Hepting et al v. AT&T Corp. et al

Filing 294

EXHIBITS A-K, Q-T, and V-Y to Declaration of J. Scott Marcus in Support of Plaintiffs' Motion for Preliminary Injunction filed byGregory Hicks, Erik Knutzen, Tash Hepting, Carolyn Jewel. (Attachments: # 1 Exhibit Exhibits Q-R# 2 Exhibit Exhibit S, Part 1# 3 Exhibit Exhibit S, Part 2# 4 Exhibit Exhibit S, Part 3# 5 Exhibit Exhibits T, V-Y)(Cohn, Cindy) (Filed on 7/5/2006)

Download PDF
Exhibit T Broadband Week Direct - Daily News http://www.broadbandweek.com/newsdirect/0208/direct020802.htm In-Stat/MDR Research Highlights Friday, August 2, 2002 Today's report from Web Editor Susan Rush · Charter defends itself · Toshiba supplying Cox with DOCSIS 1.1 modems · AT&T looks to reassure customers, industry in light of WorldCom scandal · Study: Q2 a record for DOCSIS modems shipments · SwitchPoint completes IP telephony trial · CableLabs concludes second OCAP interop · Cable vet Ben Duval dead at 71 CED Magazine.com Current Issue inDEPTH Broadband Announcements Residential Gateway Market To Become Key Services Platform The market for more advanced gateways will materialize as the router/bridge and modem are integrated into one device. Movers And Shakers Check out Broadband Week's People on the Move page. To find out who's coming and going in the broadband industry, click here. To submit company hiring news, e-mail Broadband Week's People Page. Click here for other Research Highlights... White Papers & Reports HAVING TROUBLE DEVELOPING APPLICATIONS FOR BROADBAND VIDEO SERVICES? · JDS to take huge loss on sale of optical unit · Broadband briefs Charter defends itself A lawsuit has been filed against Charter Communications Inc. for alleged misleading accounting practices. The MSO is defending its books, and says its SEC filings paint an accurate picture of its financial condition. The suit, filed in the U.S. District Court for the Central District of California July 31, claims that Charter used "misleading accounting practices that had the effect of misrepresenting its results of operations." Glancy & Binkow LLP has filed the suit on behalf of purchasers of Charter securities between Nov. 9, 1999 and July 17, 2002. The lawsuit is seeking class-action status. "Our financial statements comply with generally accepted accounting principles, in all material respects, and they, and the related SEC filings provide an accurate picture of the company, its financial condition, results of operations and the assumptions underlying them," Charter Senior Vice President of Communications David Andersen said in a statement. Charter hired independent auditor KPMG on April 22 to review its books. In its report, KPMG said it is not aware of any material modifications that should be made to the financial statements it has made, Andersen said. Charter intends to defend itself against the lawsuit. "(We) believe that our financial reports and disclosures will be validated," said Andersen. As of late, the Securities and Exchange Commission has had its eyes peeled for any accounting irregularities at telecom companies. Qwest Communications International Inc. is among the companies that have become the subject of an SEC probe. Former executives from Adelphia Read this FREE white paper "Multimedia Home Platform: The Need for a Standard" · by Wipro · to understand how this standard allows applications to be developed on top of the DVB system, independent of vendor, author and broadcaster. Download Now: "Enabling Customer Intelligence, Differentiated Services, and Value-Based Billing for Advanced Services Deployment over HFC Networks" From Cisco Systems Broadband Week's Library is an invaluable resource for networking professionals who build, manage and sell broadband applications and services. White papers, analyst reports, Broadband Week Resource Links Broadband Web Directory Broadband Analyzer Broadband Week Library FAQs and Glossary Subscribe to Magazine Recent BBW Directs Thursday, 8/01/02 Wednesday, 7/31/02 Tuesday, 7/30/02 Monday, 7/29/02 Friday, 7/26/02 BBW Direct Archives 1 of 7 3/28/2006 9:15 AM Broadband Week Direct - Daily News http://www.broadbandweek.com/newsdirect/0208/direct020802.htm vendor information and more can be found at www.bbwlibrary.com. Communications Corp. and WorldCom Inc. have been arrested for financial wrongdoings. Both companies have admitted to misreporting several billion dollars in their quarterly financial reports. Related stories: Riverstone charged with securities fraud, 7/30/02 Charter gains on better-than-expected results, 4/29/02 Toshiba supplying Cox with DOCSIS 1.1 modems JEFF BAUMGARTNER Cox Communications has selected Toshiba America Information Systems as a "preferred" vendor of cable modems based on the advanced DOCSIS 1.1 specification. Financial terms were not disclosed. Specifically, Toshiba will supply the MSO with its PCX2500 model, the first production-ready cable modem to get the DOCSIS 1.1 stamp at CableLabs back in Sept. 2001. That model is based on silicon supplied by Texas Instruments. Toshiba, which has found a home on Cox's preferred cable modem vendor list since 2000, has been shipping 1.1-certified modems