F.T.C. Warns Data Firms on Selling Information

WASHINGTON — The Federal Trade Commission said on Tuesday that it had sent warning letters to 10 data brokerage firms, telling them that their practices, which involve gathering and selling consumer information, could violate federal privacy laws.

The companies, most of which market their services online and through toll-free phone numbers, appeared to be offering to sell consumer data for use in screening job candidates, determining eligibility for insurance or making offers of credit, the F.T.C. said.

Such practices could violate the Fair Credit Reporting Act if the sellers are legally considered “consumer reporting agencies” and they fail to verify that customers buying the consumer information have a legitimate purpose for receiving it.

Last month, the F.T.C. similarly warned six companies that they might be violating the act by offering to share tenants’ rental histories with landlords.

The letters issued by the commission are not formal complaints and do not necessarily mean that the companies are subject to the credit reporting act. Rather, the F.T.C. said, “they serve to remind the companies to evaluate their practices to determine whether they are ‘consumer reporting agencies,’ ” and how the act pertains to them.

The 10 companies were part of a group of 45 organizations that were contacted in an undercover test-shopping operation, the F.T.C. said. Members of its staff posed as individuals or company representatives and asked for help in gathering certain types of consumer data.

Six companies were warned by the F.T.C. about their apparent willingness to sell consumer information for employment screening. Those companies are Crimcheck.com of Strongsville, Ohio; 4Nannies of West Hills, Calif.; U.S. Information Search of Pomona, N.Y.; People Search Now of Sacramento, Calif.; Case Breakers, based in Coral Springs, Fla.; and USA People Search of Rocklin, Calif.

The companies either did not respond to a request for comment or could not be reached.

Two companies were found by the F.T.C. investigators to appear to offer consumer data for use in making insurance decisions: the US Data Corporation of Agoura Hills, Calif.; and Brokers Data of Columbia, S.C.

Panetta Warns of Dire Threat of Cyberattack on U.S.

In a speech at the Intrepid Sea, Air and Space Museum in New York, Mr. Panetta painted a dire picture of how such an attack on the United States might unfold. He said he was reacting to increasing aggressiveness and technological advances by the nation’s adversaries, which officials identified as China, Russia, Iran and militant groups.

“An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical switches,” Mr. Panetta said. “They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”

Defense officials insisted that Mr. Panetta’s words were not hyperbole, and that he was responding to a recent wave of cyberattacks on large American financial institutions. He also cited an attack in August on the state oil company Saudi Aramco, which infected and made useless more than 30,000 computers.

But Pentagon officials acknowledged that Mr. Panetta was also pushing for legislation on Capitol Hill. It would require new standards at critical private-sector infrastructure facilities — like power plants, water treatment facilities and gas pipelines — where a computer breach could cause significant casualties or economic damage.

In August, a cybersecurity bill that had been one of the administration’s national security priorities was blocked by a group of Republicans, led by Senator John McCain of Arizona, who took the side of the U.S. Chamber of Commerce and said it would be too burdensome for corporations.

The most destructive possibilities, Mr. Panetta said, involve “cyber-actors launching several attacks on our critical infrastructure at one time, in combination with a physical attack.” He described the collective result as a “cyber-Pearl Harbor that would cause physical destruction and the loss of life, an attack that would paralyze and shock the nation and create a profound new sense of vulnerability.”

Mr. Panetta also argued against the idea that new legislation would be costly for business. “The fact is that to fully provide the necessary protection in our democracy, cybersecurity must be passed by the Congress,” he told his audience, Business Executives for National Security. “Without it, we are and we will be vulnerable.”

With the legislation stalled, Mr. Panetta said President Obama was weighing the option of issuing an executive order that would promote information sharing on cybersecurity between government and private industry. But Mr. Panetta made clear that he saw it as a stopgap measure and that private companies, which are typically reluctant to share internal information with the government, would cooperate fully only if required to by law.

“We’re not interested in looking at e-mail, we’re not interested in looking at information in computers, I’m not interested in violating rights or liberties of people,” Mr. Panetta told editors and reporters at The New York Times earlier on Thursday. “But if there is a code, if there’s a worm that’s being inserted, we need to know when that’s happening.”

He said that with an executive order making cooperation by the private sector only voluntary, “I’m not sure they’re going to volunteer if they don’t feel that they’re protected legally in terms of sharing information.”

“So our hope is that ultimately we can get Congress to adopt that kind of legislation,” he added.

Mr. Panetta’s comments, his most extensive to date on cyberwarfare, also sought to increase the level of public debate about the Defense Department’s growing capacity not only to defend but also to carry out attacks over computer networks. Even so, he carefully avoided using the words “offense” or “offensive” in the context of American cyberwarfare, instead defining the Pentagon’s capabilities as “action to defend the nation.”

Elisabeth Bumiller reported from New York, and Thom Shanker from Washington.

Bits Blog: Google Warns of New State-Sponsored Cyberattack Targets

The warning from Google.

In June, many Google users were surprised to see an unusual greeting at the top of their Gmail inbox, Google home page or Chrome browser. “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.”

