SAN FRANCISCO – IBM Corp.’s first-quarter results slipped as all its major business units suffered declines, but the company backed its bullish outlook for 2009 on Monday, reflecting its belief that a broad mix of services and software will help it weather the recession.

The Armonk, N.Y.-based company’s profit beat Wall Street’s forecast, but sales fell short. The stock was down 1.5 percent in after-hours trading Monday.

IBM reported after the market closed that that its profit was $2.30 billion, or $1.70 per share. That was higher than the $1.66 per share analysts were expecting.

In the same period last year, IBM earned $2.32 billion, or $1.64 per share.

Sales fell 11 percent to $21.7 billion, $800 million short of the $22.5 billion analysts polled by Thomson Reuters were expecting. IBM said the revenue drop would have been 4 percent were it not for the effects of a strengthening dollar.

The earnings report came on the same day that longtime rival Sun Microsystems Inc., which had recently been in talks to be bought by IBM, announced a $7.4 billion deal instead with Oracle Corp. IBM appears unlikely to try to outbid Oracle.

IBM used the earnings release to reiterate its previous guidance for earnings of $9.20 per share in 2009. The company pointed to its better profit margins in services and software, which together contribute more than 80 percent of IBM’s revenue and can be successful in a downturn by helping corporate customers save money.

However, the downturn still showed up in the first-quarter numbers. Services revenue was $13.2 billion, down 10 percent. Software sales were $4.5 billion, a 6 percent decline.

Hardware sales took a bigger hit, falling 24 percent to $3.2 billion. Sales of both high-end mainframe computers and industry-standard servers showed double-digit declines.

In another closely watched indicator for IBM, it signed new services contracts worth $12.5 billion in the first quarter, a decrease of 1 percent from last year. Were it not for currency fluctuations, the value would risen 10 percent, IBM said. These contracts represent revenue that will be booked in the coming years.

Peter Misek, an analyst with Canaccord Adams, said IBM had “really, really solid execution” in the first quarter with “awesome” long-term services signings — up 14 percent to $7 billion. He said investors likely were disappointed to see short-term contract signings fall 14 percent to $5.5 billion and the ongoing struggles of the hardware division.

“They need to do something there,” Misek said.

SAN JOSE, Calif. – Spies hacked into the U.S. electric grid and left behind mechanisms for them to disrupt service, according to a newspaper report Wednesday that renewed questions about the security of key pieces of national infrastructure.

The report in the Wall Street Journal said that the intruders have not yet sought to damage the nation’s electric grid, but that they could try in a war or some other crisis.

Government officials declined to comment on the report.

Congressional investigators and intelligence officials have warned before that electric utilities are vulnerable to cyber attacks. CIA analyst Tom Donahue told utility engineers at a conference last year that in other countries, hackers had broken into electric utilities and demanded payments before disrupting power — in one case turning off the lights in multiple cities.

Stewart Baker, the former assistant secretary for policy at the Homeland Security Department, said Wednesday that electric grids have been hacked for years, and that he would not be surprised if China, Russia and other countries had taken part.

“We were certainly aware that there were intrusions into the electrical grid,” said Baker, now a senior fellow at the Center for Strategic and International Studies.

Security of these systems is not regulated, so the industry is under no mandate on how it should secure its computer networks.

“What I think we’re seeing, as time goes on, is much more careful, much more intentional planned intrusions that have gone beyond hacking into (seeing) what can be found,” Baker said. “The intruders are carrying out comprehensive surveillance with a view to actually taking action.”

The story in the Journal said Russian and Chinese officials denied any involvement in spying on U.S. infrastructure.

Associated Press Writer Eileen Sullivan contributed to this report from Washington.

In this Sept. 4, 2008 photo provided by the Marine Institute of Ireland, a buoy that uses sensors in the ocean to collect data on water quality and sea conditions is seen in Galway Bay, Ireland. The SmartBay system, developed by IBM and the Marine Institute of Ireland, provides real-time information to scientists, commercial fishermen, environmental monitoring agencies and the general public.

SAN FRANCISCO – IBM Corp. wants to get really deep into water.

The technology company is launching a new line of water services Friday, hoping to tap a new sales vein by taking the manual labor out of fighting pollution and managing water supplies. IBM says the overall water-management services market could be worth $20 billion in five years.

The effort is part of a wider role IBM wants to play in infrastructure services, including automobile traffic and power grids. In each instance, IBM is trying to persuade utilities and government agencies to overhaul their computer networks and link digital sensors together for better insights.

For example, instead of a meter-reader from the power company traipsing through your backyard, IBM is banking that one day your meter and your neighbors’ will feed data directly into the utility’s computer network.

Same for water. IBM says its new services will help water providers become more efficient in overseeing ever-more-precious supplies and responding faster to contamination and other emergencies.

The company has been working on a project called SmartBay with an Irish marine institute to develop sensors that are monitoring pollution, marine life and wave conditions around Galway Bay and transmitting data to researchers. Among the benefits, IBM contends, is that computers can track floating debris that pose a hazard to commercial fishermen.

