A prominent story airing last week on the NBC Nightly News with Brian Williams suggested visitors to the Sochi Olympic Games in Russia should expect their Android smartphone or laptop to be infiltrated by hackers moments after being switched on. A closer examination of the story suggests NBC News reporter Richard Engel had to go out of his way to get infected with malware.

[flv]http://www.phillipdampier.com/video/NBC News Hackers at the Olympics 2-4-14.flv[/flv]

Is it really too late to protect your electronic device if you power it on at the Sochi baggage claim facility at the airport, as NBC News’ Brian Williams claims? (3:35)

Trend Micro security expert Kyle Wilhoit, who helped design the experiment based on Engel’s usage habits, admitted security holes were left wide open on the tested devices:

On all of the devices, there was no security software of any type installed. These devices merely had standard operational programs such as Java, Flash, Adobe PDF Reader, Microsoft Office 2007, and a few additional productivity programs.

When considering this experiment, there were some basic things to be considered. First was mimicking the user behavior of Richard Engel. Since these were going to be machines with fake data, it was important to accurately imitate his normal activities. I had to investigate Richard’s user habits. In addition to other information, I needed to understand what he actually did on a daily basis, and sites he commonly visits. Also, I needed to understand where he posted. Did he post information on forums? Did he post on foreign language sites?

NBC’s story implied that three new devices, including an Apple MacBook Air, an Android phone, and a Lenovo laptop running Windows 7 were all hacked within minutes of being switched on for the first time, right out of their respective boxes.

A story about hacking at the Olympics in Sochi, Russia was recorded largely in Moscow, more than 1,000 miles away.

Careful observers will notice Wilhoit is wandering around Moscow, more than 1,000 miles away from Sochi. Wilhoit would later clarify in a tweet he never visited Sochi at all. A closer look at shots of computer screens show the reporter clicking on suspicious links and visiting obviously phony Olympics-oriented websites. With no virus or malware protection and Engel’s apparent willingness to click on anything suggests you should never loan him your laptop or phone.

NBC News went over the top getting their Android phone hacked. In fact, Engel not only had to manually find and download the infected app that let the hackers in, he had to navigate a set of menus to disable Android’s built-in security, turning on permission to download apps from unknown or third-party websites not affiliated with the Google Play store. Installing a security-compromised app also brings multiple additional warning messages advising users not to proceed. Under these circumstances, Aunt Sue can rest easy her Galaxy S4 is not accidentally open season for hackers while she watches the downhill skiing events.

Media sensationalism makes for good ratings but requires a lot of truth dodging to make the story real. This is an example.

At least 34 of Comcast’s email servers have been compromised by a well-known hacker group that posted evidence, the exploit, and certain administrative passwords online to embarrass the company and expose its poor security practices.

Using a “Local File Inclusion” vulnerability, the hacker crew accessed the Zimbra LDAP and MySQL passwords and publicly shared their findings earlier today. Use of this type of exploit can potentially allow hackers to execute code remotely on the web server, allow insertion of malware through JavaScript, open the door to a Denial of Service attack which would slow Comcast’s servers to a crawl, and could also allow hackers access to sensitive customer information.

The security breach affecting Comcast’s email servers remains open and available as of early this afternoon, and Comcast has yet to publicly respond to the security threat.

In one tweet, NullCrew thanked Comcast for putting all of their password information in one convenient spot, making the security intrusion easier.

NullCrew considers itself a hacktivist group that exposes poor security practices at corporations, government agencies, and schools. As exploits are publicized, most affected companies immediately take steps to strengthen security.

NullCrew alerted Comcast four hours before publicizing the breach, but Comcast’s social media team appeared to lack an understanding of the nature of the threat.

NullCrew posted complete documentation about executing the hack on pastebin.com (since removed), opening the door to more attacks by other parties. It also included its latest manifesto:

1. Hello there beautiful people of the internet, once again; we here at NullCrew have some fun information for you.

2. This time, our target is Comcast, yet another internet service provider who proclaims to be a secured one; shall we test these claims as well?

3. What is Comcast?

4. Comcast Corporation is the largest mass media and communications company in the world by revenue.

5. It is the largest cable company and home Internet service provider in the United States, and the nation’s third largest home telephone service provider.

6. Comcast provides cable television, broadband Internet, telephone service and in some areas home security (including burglar alarms, surveillance cameras, fire alarm systems and home automation) to both residential and commercial customers in 40 states and the District of Columbia.

