By Wolf Richter, a San Francisco based executive, entrepreneur, start up specialist, and author, with extensive international work experience. Originally published at Wolf Street
Five years ago, when Google announced that it would build a super-high-speed fiber-optic network in Kansas City, and then roll it out in other cities, it started an effort to own and control the data pipelines going into homes and businesses.
Given how frustrated consumers are with their ISPs, it seems people couldn’t wait for Google Fiber, now operated by Alphabet’s Access. Google then spent a fortune building out the network in select cities around the country. This could have been huge. At a huge cost.
“Amazing bet,” is what Craig Barratt, senior VP at Alphabet and CEO of Access, called Google Fiber in a blogpost yesterday. In the same breath, he also announced that they would “pause” the build-out of Google Fiber in cities where it had been planned, that there would be layoffs and reassignments, though he didn’t say how many, and that he’d “step aside” as CEO of Access.
His replacement has not been announced.
He’s the third CEO of an Alphabet division to part ways since June. He prefaced this whole debacle this way:
And thanks to the hard work of everyone on the Access team, our business is solid: our subscriber base and revenue are growing quickly, and we expect that growth to continue. I am extremely proud of what we’ve built together in five short years.
Google Fiber is one of two big entities in “Other Bets” of the Alphabet empire, whose CEO Larry Page and new-ish CFO Ruth Porat are trying to crack down on ballooning costs.
The other big entity in “Other Bets” is Nest Labs, which makes internet-connected thermostats and the like. In a brilliant move, Google had acquired it in 2014 for a breath-taking $3.2 billion. But by now, this move has become very unbrilliant.
In June, Tony Fadell, Nest co-founder and CEO, quit after internal disputes over this focus on spending. Some key Nest employees moved to Google’s new hardware division. And the entity is in turmoil.
In August, Bill Maris, CEO of Google’s venture capital arm, GV, also left.
Earlier this year, Alphabet got second thoughts about its ambitious robotics efforts and put Boston Dynamics up for sale. It had acquired the experimental robot maker in 2013 for $500 million. But tensions soon arose, and co-founder Andy Rubin bailed out in 2014. No deal yet.
Then there was, infamously, Google Glass….
So Google Fiber is in good company. It will cease efforts to install a fiber network in 10 cities where it had been planned but not fully committed, according to Ars Technica. In addition, San Francisco was supposed to get Google fiber for sure, but that has now been cancelled too.
The 11 cities where Google Fiber has been nixed: Chicago, Dallas, Jacksonville, Los Angeles, Oklahoma City, Phoenix, Portland, San Diego, San Francisco, San Jose, and Tampa.
In “this handful of cities” and also “in certain related areas of our supporting operations, we’ll be reducing our employee base,” Barratt wrote. Hence the layoffs.
Google Fiber has already been rolled out in Atlanta, Austin, Charlotte, Kansas City (Missouri and Kansas), Nashville, Provo (Utah), Salt Lake City, and The Triangle (North Carolina). And it’s still publicly committed to building the network – subject to change, I suppose – in Huntsville (Alabama), Irvine (California), San Antonio, and Louisville.
In June, Google Fiber announced that it would acquire Webpass, a 13-year-old company that provides high-speed wireless internet in Boston, Chicago, Miami, San Diego, Oakland, and San Francisco. A wireless network is a lot cheaper to install in urban areas with multi-family housing than fiber-to-the-home.
About 9% of the employees at Access will lose their jobs, though some people could be reassigned to entities of Alphabet, according to Ars Technica:
The source did not say exactly how many employees that percentage represents. Access includes more than just Google Fiber, so the percentage of Google Fiber employees being laid off or reassigned is probably a little higher.
Alphabet headcounts are hard to come by, but this Bloomberg report says Access has about 1,500 employees. The Information report indicates that Google Fiber had about 1,000 employees before the layoffs. If both of those numbers are accurate, then the percentage of Google Fiber employees being laid off or reassigned to other parts of Alphabet might be around 13.5 percent.
Google Fiber apparently has not hit its subscriber goals, and fiber construction is a costly endeavor. While the company isn’t giving up on fiber entirely, it may be able to deploy Internet service at a lower cost using wireless technology.
“It’s billions of dollars a year just to maintain this stuff, and Google doesn’t want to spend that kind of money on just being another player in that market,” Jan Dawson, an analyst with Jackdaw Research, told Bloomberg.
“I think the new CFO put an end to the experiment that wasn’t really going anywhere,” Chetan Sharma, an independent wireless industry analyst, told Bloomberg.
