Source: iResearch, MRG as of 2012

In China, more shoppers are buying from established retailers instead of individual consumers selling goods.

(Updates comment from Alibaba in the 5th paragraph.)

Right now, China’s e-commerce industry looks like a bazaar where shoppers roam around for independent sellers who have the items they’re looking for. However, trends in the nation’s online buying habits show that the Chinese are moving away from small merchants and gravitating toward their own sorts of superstores such as 360buy Jingdong Mall.

The shift signals that the market is maturing, and it threatens to shake up the industry led by Alibaba Group Holding, China’s biggest e-commerce company. According to a report by Multimedia Research Group that was commissioned by Bloomberg, Chinese consumers made an estimated 35 percent of their online purchases at retailers last year. That’s up from 24 percent in 2011 and 14 percent in 2010, the report said.

As the chart shows, businesses are expected to continue to capture more market share this year and account for the majority of e-commerce transactions by the end of 2014. This type of e-commerce, dominant in mature Internet markets, “is the future of China’s online shopping,” Julia Zhu, an analyst at MRG, wrote in her report. “Chinese consumers shop online for a better price and accessibility to more products,” both of which are better served by big retailers than individuals.

Seemingly, that would be bad news for Alibaba, which owns the dominant consumer-to-consumer retail site Taobao Marketplace. 360buy, which describes itself as an “online shopping mall,” had been attracting millions of shoppers with perks such as free shipping and quality assurance.

John Spelich, a spokesman for Alibaba, said the company had foreseen this shift and has taken steps to address it, including spinning out its own superstore called Taobao Mall in 2011. Alibaba’s two largest e-commerce sites have collectively accumulated more than 1 trillion yuan ($161 billion) in sales, and Tmall continues to experience triple-digit growth, Spelich said.

Since launching Tmall in 2008, Alibaba has capitalized on the growing preference for an all-in-one shopping experience. Tmall is now the leader in that market, according to research firm Analysys International. Within the next decade, Alibaba plans to set up a logistics network that can support 10 trillion yuan ($1.6 trillion) in transactions, the China Daily newspaper reported last week.

In preparation for a brave new world of e-commerce in China, Alibaba has been arranging for several drastic changes to its business just in the past few weeks. The company said on Jan. 10 that it will divide itself into 25 units from seven in an effort to become more flexible. Then Jack Ma said he will step down as chief executive officer in May. Ma said last June the company could sell shares in an IPO within five years.

As the massive Chinese Internet market continues to evolve rapidly, all eyes are on Alibaba to see whether it can stay ahead of the trends without Ma, its billionaire founder, at the helm.

Original post is What the Big Shift in China’s Online Buying Habits Means for Alibaba by Tech Blog.

Photograph by ImagineChina/Corbis

China has been the top source of cyber-attack traffic since the last quarter of 2011, according to a study by Akamai.

About one-third of the world’s cyber attack traffic was traced back to China, according to a report by Akamai Technologies to be published today.

Between July and September of last year, about 33 percent of the attacks originated in China, double the percentage in the previous quarter, the report said.

The U.S. was the second-largest source with 13 percent. Next came Russia, Taiwan and Turkey, which each accounted for less than 5 percent of the attacks, according to the report by the Internet services company.

Corporate espionage, especially computer-data heists, has become a common practice in China, as Bloomberg Businessweek reported last year. In 2010, Google accused China of staging an attack on the company’s network. China has been the top source of cyber attacks since the end of 2011, the Akamai report said.

Most of the attacks originating in China targeted a particular database system made by Microsoft, according to David Belson, who edited the report.

“It may have been a flareup in some sort of exploit that is trying to spread,” Belson said in an interview.

The Akami report also contains the most recent list of countries and regions with the fastest Internet access. Check out the Bloomberg.com slideshow to learn more about the top 10.

Original post is One-Third of Cyber Attack Traffic Originates in China, Akamai Says by Tech Blog.

Photograph by Jin Lee/Bloomberg

Patrons use automated self service booths at the U.S. Postal Service in New York.

When China passed a new law two weeks ago requiring people to give their real names when signing up for Internet and phone service, it raised alarms over the surveillance implications for the world’s largest population of Web users.

It also highlighted what may be an uncomfortable reality for U.S. netizens: a national digital ID, which essentially is what China is proposing, isn’t entirely a foreign concept.