On Tuesday, tens of thousands more Google users will begin to see that message. The company said that since it started alerting users to malicious — probably state-sponsored — activity on their computers in June, it has picked up thousands more instances of cyberattacks than it anticipated.

Mike Wiacek, a manager on Google’s information security team, said in an interview on Tuesday that since Google started to alert users to state-sponsored attacks three months ago, it had gathered new intelligence about attack methods and the groups deploying them. He said the company was using that information to warn “tens of thousands of new users” that they may have been targets, starting on Tuesday.

By Tuesday afternoon, several people — many of them American journalists and foreign policy experts — had already taken to Twitter to say they had seen the warning. Noah Schactman, the editor of Wired’s national security blog “Danger Room,” tweeted: “Aaaaand I just got Google’s ‘you may be a victim of a state-sponsored attack’ notice. #WhatTookYouSoLong?” Daveed Gartenstein-Ross, a senior fellow at the Foundation for Defense of Democracies, also reported getting the message.  As did Joshua Foust, a fellow at the American Security Project, a nonprofit research organization, who has written extensively about Afghanistan.

Mr. Wiacek noted that Google had seen an increase in state-sponsored activity coming from the Middle East. He declined to call out particular countries, but he said the activity was coming from “a slew of different countries” in the region.

Those findings triangulate with recent discoveries by security researchers that Middle Eastern states, including Iran, Qatar, the United Arab Emirates and Bahrain, have used spyware to monitor citizens and activists overseas.

Last week, several American banks were hit with cyberattacks by hackers claiming Middle Eastern ties. Security researchers have said they have noticed an increase in cyberattacks originating in the region. “We absolutely have seen more activity from the Middle East, and in particular Iran has been increasingly active as they build up their cybercapabilities,” George Kurtz, the president of CrowdStrike, a computer security company, said in a recent interview.

Mr. Wiacek said there were several steps Google users, especially those who get its warning, could take to protect themselves, like changing their e-mail and account passwords, enabling Google’s two-step authentication service and running their computer software updates.

Intel’s Net Income Rises, but Company Warns of Slower Growth

Intel on Tuesday lowered its outlook for the second half of the year based on poor retail demand for personal computers powered by the company’s chips and slower growth in emerging markets.

There were some bright spots in Intel’s earnings report for the second quarter; demand from corporations for PCs and laptops was good, and net income rose slightly, the company said, beating analysts’ expectations.

Paul Otellini, Intel’s chief executive, told analysts in a conference call after the quarterly earnings were announced that revenue would be in the “3 to 5 percent range, versus high single digits” of earlier projections. As a result, Intel, based in Santa Clara, Calif., plans to slow hiring for the remainder of the year. At the end of June Intel had about 103,000 employees worldwide.

The rise of alternatives like tablet computers and smartphones has also eroded demand for personal computers. Mr. Otellini expressed optimism that sales of ultrabooks, a kind of lightweight laptop computer that Intel has invested in to compete with the new devices, would eventually revive growth.

“We’ll see $699 systems” for ultrabooks in the fall, Mr. Otellini said. “In a softer selling season these devices become even more attractive.” While just a few kinds of ultrabooks have appeared in the last few months, Mr. Otellini said there were “over 140 designs in the pipeline” for later this year.

Over 40 of these designs, he said, will have touch-sensitive screens similar to Apple’s iPad and iPhone, or the Surface tablet recently announced by Microsoft. Intel would also get a boost from the release of the new Windows 8 operating system by Microsoft, he said.

Intel reported that its net income in the quarter ending in June rose to $2.8 billion, or 54 cents a share, from this time last year. Revenue climbed 5 percent, to $13.5 billion. The company appeared to have sacrificed some of its gross profit margin for the higher revenue, however. Gross margins were at 63.4 percent, compared with 64 percent a year earlier.

Wall Street analysts have been lowering their outlook for semiconductor demand. Analysts had expected 52 cents a share and revenue of $13.56 billion, according to a survey of analysts by Thomson Reuters.

“What’s saving them is lowered expectations,” said Douglas Freedman, an analyst at RBC Capital Markets. “They are performing on their business better than expected, but it is a mixed bag on growth.”

Intel’s performance was significantly better than that of its chief competitor, Advanced Micro Devices. This month AMD warned that its second-quarter revenue would decline about 11 percent from the preceding quarter, instead of the 3 percent growth it had earlier projected. AMD said its results, which will be announced Thursday, had been affected by lower sales of consumer devices and slower economic growth in Europe and China.

Intel is also a major supplier of chips for computer servers, which are increasingly used in cloud-based data systems. Intel said its data center sales grew 15 percent from a year ago, to $2.8 billion. Sales to PC makers rose just 3 percent over the quarter, to $8.7 billion.

Unlike many tech companies, Intel continues to invest heavily in research and development. Intel previously said it would spend $18.3 billion in R&D this year, up from a little over $16 billion in 2011, but Stacy J. Smith, Intel’s chief financial officer, said that because of the lowered outlook, the company was cutting this year’s R&D to $18.2 billion.