So serving up digital ads is still Alphabet’s main business, and flourishing. Controlling the high-speed pipeline to get these ads into homes and businesses, and grabbing whatever data can be grabbed by ISPs via deep-packet inspection and other methods still seems to be part of the plan, but now through cheaper and less glamorous wireless services and no longer through the holy grail of data pipelines, optical fiber. And so goes another huge dream to diversity away from advertising.
Even the absolute master of marketing, Apple, is running into trouble with its latest product. Read… Smartwatch is Dead, Market Implodes, Apple Watch Shipments Collapse
Ahem… cough….
This is what is known as eating someone else’s lunch – Newspaper Advertising Revenues: Adjusted for Inflation, 1950 to 2014
Now we know why politicians bow down to them – h/t nyleta
Hay that looks like a monopoly or is it just my lying eyes….
Disheveled Marsupial…. it just could not be so…. google’s HQ is in America…. the well spring of Capitalism….
Wow, Skippy, talk about falling off a cliff.
What I’m noticing online is targeted ads for stuff I’ve already researched. I have a negative reaction (per L’s comment below) and bypass without looking within the frame.
It goes to the point of digitally-induced confirmation bias that Curtis took up in ‘Hypernormalization.’ While there are problems with it as a documentary, the questions it raises for current conditions demand consideration, which make the piece well worth watching.
@Steve….
Yeah that’s pretty much my take, never confused the doco with scripture, but it did throw out some interesting questions and potential linkages [agent agency not a prerequisite].
If someone was able to get enough corroborated data, correlate it, establish a sound thesis, which had a high degree of being demonstrable…. would probably instantly make anyone involved a national security threat…
Disheveled Marsupial…. not much chance of it tho’, even if there was a desire by industry, too much propriety… wow knowlage road block “Science Mart” style. Humanity’s future hamstrung by laws of ownership… ouch”
And meanwhile almost 50% of all internet ads are never viewed by anybody ever.
Wasting other people’s money for profit – nice work if you can get it!
The problem for the internet ad buyers is that they can’t know in advance whether their ads will be among the 50% read or the 50% not read. So they dare not avoid spending the money.
Add Yahoo to the list of entities ‘in transition.’ I just noticed a slew of new advertising widgets popping up on the Yahoo home page. Is there such a thing as advertising saturation?
For those of us who suffer from needless distraction, I offer this:
Spock on a bus: https://www.youtube.com/watch?v=Gr82dZpCr48
Mate in the – Thingy ™ – there is only the unbound void [Gates Frictionless Capitalism] where freedom clangs [strange… does sound travel in a vacuum].
Dishevel Marsupial…. never fear tho’ ambrit freedom is “insured” cuz rational agent models of seeking profit dominantly front run all other human considerations in the void of code…. dawg is dead… long live the code….
In ‘Dawg’ we trust, pyramid schemers all.
That ‘freedom’ meme does sound like something a Clanger would come up with.
To steal a line from an ancient science fiction film ad campaign; “In the Unbound Void, No One Can Hear Your Screams.”
Yes. In fact a few years ago Advertising Age ran a story about a study that showed that after a certain point advertising becomes a net negative. Consumers are so saturated that they either stop buying generally because they cannot make a decision (or don’t want to), or they come to loathe the brands they associate most with the advertising and actively avoid them.
Harry Shearer read it on his show and noted that the conclusion of the article (this being Advertising Age) was that they were not doing enough.
Thanks for that information.
This study must have happened before the advent of ‘Conclusion Follows Intent as official doctrine.’
“Not doing enough” is Newspeak for “Less is More.” No contradictions in the Advotutorial Universe that good consumers can apprehend.
I was subject to a chilling combination of Big Brother and Big Advertising one day last spring when I stopped by the Falls Church (VA-suburban DC) Home Depot. I was looking for a small lawn and garden item, but entered through a door near the washers and dryers. We really could use a new dryer (but it’s not in the family budget at the moment) so I spent a few minutes checking them out before continuing on my errand.
The next day (while following NC links around the web) I started getting lots of washer/dryer pop-up ads.
I hadn’t searched on the web for washers and dryers for over a year.
But I did have my cell phone with me while wandering around Home Depot…
Did you take a photo of the price? That’s how they get you.
Thanks for the warning. I’ll keep writing the prices down. Phone, you’re staying at home.
Turn off location services on your phone.
Not enough. In malls, shops and everywhere in general, marketing networks sniff the Bluetooth and wifi traffic from smartphone’s. and generate a unique ID from it. Then they track the signature from sniffer to sniffer. To see where you linger and where you are within meters.