This “smarter planet” theme is part of IBM’s strategy to keep making money in the recession. The company’s chairman and CEO, Sam Palmisano, said in a letter to shareholders this week that IBM will be aggressive in drumming up business in areas like managing traffic, power grids, water, food, health care and finance. He vowed the efforts will help Armonk, N.Y.-based IBM grow by getting early starts in areas that will need help for years to come.

“We will not simply ride out the storm,” Palmisano wrote. “Rather, we will take a long-term view, and go on offense.”

SAN FRANCISCO – For immigrants who send money to their home countries, wire-transfer shops are backbones of their neighborhoods. On some blocks in San Francisco’s Mission District, every third or fourth business might offer some sort of money transfer service, and they’re always bustling, even on a Sunday morning.

The customers probably don’t suspect one danger that apparently often lurks in the storefronts: a startling number of viruses on the computers used to transmit their financial information.

Some 60 percent of the PCs examined in a study of 300 wire-transfer businesses in Los Angeles and Las Vegas were infected with nasty viruses, according to a study due to be released Thursday by Spanish software vendor Panda Security.

The viruses Panda found included the worst kinds: keyloggers that record the users’ every keystroke, and other types of malicious programs that give hackers backdoor access to the compromised machines. Some infected machines held troves of private data, from Social Security numbers to credit card numbers to tax documents.

The study wasn’t able to determine whether any information had been successfully stolen because of the infections, which likely got onto the computers from everyday Web surfing by wire-transfer store employees. Researchers said the findings should serve as a warning that there are significant weaknesses in the shops.

“It’s a disaster waiting to happen,” said Carlos Zevallos, the lead researcher.

Wire transfers typically require that money senders provide limited personal information, such as a name and a telephone number. But the centers’ PCs were still rich sources of information because remittance shops are eclectic businesses. Although many are mere check-cashing places, with stark waiting rooms with no chairs and clerks behind bulletproof glass, others double as something else, selling everything from soccer jerseys, furniture and flowers to tax preparation and passport photos.

And when those side businesses operate on the same Internet-connected computers as the wire-transfer transactions, hackers might find a gold mine. Panda’s researchers believe the infections they discovered because of the remittance centers’ poor security controls could let criminals intercept money transfers — and cash them out themselves.

“It’s pretty chilling,” Zevallos said. “It’s the equivalent of having a store with a broken window in a bad neighborhood with a bunch of stuff in there — sooner or later someone’s going to come by and pick it up.”

Zevallos said the infections reflect what can happen when any business gives its employees unrestricted access to the Internet without proper security software and hardware. But remittance businesses or their customers might be especially vulnerable targets, given how much money they transfer. The Inter-American Development Bank estimates that remittances to Latin America and the Caribbean, mostly from the U.S. and Spain, will top $67 billion this year.

The money transfer industry played down the threat. David Landsman, executive director of the National Money Transmitters Association, pointed out that most transactions are for less than $300, which makes the hassle of intercepting a transfer and forging an ID and getting someone in place to steal the delivery potentially more costly than the crime is worth.

“If an identity thief is looking for waters to troll in, these would not be very rich waters,” Landsman said. “It’s not that we’re not concerned about our customers’ data being secured. We just don’t think this is a likely target. It wouldn’t make sense.”

Landsman said the industry’s security policies are sufficient. He noted that the big money-transfer companies are heavily regulated by state auditors, including their computer security. The money transmitters usually provide encryption technology and proprietary software on remittance agents’ machines, to shield the transfers themselves from prying eyes, though oversight after that is limited.

Indeed, the study didn’t find any weaknesses in the way the transfers themselves were handled. However, protections on those transactions might mean less if a hacker could log employees’ every keystroke.

SAN JOSE, Calif. – Two engineers from China who pleaded guilty to the rare charge of economic espionage against the U.S. are facing sentencing Friday, in a case that highlights national security threats surrounding sensitive technologies.

Fei Ye, a U.S. citizen, and Ming Zhong, a permanent resident of the U.S., admitted in 2006 that they stole computer chip designs from their Silicon Valley employers and tried to smuggle the secrets to China to launch a government-backed startup there. The engineers each face a maximum of 30 years in prison.

Their guilty pleas represented the first convictions for the most serious crime under the Economic Espionage Act of 1996. Unlike garden-variety industrial espionage — the theft of a trade secret — economic espionage alleges that someone acted to benefit a foreign government.

Only a handful of cases have been filed under the law, mostly because it’s difficult to prove someone was trying to benefit a foreign nation, even if investigators suspect it. Prosecutors say the trail of evidence often goes cold because of a lack of cooperation by other countries in investigations.

The case against Ye and Zhong stretches back seven years, when they were arrested at San Francisco Internatonal Airport trying to board a flight to China. Their luggage was allegedly stuffed with sensitive documents on chip designs stolen from four tech companies they had worked for.

