STE WILLIAMS

Manchester-based reseller Aria PC is offering a £10,000 bounty for information leading to the conviction of miscreants who hit its websites with a sustained denial-of-service attack this week.

In a forum post, Aria said it had already reported packet-flooding assaults against its main site and forum to the police, but wanted to go further by offering a Wild West-style reward.

The attacks caused Aria’s websites to fall offline despite attempts to tighten up defences. No customer information was exposed, but the reseller is clearly fed up with fending off DDoS and arguable more serious automated hacking attempts, prompting a decision to put a price on the head or heads of its unknown assailants:

Since Sunday 24th of February and on each following day we have been subjected to a variety of attacks, in the form of DDOS (distributed denial of service) attacks on both the forum and the main shop site, and other automated attack attempts.

All attempts to find vulnerabilities have been unsuccessful – we regularly scan ourselves for such issues as part of our PCI compliance process – and our database and applications have not been compromised – credit card or other financial information is not stored by us and is therefore not available to an attacker, successful or otherwise. However the DDOS attacks will have caused some service outage on the forums, and to a lesser extent the main shop website.

Since this is a serious criminal matter the police are now involved in the investigation of these incidents, and we will be unable to comment in any detail on the on-going investigation. We apologise to our customers for any inconvenience they may experience, and we would like to assure you that every step is being taken to ensure that business continues as usual, and that all confidential customer data continues to be protected.

If anyone has any information which leads to the arrest and conviction of the individual(s) behind these attacks, we are offering a £10,000 reward. You might be his girlfriend, know him or them personally. Chances are that he/they are not going to be very popular. Just imagine what you can do with £10,000! A new car? Extension to the house? Pay off the loan? Latest gadgets?

At the time of writing on Friday morning both Aria’s main website and forum appeared to be operating normally. Aria posted the reward on Wednesday but restricted access to this message on Thursday. El Reg has however been able to confirm that the offer is genuine.

Bounties for information leading to the arrest and conviction of computer hacking criminals are uncommon but not unprecedented in the computer industry. For example, Microsoft is offering a $250,000 reward for information that results in the arrest of botmasters behind the Rustock spam-spewing network. Redmond previously offered awards for the conviction of authors of high-profile worms, such as Conficker.

The only payout under the software giant’s Anti-Virus Reward Program came when a German court convicted Sven Jaschan for creating a variant of Sasser, a nasty network worm, back in July 2005.

The Aria bounty matches the £10,000 put up by Overclockers.co.uk as a reward for information leading to the conviction of attackers who targeted the technology enthusiast site in a DDoS in January 2009. Aria boss Aria Taheri told us he already had some leads and other “useful information” as a result of its offer. This information has been passed onto the police but no arrests have been made. ®

Bootnote

Thanks to Reg reader Felix for the heads up on Aria’s bounty.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/03/01/aria_pc_ddos_bounty/

Cybercrooks have pulled off a $39m ATM heist against a bank in Oman using pre-paid travel cards.

Bank Muscat put out a statement through the Muscat Securities Market admitting the loss:

12 Bank Muscat prepaid Travel Cards were compromised on February 20, 2013. The gross value of transactions on these cards, which were compromised outside of Oman, was RO 15 million. No customers have suffered any financial loss and no other credit or debit cards issued by Bank Muscat have been affected. The Bank is working with all stakeholders to further investigate and to establish any losses arising from these transactions. We will inform the market of any material developments.

Bank card experts told the The Times of Oman that fraudsters must have bought the travel cards and duplicated them several times before using them from multiple locations outside the country.

It’s possible that the sultanate’s biggest bank may have been hacked. The cards were used in 10 to 15 locations on a single day, the paper added.

Impairment charges likely to arise as a result of the theft (assuming funds are not recovered) represent 10.5 per cent of Bank Muscat’s estimated 2013 earnings, United Securities said in a note, Reuters reports.

Security blogger Brian Krebs noted that the heist, which involved re-loadable prepaid debit cards tied to accounts in the Arab bank, is similar to two December 2012 cash-out operations that collectively netted $11m. And before that, there was a $13m fraud against Fidelity National Information Services early in 2012 and a $9m sting against RBS Worldpay in December 2008 involving counterfeit payroll debit cards, Krebs added.