to the MSO for several months, the manufacturer said. Overall, Toshiba shipped roughly 428,000 DOCSIS cable modems to several MSOs during the second quarter of 2002. On Wednesday, Cox said it had tapped Motorola Broadband as a preferred vendor of next-generation cable modems, as well, with plans to deploy Motorola's 1.1-certified SB4200 and SB4220 models. The SB4200 houses silicon from Broadcom Corp., and the SB4220 incorporates a TI chipset. Related stories: Cox taps Motorola for next-gen cable modems, 7/31/02 Slow, steady progress for Cox Business unit, 5/27/02 AT&T looks to reassure customers, industry in light of WorldCom scandal WorldCom Inc.'s shadow may be big, but even if the communications giant is forced to fold up shop, AT&T Corp. is says its service won't miss a beat. There have been rumblings in the industry about what will happen if WorldCom's backbone network goes dark. And although this is not likely to happen, AT&T is stepping forward to reassure its customers that its service will continue. "It's a myth that Internet traffic is at risk because it depends on any one provider," said Hossein Eslambolchi, AT&T labs president and chief technology officer. "Many of the concerns expressed in recent weeks are overstated, since we believe the level of traffic being carried on WorldCom's network is not as high as has been reported by some sources." AT&T said its network can handle migrating WorldCom customers. The company recently launched an advertising campaign aimed at luring WorldCom customers to AT&T. 2 of 7 3/28/2006 9:15 AM Broadband Week Direct - Daily News http://www.broadbandweek.com/newsdirect/0208/direct020802.htm WorldCom was once heralded at the leader in backbone service, but for some time now enterprises have been using multiple carriers to help avoid network failures. AT&T has been steadily growing its backbone traffic and now expects to surpass WorldCom as the sector leader in a few months, Eslambolchi said. Although AT&T has the capacity and can transition masses of WorldCom customers quickly, the transition will most likely experience a few hiccups. When AT&T migrated Excite@Home customers to its network earlier this year, the transition was made within days, but some customers did experience transition problems. Separately, AT&T announced it has completed the exchange of $7 billion in notes that were privately placed in November. The communications company said its 6.5 percent notes due in 2006, 7.3 percent notes due in 2011 and 8 percent notes due in 2031 were exchanged for notes with identical terms. The exchanged notes, however, are not subject to transfer restrictions that were applicable to the original notes under federal securities laws. AT&T accepted tenders from noteholders equal to roughly 98.5 percent of the total aggregate principal amount of the notes outstanding. Related stories: Former WorldCom execs surrender to authorities, 8/1/02 FCC to ensure service for WorldCom customers, 7/10/02 Study: Q2 a record for DOCSIS modems shipments JEFF BAUMGARTNER DOCSIS cable modem shipments topped 2.5 million units in the second quarter of 2002, a new quarterly record, Kinetic Strategies Inc. said in its August report. Motorola Broadband maintained its healthy, global lead over its rivals with 825,000 total units shipped and a 32.12 percent market share. The company also reestablished itself as the leading shipper of DOCSIS modems in North America with 478,000 units, after relinquishing that crown to Toshiba in the first quarter of the year. Still, Motorola and Toshiba ran almost neck-and-neck in North America, as Toshiba shipped roughly 428,000 units during the period. Scientific-Atlanta, which sells its WebStar line through a manufacturing agreement with Taiwan-based Askey Computer Corp., is starting to make its presence felt in North America as well, shipping 222,000 units during the second quarter, and giving it a 14.09 percent share of the region. Following Motorola, Toshiba and S-A, the North American DOCSIS scorecard in Q2, according to Kinetic Strategies, rounded out with Thomson (140,000 units, 8.89 percent share), Ambit (86,000 units, 5.46 percent share), Linksys (51,161 units, 3.25 percent share), Com21 (45,380 units, 3 of 7 3/28/2006 9:15 AM Broadband Week Direct - Daily News http://www.broadbandweek.com/newsdirect/0208/direct020802.htm 2.88 percent share) and Terayon (25,000 units, 1.59 percent share). The balance (100,000 units, 6.35 percent share) was made up of the sector's remaining vendors. Kinetic Strategies said DOCSIS shipments outside North America rose 50 percent in the quarter versus the previous period due to "surging volumes" from Asia-based original equipment manufacturers. According to Kinetic Strategies estimates, more than 85 percent of DOCSIS modems were shipped directly to service providers and their distributors in the second quarter, with the rest sold through retail and Internet-based channels. SwitchPoint completes IP telephony trial SwitchPoint Networks Inc. has completed its trial of Gemini Voice Solutions Inc.'s Gemini Broadband Voice feature-rich, "any-distance" telephony service over its digital