7. Okay!

8. So, it’s the LARGEST mass media and communications company in the world? Sweeeeet.

9. Let’s take a look at it, and see if we should be impressed.

10. Below us, we have a list of Comcast mail servers; and each of these mail servers run on something called, “Zimbra.”

11. But each of these mail servers also are vulnerable to LFi, and you know what LFi can lead to, right?

With the Canadian cable business locked up by Shaw, Rogers, and Vidéotron, Ltd., suburban Ontario and Quebec cable operator Cogeco announced intentions to acquire at least one small U.S. cable company later this year after it pays down more debt.

CEO Louis Audet told shareholders that cable operators in Canada are large, very profitable, and absolutely not for sale. That leaves few growth opportunities for the fourth largest cable operator in Canada. Instead of spending money to expand its current footprint into unserved areas, the company will look south of the border for buying opportunities.

Audet

“What you see is pretty much what you get unless something really special comes out of left field,” Audet said. “The potential exists in the U.S. where it doesn’t in Canada.”

Cogeco’s financial resources are too limited to challenge the three largest cable operators in the country, and Audet said Cogeco has no intention of selling its own business. In eastern Canada where Cogeco provides service, Rogers Communications would be the most likely to buy Cogeco. Rogers tried, and failed, to acquire Quebec-based Vidéotron in 2000 — losing out to media conglomerate Quebecor. But Rogers did succeed in picking up Shaw’s Ontario-based Mountain Cablevision, Ltd. last January.

Cogeco has pursued other cable companies outside of Canada in the past. Its acquisition of Portugal’s Cabovisao in 2006 was widely panned, and after Portugal’s economy crashed in the Great Recession, Cogeco ended up writing off its net investment, taking a $56.7 million loss. Cogeco acquired Cabovisao for $660 million and sold it to ALTICE six years later for the fire sale price of $59.3 million.

In 2012, Cogeco acquired rural and small city cable operator Atlantic Broadband for $1.36 billion. Atlantic offers service in Pennsylvania, Florida, Maryland, Delaware, and South Carolina — mostly in communities ignored by Comcast and Time Warner Cable.

Possible Cogeco acquisition targets include Cable ONE, WOW!, Wave Broadband, SureWest/Consolidated Communications, Midcontinent Communications, Buckeye Cable, and/or Blue Ridge Communications, to name a few.

In the meantime, Cogeco is following the lead of U.S. cable operators by intensifying service expansion in commercial areas, particularly industrial parks and office complexes. Selling larger businesses cable broadband could net Cogeco $600-1,200 a month per account.

Phillip “Follow the Money” Dampier

“In the 1990s, U.S. policymakers faced critical choices about who should build the Internet, how it should be governed, and to what extent it should be regulated and taxed. For the most part, they chose wisely to open a regulated telecommunications market to competition, stimulate private investment in broadband and digital technologies, and democratize access.” — Will Marshall, guest columnist

Is competition in Internet access robust enough for you? Has your provider been sufficiently stimulated to invest in the latest broadband technologies to keep America at the top of broadband speed and availability rankings? Is Net Neutrality the law of the land or the latest victim of a Verizon lawsuit to overturn the concept of democratizing access to online content?

I’m not certain what country Will Marshall lives in, but for most Americans, Internet access is provided by a duopoly of providers that must be dragged kicking and screaming to upgrade their networks without jacking up prices and limiting usage.

Marshall is president and founder of the Progressive Policy Institute, a so-called “third way” group inspired by centrist Democrats led by President Bill Clinton in the 1990s. Unlike traditional liberals suspicious of corporate agendas, these Democrats were friendly to big business and welcomed the largess of corporate cash to keep them competitive in election races. It was under this atmosphere that Clinton signed the bought-and-paid-for 1996 Telecom Act, ghostwritten by lobbyists for big broadcasters, phone and cable companies, and other big media interests. Long on rhetoric about self-governing, free market competition but short on specifics, the ’96 law transformed the media landscape in ways that still impact us today.

Media ownership laws were relaxed, allowing massive buyouts of radio stations under a handful of giant corporations like Clear Channel, which promptly dispensed with large numbers of employees that provided locally produced programming. In their place, we now get cookie-cutter radio that sounds the same from Maine to Oregon. Television stations eagerly began lobbying for a similar framework for relaxing ownership limits in their business. Phone companies won their own freedoms from regulation, including largely toothless broadband regulations that allowed Internet providers to declare victory regardless of how good or bad broadband has gotten in the United States.

Marshall’s views appeared in a guest column this week in The Orlando Sentinel, which is open to publishing opinion pieces from writers hailing from Washington, D.C., without bothering to offer readers with some full disclosure.

Marshall

While Marshall’s opinions may be his own, readers should be aware that PPI would likely not exist without its corporate sponsors — among them AT&T, hardly a disinterested player in the telecommunications policy debate.