Other papers seized from the men allegedly showed they were trying to solicit funding from Chinese government agencies to help get their startup going. Prosecutors say the documents showed that Ye and Zhong were promoting the startup as something that would elevate China’s chip-making smarts and help China compete better against other countries in microelectronics.

Those documents were critical to federal prosecutors’ assertion that Ye and Zhong were trying to help China — but the papers say nothing about whether anyone in the Chinese government knew the chip designs were stolen. Court papers are fuzzy on how much success the pair had in securing money for the project. And the indictment doesn’t charge anyone in the Chinese government as a coconspirator.

Four companies were victims of the plot: NEC Electronics Corp., Sun Microsystems Inc., Transmeta Corp. and Trident Microsystems Inc. Ye and Zhong both had worked at Transmeta and Trident. Ye had also worked at NEC and Sun.

The allegations against Ye and Zhong amounted to one of the first economic espionage cases filed. Since then, other cases in Silicon Valley have developed, including one in which an engineer admitted in June he tried to sell fighter-pilot training software to the Chinese Navy. He was sentenced to two years in prison.

Prosecutors in that case said the engineer, Xiaodong Sheldon Meng, who was raised in China and holds Canadian citizenship, was focused on profit, not a foreign allegiance, so they asked for a more lenient sentence than they would if someone was accused of spying.

In a separate case, two other Silicon Valley engineers, Lan Lee and Yuefei Ge, are under indictment on charges they stole chip designs and tried to launch a microprocessor startup with a Chinese venture capital firm. Their trial hasn’t been set.

In Southern California, Chinese-American engineer Dongfan “Greg” Chung, who worked at Boeing Co. and space shuttle-builder Rockwell International, is accused of stealing secrets regarding the space shuttle, a military transport plane and a rocket on behalf of China. Chung has pleaded not guilty.

SAN FRANCISCO – Netflix Inc. said Thursday that major technical problems over the past three days have severely limited the number of DVDs it could send out.

The unspecified problems affected all of the Los Gatos-based company’s 55 shipping centers and marked the biggest disruption in service since Netflix launched its DVD-by-mail subscription business nine years ago.

Normal shipments from the online DVD rental leader were expected to resume on Friday, according to Netflix spokesman Steve Swasey.

The company was able to send out some discs on Wednesday, but shipped none on Tuesday and wasn’t able to ship discs for much of the day Thursday, Swasey said.

Technicians were able to resolve some of the problems and get some of the distribution centers up and running again Thursday, but were expected to have to work through the night to get the entire system functioning properly, Swasey said.

He declined to comment on the cause of the outage.

“We’re not real big on pointing fingers or attaching blame or airing this out in public,” Swasey said.

About a third of the company’s 8.4 million subscribers are currently waiting for DVDs held up by the problems. Affected customers were promised a credit to their accounts for the delay.

The glitches didn’t affect Netflix’s Web site or its service for streaming movies and television shows instantly to customers’ computers.

Previously, Netflix’s longest disruption had been in July 2007 when its Web site went down for 18 hours. The company suffered another outage in March of this year when the site was down for about 11 hours, resulting in a one-day delay in delivering DVDs.

Swasey said that was the first time Netflix was unable to deliver DVDs for an entire day.

“When we miss on that it’s a big deal,” Swasey said.

Shares in Netflix rose 68 cents, or 2.2 percent, to $31.84 Thursday.

Team Sudoers competes in the Capture the Flag hacking competition at the DefCon conference in Las Vegas.

LAS VEGAS – Want to break into the computer network in an ultra-secure building? Ship a hacked iPhone there to a nonexistent employee and hope the device sits in the mailroom, scanning for nearby wireless connections.

How about stealing someone’s computer passwords? Forget trying to fool the person into downloading a malicious program that logs keystrokes. A tiny microphone hidden near the keyboard could do the same thing, since each keystroke emits slightly different sounds that can be used to reconstruct the words the target is typing.

Hackers at the DefCon conference here were demonstrating these and other novel techniques for infiltrating facilities Friday.

Their talks served as a reminder of the danger of physical attacks as a way to breach hard-to-crack computer networks. It’s an area once defined by Dumpster diving and crude social-engineering ruses, like phony phone calls, that are probably easier to detect or avoid.

As technology gets cheaper and more powerful, from cell phones that act as personal computers to minuscule digital bugging devices, it’s enabling a new wave of clever attacks that, if pulled off properly, can be as effective and less risky for thieves than traditional computer-intrusion tactics.

Consider Apple Inc.’s iPhone, a gadget whose processing horsepower and cellular and wireless Internet connections make it an ideal double agent.

Robert Graham and David Maynor, co-founders of Atlanta-based Errata Security, showed off an experiment in which they modified an iPhone and sent it to a client company that wanted to test the security of its internal wireless network.

Graham and Maynor programmed the phone to check in with their computers over the cellular network. Once inside the target company and connected, a program they had written scanned the wireless network for security holes.

