delay or destroy the Iranian Natanz nuclear fuel facility. The attack damaged centrifuges and might have provided a surve illance window into Iranian activities by giving Western intelligence agencies unfettered access to the desktop computers of Iranian project managers.

The program acted as a Trojan horse, perhaps delivered first on a USB memory stick, that then spread through computer networks inside the secret facility before reaching the outside world. A striking map of the paths followed by Stuxnet infection created by researchers at Symantec, the Silicon Valley computer security firm, indicates that Stuxnet actually broke out of Natanz, rather than breaking in, just as the Greek soldiers climbed out of the horse at night.

Possibly because the United States is making Trojan horses, that term - if it exists in the House report on Huawei and ZTE - is said to be found only in a classified annex to the report that has not been made available.

The published report consists of a series of allegations about the activities of the companies, including bribery and surveillance, bu t little hard evidence. Reports of “suspicious” incidents, including an ostensible case of “beaconing” from Cricket, a Texas wireless operator that uses Huawei equipment, have been heatedly denied by Huawei.

If this issue is important enough, said Richard A. Clarke, who served as the nation's counterterrorism overseer in both the Clinton and George W. Bush administrations, there should be ways of declassifying the information. “They're making important accusations,” he said. “Important accusations require important proof.”

According to several former government officials, the real issue is not what has happened in the past but rather what might happen if Huawei gear were widely used in American telecommunications networks. Such use would mean that the company would have to serve and fix the network, requiring extensive access for its technical personnel to telecommunications networks in the United States.

The danger in letting your potential adversary maintain your network has already been demonstrated, according to Mr. Clarke, who wrote in “Cyber War: The Next Threat to National Security and What to Do About It.” In 2007, a remarkably sophisticated computer attack by Israel rendered Syrian antiaircraft radar useless. Israeli aircraft were able to destroy a Syrian nuclear reactor without any response from the country's military. He says it was vulnerable because the Syrians had relied on outsiders to maintain the network.

Mr. Clarke disputes a recent New Yorker article that asserted that the bombing attack was supported by conventional electronic warfare, which involves jamming or deceiving an enemies' radar with high-powered radio waves. “Regular electronic warfare fills the frequencies with static and overpowers the frequencies,” he said. “That wakes people up. That didn't happen. The Syrians didn't notice the jamming of their radars.”

In 2009, The New York Times reported that an Ameri can semiconductor industry executive who claimed to have direct knowledge of the operation said that technology for disabling the radars had been supplied by Americans to the Israeli electronic intelligence agency, Unit 8200.

If his account is true, it may be the real reason that the government has worked so hard to make sure that American computer networks are not made in China.



Despite Maps Debacle, Demand for New iPhone Appears Strong

Apple's new maps for iPhone and iPad was met with such derision that the company's chief executive even apologized for the feature. Still, the flawed maps are not turning people off from wanting the phone. A new survey published Friday estimates that as many as one-third of American shoppers are interested in getting the smartphone in the future.

ChangeWave Research, a firm that regularly conducts surveys to study consumer spending, said that demand for the iPhone 5 was unprecedented. It surveyed 4,270 American consumers and asked how likely they were to buy an iPhone 5 in the future - 19 percent said they were very likely and 13 percent said somewhat likely. ChangeWave said the percentage who said “very likely” was double what it was for the previous iPhone, the popular iPhone 4S.

And despite early concerns about the company's new maps software, which replaces Google's maps with its own, a large majority of iPhone 5 owners and iOS 6 users polled by the com pany did not seem to be bothered by its shortcomings. Ninety percent of respondents said it was not a problem, and only 3 percent said it was a big problem.

Another new feature in the iPhone 5 that could annoy some is the new Lightning connector, which renders obsolete the spare charging cables and iPhone accessories that people have collected over the year. Most survey respondents weren't fazed by this either: 31 percent said it was somewhat of a problem, another 31 percent said it was not much of a problem, and 26 percent said it was no problem at all. The remaining 6 percent said it was a very big problem.

“Despite the media attention surrounding both the Apple Maps issue and the Apple Lightning port issue, neither has had an impact on the massive numbers of buyers queuing up to buy the iPhone 5,” said Dr. Paul Carton, ChangeWave's vice president of research, in a statement. “Rather, the survey results show both issues hardly rank as bumps in the road.†

Early demand for the iPhone has already been strong. The company sold five million new iPhones in the first weekend the phone went on sale, beating the iPhone 4S by about one million. The company is expected to report its sales on Oct. 25.