switched data network. The 90-day trial was conducted in SwitchPoint's 1,000+ home research and development network in Springville, Utah. Through customer usage surveys, SwitchPoint found that the service demonstrated roughly a 90 percent service and call quality satisfaction among users. One-third of the customers rated the service better than that of their traditional telephone carrier. SwitchPoint tests technologies for interoperability with its broadband network. "We use our technology as a base line and test to see if technologies are interoperable with it, says Kenneth Granader, a SwitchPoint representative. During the trial, SwitchPoint found that Gemini Voice's hosted service applications and customer premise equipment passed its interoperability tests. The company believes the Gemini Voice solution is a valid service to integrate with its broadband offerings to its network customers. The companies first announced plans to conduct the trial in January. Related story: WOW Gains Voice With Gemini, 10/18/01 CableLabs concludes second OCAP interop JEFF BAUMGARTNER CableLabs said its second OCAP (Open Cable Application Platform) interoperability event on July 22 was a success as fifteen different vendors joined in with "critical pieces" that make up the specification's puzzle, including hardware platforms, middleware implementations, interactive television applications and development and test tools. Largely based on Europe's MHP platform, OCAP is a specification tied to middleware that eventually will populate OpenCable-based digital set-top boxes and other devices. OCAP version 1.0, published in January, includes an execution engine (EE) based on Java technology, while OCAP 2.0, published in May, calls for both an EE and a presentation engine (PE). 4 of 7 3/28/2006 9:15 AM Broadband Week Direct - Daily News http://www.broadbandweek.com/newsdirect/0208/direct020802.htm "This event successfully demonstrated all of the critical pieces of the of the OCAP end-to-end system," CableLabs Vice President of Advanced Platforms and Services Don Dulchinos said, in a press release. CableLabs said it expects the first phase of development for both the OCAP automated test environment (ATE) and the overall acceptance test procedure (ATP) to be complete during the fourth quarter of 2002. Related stories: CableLabs OCAP conference lures large turnout, 2/27/02 CableLabs: At long last, OCAP, 1/4/02 Cable vet Ben Duval dead at 71 Ben Duval, a long-time cable industry figure, died at his home in Santa Monica, Calif. on July 25. He was 71. Duval, who termed himself a "peddler deluxe," operated the B.E. Duval Company, a rep firm and equipment distributor, since the late 1960s. During his tenure at the company, Duval helped several companies make their entry into the cable business. Ben's son, Glenn, continues to operate the B.E. Duval Company, and remains active in industry activities. Ben also is survived by another son, Charles, of Santa Monica, and a daughter, Michelle Ule, of Santa Rosa, as well as 10 grandchildren. His wife, Jeanette, a San Pedro schoolteacher and partner in Ben's early business days, preceded him in death. JDS to take huge loss on sale of next-generation optical unit COPYRIGHT 2002 TORONTO STAR NEWSPAPERS, LTD. TORONTO STAR...08/02/2002 FROM LEXISNEXIS SUSAN TAYLOR, REUTERS NEWS AGENCY JDS Uniphase Corp. said yesterday it will sell technology once considered critical in the rush toward next generation fiber-optic networks to France's MEMSCAP for about $9 million (U.S.). That's a fraction of the $565 million paid two years ago by JDS, the world's largest supplier of components and modules that boost the speed and capacity of optical networks. MEMSCAP will pay an additional $5.6 million for JDS's Cronos MEMS unit if it reaches set revenue targets over a 2.5 year period. MEMS, or micro-electromechanical devices, is technology based on tiny silicon structures that can be controlled to switch, add, direct and control light as it travels through fiber-optic networks. 5 of 7 3/28/2006 9:15 AM Broadband Week Direct - Daily News http://www.broadbandweek.com/newsdirect/0208/direct020802.htm It is used in small, high-capacity switches and was expected to play a critical role in all-optical "megaswitches." But sinking demand for telecommunications equipment from phone companies has hurt demand for new tools that move data farther and faster. "We could see a two- to three-year lag here before any of these new technologies work their way into the market," said Max Schuetz, an analyst at Credit Suisse First Boston. Telecom companies, hit by falling prices and a glut in capacity, are only buying equipment to make small additions to capacity, rather than advanced gear for new networks, he said. "JDS decided, fairly wisely, that having 100 people and two semiconductor fabs (plants) down in North Carolina for three years before they really got a return on that investment probably wasn't the best they could do in the current market conditions," said Schuetz, who believes JDS fared well in the deal. "If nothing else, it saves them. There are 100 people working there, so just based on average