If you have Facebook on the smartphone, Facebook will slurp *everything*, even sound.
The phone must be off and shielded with an RF proof material to be “safe” from tracking. Wrapping in alufoil and closing the gaps carefully can work as an improvised solution.
I’m getting an increasing number of those advert. annoyances on my NSA sponsored Yahoo e-mail …..
Thank you Marissa Mayer … you feckless douch!
I still get a chuckle over how this “sophisticated” targeted advertising results in ads in my browser for stuff I just bought a day before. Like maybe I didn’t buy enough of it.
However, the hundred or so email spams I get a day is well beyond irritating. Apparently our 17 intelligence agencies can’t do anything about that.
So the ambitions of the genius CEOs are now running into the realities of lining shareholders pockets, how quaint. I work with in the life sciences industry and people are constantly amazed by the hubris of Google and it’s know-it-all attitude. Their life science entities have over-promised and underdelivered and they just walk away from projects and pretend they never happened when they’re done with them.
And while Wolf’s next article points to the failure of the Apple watch (I would just call it flat, not a failure), I think the other story worth focussing on is their clusterfuck of an effort to build their own car. Again, Silicon Valley hubris has these companies thinking they can come in and “disrupt” an over 100 year old business that requires all kinds of engineering and scientific know-how. Just because Apple builds a nice phone does not mean it has any kind of business building a car. But they were too hubristic to just buy an established company or partner with an exisiting one in a meaningful way. So they just kill the project and pretend that they only wanted to make the electronics the whole time. So Apple wants to become an autoparts supplier then? Good luck beating Magna, Delphi, or Bosch who all have a major headstart on Apple (and other SV players) in the spaces they operate. Heck, even the much maligned Blackberry runs the OS onboard many vehicles infotainment centers out there. And Apple will be working at the mercy of the auto companies that they have derided as outdated when they launched their own effort.
I think there is an increasing smell of desperation around Google and Apple in particular. Talking to the techie millennials in my family, Google and Apple still have an ‘aura’ around them of companies that would be amazing to work for and that their products are worth getting excited over. But they can have only so many abject failures before everyone realises that they are actually not all that competent – and maybe just they got lucky with an initial product and are floating on that reputation and cushion of cash.
I was really surprised about the Apple Car. When I first heard about it I assumed they were going to try something genuinely new and innovative – maybe an all composite and electronic vehicle that you would lease rather than buy, and would integrate seamlessly with other devices, a genuine alternative to the regular car. Yet it seems that all they intended was a Tesla/BMW rip-off, a niche product. The jury is still out I think about Tesla (the only genuine newcomer in many years), but even a cursory knowledge of the car industry would show that it is an extraordinarily difficult and complex industry, and ‘new’ entrants are usually only possible via the hard way of being a subcontractor, then building knock-off’s, and after a few decades, finally establishing your own models. And that’s only possible with investors willing to wait decades (possible in Japan and Korea perhaps, but not the US or Europe). As you say, its pure hubris to think you could just muscle in on an industry like that and hope to succeed.
I wonder sometimes if FB will be the long run winner of the current big names. For all its horribleness as a company, they seem to understand their own limitations well. They will stick to being a giant data gobbler and not pretend they know anything else. Apple seem to have run out of good ideas, and one day regulators will finally realise that Google is an old style monopoly, ripe for breaking up.
I haven’t run the numbers, you may be right that Facebook has spent less on risky enterprises than Goggle or Apple, but it’s not like they haven’t fallen prey to the temptation of exotic new “disruptive” toys. The Oculus Rift buy at $2 billion (and yeah, I know that’s all likely mostly stock and not hard cash, but still) strikes me as their incipient Nest failure, to be sure.
https://techcrunch.com/2014/03/25/facebook-to-buy-oculus-vr-maker-of-the-rift-headset-for-around-2b-in-cash-and-stock/
http://www.zdnet.com/article/facebooks-latest-multi-billion-buy-3d-gaming-company-oculus/
The Apple Car could have worked one way, and that would require a truly autonomous vehicle which worked well enough to be a net increase in traffic safety on real roads. It would have to happen fairly soon because the “market” doesn’t go for long term investment these days. The only way I see the Apple Car having worked for them would be for it to be a service – you don’t buy the Apple Car, you pay for the service. You need to put their app on your phone, turn over a lot of personal information to sign up for the service and all data gathered from your use of the service (including that from internal cameras and mics) is theirs to do with as they see fit. Even with all that the return on investment combined with the “ickiness” of being involved in something as old-economy as a car might bring the stock price down.