One on One: Robin Sloan, Author and \'Media Inventor\'

Robin Sloan is the author of the book “Mr. Penumbra's 24-Hour Bookstore: A Novel,” published by Farrar, Straus and Giroux. The book tells the story of Clay Jannon, an out-of-work, tech-obsessed Web designer who ends up getting a job at a San Francisco bookstore, where an adventure ensues. Mr. Sloan, 32, who has referred to himself as a “media inventor,” wrote the book while working at Twitter as a media manager. The following is an edited interview.

Q. Where did you come up with the idea for a 24-hour bookstore?
A. From a tweet! I was walking down California Street in San Francisco, scrolling through Twitter on my phone, when I saw that a friend of mine had just tweeted: “Just misread a sign for a 24-hour book drop for 24-hour bookshop. My disappointment is beyond words.” It just made me smile. I wrote it down, thought about it for a few months, and it eventually became the story of the 24-hour bookstore.

Q. This was a short story before it became a novel, right?
A. Yes. It started as a short story of about 6,000 words. In retrospective, it was really a prototype. I published it on my Web site, robinsloan.com, and made it available on the Kindle. It was based on the same theme: a story of recession, data visualization and romance.

Q. How have your influences from working at Twitter crept into this book?
A. There's a lot of technology in the book. It's not the tools of technology, it's the feelings of technology. I try to describe the feelings you get when you video chat, or the feelings you get from farming a job out to a thousand computers. That all came from my work at Twitter.

Q. You talk about print versus digital in the book. Is print the new vinyl?
A. I don't think so. People think the e-book debate is about books versus computers, but as it goes on, you realize that they actually have a lot in common. One of the things I'm trying get across is that books are just as much technolog y as your iPhone. When books were new, the scene felt just as chaotic and confusing as what's happening in San Francisco right now.

Q. Who is the protagonist in your book? The book itself, or Clay, the main character?
A. Clay is. But he's not a traditional protagonist, because he doesn't have all the answers himself.

Q. Do you prefer to read print or digital?
A. For me, it ebbs and flows. I have been reading a lot of print lately. Print books have an amazing superpower because they don't disappear when you're done with them. Books on the shelf remind you that they exist.

Q. In your book you talk about content overload. How do we solve that?
A. The problem is, all of this content is good. The vision of the Internet as a vast digital wasteland isn't correct. Everything is awesome and we have more stuff to read than we ever have in history. I think part of the answer comes with devices and interfaces: we need to create more devices without distract ions, like Kindles.

Q. You have a lot of current technology references in your book. Do you worry it will age quickly?
A. I think there is a tradeoff inherent in contemporary references. The cost is that the book becomes dated very quickly. The benefit is that people reading it right now feel a dizzying present.

Q. So I notice you have an old Nokia phone. Why?
A. I realized that for me, the iPhone had gone beyond just being a habit. I decided that with the job I have now, which is a full-time writer, it's actually more important and more productive for me to be daydreaming and jotting down notes than it is for me to e-mail or read all my tweets.

Q. Do you miss working at start-ups?
A. I do miss working at Twitter because it is in the center of the zeitgeist right now, and it's fun to be in the middle of the zeitgeist.

Q. The print version of your book glows in the dark. Why?
A. I think in the year 2012, if you want people to forgo this super-convenient Kindle or Nook or iBooks edition, and get a big, heavy print book, you have to give them a really good reason.

Q. Do use your book as a flashlight?
A. Unfortunately it's not that bright. But we're waiting for version 2.0 of the longer-lasting glow-in-the-dark book. It might also run apps.



On Twitter, Confusion and Chuckles Over Nobel Peace Prize

By ERIC PFANNER
The Nobel Peace Prize was awarded on Friday to the 27-member European Union.

Last Updated, 3:48 p.m. PARIS - The surprise decision by the Norwegian Nobel Committee on Friday to award its 2012 peace prize to the 27-national European Union amid its huge economic struggles that threaten its future prompted a lively discussion online that ranged from confusion to humor.

As my colleagues Alan Cowell and Walter Gibbs report, the committee “lauded the European Union's role over six decades in building peace and reconciliation among enemies who fought Europe's bloodiest wars,” even as it wrestles with economic strife.