They didn’t find any, but the exercise demonstrated an inexpensive way to perform penetration testing and the danger of unexpected devices being used in attacks. If they had found an unsecured router in their canvassing, they likely would have been able to waltz inside the corporate network to steal data.

To keep the phone running, the researchers latched on an extended-life battery that lasts days on end. But they only really need a few minutes inside a building to test the network’s security.

“It’s like saying, once you get into Willy Wonka’s Chocolate Factory, and you’re in the garden where everything’s edible, you have it all,” Graham said in an interview.

The attack won’t work, of course, if a company’s wireless network is properly secured. In that case, Graham and Maynor said there’s likely no big loss: the package that had been sitting in the mailroom would probably be mailed back to them so they could try it again elsewhere.

Another talk focused on new twists to Cold War-era espionage tactics that could allow criminals to sidestep the locks on computer networks.

Eric Schmiedl, a lock-picking expert and undergraduate at the Massachusetts Institute of Technology, outlined several surveillance methods long used by government intelligence agents that have become more accessible to garden-variety criminals because of the falling price of the technologies.

For example, Schmiedl said even low-budget criminals now have a way to eavesdrop on conversations through a window. It involves bouncing a beam from a laser pointer off the glass and through a light sensor and audio amplifier.

If the people inside the room are close enough to the window, their conversation creates vibrations that the equipment can translate into a crude reconstruction of the conversation, Schmiedl said.

“We’re burning the candle at both ends,” he said. “The technology is becoming easier and cheaper and anybody can do it. And at the same time there’s more incentive now to do it. These are two trains on a collision course. The question is when they’re going to collide.”

Eric Schmiedl, center, a lock-picking expert and undergraduate at the Massachusetts Institute of Technology, talks to attendees after speaking at the DefCon conference in Las Vegas.

Convention topic: hacking

LAS VEGAS – With thousands of hackers milling around the Black Hat convention here, and widespread snooping on the public WiFi network, one place was supposed to be off limits: the press room.

But in a case of reporters spying on other reporters, three journalists working for the French publication Global Security Magazine were booted Thursday from the hackers’ conference after they were allegedly caught hacking into the private computer network set up for the media.

The French journalists captured what they claimed were usernames and passwords of reporters from at least two media outlets — eWeek and CNET News. The eWeek reporter told organizers his login credentials looked like they were legitimate, while the CNET information appeared to be bogus.

Black Hat attendees are warned that the conference’s public wireless network is being monitored by hackers. People who send sensitive personal data over it are cautioned they might have that information posted on the Wall of Sheep, a forum to embarrass security professionals who don’t follow proper security procedures themselves.

The separate, wired Internet connections set up for reporters are supposed to be off-limits to hacking and the Wall of Sheep. Even so reporters who didn’t take the extra step and log onto the Internet through an additional secure connection like a virtual private network, risked having their data exposed to colleagues sitting just feet away.

It didn’t appear to be a complicated hack.

The network was working properly, but it wasn’t set up to shield each journalist’s computer from one another. The French journalists — identified by organizers as Dominique Jouniot, Marc Brami, Mauro Israel — apparently set up their own server to siphon off traffic passing through the media room’s central router.

Brami is listed on the magazine’s Web site as director of parent company S.I.M. Publicite, while Jouniot and Israel are on the “scientific committee.”

Brami said in an interview with The Associated Press that Israel was responsible for the hack and that he and Jouniot didn’t know about it.

“I can’t explain why he’d do that,” Brami said. “He thinks it’s some kind of game for him. I’m very angry with him. I’ve had a partnership with Black Hat for three years.”

The magazine has been one of Black Hat’s sponsors. Organizers said that because of Thursday’s incident, that partnership is over.

E-mails from The Associated Press to Jouniot and Israel were not immediately returned Thursday night.

“The design of the network was to isolate it from the rest of the public network — it’s not designed to isolate it from one computer in the press room to another computer in the press room,” said Dominique Brezinski, Black Hat’s technical director. “They took advantage of that.”

Organizers said the trio was caught when they took their purloined password prizes to Wall of Sheep workers and asked them to post the information. The workers refused. When questioned, one of the French journalists said he was trying to “educate the press” about the importance of sending data securely, organizers said.

Kurt Opsahl, senior staff attorney for the Electronic Frontier Foundation, said his organization is investigating whether Black Hat organizers can take legal action against the French journalists. He said the breach may have even broken criminal laws.

The EFF is a civil liberties group focused on free speech and privacy on the Internet and often takes up journalists’ legal cases.

“There are lots of notices that the WiFi network is a hostile network and is actively being monitored,” he said. “People are aware that it’s going on. The important distinction is what the expectations are (in the media room).”

Discovered by man who exposed hacker rerouting schemes

LAS VEGAS – A newly discovered flaw in the Internet’s core infrastructure not only permits hackers to force people to visit Web sites they didn’t want to, it also allows them to intercept e-mail messages, the researcher who discovered the bug said Wednesday.