costs, laying them off and shutting down the facilities could have cost JDS $7 million or $8 million." The sale marks a capitulation for JDS, which said MEMS technology formed a "key strategic resource" for its customers when it bought Cronos Integrated Microsystem Inc. as part of an intense acquisition spree. The sale comes one week after JDS said it would cut more jobs and shutter plants as it reported a fourth-quarter loss of nearly $1 billion and warned that sales would continue to erode. Chief executive Jozef Straus said at the time that his company needed to make "bets about where the technology and where the market is going." It may be harder for JDS to sell further parts of its business, said Schuetz. "The other bits are harder to carve out neatly," he said. Amplification equipment sales may lag for the next two years, but those products would be hard to carve out from JDS's research and development and manufacturing, he added. Under the Cronos deal, MEMSCAP will acquire the unit free of debt, other liabilities, working capital or cash balances, for 10.5 million common shares. MEMSCAP will issue a further 6.5 million shares if revenue targets are met. Under the arrangement, MEMSCAP will be an exclusive supplier to JDS for MEMS chips and other MEMS products for at least three years. JDS said it has committed to initial purchases, but did not specify the volumes. Shares in JDS dropped 28 cents to $2.25 on Nasdaq exchange yesterday and 26 cents to $4.24 (Canadian) on the Toronto Stock Exchange. Related stories: JDS cuts forecast, 7/26/02 The Grim Reaper descends on JDS, 4/26/02 6 of 7 3/28/2006 9:15 AM Broadband Week Direct - Daily News http://www.broadbandweek.com/newsdirect/0208/direct020802.htm Broadband briefs: · Guangdong Telecom selects Alcatel Guangdong Telecom has awarded Alcatel a multi-million-dollar contract to expand its broadband access network capacity. The contract, won through Alcatel Shanghai Bell, covers most regions of China's Guangdong province including Guangzhou, Shenzhen, Zhuhai, Zhongshan, Fuoshan, Hainan and Shantou. The expansion will bring Guangdong's DSL network capacity up to 600,000 lines. · iVAST secure MPEG-4 partners MPEG-4 software provider iVAST has formed a partnership with Oracle Japan and Sun Microsystems to deliver MPEG-4-based interactive multimedia services to Japan's cable, satellite, broadband, enterprise and digital broadcast networks. The partnership calls for iVAST to provide its MPEG-4 software, Oracle Japan to leverage its database architecture and network content distribution experience and Sun to provide the server hardware and technical support. · Verizon Online delivers "Internet Handyman" Verizon Online has teamed with Motive Communications to develop a 24/7 "Internet Handyman" that will assist DSL customers in solving some routine Internet problems. Motive's software is powering the product that enables users to detect, diagnose and resolve many simple online problems without having to call customer support. Verizon Online DSL customers can download the free software at www2.verizon.net/support center. Verizon will ship the software to new customers as part of a do-it-yourself DSL installation kit. Once installed, customers can access the software via an icon on their desktops. The tool can help customers resolve configuration glitches, e-mail troubles, billing questions, software registration and other frequently asked questions. If customers are unable to resolve their problems, an electronic request can be sent to a customer support representative, or customers can call the service center directly. Published by Reed Business Information © Copyright 2002. All rights reserved. 7 of 7 3/28/2006 9:15 AM Exhibit V Fast responders http://www.fcw.com/article90916-09-26-05-Print Search Government HOME DOWNLOAD STATE & LOCAL Search FCW and Industry TECHNOLOGY SOLUTION CENTERS EVENTS ALSO ONLINE Monday, March 6, 2006 Solution Centers Defense Enterprise Architecture Executive Integrators Intelligent Infrastructure Product Solutions Program Management Security/Homeland Security Wireless Fast responders Some companies prepare for security incidents the way they conduct fire drills BY Florence Olsen Published on Sep. 26, 2005 More Related Links ADVERTISEMENT News By Topic 2007 Budget CIOs Columnists Defense E-Government Enterprise Architecture Health IT Homeland Security Industry Management Policy Procurement Program Management State & Local Security Technology Training Workforce More Topics No one likes to talk about it, but criminals are using the Internet to extort money from companies, particularly those whose survival depends on processing financial transactions online. First, a company notices that its servers are under attack and online transactions with the public are blocked. Then an e-mail arrives explaining that the attack will stop only if the company pays an extortion fee. Such attacks are an example of the growing sophistication and targeted nature of computer security incidents that afflict some businesses and government agencies. Reporting and responding to such incidents demand significant attention and