The U.S. is also slowly moving to a system where online personas are inextricably linked to real-world identities, an idea with huge privacy and security implications.

The tactics and enforcement mechanisms being explored in China and the U.S. are worlds apart, but the central idea is similar: knowing someone’s real name improves accountability online. That’s a double-edged sword, though, depending on who’s doing the accounting.

The White House’s National Strategy for Trusted Identities in Cyberspace, or NSTIC, is leading the government’s efforts in this area.

In September, the NSTIC awarded more then $9 million to five ambitious pilot projects that could have deep ramifications for the future of online commerce. They are developing technologies that will allow people to use online credentials — say, a PayPal or Gmail username and password — to obtain government services online, such as accessing health care records, getting driver’s licenses or paying taxes.

Some of the biggest names in business and technology are involved, including Microsoft, AT&T and LexisNexis. Their partners include Virginia’s Department of Motor Vehicles, the American Association of Retired Persons and various medical organizations.

Last month, NSTIC also announced the awarding of another contract, to the U.S. Postal Service, to build a cloud-based service to allow all federal agencies to accept approved third-party credentials for online services.

National digital IDs issued by the government are the “political third rail” in the U.S., and previous incarnations in the 1990s failed, according to John Pescatore, a computer security expert at Gartner. But now, many people are accustomed to using one log-in, such as a Facebook account, to access multiple sites, he said. NSTIC’s approach of deploying small, targeted projects to incorporate government sites into that web is a wise approach to test a controversial idea, he said.

“What NSTIC is doing is it’s sprinkling projects around at different levels,” Pescatore said. “Hedging your bets and trying across many different communities is much more likely to succeed than a top-down approach.”

Taken together, the efforts highlight the contrasting approaches by the U.S. and China.

Encouraging people to use log-ins for services they’ve voluntarily signed up for to access government services they may need only infrequently is one thing. But mandating that individuals give their real name before going online in the first place is quite another, and it’s a requirement that’s difficult to enforce even in China.

But it’s going to be hard to shake the obvious risks of consolidating our digital lives even further than we already have.

“Getting away from usernames and passwords is probably a good thing,” said Richard Bejtlich, chief security officer for Mandiant, an Alexandria, Va.-based computer security firm that investigates data breaches. “But I personally don’t like the idea of an uber-credential that could log into everything, because if that one thing falls, I could lose everything.”

Original post is A National Digital ID, Courtesy of the U.S. Postal Service? by Tech Blog.

Photograph by David Lowe

The U.S. government has vowed to fight efforts by Russia and China to empower the U.N. to regulate the Internet.

This could be a crucial week for the future of the Internet and who controls it.

At a conference in Dubai that ends on Friday, the United Nations could emerge with significant authority over key parts of the Internet. And as a result, China, Russia and Saudi Arabia could break apart the U.S.-led system for numbering and naming websites.

In other words, there could be a fundamental change in the way the Internet is governed, and some countries might win the power to control or tamper with the Internet in previously impossible ways.

Or: Little will change at all, which is more likely.

For all the posturing surrounding the Worldwide Conference on International Telecommunications, there’s the distinct possibility that the Internet will emerge unscathed.

Whatever the outcome, the battle taking place in Dubai highlights the growing tension over a relatively obscure but vital system for making sure that people can surf the Web freely without government interference.

The conference is a product of the International Telecommunication Union, a United Nations agency.  The gathering’s stated aim was to update the technical standards that allow different countries’ telephone networks to work together.  The last time they were updated was 1988.

The agency insists it won’t use the conference to increase the UN’s authority over the Internet. Nevertheless, the event has turned into a referendum on the role of the United States, and in particular, the Internet Corporation for Assigned Names and Numbers, in managing the global Internet.

ICANN is an independent, U.S.-based organization that acts as a phone book for the Internet. It coordinates the names and addresses of sites globally to ensure that computers know to find each other online.

The group’s prominence is an outgrowth of the Internet’s roots in the U.S. and the need for a centralized body to oversee traffic instructions. Its primary function is managing the Domain Name System, or DNS, that underpins the modern web.