Posts o n Twitter showed that Europeans may be struggling with the constraints of austerity, but they can still loosen their belts to enjoy a belly laugh - or vent their spleen. Some voices even praised the decision. But not many in Norway.

Wags of all political stripes took their cue from Henry A. Kissinger, who once wondered whose telephone number to dial if he wanted to “call Europe.” In the E.U., a political project in which a number of officials and institutions share power with 27 national leaders, who would go to Oslo to officially pick up the prize, asked Stanley Pignal, a financial writer in London?

In euroskeptic Britain, which is in the European Union but not in the euro zone, the news was met with derision by some.

Benedict Brogan, deputy editor of The Daily Telegraph in London, posted on Twitter:

This joke, and variations on the theme, quickly made the rounds.

Some posts on Twitter applied a similar formula to the E.U.'s difficulty in surmounting disagreements between rich and cash-strapped member states, as did this post from Nick Malkoutzis, deputy editor of the English edition of Kathimerini Greek, which is published in partnership with The International Herald Tribune.

Britain's Channel 4 News noted in its report, “in recent years the E.U. has been ridden with social unrest and diplomatic tension, following the debt crisis of the eurozone, particularly in Greece. Greek protesters recently donned swastikas when German Chancellor Angela Merkel visited the country this week, blaming Merkel for the worsening economic situation in the country, while there has also been a rise in extremism in the country and anger against immigrants.”

A translation of Twitter post by Marco Bardazzi, digital editor for La Stampa, a daily newspaper in Turin, Italy, reads: “Europe, Nobel for the (rest in) Peace.”

Others responded to the news with perplexity or even anger. “Peace prize?” wrote Simone Stefanini. “Wasn't it bombing Libya until a few months ago.”

As the BBC journalist Silvia Costeloe reported, the o fficial @WikiLeaks Twitter feed incorrectly called Norway “an E.U. member” in an update informing the group's 1.6 million followers that the prize is “an instrument of Norwegian foreign relations.”

That update was seconded more than a hundred times by readers of the feed before it was deleted.

Sara Goldberger, a public relations consultant based in Brussels, noted that it was easy for the Nobel Committee in Norway, which is neither in the E.U. nor the euro zone, to stay above the fray:

Ms. Goldberger also offered how much each person might get if the prize award was divvied up among the E.U.'s citizens.

Some posts on Twitter included jokes about possible financial market reaction to the news.

“S&P cuts Nobel prize committee rating by three notches to ‘junk,' negative outlook,” wrote Fabrizio Goria, a reporter for Linkiesta, an Italian financial newspaper.

Not everyone was offering sarcastic musings. E.U. politicians, and those from mainstream political parties in member states, mostly played it straight:

Martin Schulz, president of the European Parliament and lawmaker for the Social Democratic Party of Germany, was among the first to post on Twitter about the news.

The European Commission also posted:

Calestous Juma, a professor at the Kennedy School of Government at Harvard University, said:

The Nobel committee set up its own social media platform, where contributors could send in “postcards” for all to see. Many of these praised the decision, though in some cases the sentiments had tinges of sarcasm.

“Thank you, as a member of E.U. I'm honored by this prize,” one of the contributors wrote. “This is my first Nobel Prize. Looking for more to come. Best.”

Elisabetta Povoledo contributed reporting from Rome and Jennifer Preston and Robert Mackey from New York.



Can a Race Among Doped Cyclists Be Fair? One Former Armstrong Teammate Says No.

By ROBERT MACKEY

Last Updated | Saturday, 1:38 p.m. Since Lance Armstrong waived his right to appeal the United States Anti-Doping Agency's finding that his victories in the Tour de France were aided by systematic doping - confirmed in the sworn testimony of 11 former teammates made public this week - some of his fans have suggested that, since it now appears that most of the professional peloton was doping at the same time, Armstrong should still be considered the winner of those races.

One of Armstrong's former teammates, Levi Leipheimer, wrote in his confession that professional cycling until recently was “a sport where some team managers and doctors coordinated and facilitated the use of ba nned substances and methods by their riders. A sport where the athletes at the highest level - perhaps without exception - used banned substances. A sport where doping was so accepted that riders from different teams - who were competitors on the road - coordinated their doping to keep up with other riders doing the same thing.”

In their confessions, many of the riders said that they agreed to use drugs or blood transfusions only after concluding that it was impossible to beat a doped pack while clean. Some of them also said that they did not consider taking performance-enhancing drugs cheating, because almost all their rivals were using the same techniques.