resources. Companies that are models for dealing with security vulnerabilities provide training to make their employees security-aware. But increasingly, they rely on the quick response of automated detection and remediation systems to protect information on their networks. Security officials at some of the largest companies say incident reporting is still more of an art than a science. But security officials at three corporations -- AT&T, Booz Allen Hamilton and Northrop Grumman -- agreed to discuss a topic that others said they would rather not talk about. Several experts in the information security business also offered their advice on incident reporting. Those officials and other experts said their experience might be helpful to federal officials who must not only protect government information but also comply with the Federal Information Security Management Act. FISMA requires federal agencies to report incident data to two agencies with different reporting needs: the Office of Management and Budget and the Homeland Security Department. That is a tall order for many agencies, said Kenneth Ammon, president of MCI NetSec Global Security Services, an MCI company. "You have two different audiences that you're trying to please here, and you probably need two different approaches to satisfy the requirements," he said. OMB, which monitors FISMA compliance, asks agencies to report the number and type of security incidents they had in the previous year. Critics say the requirement fails to recognize that some agencies detect thousands of security incidents because they have rigorous security monitoring programs, whereas other Current Issue Subscribe Vendor Solutions HP Thought Leadership Forum Automated Office Products Avocent Secure Switching Avaya White Paper Symantec Think Center 1 of 4 3/6/2006 11:13 AM Fast responders http://www.fcw.com/article90916-09-26-05-Print Air Force SSG BuyIT.gov Facilitated IT Purchasing CipherOptics: Data protection solutions COMMITS NexGen Embarcadero: Mapping Your Enterprise Data Architecture GSA IT Insert GTSI Direct GTSI ClarITy HP ContractWatch HP ProCurve Secure Router 7000dl series HP Server Virtualization (ISC)2: The Next Generation of Information Security Professionals Juniper Network Security LightPointe White Paper NETCENTS Contract Guide NIH ECS III Update OSSW Contract Guide PC Mall Gov Catalog PEO EIS Catalog Raritan White Paper Robbins-Gioia White Paper Tech Watch Report: Networking Services More Solutions About Us Advertise agencies do not. "A department that isn't looking can say we have zero incidents to report, and a department that is looking has a lot," Ammon said. Recognizing this problem, OMB worked with DHS this year to develop a more sophisticated security incident reporting template for agencies' 2005 FISMA reports, said Karen Evans, OMB's administrator of e-government and information technology. OMB will ask agencies to verify that they followed the new DHS guidelines when they report their latest security incident numbers. Unlike OMB, DHS has always been interested in collecting real-time technical data that could provide an early warning of emerging threats to federal networks and information systems. Ammon said DHS could discover more threats by placing anomaly- detection devices on agencies' wide-area networks. But because most agencies have resisted its efforts to put data-collection devices on their networks, DHS continues to have problems getting useful incident data. Ammon said DHS should offer to subsidize agencies' purchase of such devices from a short list of approved vendors in exchange for access to the incident data from those devices. Most agencies would accept that approach, he said. As for agencies' other concerns about nondisclosure, Ammon said, the Commerce Department has figured out how to protect and aggregate economic data from U.S. businesses, and DHS could do the same with agencies' security incident data. Hit daily by hundreds of potential security incidents, federal agencies and large companies face a major challenge in identifying incidents that require further investigation, a process that security experts call a root-cause analysis. "It's all about sifting through tons and tons of hay to find a few needles that might be in there," said Ed Amoroso, chief information security officer at AT&T. AT&T collects security data from its corporate firewalls, intrusion-detection systems, servers, desktop computers and databases. "My security team monitors just about everything," Amoroso said. He added that the process has become much less arduous since AT&T added firewalls, intrusion-detection tools and antivirus protection at various Internet access points where AT&T's portion of the nationwide IP backbone connects with portions owned by MCI and other carriers. By detecting and filtering problems on the public Internet before they reach AT&T's corporate network, Amoroso said, the daily workload of security incidents that his internal staff investigates is down to about 40. Amoroso said government agencies should demand the same kind of service. Instead, most struggle to secure their networks against