The ideas being floated would shift some control to the UN and allow individual nations to manage the Internet addresses in their own territories. On Wednesday, an eight-country group that is pushing for more sovereign control over web addresses resubmitted a proposal it had scrapped a day earlier, as my colleague Amy Thomson reported. The group includes China, Russia, Saudi Arabia, Algeria, Bahrain, Iraq, Sudan and the United Arab Emirates.

While it might seem like an equitable idea, the Obama administration published a blog post Tuesday that argued that free speech and innovation would suffer if the UN were granted significant new powers. The proposal also faces opposition from Australia, Canada, the Czech Republic, Germany and Sweden, which have all called for it to be tabled since they’ve agreed not to talk about regulating the Internet at the conference.

The threat is that if every country were allowed to manage their own Internet address books, sites seen as troublesome by the governments could be easily — and silently — eliminated by removing them from the index and making them permanently inaccessible to the outside world.

“The global consensus for a free and open Internet is overwhelming,” the White House’s post stated. “Millions in the United States and around the world have already added their voices to this conversation, and their position is clear: they do not want the WCIT to govern the Internet or legitimize more state control over online content.  Our administration could not agree more – and will not support a treaty that sets that kind of precedent.”

That the Internet can be controlled at all may come as a surprise to some. After all, we often hear it described as the Wild Wild West of computing, where anyone can have a voice, viruses are unstoppable, and as the old New Yorker cartoon famously depicted, nobody knows who — or what — y0u are online, unless you tell them. And that countries don’t fully control their own corners of cyberspace is also little-known.

Yet there are ways that the Internet can be brought to heel. We got a fresh example two weeks ago when the Internet was shut off in Syria. Also, China’s censorship of what its citizens see online is longstanding and pervasive. Governments already have powerful tools at their disposal — namely, regulatory authority over telecommunications companies — that give them a lever for crippling the Internet when so desired.

The infrastructure for managing Web addresses has been a sore spot for some countries for some time. The origins of the latest power grab were outlined in depth in this Vanity Fair piece from May, which described it as a “war under way for control of the Internet.”

The deliberations are fast-moving, and there’s a lot of uncertainty about what comes next. By Friday, we should know a lot more.

Original post is U.S. vs. China, Russia in Battle for Control Over the Internet by Tech Blog.

Photograph by Brent Lewin/Bloomberg

A customer inspects mobile devices at a kiosk selling Samsung products in Ambience Mall in Gurgaon, India.

Foxconn doesn’t like to be compared with Samsung.

Founder and Chairman Terry Gou has gone out of his way to tell audiences how the world’s biggest assembler of electronics is better and can defeat its South Korean rival on multiple fronts. He’s even readied more than $1.6 billion on a deal with Sharp to achieve that end. (The companies are still hammering it out.)

Now, two years after Foxconn found itself in the public eye over worker conditions, Samsung is joining the Taiwanese company under that same bright, hot spotlight of worker reform. Underage labor, unsafe conditions and forced overtime were among the allegations China Labor Watch made in September.

Samsung, the world’s largest maker of TVs and mobile phones, followed up with a four-week audit of 105 suppliers, which it conducted itself the same month. The results? While it didn’t find any examples of child labor, it did find “several instances of inadequate practices,” including suppliers fining workers for lateness and absences, the company said on Monday. Those issues should, in theory, be solvable through stricter enforcement of existing standards.

It also discovered something that Foxconn, Apple’s chief supplier, had already learned: Excessive overtime exists in China, and it’s very hard to stop.

“Continuing to cut overtime has been a key challenge,” Foxconn spokesman Louis Woo said back in August, when the Fair Labor Association issued a report as part of Apple’s membership in the group. Woo said “getting overtime is not an obligation but a privilege workers would actually like to have.”

Samsung acknowledged the problem of cutting overtime, saying it aims to eliminate hours beyond legal limits by the end of 2014. That’s more than two years away, an indication of how tough it may be to achieve that goal.

It also shows just how much Foxconn and Samsung, when under the same spotlight, have in common.

Original post is A Spotlight Foxconn Is Willing to Share With Samsung by Tech Blog.

Photograph by Qilai Shen/Bloomberg

The FBI informed Coca-Cola that sensitive deal information had been taken from the computer account of Paul Etchells.

In the annals of what-was-I-thinking moments in computer security, this has to be one of the most gobsmacking.