Making money in the car manufacturing business is excruciatingly difficult. How many new companies have succeeded in North America since 1945? How many established companies have folded? How many bail outs have been needed? Given how strong the demand for cars has been over those years it shows how dismal the economics are.
I think the other story worth focussing on is their clusterfuck of an effort to build their own car.
Whaaat? You mean CrApple couldn’t just expand their assembly line into another building in China and instead of sticking their phone in a box, stick it in a slot on the dashboard and start building the car around that? Not very creative of them is it?
Hubris squared doesn’t even come close to describing these rich nerds. For them to get close to a race track experience, expect the 600 HP super cars they buy to have the AV race track option where the car drives itself around the track at high speed, with the nerd along for the ride.
Agreed with your observations. One of the things people do not realize about companies like Google, Apple, and Facebook is that their main technologies are actually simple technologies that are derived from publicly funded research at universities from decades ago. Their main innovation was in packaging together existing technologies (that their competitors did not use) in a user-friendly way. The other thing that people do not realize about these companies is that the technology is also easy because there is no penalty for their software being wrong. If Google returns a good search result versus an amazing search result, you largely cannot tell the difference or even care about the difference.
The thing is that all the praise and money to these tech CEO’s and others working in the industry has gone to their heads, where they think their technologies are brilliant and that they are brilliant. But things like building cars, building airplanes, working on healthcare requires difficult engineering where failures are much more costly than the software environment where they work. They have difficulty adjusting to this mindset, and often are incapable of doing so. Even the so-called hardware successes like Tesla and Space-X have low reputations in the respective industries: Tesla cars have reliability problems as reported by Consumer Reports, and some automotive engineers believe the cars are over-engineered because Tesla has been too arrogant to hire experts in automotive design. Space-X rockets have a low reputation amongst some aerospace engineers who believe the rockets do not have the same capabilities as more established technologies.
“One of the things people do not realize about companies like Google, Apple, and Facebook is that their main technologies are actually simple technologies that are derived from publicly funded research at universities from decades ago. Their main innovation was in packaging together existing technologies (that their competitors did not use) in a user-friendly way. ”
Repeating this important point . Thanks.
The same can be said of Epi-Pen technology developed by US govt research (US tax dollars) in the 70’s.
Coding is the new rocket science. What isn’t needed is a lot of infrastructure, and it’s portable work that can be done anywhere by anyone creative enough to do it. That presents a problem long term for what these companies actually do, and I see rapid aging of these companies.
You only need so much stuff, and they are running out of new customers. Google is a middleman in a scheme to sell your eyeballs to a merchant. So is Facebook. Apple thinks it owns your eyeballs.
Its a fight to the finish. And then there is Amazon. What is it? Tech – warehouse super predator?
Does anyone else find it curious that Apple hasn’t gone up to Amazon, and publicly reproach them for selling counterfeit Apple products produced in the sweatshops of China, and sold by Amazon. Amazon is stealing Apple’s cracker money, but still, isn’t there a principle involved, like don’t take my stuff? The Apple corporate person hood seems to be hiding, afraid of getting punched in the face.
Yours Truly is in the market for a new computer or two.
Was thinking about Apple, but you know what? They’ve been so caught up in phone/pad/watch fever that they’ve allowed their desktop and laptop line to grow stale.
Looks like it’ll be another PC for this camper.
Yeah, Google should stick to its knitting and focus on further crapifying its search results.
A question keeps recurring to me, and perhaps readers with more knowledge of the industry can respond: isn’t there an approximate limit to the amount of dollars spent on advertising? And if there is, then isn’t there a limit to the valuations of these companies whose business models are based on said advertising?
It seems to me that these companies (also competing for ad dollars spent on legacy nedia) are being valued as if the amount of advertising dollars is near-infinite, whereas in reality there must come a moment of realization that these people are cannibalizing each other other.
And then?
” is near-infinite”
‘Toy Story’ character Buzz Lightyear: “To infinity and beyond!”
https://www.youtube.com/watch?v=ejwrxGs_Y_I
Was his character an inside joke about silicon valley?
Some of these tech ad companies in their earning reports used to list number of ads displayed in a year, total revenue for ads, and revenue per ad display. Total revenue for ads was increasing at a healthy rate, while revenue per ad display was dropping significantly. The conclusion was that online ads are losing effectiveness and so advertisers are willing to pay less; the tech ad companies have responded by increasing the total volume of displayed ads, by transitioning their users to smartphone apps where they could further increase the volume of displayed ads, and by increasing the number of users.