Hackers used compromised access to RBS Worldpay systems to increase the withdrawal limits on the counterfeit debit cards under their control as well as other trickery involving siphoning stolen funds into accounts linked to the dodgy cards.

“These events have been caused by intrusions into the processing systems used to process the prepaid cards, and the transaction limits are overridden on a group of cards, the hackers clone these cards and engage ‘Smurfs’ to make repetitive ATM withdrawals on these card accounts on a Friday night right after the ATMs have been loaded with cash for the weekend,” explained Terrence P Maher, general counsel to the Network Branded Prepaid Card Association.

“Risk mitigation starts with strict adherence to the Payment Card Industry Data Security Standards, to prevent such intrusions. As a back-up, the banks need to have insurance coverage for cyber-intrusion, to protect them against large losses,” he added. ®

Bootnote

Thanks to Reg reader Adam for highlighting the e-heist.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/03/01/bank_muscat_atm_mega_fraud/

Researchers have identified yet more high-profile organisations attacked by spying Chinese hackers after seizing hold of the miscreants’ command-and-control servers.

Dell SecureWorks Counter Threat Unit (CTU) said that its tactic of “sinkholing” spyware-controlled systems is great for identifying custom malware and warning victims. It typically involves taking over the criminals’ domain names to trick their armies of malware-infected computers – known as botnets – into communicating with the researchers’ servers. While holding the reins, security experts can study a botnet, find out what sort of snooping the malware is capable of, learn more about its masters and potentially disrupt its villainous activities.

According to Dell SecureWorks, the technique has shed a light on several highly targeted espionage efforts that might otherwise have gone undetected. Victims include a US university conducting military research, we’re told.

Sinkholing is not new in computer security: Dell SecureWorks applied it against the Kelihos spam-spewing botnet last year and Polish researchers applied it against Virut last month, for example. Using the tactic against groups dubbed advanced persistent threats (APTs) is a new twist, however: multiple botnets, each using a different Trojan or virus strain to infect machines, could be sharing the same command server.

“You may know eight malware facilities but by sink-holing an APT domain you can find out about another two,” explained Silas Cutler, a security researcher at Dell SecureWorks CTU.

This information can be useful in linking malware families based on the shared infrastructure that attackers use to control the infected computers as well as providing proof that an entire network has been compromised.

Ordinary cybercrooks caught using cyber-espionage tools

Dell SecureWorks has linked 300 different families of malware to cyber-espionage attacks. And it’s clear that conventional online crooks are using malware primarily designed for cyber-espionage for their own nefarious purposes, such as attacks apparently aimed at stealing online gaming login IDs.

One case identified by Dell SecureWorks uncovered evidence that Protux – a software nasty first detected in spear-phishing expeditions against Tibetan activists in 2008 and attacks against US government agencies – was used in an attack primarily geared against Indian ISP customers. Sinkholing three expired web domains associated with Protux revealed that two of the addresses had been used for regular cybercrime while another was employed in a much more limited and targeted espionage project.

Joe Stewart, director of malware research at Dell SecureWorks CTU, explained that in most cases security researchers take control of a hacker’s domain because it either expired or was seized in an internet property ownership dispute. Domains used in APT campaigns sometimes mimic those of the industrial firms and others they target.

Next page: On the trail of the Comment Crew

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/03/01/sinkhole_research_uncovers_cyberspy_victims/

After over 1,000 days of solitary confinement in a military prison, Private First Class Bradley Manning finally got his day in court, and he pleaded not guilty to the most serious charge brought against him.

Manning, 25, pleaded guilty to 10 charges that he misused and transmitted classified information – which could net him 20 years in prison – but not guilty to “aiding the enemy”, which under Article 104 of the US Uniform Code of Military Justice carries the penalty of “death or such other punishment as a court-martial or military commission may direct.”

Reading from a 35-page statement, Manning admitted that between 2009 and 2010 he downloaded over 250,000 intelligence reports, diplomatic cables from US overseas diplomatic staff, reports on the conditions inside the Guantanamo Bay detention camp, and combat videos from Afghanistan – including one from an Apache helicopter showing US soldiers shooting unarmed civilians.