Considering the silent nature of the attack and the sensitive nature of a lot of electronic correspondence, the potential for damage from this second security flaw is high. But there’s no evidence yet that this method of targeting e-mail has been used in a successful attack.

Dan Kaminsky of Seattle-based security consultant IOActive Inc. exposed a giant vulnerability in the Internet’s design that, in one case, allowed hackers to reroute some computer users in Texas to a fake Google.com site loaded with automated advertisement-clicking programs, a scam to generate profits for the hackers from those clicks.

The flaw wasn’t in the site itself, it was in the back-end machines responsible for guiding computers to that site.

The vulnerability Kaminsky found is especially insidious because it allows criminals to tamper with machines whose reliability and trustworthiness is critical for the Internet to function properly.

Kaminsky, who spoke Wednesday at the Black Hat hacker conference in Las Vegas, has given few details publicly about the vulnerability he found in the Domain Name System (DNS), a network of servers used to connect computers to Web sites.

He remained tightlipped so that Internet providers would have time to fix their machines. Many have done that, but others have delayed, leaving some people at risk.

Major vendors like Microsoft Corp., Cisco Systems Inc., Sun Microsystems Inc. and others have issued patches — software tweaks that cover the security hole and prevent affected machines from ingesting the bogus information hackers are trying to feed them.

“The industry has rallied like we’ve never seen the industry rally before,” Kaminsky said.

Kaminsky’s talk Wednesday at the conference was packed, with people sitting on the floor of the main speaker’s hall and overflowing out the back doors. His presentation instantly became one of the Black Hat conference’s most anticipated after he announced July 8 that he’d found a major weakness in DNS, a critical part of the Internet’s plumbing.

While some details leaked out early — security researchers accurately guessed parts of Kaminsky’s discovery — he was able to keep a few juicy bits secret until the talk.

One of those was the susceptibility of many e-mail servers to the DNS vulnerability, an opening that gives criminals a way to plant themselves in the middle of the transmission from the sender to the recipient and redirect messages to their own servers, Kaminsky said.

The result: criminals have a way not only to comb through the contents of those messages, but also to gain access to other password-protected Web sites the victims belong to.

That’s because most sites have a feature that allows members to retrieve their passwords by e-mail if they’ve forgotten them. If a criminal has access to the account where that message is sent, he can then begin snooping on the contents of that account, from e-mail, to banking, to retailer sites.

The thrust of the DNS flaw is that it allows hackers to attach bad information to packets flowing in and out of DNS servers so they change the directions they give to certain Web sites.

It’s the equivalent of turning around a street sign to send drivers down the wrong street.

So someone who innocently types in the address of a legitimate Web site can be strong-armed instead into going to a malicious site under the criminal’s control. Because the attack happens at the network level, and the browser believes it’s visiting the legitimate site, the attack is nearly impossible for users to detect.

Many e-mail servers are vulnerable because they also handle DNS traffic, Kaminsky said. Even if they only handle internal inquiries, if they interact with external DNS servers, that’s often enough to expose them to attack.

Hackers are thus able to manipulate the packets associated with e-mail traffic the same way they manipulate the packets associated with general Web traffic.

SAN JOSE, Calif. – The bad guys on the Internet are narrowing the time frame they need to unleash computer attacks that take advantage of publicly disclosed security holes, new research shows.

More and more of these attacks are coming within 24 hours after a vulnerability is disclosed. That means security flaws are being exploited in Web browsers, computer operating systems and other programs before many people even have had time to learn there’s a problem, according to IBM Corp.’s latest Internet Security Systems X-Force report.

The report, scheduled to be released Tuesday, looked at the first six months of 2008 and reflects two growing trends in Internet-based threats.

The first is that online criminals have latched on in a big way to programs that help them automatically generate attacks based on publicly available information about vulnerabilities. In the past they apparently spent more time finding such holes themselves, but no longer find that as necessary.

“The bad guys are not the ones actively finding vulnerabilities — they’ve shifted their business to standing on the shoulders of the security research community,” Kris Lamb, operations manager for X-Force, said in an interview. “They don’t have to do the hard work anymore. Their job is packaging what’s been provided to them.”

The second trend is that the debate among security researchers is intensifying over how much information should be released to the public when a new software flaw is discovered.

Most times the researcher will wait until the affected company has released a software patch before revealing details. But sometimes researchers will release not only details of the vulnerability but also so-called “proof-of-concept” exploit code to show the flaw is legitimate.

That runs the risk of providing criminals a framework for building their attacks, and saves them valuable time in doing so. Lamb said this finding “begs the question” of what the security industry’s standard practice should be.

Some researchers defend the practice of supplying exploit code. They say it’s a powerful tool to pressure companies into creating patches and users into applying them, and also helps technicians study how the attacks work and prevent against them in the future.

The IBM report found that the tools criminals use to generate their attacks — known as exploit code — are appearing online faster than before.

The time from vulnerability disclosure to the availability of exploit code or a working attack has typically been measured in days or even weeks as criminals try to get their arms around a newly discovered weakness.