The tech ad industry may face some difficulties in the near future. There are limits to the number of ads you can display to a single person, and the tech ad companies are approaching saturation in the number of users; this is why some of these companies have launched dubious “charities” to increase internet access in the developing world (though in reality the proposals have faced resistance because the internet access would be limited to the tech ad company and a handful of selected websites). There are also rumors of malfeasance by the tech ad companies in the honest of the reported advertising metrics and number of displayed ads. Furthermore, a significant (in absolute terms, but maybe not in percentage) amount of advertising dollars right now are coming from tech companies with access to easy venture capital money that have yet to run a profit. If there is a downturn, and some of these speculative tech companies that are dumping in terms of their product and advertising have problems in acquiring additional funding — there is some fear in that industry of a multiplier effect on the reduction of advertising dollars.
Yup.
+1
Only our corporations know for sure. So far it supports all of our news media, sports entertainment, internet search, social media and whatever else “ad model” biz there is.
Hah. Wireless. Sure, it is easier to install wireless in urban areas than fiber (when though the base infrastructure is there already), it is also slower (a toner pipe) than is possible with fiber.
Broadband in the US is settling back down to remain inferior to most other developed nations again.
Wireless is also so easy to hack, it’s not even funny anymore. When we refused to switch to the AT&T wireless network being trotted out to replace their legacy copper wire network, and cited privacy issues as a main decision driver, we were met with incomprehension.
Go figure, infrastructure turns out to be a terrible cost sink. Almost impossible to make a profit from it unless you have a monopoly position.
The only way for these people to enrich themselves is when they get taxpayers to foot the bill, then pocket the profits.
But their philosophy says “government can’t do anything”, no exceptions. The private telcos are busily passing laws that forbid local governments from funding fiber themselves. So we get no high speed internet at all.
You read it the way I read it.
They want to be heavily subsidized in order to become a monopoly.
Just like the old economy.
That’s why no “innovation” is making a big difference with financial inequality.
Wall St is set up to maintain that. The quarterly report. Short term profit. Layoff who you need to so that we can get our monthly nut. F – – – the larger economy.
Get it all now and let the future generations worry about sustainability.
Internet service seems like an obvious fit for being a publicly owned and managed utility. It’s exactly the sort of thing private enterprise cannot do either well or efficiently.
Efficiency and competence take a back seat to profitability in the business world now.
It’s inherently a geographical monopoly, just like the phone company, electric and water companies…oh never mind.
To me the internet’s closer to roads, lines of communication. Having them privately owned and run for profit is insane.
Fiber only makes sense for the telcos, and then only because they see it as less expensive than maintaining POTS lines. In the greater metropolitan Chicago area, AT&T and Comcast are spending millions battling each other for customers for their fiber systems, and they already have the infrastructure (after years of delayed promises). What on earth was Google thinking? Telcos are essentially utilities. Google doesn’t know the first thing about operating a utility. More pitiful flailing that passes for management these days.
And, of course, AT&T is waving their hands at 5G.
http://www.nytimes.com/2016/10/27/technology/atts-vision-of-ultrafast-wireless-technology-may-be-a-mirage.html?_r=0
It’s amusing that San Francisco is cited among densest cities, eh?
The high-frequency ranges necessary to do 5G speeds have extremely short effective ranges in dense urban settings. Not just dense in population, but the density of the physical structures that accompany population density. The obvious answer is, again, to do this as a public utility using existing public rights-of-way and properties. Paying rent to property and land owners (a huge operating expense for private wireless networks) is pure inefficiency when a public internet utility could use locations everywhere they already own.
I met a guy who was a microwave tech in the US Navy, saw the coming cell phone thing before it broke and bought hilltop properties with line of sight to large population concentrations cheap and will make ridiculous money from them for as long as he lives. In many situations, the telcoms have very little in the way of alternatives or bargaining leverage against someone who has such properties. They ain’t making any new hilltops to site towers on.
Thanks.
Agree, public utilities by all means—from internet to postal banks to title insurance (per Brit example) to—whatnot
5G, of course, is millimeter range radio-frequency spectrum; to get wider band go higher frequency (especially to light but that means cable unless you forget the fog etc. . .).
Property rights, namely, land easements rear their heads. Eminent domain surely follows as an issue. Thus, the High Court is again implicated (and continues shadowing FCC authority and net neutrality)
The IoT has turned out to be much more pain than it’s worth.
Witness last weeks monumental DDoS attack on Dyn.