“I believe that if the general public … had access to the information … this could spark a domestic debate as to the role of the military and foreign policy in general,” he read from his statement, Reuters reports.

Manning said that he initially tried to give the information cache to reporters at The New York Times and the Washington Post, but was rebuffed or ignored. He therefore decided to send it to WikiLeaks, which then somewhat ironically worked with the NYT, The Guardian, and other media outlets to coordinate the release of the information after checking that sensitive information wasn’t included.

Manning said that he passed over the documents only after a lengthy email correspondence with Julian Assange so that he could be sure WikiLeaks could be trusted with the information. He said that at no point did Assange or WikiLeaks put any pressure on him to hand over his data or ask him for more.

“I felt I accomplished something that would allow me to have a clear conscience,” Manning said in his statement.

A prisoner of conscience?

The release of the information caused a world of embarrassment to the US military (and kicked off a security revamp within the organization), and the government claims sensitive details that could have costs lives and hurt the country were leaked (Britain’s former top spook disagrees). Manning disputes this, and the government will now have to make its case in Manning’s juryless court-martial trial.

Ashden Fein, the leading prosecution counsel, said that he planned to call 141 witnesses to testify against Manning, including 15 who would demonstrate that he has directly harmed US national interests. Due to the sensitive nature of the evidence under discussion, 33 of the witnesses will give their evidence in closed court.

By contrast, presiding judge Colonel Denise Lind ruled yesterday that Manning could have only one witness: William Leonard of the National Archives and Records Administration. He will also not be allowed to present any evidence accusing the US government of excessive secrecy.

The full court-martial will begin on June 3 and is expected to run for weeks. If he is found guilty, Manning is unlikely to face the death penalty – given the enormous furor this would cause – but could spend the rest of his life behind bars.

This makes last month’s ruling that Manning will get 112 days taken off any sentence he receives rather moot.

Manning’s lawyers claimed he was kept awake from 5am to 10pm and not allowed to lie down or lean against a wall during that time. A military judge ruled that Manning’s incarceration in a windowless cell at Quantico Marine Base in Virginia for nearly three years was “excessive.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/28/bradley_manning_court_martial_starts/

A slip-up in the implementation of HTML5 on Chrome, Opera and Internet Explorer can be exploited to fill users’ hard drives, according to a 22-year-old Web developer from Stanford.

Feross Aboukhadijeh has posted a proof-of-concept of the exploit here and a demonstration page here.

He explains that HTML5 is designed to allow bigger cookies than its predecessor standards. Up to 10 MB of local storage is permitted by the standard, but the standard also recommends that browsers place limits on how much storage is used. Browsers also need to watch out for sites trying to use subdomains or “affiliated domains” to get around the storage limits.

While the browsers Aboukhadijeh identifies implement the per-domain limits – 2.5 MB in Chrome, 5 MB in Firefox and Opera, 10 MB in IE – they don’t properly block the use of storage by affiliated domains.

The FillDisk demonstration site

“Thus, cleverly coded websites, like FillDisk.com, have effectively unlimited storage space on visitor’s computers”, he writes. Only recent versions of Firefox are unaffected, he says, because it has a better implementation of local storage (it does, however, work on older versions of Firefox, according to this author’s test).

Aboukhadijeh claims the proof-of-concept code will fill 1 GB every 16 seconds on a Macbook Pro Retina’s solid state drive.

While it’s not the scariest bug in the world, he says users of affected browsers should join together in filing bug reports so their browser vendors fix the bug. ®

Update: A commenter says Opera is unaffected. To test, I installed Opera 12.14 on OSX. The disk-filler gets as far as claiming 76 MB of space, after which Opera asked if I wanted to raise the storage limit – so I agree that it appears to work properly. I have not tested Opera on any other OS or version. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/28/html_5_implementation_bug_drive_filler/

Two Chinese military websites – including the Defence Ministry – are routinely subjected to thousands of hacking attacks every month, the majority of which can be traced based to the US, Chinese authorities alleged this week.

Two-thirds of the 144,000 attacks a month against Chinese military sites last year came from the US, the ministry told Chinese journalists on Thursday, Reuters reports.