threats from the Internet, he said. No agency would avoid asking the electric company to help solve power spikes or other safety hazards, and yet that's the current situation in the telecommunications industry, he said, adding "We're just saying we can help." AT&T has packaged that help in a service it calls AT&T Internet Protect, but so far few large agencies have signed up. Buying managed security services from AT&T and other carriers might take some time to catch on, if it ever does, said Timothy McKnight, chief information security officer at Northrop Grumman. "There's a lot of value there, and I agree they should bring it to the table," he said. The greatest value of such services would most likely be for small and midsize agencies or RELATED LINKS Six ways to survive major Internet attacks [Federal Computer Week, Sept. 5, 2005] IT Infrastructure Library Web site Computer Security Institute and FBI Computer Crime and Security Survey How to handle incidents without getting burned The government has given up counting computer security incidents and attacks on the nation's Internet infrastructure. The Homeland Security Department's U.S. Computer Emergency Readiness Team (US-CERT), which coordinates nationwide defenses and responses to cyberattacks, no longer tallies security incidents because there are too many of them. Instead, it merely reports on information security vulnerabilities as they appear. But most individual agencies still count security incidents. By law, they are supposed to report such occurrences internally, to US-CERT and, if warranted, to law enforcement authorities and the news media. Several information security analysts say the National Institute of Standards and Technology offers some of the best guidance on reporting and handling security incidents, and they recommend NIST guidelines to their public- and private-sector clients. From "Special Publication 800-61: Computer Security Incident Handling Guide," here are some tips from the security experts at NIST: Create a policy that defines incidents, establishes an organizational structure for responding to them, and outlines roles and responsibilities. Establish procedures for sharing incident information with US-CERT and, when necessary, law enforcement authorities and the news media. Solicit the assistance of public affairs staff members and legal advisers. Practice handling large-scale incidents on a regular basis through exercises and simulations. Because such incidents are rare, response teams need practice if they are to handle real events effectively. Be prepared by having incident-handling tools ready before they are needed. A preparedness kit should include lists of contacts and FCW.com Download Check out last week's news roundup, Web-only stories, source documents and other online components of Federal Computer Week's print magazine. 2 of 4 3/6/2006 11:13 AM Fast responders http://www.fcw.com/article90916-09-26-05-Print businesses, he added. As threats increase and new regulations require compliance, companies and agencies are adopting more structured approaches to security incident reporting. "Many regulations specifically say you need to have a methodology to identify an incident and procedures to handle it," said Tracy Hulver, senior director of product management at netForensics. phone numbers, encryption software, network diagrams and inventories, backup devices, forensic software, and security patches. -- Florence Olsen The regulations, however, are often vague about what those standard procedures should be, he said. Agencies and companies need "a chain of command, an escalation process and some sort of corporate governance as to when [they need] to call the authorities," said Ron Gula, president and chief technical officer at Tenable Network Security. John Pescatore, vice president of Internet security research at Gartner, said he often refers the firm's corporate clients to a computer security incident guide, called "Special Publication 800-61," published by the National Institute of Standards and Technology in 2004. He also recommends a guide developed by the Australian Computer Emergency Response Team. After initially struggling to create definitions, such as determining what a security incident is, Booz Allen officials set up standardized procedures for identifying and responding to incidents. They based those procedures on a process framework called the IT Infrastructure Library, which originated in the United Kingdom. Daniel Gasparro, a senior director of operations at Booz Allen, said the company's implementation of that framework ensures an appropriate incident management response to whatever hits the corporate network. Using that framework, Booz Allen's IT staff contained a coordinated denial-of-service attack that recently targeted the company. "Those are the ones you always get concerned about," Gasparro said. But with a detailed response plan that included having certain scripts ready to run, the company prevented a major corporate network outage, he said. At Northrop Grumman, information security officials made several recent procedural changes to improve security incident