It’s now understood that that attack was probably the work of script kiddies who leveraged the IoT to pull off the largest DDoS attack ever recorded.
From the linked article;
What we’re looking at is the direct result of our collective ignorance as concerns the underlying technologies that support the function of our devices.
“No pull from the market” means we don’t know, and we could care less.
I spend way too much time defending networks from the impact of tainted devices and clueless users, and at the same time, the individuals responsible for my headaches are more and more convinced that their expertise at using social media amounts to deep understanding of tech, and qualifies them to advise me on the fix.
As a group their main contribution to the discussion tends to be “buy more bandwidth.” which is laughable because the collective impact of their tainted, insecure devices is such that they will overwhelm any amount of bandwidth that is provided.
FYI, one sick windows 10 machine can easily swamp a 50mb connection.
I’m afraid all of this is a tremendous escalation in what is already known as crapification, and bodes terribly ill for the future of the digital realm.
The world’s business has migrated almost exclusively to web, and now the web is being shook to it’s foundations not by state-sponsored minions, but by bored teenagers.
I fear we’re approaching a Tower-of Babel moment.
+1
Bullshit. How does one hack 1,000,000 devices? One at a time (LMAO), or by a central server (update server) compromise?
My pet theory is Space Aliens answered the SETI call and “Hello” spelled in Space Alien exceeded the 140 character limit of a tweet.
Far from BS. a $25.00 raspberry pi with one well written script can probe and deposit a ‘bot on to a system with an unencrypted open telnet port that has a known password in less than a minute or two.
Assuming it’s not a raspberry pi, but a fairly fast good laptop, a million systems with open ports could be infected in far less less than 2 million minutes, or somewhere between a year and 2 years. Seems like a really long time… unless there are a few thousand systems running the same scripts and cascading them throughout the globally connected space.
Now you’re talking a few weeks… from laptop computers sold at Walmart… or $25.00 raspberry pis.
People have home routers, and one IP address. How do the hackers get past the SOHO router to the open telnet port?
The hackers are invited in, via any number of common vectors, inviting, but infected email attachments and dangerous links, people will click on anything, and then the fun begins.
If the computer is attached to a network, the virus/Malware searches for all the vulnerable devices on the network, and installs itself on them.
When the user of this machine emails other people, the virus may find a way to tag along and this goes on and on.
Sometimes, the infection installs its own email server on the machine and spams itself all over the earth, cutting and pasting all the folks it finds in your address book.
People who spread malware for a living wake up every morning and check to see what the trending searches are today, they probably use MSN.
When they discover that naked pictures of Kate are big today, they make sure to create some links to direct those clicks to sights where they will be drafted into the bot-net.
These people mostly aren’t breaking into our computers, they’re asking us to let them in, we are doing so, and then they are behaving badly, as if they own the place.
All this happens without us noticing anything.
The most popular story users tell me goes like this; “I clicked on it, and nothing happened”
Believe it or not, many do not do a good job of securing their home routers, others bought their routers years ago and don’t know how to update them to the latest security patches, even if the routers are even capable of being updated. Some have older routers and keep the ssh port opened to the outside in order to set up proxies for their work systems to avoid workplace firewalls. All these systems are crackable through various means from the outside (older non-upgradable routers with ssh ports opened to the outside are cracked all the time).
Then, of course there are the usual methods of phishing, malware located inside pdf files that haven’t updated their adobe readers regularly, flash-plugins that are out of date, etc.
To give you one example regarding adobe, we regularly get notified about adobe acrobat and flash security updates across all Op Systems, Linux, OS X, and MS, on the order of 4 to 5 a month. How many home users update all their internet connected systems with flash and acrobat updates 4 or 5 times a month… many do, I suspect, and I know for a fact many do not.
I mentioned the telenet example above just to show how prolific that has become in just a few short months. A year ago it might have been 50 a day, now 700 to 800 is normal. People are doing it because they find targets, otherwise they wouldn’t waste their time… and this is only one example of the myriad ways to crack a system.
I’ve worked on systems security within relatively high profile, though small, networks with multiple intrusion detection sensors, firewalls, routers and switches, and all with extensive ACLs (access control lists) attached to every port, with users trained and reminded constantly about Internet Security and good and bad habits, yet we still had to pull a few systems off line every month to be sent to forensics because they were cracked wide open.
Networks with professional security people get cracked. Many home user systems are sheep lined up for shearing. Add that to IoT devices that are shipped with open telnet ports and known embedded passwords and you end up with ISPs and others getting hit with 6 Gb per second of useless data bringing critical servers to their knees that are trying to answer these intentionally ill-formed packets.