The accusation follows a high-profile report by US incident response firm Mandiant last week blaming a Shanghai-based People’s Liberation Army affiliated team (dubbed Advanced Persistent Threat – APT -1) for attacks against 141 organisations across 20 industries in the US and other English-speaking countries over the last seven years. An Obama administration document days later also categorised China, and to a lesser extent Russia, as the sponsor of cyber-espionage attacks that threatened US jobs in multiple industries as well as menacing national security. Prime targets for these attacks include military contractors, IT and clean energy firms.

None of these accusations are new and China’s traditional response has been to deny the charges, say it too has been a victim of cyberattacks, without going into details, and call for international co-operation. However in the face of increased attention to the issue of cyber-spying, which has extended into this week’s RSA Conference in San Francisco, the Chinese authorities have decided to make specific counter-accusations against the US for the first time.

“The Defence Ministry and China Military Online websites have faced a serious threat from hacking attacks since they were established, and the number of hacks has risen steadily in recent years,” Defence ministry spokesman Geng Yansheng told a closed monthly meeting of local journalists that excludes member of the foreign press corps.

“According to the IP addresses, the Defence Ministry and China Military Online websites were, in 2012, hacked on average from overseas 144,000 times a month, of which attacks from the US accounted for 62.9 percent,” he added.

Geng also mentioned plans by the US to expand its military Cyber Command – suggesting that they were unhelpful in any moves to develop increased international cooperation in fighting hacking and computer intrusion.

Disputes about hacking attacks have strained diplomatic ties between China and the United States, already under pressure from arguments over trade, human rights and US support for Taiwan. ®

Bootnote

Everything you probably need to know about accusations of China hacking against the US, as detailed in the Mandiant report, has been summarised in its own inimitable style of animation by Taiwan’s NMA TV (YouTube clip below):

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/28/china_accuses_us_of_hacking/

Malware has infected a Russian police computer network, knackering speed cameras in and around Moscow, according to reports.

Broadsheet daily newspaper Izvestia claimed that a server operated by the Office of Traffic Police was infiltrated by an unidentified Trojan. The infection has had a knock-on effect on the Arrow-ST system used to monitor key highways around the Russian capital, we’re told.

Cleaning up the mess has been complicated by the transfer of a government contract for the equipment’s maintenance: SK Region, the supplier of the kit, handed the reins over to IntechGeoTrans earlier this year.

The cameras should bring in 100 million roubles ($3.2m) per month in speeding fines, but the network apparently hasn’t been working properly for at least two weeks. Some reports suggested it went wrong as early as the start of February.

All this has sparked a massive political row: politicians blamed IntechGeoTrans for not sorting out the problem, but the company claimed it inherited a system in a state of chronic disrepair.

A virus infection may be a secondary cause of failure at many of the 144 camera sites on the network: inspections of the gear at 13 locations revealed evidence that cameras were not connected to a power supply. Dirty glass lenses and corroded metal was also discovered.

Site visits also uncovered malware on the hard disks within one of the cameras, which prevented the transfer of data. It appears initial cleanup attempts by IntechGeoTrans failed to remove the infection properly and the matter was handed over to anti-virus experts at Kaspersky Labs. Izvestia suggested that the malware got onto speed cameras as a result of infection of the traffic police system.

A Google translation of Izvestia‘s coverage can be found here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/28/malware_hobbles_moscow_speed_cams/

A new strain of malware designed to spy on multiple government entities and institutions across the world has been discovered by anti-virus firm Kaspersky Lab.

MiniDuke has infected government entities in the Ukraine, Belgium, Portugal, Romania, the Czech Republic and Ireland. In addition, a research institute, two think-tanks, and a healthcare provider in the US were also compromised. A prominent research organisation in Hungary was also infected with the mystery malware. An analysis of logs from command servers, suggest the malware has hit 59 unique victims in 23 countries including locations as diverse as Brazil, Israel, Germany, Lebanon, Spain, the UK and Japan.

Attacks designed to spread the malware made use of the recently discovered PDF exploit in Adobe Reader (CVE-2013-6040) to distribute MiniDuke over the past week or so, according to Kaspersky Lab researchers.

Security experts at the Russian security firm reckon MiniDuke features hallmark techniques more associated with really old-school VXers, not least because it features a backdoor written in Assembler language.