That may also help to explain the apparently genuine indignation expressed by many riders like Floyd Landis, who were stripped of titles after failing drug tests, only to see the victories awarded to fellow dopers who had evaded detection. When ABC News asked Landis in 2010 if he was calling Armstrong a fraud, he replied: “Well, it depends on what your definition of fraud is. I mean it - look, if he didn't win the Tour, someone else that was doped would have won the Tour. In every single one of those Tours.”

The widespread nature of doping in the sport led the sportswriter Buzz Bissinger to write in a Newsweek cover story defending Armstrong in August, “even if he did take enhancers, so what?” Bissinger argued:

Professional cycling is a rotten sport like all professional sports are rotten (anybody who believes otherwise is a Pollyanna fool). “It's Not About the Bike,” as the title of Armstrong's bestselling biography states. It's about winning by any means possible and then hoping to figure out a medical way of covering it up. Doping has been a rite of passage in the Tour de France. According to The New York Times, at least a third of the top 10 finishers (Armstrong included) have either officially admitted to using performance enhancers or been officially suspected of doping.

Need we say more? If Armstrong used banned substances, he was leveling the playing field. He was still the one who overcame all odds.

In an interview with ESPN before the antidoping agency released hundreds of pages of evidence on what it said was the elaborate doping system on Armstrong's team, the New Yorker writer Malcolm Gladwell took the argument about performance-enhancing drugs creating a level playing field a step further, essentially saluting him for cheating better than any of his rivals. In a part of the interview transcribed by Business Insider, Gladwell argued:

When you look at what Lance is alleged to have done, basically he was better than everybody else at using P.E.D.s. He was the guy who sat down and was rigorous and focused and thoughtful and intelligent and cutting edge in how to use them and apply them and make himself better. Like, I don't kno w, so why's that a bad thing? He's being rewarded for being the best at his game. It was an element in the competition, and he used that element better than anyone else. Why don't we just make that a part of the definition of what it means to be a great bicyclist?

Gladwell went on to suggest that bike races might be better thought of as akin to car races, where the application of science by a support team is part of the challenge.

Another former Armstrong teammate, Tyler Hamilton, described in his new memoir, “The Secret Race,” in minute detail how the medical team around a rider became - like a pit crew with drugs, syringes and blood bags - an essential part of the competition in those years.

After leaving the United States Postal Service team, Hamilton needed to find another doctor to work with, because, he said, Armstrong paid to keep the Italian specialist Dr. Michele Ferrari from helping his rivals. Hamilton ended up retaining Dr. Eufe miano Fuentes, who offered him a special service, at a cost of $50,000 a year, plus bonuses for any victories, that was reserved for a select few clients. According to Hamilton, the others included Jan Ullrich, Ivan Basso and Alexandre Vinokurov - Armstrong's main rivals during his reign.

So, is a race among doped cyclists a fair one? Absolutely not, according to at least one of Armstrong's former teammates, the talented climber Jonathan Vaughters, who retired early when he concluded that it was impossible to win without doping and later founded Team Garmin-Sharp, a squad dedicated to riding clean. In his sworn statement to the antidoping agency, Vaughters, who rode in support of Armstrong in the 1999 Tour de France, described the team's systematic doping.

In a telephone interview with The Lede on Friday, Vaughters said that a race among doped cyclists did not reward the best athlete but the best doper, because some people get a much bigger boost in their performance than others from using the same doping techniques.

That being the case, he said, “if you just opened it all up and you said, ‘Let's legalize it and it's all fair if they all do it,' what you would have is you would have races that were being won by people who were most physiologically adapted to the drugs that were available to them. You would not have the best athlete, who trained the hardest, who had the best team, the best strategy on the day - that athlete would rarely win. It would normally be the person whose physiology just happened to adapt to whatever biotechnology had to offer at that period in time. So it's absolutely untrue and it absolutely applies to the generation of racing that I went through.”

Speaking theoretically, but with obvious firsthand experience, Vaughters also noted that the widespread use of doping products distorted the playing field in others ways too. “Athletes with greater resources are going to be able to contact better doctors,” he observed, and “there are going to be some people who are going to be willing to take much greater risks with their bodies and their health than other people.”

In the interview, which can be heard in full below, Vaughters expanded on his own confession, made in a New York Times Op-Ed in August.