It doesn’t take a mainframe to do this, it just takes software intentionally well-designed and launchable in concert from anywhere in order to to take advantage of obscure, or in the case of IoT devices, not so obscure, holes.
And once the machines are infected, they collectively become an asset… To be rented or sold.
Not much on following links eh?
Were that your hair-trigger BS detector was better informed.
I am informed. The question is how the exploit was installed. That is not explained.
The work of installing the exploit has occurred over time, it was accomplished in the usual way with spear fishing, compromised web servers, and by infected machines allowed to connect to networks where the network-aware malware called Mirai searches for other machines to infect.
What changed recently is the publishing of the source code for the Mirai malware that controls those thousands of bots.
What has also changed recently is the population of poorly secured IoT devices like IP cameras, baby monitors, smart appliances, thermostats etc…
The script kiddies didn’t mastermind the creation of the bot net, they only used that source code as a map to gain control, and then directed an already existing bot-net to attack targets of their choosing.
Whereas the people who were responsible for building the bot-net were focused on using it to make money, and so can be counted on to behave somewhat rationally, these kids are directing the bots for fun.
This is a very bad development.
Both the above link as well as several posts here on NC from around the time the story broke last week noted the same key aspect of the story:
The source code for the malware that controls this botnet was put on Github earlier this month.
In other words, a very sophisticated hacking toolsuite – far beyond the ken of the script kiddies – was open-sourced. Can you appreciate the difference between writing the source code for a web browser and using a web browser?
I do not doubt the exploit required skill. The question asked is how the exploiters got access to the IOT devices, which are generally connected to a SOHO router, which would have to be configured, with port forwarding, to enable an exploit to target a device in the home connected to a SOHO router.
The toolset is one thing. Installing in on devices en mass another.
Please see my answer above.
In short;
Some sophisticated people built the bot-net over time with a piece of malware called Mirai, what happened recently was the script kiddies found the source code for that malware, and used it to gain control of that bot-net and direct it to attack targets of their choosing.
You don’t necessarily need to be able to afford to purchase a Ferrari in order to take one for a joy ride.
As Watt4Bob notes, the now-open-source software is set up to automatically enlist IoT devices, and it’s quite possible that the folks who used it to set up the first such botnet simply left said botnet in place … perhaps the idea is to simply leave the botnet-recruitment webcrawlers active, allowing the botnet to continually grow as more IoT devices are brought online worldwide. If you were a malicious hacker group with a specific target set you’d want to retain control of the botnet, but if OTOH you want to simply maximize the random-fuckage-for-fun aspect, open-sourcing things would make sense.
From the krebsonsecurity dot com article on the Dyn DDOS:
At the end September 2016, the hacker responsible for creating the Mirai malware released the source code for it, effectively letting anyone build their own attack army using Mirai.
Mirai scours the Web for IoT devices protected by little more than factory-default usernames and passwords, and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users.
99.9995% of all SOHO routers are pure, unadulterated, crap running old code with known exploits for it, default passwords, remote management interfaces left on, …. and are never updated. Even if a router is good, things like UPNP punch holes in the firewall on behalf of users so that WoW will work “out of the box”, of course other things will too ;-p
Google up any of the SOHO brands, like ‘d-link hack’, there *will* be a recipe for it.
Some people put a router/firewall behind the SOHO junk, this also allows one to keep IOT-trash like the Samsung “Smart” TV’s away form the rest of the home network (The “smart” TV’s serve ads from ad networks so it is just a question of time before they are infested with malware).
Few people are network management expert enough to do this or even get someone to do it for them. The SOHO router is just another computer to use for the hackers, basically.
Internet surveillance cameras seem likely candidates to be open to the Internet and to not have a separate port for administration.
How? Automation. With ‘nmap*’ to scan networks and a tool like ‘metasploit*’ to inject exploits into the vulnerable devices found. The most tricky bit is keeping under the ISP’s radar and not have a trace back to your real address, however, there is so much free bandwidth to leach from stupid WiFi/home networks and throw-away computing is possible with devices like the Raspberry PI. Someone, Brendan O’Connor, has of course done research for DARPA on the command and control network, ‘maliceafterthought.com’.
The web site ‘shodan.io*’ is a good place to start when looking for things like b0rked home routers to run exploits against. This cuts down on the scanning, which is noisy.
Plenty of people can pull this kind of thing off. The “l33t Russian HaX0rS”-tools of today are literally last years defense research project. The rest is a disciplined approach. Teenagers have vast amounts of smarts and discipline if they are interested in something, especially something arcane.