According to a Bloomberg News investigation of a series of undisclosed corporate data breaches, Coca-Cola was deeply penetrated by hackers in 2009 in what started with an e-mail with this subject line:

“Save power is save money! (from CEO)”

The message landed in executive Paul Etchells’s inbox on Feb. 16, 2009, according to a document obtained by Bloomberg.

The e-mail seems preposterous on its face, but the fact it appeared to come from a legal executive at the company — and at a time that Coca-Cola was pushing energy-saving measures — led Etchells to open it and click on a link that purported to lead to a message from the chief executive officer, according to the report.  That kicked off a chain reaction that allowed the hackers to burrow into Coca-Cola’s network, seeking specific information about a major upcoming acquisition of a Chinese firm, a deal that later fell apart.

The example was one of several involving serious corporate intrusions where the hackers sought information on upcoming business deals. Companies rarely disclose how their systems are breached, so details about the e-mail that fooled Etchells offer a rare look at how even sophisticated attackers — which these clearly were – sometimes resort to highly unsophisticated techniques and are still successful.

Many advanced threats begin the way Coca-Cola’s did, illustrating a growing danger that companies face in protecting their networks.  I’m reminded of the details that RSA, one of the world’s top computer-security firms, offered about an attack on its network that the company revealed in 2011.

That attack began innocuosly, as well, with a malicious e-mail that was sent to multiple low-level employees and carried the subject line: “2011 Recruitment Plan.” The e-mail landed in one employee’s junk folder, where he or she retrieved it and opened an attachment. It led to a breach that potentially jeopardized national security secrets, as RSA’s technology is used to secure the networks of government agencies and their contractors. RSA later confirmed that the information taken was used in an attempted attack on Lockheed Martin.

The incidents show how high the stakes are, and how big attacks often begin very small — with one person who opens a bad e-mail.

Original post is How a Coca-Cola Exec Fell for a Hacker’s E-mail Trick by Tech Blog.

Photograph by Stephen Wilkes/Gallery Stock

In the first quarter of this year, China became the world’s first country to have 1 billion mobile subscribers.

China, a country where 40 percent of households can afford a smartphone, is expected to double that number in five years as disposable incomes continue to grow, a new study said.

By 2017, 80 percent of China’s households will be able to afford a smartphone, according to research firm Research2guidance. Smartphones in China cost between 1,000 yuan ($157) and 2,000 yuan ($314).

Disposable incomes in the world’s largest smartphone market have risen significantly in recent years, with more households joining China’s middle class. That segment of the population earns an annual income of $8,500 to $60,000, and spends a third of its income on discretionary purchases, the study said.

In the first quarter of this year, China became the world’s first country to have 1 billion mobile subscribers.

Original post is China’s Potential Smartphone Base Could Double By 2017, Study Says by Tech Blog.

Photograph by Bloomberg

Omar Khan, a former executive at Samsung Mobile and Citigroup, was hired to help lead NQ’s international expansion.

NQ Mobile, China’s biggest mobile-phone security company, wants to expand in the U.S. But its success will hinge on a delicate question: Will American businesses and consumers be comfortable using security software designed in one of the world’s hacking hot spots?

There’s little doubt that some of the world’s most brazen cyber attacks originate in China, according to U.S. officials, security professionals and even NQ Mobile. In 2010, Google famously blamed Chinese hacking for an intrusion into its network. And earlier this year, a trio of high-ranking U.S. security officials wrote a blunt op-ed saying the Chinese government is “the world’s most active and persistent practitioners of cyber espionage today.”

NQ Mobile itself was accused of helping distribute malware, which the company said was false. That aside, NQ Mobile doesn’t see this view of China as a disadvantage. Rather, it’s a selling point, said Omar Khan, a former executive at Samsung Mobile and Citigroup who was hired this year to help lead NQ Mobile’s international expansion.

“We have the most on-the-ground experience in the market that has the highest infection rates from a malware perspective,” Khan, co-chief executive officer of NQ Mobile, said in an interview. “The analogy I use is, if you need a doctor for a rare infectious disease, you’re going to find a doctor with the most experience in that rare, infectious disease.”

Khan says he hasn’t encountered resistance in meeting with U.S. technology buyers.

Still, the company’s message is a tough sell, according to George Kurtz, former chief technology officer of security-software maker McAfee and now CEO of a startup called CrowdStrike that’s focused on international hacking threats.