He explained that, even after he left Armstrong's team to race on a French squad that encouraged clean riding, he found himself drifting back into doping in response to the pressure to get results. The rider ultimately decided to quit racing and found a new team with a strict antidoping policy.

Vaughters also suggested that another rider who admitted doping in a statement published on Wednesday, George Hincapie - who helped shield Armstrong from the wind all the way around France in each of his seven Tour victories - might well have had a more successful career if no one had been doping in the races. Given his natural talent, and the relatively high red-blood-cell count he was born with, Hincapie probably got a smaller boost than many other riders from doping, but competed during his entire career against riders who were able to use medical products to decrease his physical edge.

Like many cycling fans, who have become accustomed to arguing in fine detail about science and medicine, Vaughters has become so expert at certain aspects of physiology affected by doping products that he can sound more like a graduate student in biology than a cyclist at times. He also discussed the ways in which in doping distorts competition in an interview with Joe Lindsey published by Bicycling magazine in August.

One of the stranger aspects of information about pervasive doping in the sport trickling out over the past decade on blogs and Twitter feeds writt en by cycling fans and amateur racers is that very few fans with knowledge of professional cycling were at all surprised by this week's revelations. Among others, the authors of the @NYVelocity Twitter feed, Andy Shen and Dan Schmalz - who also write and illustrate a cult comic strip series following the soap-opera of professional cycling called, “As the Toto Turns” - took issue with Gladwell's level-playing-field defense of Armstrong.

The sports physiologists Ross Tucker and Jonathan Dugas, who write the Science of Sport blog and Twitter feed also noted that Gladwell's suggestion that bike racing should be compared to Formula 1 or Nascar racing - with riders' bodies treated like machines to be tweaked with science - ignores the fact that race cars are only allowed to be refined within set parameters.

While many active professional cyclists were hesitant to denounce Armstrong this week, one sportsman did speak out clearly. “It's good that they are trying to clean this sport up,” the Formula 1 driver Mark Webber told reporters. “It sends a message to lots of sports, and it's a good message.” A fan and keen amateur cyclist himself, Webber said, “It's been quite obvious in the last few years that this was going to come out.” He added: “Karma will come and get you.”



F.T.C. Raises Antitrust Pressure on Google

The Federal Trade Commission is raising the ante in its antitrust confrontation with with the commission staff preparing a recommendation that the government sue the search giant.

The government's escalating pursuit of Google is the most far-reaching antitrust investigation of a corporation since the landmark federal case against Microsoft in the late 1990s. The agency's central focus is whether Google manipulates search results to favor its own products, and makes it harder for competitors and their products to appear prominently on a results page.

The staff recommendation is in a detailed draft memo of more than 100 pages that is being shared with the five F.T.C. commissioners, said two people briefed on the inquiry.

The memo is still being edited and changes could be made, but these are mostly fine-tuning and will not alter the broad conclusions reached after an inquiry that began more than a year ago, said these people, who spoke on the condition that they not be identified.

Google said in a statement on Friday, “We are happy to answer any questions that regulators have about our business.” In the past it has said many times that “competition is a click away.”

The commission is also building a team to take Google to court, if it comes to that. Last spring, it hired a seasoned litigator to help with the case, Beth A. Wilkinson, a partner in the firm Paul, Weiss in Washington. In a further sign that it means business, last week it brought on a well-known economist as a consultant: Richard Gilbert of the University of California, Berkeley.

The F.T.C. staff memo does not mean that the government will sue Google for antitrust violations. Next, the vote of three of the five F.T.C. commissioners would be required. And each step is a further prod for Google to make concessions to reach a settlement before going to court. Last month, Jon Leibowitz, chairman of the F.T.C., said a final decision on whether to sue Google would be made before the end of this year.

The Google investigation echoes the Microsoft case in a basic way. Google, like Microsoft in the personal computer industry, has drawn complaints from rivals and antitrust regulators as it has expanded its business beyond its dominant product, search and search advertising. Google has aggressively built off this main business to fields including online commerce and smartphone software.

As it expands its empire, Google takes on new competitors and brings formidable resources. Rivals may suffer, Google says, but the company is improving its products and services, benefiting consumers and the economy.

The American inquiry is moving in tandem with a major antitrust investigation in Europe. The European authorities are pressing ahead and seeking changes in Google's behavior.

Speaking in New York last month, Joaquín Almunia, the European Union's competition commissioner, pointed to antitrust regulators' concerns that Google is “using its dominance in online search to foreclose rival specialized search engines and search advertisers.”