*) didn’t put the links ’cause last time I did, everything got lost in moderation.
Every device with an IP address should have a black box warning label on it and a hardware only on/off switch.
Add the ability to operate under local control only, connected only to the bit bucket network.
So glad my computer has a physical toggle for the camera. Saved me the cost of a post-it note.
Don’t forget the microphone.
Aluminum tape is foolproof. One roll should cover all your town’s cameras.
Good. Maybe Giggle will fold and abandon construction of the monstrosity they’re building on 30th here in Boulder (complete with a waiver of the height limitation ordinance that was approved by our supine City Council).
It won’t bring back the dozen or so local businesses that we lost thanks to the construction, but at least we’ll still be able to see the mountains from the east side of town.
Actually there is an actual company company called ‘Giggle Fiber’ not associated with Google.
https://gigglefiber.com/
Based in Monrovia, California outside of Los Angeles!
Well the site is where a Chase bank is…. pick your poison….
Disheveled Marsupial…. wellie exacerbate income inequality and high housing costs, as well as making traffic worse, along with distortion in the economy….. oh well… all the schlubs will just have to Longmont it… just have to watch that one intersection the cops like to camp at on Friday nights…
Has anyone run into the cult management book Zone to Win?
http://zonetowin.com/
It seems like a how-to manual for crapification to me – though I may not be neutral since I am in the process of training a pleasant but overwhelmed and under-experienced Indian person to do my jobs prior to my lay-off, after the CEO of my separating employer drank this particular kool-aid. Something like the early stages of this story:
http://thedailywtf.com/articles/deep-fried-offshore
I went and looked at the site. From the home page. I helpfully underlined some of the buzzwords:
“Strict discipline.” Not as an end in itself, of course.
If this were electoral politics, instead of corporate politics, I’d be reminded of Nazi legal theorist Schmidt’s famous statement: “Sovereign is he who controls the exception,” er, “transformational initiative.”
* I would imagine a CEO who does this every two or three years would be lauded as a great leader.
I would imagine a CEO who does this every two or three years would be lauded as a great leader.
Absolutely. One has to, otherwise the dire results of one’s management effort will soon catch up with one and one will be exposed and possibly even nailed.
Here in Austin, Google has had to pay for numerous damaged underground utility infrastructures as they installed the fiber, and one suspects that has bloated the cost overrun on the Fiber project. Especially if it happened in the other cities as well.
Wait a minute. Google doesn’t know how to call 811 for utility locating *before* they dig?
Sheesh. I was thinking that Google employed people with common sense.
Google has discovered what the phone companies knew. It is capital intensive to build a network, margins are low and the payback period >> (much greater than) 3 years.
Which is why ATT & Verizon did not replace copper with optical fiber, and why they focused on wireless, Expense and ROI.
Duh.
Tech is dead.
A friend’s son is a senior hiring executive at Google.
“Sell, sell, sell Google” is his advice.
Twitters laying off large numbers, apartment prices have stopped growing in San Francisco and retail vacancies are growing. Huge numbers of condos have been built. The biggest steel frame building ever is being built and they may be few tenants. I would hate to own office space right now.
CRE overbuilding isn’t just a SanFran problem. It’s happening all over the country.
Watch for rent and commercial property price reductions. They’re coming soon to a real estate market near you.
Seattle was the last to get hit in the last down turn. Right now we have more cranes in the downtown than any other place. Rents went up 9.7% in 12 months. Can’t wait for the next shoe to fall. We need a culling of the herd.
Prolly shouldn’t buy the million$ median price house either?
Can’t happen fast enough…
From what I hear is – Apps – are dead… which if such is the case of Tech demise, just goes to show what base all the Billions of market cap are premised on….
Disheveled Marsupial…. can you hear a whooshing sound in cyberspace – ??????
I’ve never understood why people get so worked up about apps.
Call me a Luddite, but I use my mobile phone for making calls, sending texts and e-mails, and some web browsing. The only apps I use are the call blocker for phone and text spammers and the City of Tucson’s graffiti reporter.
“It’s billions of dollars a year just to maintain this stuff, and Google doesn’t want to spend that kind of money on just being another player in that market,” Jan Dawson, an analyst with Jackdaw Research, told Bloomberg.
Translation: Not interested unless we can be heavily subsidized by governments so that we can monopolize the market.
Meet the “new” economy, just like the “old” economy. Captured by the tyranny of the financial quarterly report.