Marshall’s column suggests competition is doing a great job at keeping prices low and allows you – the consumer – to decide which technologies and services thrive. There must be another reason my Time Warner Cable bill keeps increasing and my choice for broadband technology — fiber optics — is nowhere in sight. I don’t have a choice of Verizon FiOS, in part because phone and cable companies maintain fiefdoms where other phone and cable companies don’t dare to tread. That leaves me with one other option: Frontier Communications, which is still encouraging me to sign up for their 3.1Mbps DSL.

“The broadband Internet also is a powerful magnet for private investment,” Marshall writes. “In 2013, telecom and tech companies topped PPI’s ranking of the companies investing the most in the U.S. economy. And America is moving at warp speed toward the ‘Internet of Everything,’ which promises to spread the productivity-raising potential of digital technology across the entire economy.”

Nothing about AT&T or the cable companies is about “warp speed.” In reality, AT&T and Verizon plan to pour their enormous profits into corporate set-asides to repurchase their own stock, pay dividends to shareholders, and continue to richly compensate their executives. It’s good to know that PPI offers rankings that place telecom companies on top. Unfortunately, those without a financial connection to AT&T are less optimistic. The U.S. continues its long slide away from broadband leadership as even developing countries in the former Eastern Bloc race ahead of us. Verizon’s biggest single investment of 2013 wasn’t in the U.S. economy — it was to spend $130 billion to buyout U.K.-based Vodafone’s 45% ownership interest in Verizon Wireless. Verizon’s customers get stalled FiOS expansion, Cadillac-priced wireless service, and a plan to ditch rural landlines and push those customers to cell service instead.

AT&T financially supports the Progressive Policy Institute

“A recent federal court decision regarding the FCC’s Open Internet Order has prompted pro-regulatory advocates from the ’90s to demand a rewrite of the legal framework that allowed today’s Internet to flourish,” Marshall writes in a section that also includes insidious NSA wiretapping and Internet censorship in Russia and China.

Marshall’s AT&T public policy agenda is showing.

Net Neutrality proponents don’t advocate an open Internet for no reason. It was AT&T’s former CEO Ed Whitacre that threw down the gauntlet declaring Google and other content providers would not be allowed to use AT&T’s pipes for free. AT&T has since patented technology that will allow it to discriminate in favor of preferred web traffic while artificially slowing down content it doesn’t like on its network.

“Pro-regulatory advocates” are not the ones advocating change — it is AT&T, Verizon, and Comcast, among others, that want to monetize Internet usage and web traffic for even higher profits. Net Neutrality as law protects the Internet experience Marshall celebrates. He just can’t see past AT&T’s money to realize that.

David Raphael ran into trouble using his Verizon Internet connection last month, discovering major slowdowns when accessing Amazon’s cloud-server ‘AWS,’ which in addition to serving his employer also feeds Netflix video content to customers.

“One evening I also noticed a slowdown while using our service from my house,” Raphael writes on his blog. “I realized that the one thing in common between me and [my employer] was that we both had FiOS internet service from Verizon. Since we host all of our infrastructure on Amazon’s AWS – I decided to do a little test – I grabbed a URL from AWS S3 and loaded it. 40kB/s.”

Internet slowdowns while accessing different websites is nothing new. Just ask anyone trying to watch YouTube in the early evening.

But what was different this time is that a Verizon representative seemed to openly admit the company is purposefully throttling certain web traffic, as this chat screen capture suggests:

“Frankly, I was surprised he admitted to this,” Raphael writes. “I’ve since tested this almost every day for the last couple of weeks. During the day – the bandwidth is normal to AWS. However, after 4pm or so – things get slow. In my personal opinion, this is Verizon waging war against Netflix. Unfortunately, a lot of infrastructure is hosted on AWS. That means a lot of services are going to be impacted by this.”

That would certainly be the case as many large content distributors increasingly rely on cloud-based delivery services to reach subscribers over the shortest and fastest possible route. But broad-based interference with web traffic would also throw a major wrench in Verizon’s core marketing message for FiOS — its fiber-fast speed when compared against the cable competition. If subscribers notice their Netflix experience degraded to speeds that resemble dial-up, cable companies are going to get a lot of returning customers.

We reached out to Verizon for comment and it turns out the company has not declared war on Netflix after all.

“We treat all traffic equally, and that has not changed,” says Verizon spokesman Jarryd Gonzales. “Many factors can affect the speed a customer’s experiences for a specific site, including, that site’s servers, the way the traffic is routed over the Internet, and other considerations.  We are looking into this specific matter, but the company representative was mistaken. We we’re going to redouble our representative education efforts on this topic.”