“This is a very unusual cyberattack,” said Eugene Kaspersky, founder and chief exec of Kaspersky Lab. “I remember this style of malicious programming from the end of the 1990s and the beginning of the 2000s. I wonder if these types of malware writers, who have been in hibernation for more than a decade, have suddenly awoken and joined the sophisticated group of threat actors active in the cyberworld.”

“These elite, ‘old-school’ malware writers were extremely effective in the past at creating highly complex viruses, and are now combining these skills with the newly advanced sandbox-evading exploits to target government entities or research institutions in several countries.

“MiniDuke’s highly customised backdoor was written in Assembler and is very small in size, being only 20KB. The combination of experienced old school malware writers using newly discovered exploits and clever social engineering to compromise high profile targets is extremely dangerous,” he added.

Booby-trapped documents that formed the theme of the attack featured fabricated human rights seminar information (ASEM) and Ukraine’s foreign policy and NATO membership plans. These malicious PDF files were rigged with exploits attacking Adobe Reader versions 9, 10, and 11, bypassing Adobe’s sandbox in the process. The toolkit used to create these exploits were the same as those that featured in a recent attack reported by FireEye, even though these latter assaults featured a different attack payload.

The theme of the emails, and local geo-political factors, such as Russian resistance to Ukraine’s proposed membership of NATO, along with use of old school techniques make it much more likely that the malware was brewed up in Russia rather than China, in the opinion of El Reg‘s security desk, at least.

The attackers left a small clue in the code, in the form of the number 666 (0x29A hex) before one of the decryption subroutines, indicating an interest in either the Book of Revelations or the works of Iron Maiden.

“MiniDuke is using the same but slightly modified PDF exploit which was involved in the recent attack reported by FireEye,” Vitaly Kamluk, chief malware expert at Kaspersky Lab told El Reg. “However, it is not related to any known platforms used in cyber-espionage campaigns (such as ‘Tilded’ platform in case of Stuxnet and Duqu or Flame platform).

“Some of the elements remind us of cyber-espionage tools such as Duqu or Red October, such as the minimalistic approach, hacked servers, encrypted channels and also the typology of the victims. The amount of high profile victims in this attack is also notable and puts it on the same level with other advanced campaigns such as Red October.”

All this and Twitter functionality, too

Kaspersky Lab’s experts, in partnership with CrySys Lab, have analysed the attacks and published preliminary findings suggesting whoever created the malware was skilled and well-aware of the techniques used by anti-virus analysts. For one thing, the malware programmed to avoid analysis by a hardcoded set of tools in certain environments like VMware by laying dormant if it finds itself running in a virtualised environment.

If the target’s system meets the pre-defined requirements, the malware will use surreptitiously use Twitter to start looking for specific tweets from pre-made accounts, providing the encrypted locations of URLs associated with the spyware botnet’s command and control channels. The same functionality allows to loading of additional backdoors onto compromised systems.

MiniDuke’s creators also provided a dynamic backup system. If Twitter isn’t working or the accounts are down, the malware can use Google Search to find the encrypted strings to the next command and control node.

Once an infected system locates the CC nodes, it receives encrypted backdoors that are obfuscated within GIF files and disguised as pictures that appear on a victim’s machine. Once they are downloaded to the machine they can download a larger backdoor that carries out several basic actions, such as copy file, move file, remove file, make directory, kill process, and, of course, download and execute new malware.

The malware backdoor connects to two servers, one in Panama and one in Turkey, to receive instructions from the attackers, according to a joint analysis of the malware by Kaspersky Lab and Hungarian security researchers at the Laboratory of Cryptography and System Security (CrySyS), who previously worked with their Russian counterparts in analysing Flame, another cyber-espionage tool.

CrySyS’s take on MiniDuke is here. Kaspersky’s preliminary analysis – including screenshots of Twitter message and GIF files associated with the attack – can be found in screenshots on its official Securelist blog here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/27/miniduke/

Reports that Canada has just awakened to the perils of BlackBerry PIN-to-PIN messaging in government should be taken with a pinch of salt – the nation knew about the problem back in 2011.