“Obviously they’ve got a pretty stout install base in China, but it’s going to be a bit problematic to penetrate the U.S. market given all the targeted attacks that emanate from that area,” he said in an interview. “I think people are going to pause.”

A big challenge for the company will be overcoming a deeply held preference among U.S. consumers for U.S.-made security technology, said Jack Gold, president of J.Gold Associates, a market research firm in Northborough, Mass. There are exceptions — particularly Kaspersky Lab, a Moscow-based antivirus software vendor, which has become a reliable source for hacking research and protects millions of computers.

But the perception in North America of Chinese companies is that “you need to be very, very careful,” Gold said.

NQ Mobile, known until this year as NetQin Mobile, was founded in 2005 and has more than 50 million active users, mostly in China. The basic version of its software is free, which has allowed the company to build a large user base and capture some 60 percent of the Chinese market for mobile malware protection. It has more than 5 million paying customers.

Khan wouldn’t say how many customers NQ Mobile has in the U.S. But he says the U.S. is a significant market for NQ Mobile and will be a focus of  his efforts. 

Its push in the U.S. will put it up against companies such as Lookout, AVG Technologies, Symantec and McAfee, which is now part of Intel.  The worldwide market for mobile-phone security software for corporations is expected to grow to nearly $900 million this year, according to IDC. Most of the consumer software is given away free.

The image of NQ Mobile, which has headquarters in Beijing and Dallas, wasn’t helped by a report last year that accused the company of actually helping spread malware.

A consumer-rights program on Chinese state-run TV accused the company of working with Beijing Feiliu Jiutian Technology Co., a mobile-software company that NQ Mobile owns 33 percent of, to bundle malware with its products and charge users to remove it.

Khan says the allegations were “proven completely false,” pointing to test results that NQ Mobile says showed that malware wasn’t being downloaded.

The episode highlights the challenge NQ Mobile faces in expanding beyond China, said Gold, of J.Gold Associates.

“A lot of security is market-specific — it’s who you trust,” he said. “It takes a while and you have to build up credibility. It’s very hard to walk into the North American market and say, ‘we’ll  protect you.’”

Original post is Will China Connection Help or Hurt NQ Mobile’s Security Pitch in U.S.? by Tech Blog.

Photographer: Norman Ng/Bloomberg

Steve Wozniak still supports Mike Daisey.

Mike Daisey must be feeling some agony after his one-man show, “The Agony and the Ecstasy of Steve Jobs,” was outed for embellishing its supposed first-hand accounts. But Apple co-founder Steve Wozniak is still a big fan of the performance, which he saw more than a year ago.

Wozniak, who started Apple with Jobs in 1976, has been an outspoken supporter of Daisey.

It’s unusual for someone who takes a paycheck from Apple to also back the monologue, which is based on a trip Daisey made to Shenzhen, China. That’s where the largest factory of Apple’s largest supplier, Foxconn, is located. Daisey has chastised Apple on stage and in interviews for its use of cheap Chinese labor, which is common in the electronics industry.

In an e-mail today, Wozniak said he agrees with Daisey, despite the performer’s admissions that he didn’t actually see many of the issues he claimed to witness. Wozniak told us:

I was moved by the performance … the acting abilities … and I agree with Mike’s portrayal of them … coming from my own understanding of the nature of this method of communication.

Mike is so great at this that I want to see it again if at all possible.

The Off-Broadway Public Theater where Daisey performs also seemed to support the performer after today’s controversy. “Mike is an artist, not a journalist,” the theater said in a statement. “Nevertheless, we wish he had been more precise with us and our audiences about what was and wasn’t his personal experience in the piece.”

Wozniak told the Bay Citizen about a year ago that he “will never be the same after seeing that show.”

“The shocking things that Mike said which brought me to tears were so because they came as a first-person story,” Wozniak said then. “It wasn’t just a presentation to an audience. Mike was living the pain of what he was describing as he told it. Sometimes you see a good presentation but occasionally the pure honesty of it comes about from a ray of genuineness.”

Wozniak didn’t mention “pure honesty” or “genuineness” in the e-mail today, but he still believes that Daisey puts on a good show.

Original post is Wozniak Still Backs Mike Daisey by Tech Blog.