But that gap has been shrinking quickly.

In Web browsers — an area heavily targeted by hackers — hacking exploits were available within a day after flaws were discovered 94 percent of the time, up from 79 percent in 2007, IBM’s report said.

For other PC vulnerabilities, over 80 percent of the exploit code was released the same day — or even before — the holes were publicly disclosed. That’s up from 70 percent last year, according to the IBM study.

Exploit code can surface even before a vulnerability is made public if researchers have discussed the flaw without providing specifics.

The tactic allows them to attach their names to high-profile vulnerabilities they’ve discovered, while giving companies time to create patches. The downside is other researchers can often work backward from the public comments and create their own exploit code.

The report also found that spammers are changing their tactics. In many cases they are ditching the pictures and complicated messages they would include in their junk e-mail and opting instead for simple messages and a sole Web link to evade spam filters and redirect users to sites under their control. And the number of spam messages continues to rise.

SAN JOSE, Calif. – Hackers broke into Citibank’s network of ATMs inside 7-Eleven stores this year and stole customers’ PIN codes, according to recent court filings that revealed a disturbing security hole in the most sensitive part of a banking record.

The scam netted the alleged identity thieves millions of dollars. But more importantly for consumers, it indicates criminals were able to access PINs — the numeric passwords that theoretically are among the most closely guarded elements of banking transactions — by attacking the back-end computers responsible for approving the cash withdrawals.

The case against three people in U.S. District Court for the Southern District of New York highlights a significant problem.

Hackers are targeting the ATM system’s infrastructure, which is increasingly built on Microsoft Corp.’s Windows operating system and allows machines to be remotely diagnosed and repaired over the Internet. And despite industry standards that call for protecting PINs with strong encryption — which means encoding them to cloak them to outsiders — some ATM operators apparently aren’t properly doing that. The PINs seem to be leaking while in transit between the automated teller machines and the computers that process the transactions.

“PINs were supposed be sacrosanct — what this shows is that PINs aren’t always encrypted like they’re supposed to be,” said Avivah Litan, a security analyst with the Gartner research firm. “The banks need much better fraud detection systems and much better authentication.”

It’s unclear how many Citibank customers were affected by the breach, which extended at least from October 2007 to March of this year. The bank has nearly 5,700 Citibank-branded ATMs inside 7-Eleven Inc. stores throughout the U.S., but it doesn’t own or operate any of them.

That responsibility falls on two companies: Houston-based Cardtronics Inc., which owns all the machines but only operates some, and Brookfield, Wis.-based Fiserv Inc., which operates the others.

A critical issue in the investigation is how the hackers infiltrated the system, a question that still hasn’t been answered publicly.

All that’s known is they broke into the ATM network through a server at a third-party processor, which means they probably didn’t have to touch the ATMs at all to pull off the heist.

They could have gained administrative access to the machines — which means they had carte blanche to grab information — through a flaw in the network or by figuring out those computers’ passwords. Or it’s possible they installed a piece of malicious software on a banking server to capture unencrypted PINs as they passed through.

What that means for consumers is that their PINs were stolen from machines that showed no signs of tampering they could detect. In previous PIN thefts, thieves generally took steps that might draw notice — sending “phishing” e-mails, for example, or installing false-front keypads or even tiny cameras on ATMs.

Getting the PINs is a key step for identity thieves. It lets criminals encode stolen account information onto blank ATM cards and withdraw piles of cash from compromised accounts.

Don Jackson, director of threat intelligence for SecureWorks Inc., said he has seen an “alarming” spike in the number of attacks on back-end computers for ATM networks over the past year.

“This was fairly large, but I don’t think it’s anything out of the ordinary — these kinds of scams go on every day,” Jackson said. “What makes this case unique is the sheer luck of happening upon these guys and catching them red-handed. But there are a whole lot of other ATM and PIN compromises going on that aren’t reported.”

The alleged plot is outlined in court papers supporting the prosecution of three people — Yuriy Rakushchynets, Ivan Biltse and Angelina Kitaeva. They were indicted in March on two counts each of conspiracy and fraud. Prosecutors say their activities generated at least $2 million in illegal profits.

Defense lawyers for all three people did not return calls for comment, and it was not clear where they had been living. The main defendant, Rakushchynets, was described as having Michigan and Florida’s driver licenses in a February FBI affidavit for an arrest warrant.

Citibank, part of Citigroup Inc., has declined to comment on the technique or how many customers’ accounts were compromised. It said it notified affected customers and issued them new debit cards.

“We want our customers to know that, consistent with legal requirements, we do not hold them responsible for fraudulent activity in their accounts,” the bank said in a statement.

Cardtronics said it is cooperating with authorities but otherwise declined to comment. Fiserv spokeswoman Melanie Tolley said the intrusion didn’t happen on Fiserv’s servers.

“Fiserv,” she said, “is confident in the integrity and security of our system.”