Google is also being investigated by the attorneys general of six states: Texas, Ohio, New York, California, Oklahoma and Mississippi.

Given the momentum of the investigations, antitrust experts say, the F.T.C. staff recommendation was to some extent expected.

The F.T.C. investigators have looked at a wide range of Google's business practices, according to companies that have been questioned and received subpoenas from the agency.

The areas of inquiry include accusations of manipulating the search results it displays to favor Google commerce services it has developed like Google Shopping for buying goods and Google Places for advertising local restaurants and businesses. In the civilian subpoenas, the F.T.C. calls this “preferencing.”

The investigators are also looking into whether Google's automated advertising marketplace, AdWords, discriminates against advertisers from competing online commerce services like comparison shopping sites and consumer review Web sites.



Online Voter Registration Is Called Vulnerable to Hackers

Computer security experts have identified vulnerabilities in the voter registration databases in two states, raising concerns about the ability of hackers and others to disenfranchise voters.

In the last five years, Maryland and Washington State have set up voter registration systems that make it easy for people to register to vote and update their address information online. The problem is that in both states, all the information required from voters to log in to the system is publicly available.

It took The New York Times less than three minutes to track down the information online needed to update the registrations of several prominent executives in Washington State. Complete voter lists, which include a name, birth date, addresses and party affiliation, can be easily bought - and are, right now, in the hands of thousands of campaign volunteers.

Computer security experts and voting rights activists argue that a hacker could use that information to, say, change a person's address online to ensure that the voter never receives a ballot in Washington, where voting is now done entirely by mail. In Maryland, hackers could ensure that a voter is not listed on the precinct register at a designated polling station. In that case, the voter would be redirected to another precinct, or asked to fill out a provisional ballot. In both cases, the person would not be able to vote in local, or possibly, Congressional races.

But the real concern, critics say, is that large numbers of voters from one political party, or demographic, could have their information changed by automated computer programs. A program that could change tens of thousands of voter records at once, they say, would require only a dozen lines of code.

Rebecca Wilson, co-director of Save Our Votes, a voting rights nonprofit, said her organization did not initially track how states set up their online systems. “We thought, ‘How badly could you mess that up?' Well, we learned,” Ms. Wilson said. “Now, anyone in the world can write a computer program that commits absentee ballot fraud on a mass scale.”

Maryland and Washington are not considered swing states in next month's election, but as other states move to online registration systems, security experts worry that they will follow Maryland and Washington's example.

Officials in the two states say that concerns of a widespread cyberattack are exaggerated. Washington officials point out that voters who do not receive their ballots can still print them online, and they say, they have never received a complaint about an address being unknowingly changed.

In Maryland, officials say they consult with their own security experts to pick up unusual patterns in online traffic, like an effort to change thousands of addresses from a single Internet address. They point out that address changes require a confirmation letter be sent to the new address. If that bounces back, the change is deemed invalid.

Washington officials also cite their use of “captchas,” which are meant to help weed out humans from computer programs. Captchas - those puzzles used by e-commerce sites that require people to type in a set of distorted letters and numbers - are easy for humans to read and retype but difficult for machines to decipher.

“What is technically possible and what realistically could happen are very different,” said Ross Goldstein, the deputy administrator for Maryland's Board of Elections.

But security experts say that these measures are not enough to prevent a determined hacker from disenfranchising scores of voters and influencing an election. Critics say that hackers could use botnets, networks of infected computers, to change voters' addresses. And new machine learning technologies can beat captchas, or people can be paid to type them in, in real time, for as a little as a penny per captcha or less.

“They could influence an election with 20,000 votes for less than a penny a head,” said J. Alex Halderman, one of the computer scientists who first discovered Washington's loophole. “That would be a great return on investment for them.”

In Florida last month, Republican state officials paid a company $1.3 million to register voters, but county election officials noticed several registrations contained unauthorized address changes and names of dead people. Laws in the state make it difficult to vote if an address is recently changed.

“In theory, the same scenario is possible online, where it is much easier to do,” said Charles Stewart III, a political scientist at the Massachusetts Institute of Technology.

Last week, Mr. Halderman, David Jefferson, a computer scientist at Lawrence Livermore National Laboratories, and Barbara Simons, a retired IBM computer scientist, sent a letter to Washington and Maryland election officials with seven recommendations for security, including authenticating voters with nonpublic information like the last four digits of their numbers and setting up disaster plans that would let them shut down their systems during an attack.