PIN-to-PIN messages take advantage of the fact that every BlackBerry device is issued with a unique eight-digit PIN. If a BlackBerry user shares their PIN, it is possible to send messages to their device. The service, most often referred to as BlackBerry Messenger, is very popular around the world as it is often free and therefore cheaper than SMS.

The PIN-to-PIN FUDgasm started on Wednesday, Canadian time, when Canada.com revealed the contents of a memo it obtained from Public Safety Canada (PSC), the nation’s emergency management and crime prevention agency, after a freedom of information request.

The site’s report says that PSC’s internal memo was updated in January 2013 to say, “Although PIN-to-PIN messages are encrypted, they key used is a global cryptographic ‘key’ that is common to every BlackBerry device all over the world.” That’s worrisome, PSC says, as lots of politicians and public sector employees use BlackBerries.

Cue the usual ripple effect, with articles aplenty reporting a terrible security flaw, often with overtones that Canada, home of BlackBerry, has turned against its own progeny.

What’s not often pointed out is that Canada’s government has known about this issue since March 2011, when this piece of advice from Communications Security Establishment Canada (CSEC) hit the web. CSEC is Canada’s “national cryptologic agency” with responsibility for “foreign signals intelligence in support of defence and foreign policy, and the protection of electronic information and communication.”

CSEC’s analysis of PIN-to-PIN messaging is extensive. Here’s an excerpt:

PIN-to-PIN is not suitable for exchanging sensitive messages. Although PIN-to-PIN messages are encrypted using Triple-DES, the key used is a global cryptographic “key” that is common to every BlackBerry device all over the world. This means any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device, if the messages can be intercepted and the destination PIN spoofed. Further, unfriendly third parties who know the key could potentially use it to decrypt messages captured over the air. Note that the “BlackBerry Solution Security Technical Overview” document published by RIM specifically advises users to “consider PIN messages as scrambled, not encrypted”.

The agency’s recommendations about the messaging tool suggest “For departments with specific requirements for PIN-to-PIN messaging (e.g. emergency communications), it is recommended that a clear policy on the use of PIN-to-PIN messaging be put in place” and detailed security mitigation actions be undertaken.

The document is dated March 2011, which means Wednesday’s “revelations” about PSC waking up to the potential horrors of PIN-to-PIN messaging are scary, but only inasmuch as they show the agency has taken nearly two years to heed advice from the CSEC. Either that or the PSC came to its conclusions independently, which is just the kind of wheel-reinvention that makes parliamentary democracy such an excellent system of government. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/27/blackberry_pin_to_pin_hypegasm/

RSA 2013 Device manufacturers who are sticking internet connections into everything from TVs to toasters need to lock down their systems with strong authentication, Google’s chief internet evangelist Vint Cerf warned the RSA keynote audience.

Cerf said he was “frankly astonished” at the range of devices that now come with an internet connection. Back in the 1980s at the Interop conference, people used to joke about having an internet-enabled toaster, but you can now buy one in the shops. Internet-enabled air conditioners, light bulbs, and fridges are all available.

But there has been very little work to lock down these devices, Cerf said, and this must be addressed. While an internet fridge isn’t much of a threat, it and other systems could be hacked, and the results could range from the simply irritating to the catastrophic.

He cited the use of internet-equipped air-conditioning systems. If a hacker could get control of the nation’s aircon units, and cycle between shutting them down and whacking them up to full, you might be able to crash the US power grid, Cerf suggested.

Such a possibility is remote, and would be well in the future, but requires thought now, he said. Just as encryption that relies on factoring needs to fear the looming threat of quantum computing, so too the internet of things needs to be equipped with much stronger authentication, he concluded. ®

Bootnote

The internet-equipped toaster has become the stuff of technology legend, but one was actually built in 1990, after the president of Interop Dan Lynch bet John Romkey, who built the first TCP/IP stack for IBM PC in 1982, that he couldn’t manage to build one. If he could manage it, Lynch promised him a top keynote spot at the following year’s conference.

Never one to back away from a tech challenge, Romkey and a friend took a Sunbeam Deluxe Automatic Radiant Control Toaster and added TCP/IP and a Simple Networking Management Protocol Management Information Base controller. It went on display in 1990, and got an upgrade in 1991 with the addition of an internet-controlled robotic arm to load it with bread.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/02/27/vint_cerf_rsa_keynote/