Smoke billows into the atmosphere from a wildfire near Watsonvile, Calif., on Friday. The small but fast-moving fire erupted along the Northern California coast, threatening homes and forcing hundreds of residents to flee.

SAN FRANCISCO – A fast-moving fire erupted Friday along the Northern California coast, burning homes, forcing hundreds of residents to flee and backing up traffic for miles on a scenic highway.

California Department of Forestry and Fire Protection officials said that the 500-acre fire was 50 percent contained by Friday evening. Cal Fire expected full containment Saturday.

While 2,000 people were ordered to evacuate earlier in the day, the improving situation resulted in Santa Cruz County closing its overnight evacuation center at 9 p.m., according to Chris Hirsch, a county spokeswoman. Residents who needed overnight housing were being sent to an evacuation center set up by the Red Cross.

A number of homes were destroyed, but there was no indication how many. Hirsch said at least nine structures had burned.

“There are homes threatened, but we’re not exactly sure how many right now,” Hirsch said.

Battalion Chief Paul Van Gerwen, a Cal Fire spokesman, said helicopters were dropping water and fire retardant. About 600 firefighters had been called in to battle the blaze.

The cause of the fire is under investigation. Van Gerwen noted that multiple grass fires appeared to have merged into the larger blaze.

A six-mile stretch of Highway 1 was closed for much of the day, although southbound lanes reopened in the early evening.

In southeastern New Mexico, firefighters were trying to corral a lightning-caused blaze that had scorched 64 square miles of desert grass, shrubs and cacti in the Guadalupe Mountain foothills.

FELTON, Calif. – Hundreds of firefighters Thursday struggled to gain control of a series of wildfires burning across Northern California, including a raging forest fire that forced hundreds to leave their homes in the Santa Cruz Mountains.

The blaze in the Bonny Doon area about 10 miles northwest of Santa Cruz quickly grew to 700 acres after it broke around 3 p.m. Wednesday, and it was only 5 percent contained Thursday morning. Mandatory evacuations were ordered for 500 residents in the heavily forested hills. Voluntary evacuations were in place for another 1,000 residents.

Nearly 800 firefighters were battling the blaze, which could spread to as many as 1,500 acres, Battalion Chief Paul Van Gerwen said.

High winds pushed the blaze Wednesday; Thursday’s weather was calmer but temperatures were quickly rising, with 90-degree weather expected.

“It’s getting hotter and drier. We’d like to see the humidity come up,” Van Gerwen said.

More than 50 people had arrived at the evacuation shelter at San Lorenzo Valley Middle School in Felton by Wednesday evening, said Red Cross spokeswoman Lindsay Segersin.

Dana Price, 51, and her husband had just come home when they got the mandatory-evacuation call and quickly packed up their computers, musical instruments and pets — two dogs, a parakeet and a cat.

“The sad thing is, as you’re evacuating, you’re walking around your house thinking, this might be the last time I see this picture, this might be the last time I’m doing this,” she said.

Hot temperatures and tinder-dry vegetation prevailed throughout Northern California, where hundreds of firefighters were deployed on fire lines from the North Coast wine country to the Central Valley.

In Butte County, several hundred homes were evacuated ahead of a fast-growing wildfire near Chico, about 90 miles north of Sacramento. The blaze, which started around noon Wednesday, had grown to 6,000 acres and threatened about 1,650 structures. It was only about 10 percent contained Thursday morning.

“We’ve had very active winds, low humidity and high heat. As you know, that’s a recipe for disaster,” said Joshpae White, a spokesman for the California Department of Forestry and Fire Protection. “It’s very remarkable that no structures have been damaged. I think that’s due to the very aggressive firefighting we’ve been able to do today.”

Gov. Arnold Schwarzenegger declared a state of emergency in Butte County late Wednesday to free up additional firefighting resources. He declared another one in Santa Cruz County early Thursday.

Farther south, the state’s largest wildfire had charred more than 16,000 acres in the Los Padres National Forest and was only 16 percent contained.

The fire had spread east to a remote part of the Army’s Fort Hunter Liggett and was moving toward the incident command post Thursday morning. But winds were driving the flames away from inhabited areas of the military base, said Manny Madrigal, a spokesman for the U.S. Forest Service.

“It’s pretty remote where it’s burning now,” Madrigal said.

Fort Hunter Liggett spokeswoman Helen Elrod said four families with homes near the base were evacuated, but the 5,000 military personnel who live there are not in immediate danger.

Some training exercises also were moved because of smoke in the area, and the Army has evacuation plans if the fire moves closer, Elrod said.

The fire had spread east to a remote part of the Army’s Fort Hunter Liggett and was also moving toward the incident command post Thursday morning. No buildings or people were in immediate danger, and winds were driving the fire away from inhabited areas of the military base, said Manny Madrigal, a spokesman for the U.S. Forest Service.

“It’s pretty remote where it’s burning now,” Madrigal said, though he added that evacuation plans for the base were being developed.