Shane Hamlin, Washington's co-director of elections, said that the state's registration closed last week, but that his team planned to review transaction logs for unusual activity. “Their suggestions are all reasonable and doable,” Mr. Hamlin said. “Some we have in place and can build on, some are longer term.”

The computer scientists say that they have yet to receive a response from Mr. Hamlin's counterparts in Maryland, where online registration remains open.

“We want to make voting as accessible as possible,” Mr. Goldstein said. But “there's always risk in all systems.”



U.S. Suspects Iranians Were Behind a Wave of Cyberattacks

WASHINGTON - American intelligence officials are increasingly convinced that was the origin of a serious wave of network attacks that crippled computers across the Saudi and breached financial institutions in the United States, episodes that contributed to a warning last week from Defense Secretary Leon E. Panetta that the United States was at risk of a “cyber-Pearl Harbor.”

After Mr. Panetta's remarks on Thursday night, American officials described an emerging shadow war of attacks and counterattacks already under way between the United States and Iran in cyberspace.

Among American officials, suspicion has focused on the “cybercorps” that Iran's military created in 2011 - partly in response to American and Israeli cyberattacks on the Iranian nuclear enrichment plant at Natanz - though there is no hard evidence that the attacks were sanctioned by the Iranian government.

The attacks emanating from Iran have inflicted only modest damage. Iran's capabilities are considerably weaker than those in China and Russia, which intelligence officials believe are the sources of a significant number of probes, thefts of intellectual property and attacks on American companies and government agencies.

The attack under closest scrutiny hit Saudi Aramco, the world's largest oil company, in August. is Iran's main rival in the region and is among the Arab states that have argued privately for the toughest actions against Iran. Aramco, the Saudi state oil company, has been bolstering supplies to customers who can no longer obtain oil from Iran because of Western sanctions.

The virus that hit Aramco is called Shamoon and spread through computers linked over a network to erase files on about 30,000 computers by overwriting them. Mr. Panetta, while not directly attributing the strike to Iran in his speech, called it “probably the most destructive attack that the private sector has seen to date.”

Until the attack on Aramco, most of the cybersabotage coming out of Iran appeared to be what the industry calls “denial of service” attacks, relatively crude efforts to send a nearly endless stream of computer-generated requests aimed at overwhelming networks. But as one consultant to the United States government on the attacks put it several days ago: “What the Iranians want to do now is make it clear they can disrupt our economy, just as we are disrupting theirs. And they are quite serious about it.”

The revelation that Iran may have been the source of the computer attacks was reported earlier by The Washington Post and The Associated Press.

The attacks on American financial institutions, which prevented some bank customers from gaining access to their accounts online but did not involve any theft of money, seemed to come from various spots around the world, and so their origins are not certain. There is some question about whether those attacks may have involved outside programming help, perhaps from Russia.

Mr. Panetta spoke only in broad terms, stating that Iran had “undertaken a concerted effort to use cyberspace to its advantage.” Almost immediately, experts in cybersecurity rushed to fill in the blanks.

“His speech laid the dots alongside each other without connecting them,” James A. Lewis, a senior fellow at the Center for Strategic and International Studies, wrote Friday in an essay for ForeignPolicy.com. “Iran has discovered a new way to harass much sooner than expected, and the United States is ill-prepared to deal with it.”

Iran has a motive, to retaliate for both the American-led financial sanctions that have cut its oil exports nearly in half, and for the cybercampaign by the United States and Israel against Iran's nuclear enrichment complex at Natanz.

That campaign started in the Bush administration, when the United States and Israel first began experimenting with an entirely new generation of weapon: a cyberworm that could infiltrate another state's computers and then cause havoc on computer-controlled machinery. In this case, it resulted in the destruction of roughly a fifth of the nuclear centrifuges that Iran uses to enrich uranium, though the centrifuges were eventually replaced, and Iran's production capability has recovered.

Iran became aware of the attacks in the summer of 2010, when the computer worm escaped from the Natanz plant and was replicated across the globe. The computer industry soon named the escaped weapon .

Iran announced last year that it had begun its own military cyberunit, and Brig. Gen. Gholamreza Jalali, the head of Iran's Passive Defense Organization, said the Iranian military was prepared “to fight our enemies” in “cyberspace and Internet warfare.” Little is known about how that group is organized, or where it has bought or developed its expertise.