Wildfires on Tuesday destroyed 32 homes in Stockton, about 50 miles south of Sacramento, and 21 homes in Palermo, about 60 miles north of the state capital. Winds have decreased since then but the extreme fire danger was expected to last through Thursday.

Associated Press Writers Don Thompson and Samantha Young in Sacramento and Jason Dearen in San Francisco contributed to this report.

———

on the web

Fire information at www.oes.ca.gov and http://cdfdata.fire.ca.gov/incidents/incidents—current.

———

Apple Inc. CEO Steve Jobs shows off the two colors of the new Apple iPhone 3G during his keynote speech at the Apple Worldwide Developers Conference in San Francisco on Monday. Jobs announced innovations to the Mac OS X Leopard operating system and an enhanced iPhone.

SAN FRANCISCO – Apple Inc. unveiled an upgraded iPhone Monday with a faster Internet connection and GPS capabilities — and priced $200 lower than current models.

Analysts have said Apple needed to slash the multimedia gadget’s price and upgrade it to work over so-called 3G, or third-generation, wireless networks to hit the company’s target of selling 10 million iPhones by the end of 2008.

An 8 gigabyte model is to sell for $199 starting July 11. A 16 gigabyte model will cost $299. They’ll come in a black case with a white case optional on one model. The devices are to roll out initially in 22 countries.

Apple has inked deals for wireless carriers in a total of 70 countries to carry the new iPhone.

Apple’s participation in the cell phone market has been hurt by complaints about the year-old iPhone’s data download speeds, which can make simple tasks like sending pictures over e-mail or downloading Internet videos painfully slow.

The original iPhones operate on so-called 2.5G networks. The upgrade in performance from those networks to 3G will be similar to the difference between a dial-up Internet connection and a high-speed broadband connection.

Apple Chief Executive Steve Jobs said the computer chips used on the faster network sapped too much battery life and were too bulky when the iPhone was being designed so the company decided to wait to improve the device until better chip technology emerged that could fit the iPhone’s slim design.

The addition of global-positioning technology improves the iPhone’s accuracy in locating users. Current versions use a combination of cell phone towers and Wi-Fi locations to help users figure out where they are.

Jobs showed off the phone at Apple’s Worldwide Developers Conference in San Francisco. His announcements were widely expected.

SAN JOSE, Calif. – When surfing the Internet for safe Web sites, not all domains are equal.

Companies that assign addresses for Web sites appear to be cutting corners on security more when they assign names in certain domains than in others, according to a report to be released Wednesday by antivirus software vendor McAfee Inc.

McAfee found the most dangerous domains to navigate to are “.hk” (Hong Kong), “.cn” (China) and “.info” (information).

Of all “.hk” sites McAfee tested, it flagged 19.2 percent as dangerous or potentially dangerous to visitors; it flagged 11.8 percent of “.cn” sites and 11.7 percent of “.info” sites that way.

A little more than 5 percent of the sites under the “.com” domain — the world’s most popular — were identified as dangerous.

More spammers, malicious code writers and other cybercriminals can establish an online presence when domain name registry businesses cut requirements for registering a site in order to boost their profit and profile. The report doesn’t identify domain name registration companies McAfee believes are responsible for those lapses.

Hundreds, perhaps thousands, of companies are in the business of registering domain names; some are large and well known, while others are small and less reputable, offering their services on the cheap and with flimsy or no background checks to lure in more customers.

The fact that Internet scam artists gravitate to domain name services with lower fees and fewer requirements isn’t new.

What McAfee’s “Mapping the Mal Web” report, now in its second year, tries to do is identify the domains that are populated with the highest concentration of risky sites.

The servers for “.hk” and “.cn” Web sites don’t have to be in China; Web site operators can register sites from anywhere to target different geographies.

Other risky domains include “.ro” (Romania), with 6.8 percent, and “.ru” (Russia), with 6 percent of sites flagged as dangerous.

Shane Keats, research analyst for McAfee and lead author of the report, said the increase in dangerous sites registered under the “.hk” and “.cn” domains over last year’s report was caused in part by better data collection on McAfee’s part on those domains and by apparent security lapses in some registrar companies’ processes for registering addresses.

“My advice about surfing behavior is that if you’re really desperate for cheap Prozac and the pharmacy ends in ‘.cn,’ don’t do it. Just don’t do it,” Keats said. “Find another place to get your Prozac.”

Many Internet frauds involve fake sites for pharmaceuticals.

The McAfee report is based on results from 9.9 million Web sites that were tested in 265 domains for serving malicious code, excessive pop-up ads or forms to fill out that actually are tools for harvesting e-mail addresses for sending spam.

Keats said domain name registrars that are strict about authenticating that Web site owners are operating a legitimate business see far fewer malicious Web sites using their services.

Where McAfee found some of the least-risky domain names:

• “.gov” (government use), with 0.05 percent flagged;

• “.jp” (Japan), with 0.1 percent flagged and

• “.au” (Australia), with 0.3 percent flagged.