reporting. They set up a toll-free number and single-purpose e-mail address for reporting incidents. They created the Computer Security Incident Response Team of business managers, corporate communications officials and security experts, who follow a documented plan when they respond to security incidents. "We can't have every executive calling the line and telling them what they want them to do," McKnight said. The team members train and practice their response as if they were conducting a fire drill, he said. The focus on security incidents and the creation of security operations centers are fairly recent corporate activities. Unlike network operations centers, which have been around for a while and operate according to well-defined procedures, security operations centers are still maturing, Hulver said. Security center "operators are more apt to say, 'Gee, something weird is happening. Let me go dissect what's going on,'" he said. But because businesses and agencies often have both types of centers, he added, it is important that they have standard operating procedures for communicating and passing tasks to one another. Effective sharing of security incident information has largely been an elusive goal for many companies, just as it has been for DHS. "Aggregation is a powerful thing," especially when aggregated data reveals patterns of activity, said Mike Caudill, incident manager of Cisco Systems' Product Security Incident Response Team. Sharing incident information "can help minimize the impact of an incident or put a stop to an incident." But most companies have been reluctant to share incident information with other companies or the U.S. government. A group of private-sector information sharing and analysis centers set up to share security incident information within different industry sectors and with DHS have been failures, with one exception, Pescatore said. Because DHS does not share incident information with the centers, he said, "the benefit back to them does not exceed the risk they perceive in making that information available." The one exception is the financial center, which is working, Pescatore said. But managed security providers have some of the most valuable collections of security incident data. Companies such as Counterpane Internet Security, VeriSign and Symantec manage thousands of firewalls for hundreds of corporate customers, he said. With that managed security data, a company can learn, for example, whether it is the target of an attack or simply a random casualty of a mass attack. "That's a mechanism where we've seen information sharing work pretty well," Pescatore said. The danger of targeted or customized attacks is that the hackers will create a Trojan horse to harm a specific company, he said. Security companies usually don't respond by writing an antivirus signature if a virus attacks a single company, Pescatore said, adding that "the rise of targeted attacks has poked big holes in a lot of companies' intrusion-detection strategies." Corporate security officials say companies and agencies should spend what they can afford to automate their security incident reporting. Security reporting works best "if data is being collected from everywhere in real time," Amoroso said. "What industry and AT&T are trying to do is automate as much as possible because the social process and the human interaction around [incident reporting] will always be very imperfect." Having real-time incident-detection capabilities also produces a desired social response, Amoroso said. "If you have powerful tools that are collecting data and you're very successful at detecting even minor changes in the 3 of 4 3/6/2006 11:13 AM Fast responders http://www.fcw.com/article90916-09-26-05-Print infrastructure, people are going to be very careful," he said, adding that they will think twice about attempting to sabotage a corporate network. FCW.com Sponsor Showcase Identify New Business in the IT Security Market INPUT's Information Security Analysis & Consulting provides opportunities and guidance in the fast-growing and highly competitive federal IT security market. Learn more www.input.com Numara Help Desk & Network Monitoring Software Numara provides Track-It! and Network Monitor - the leading help desk and network management solutions for call tracking, IT asset management, patch management, electronic so... www.numarasoftware.com Looking for a dependable Itanium 2 Source? ION offers a complete line of Itanium2 solutions that can be customized on-line, providing configuration guidance, pricing and ordering through the World Wide Web. http://itanium.ioncomputer.com NetSupport Manager PC Remote Control Perform remote support and management on multiple systems simultaneously over a LAN, WAN and the Internet with this PC remote control software. Provides speedy, secure remote... www.netsupport-inc.com ThreatSentry IIS App Firewall + Host IPS. ThreatSentry Host IPS + Application Firewall features advanced behavioral anomaly defense engine to protect IIS against new and progressive attack techniques, block unwanted ... www.privacyware.com About Us | | Subscribe | Advertise | Webmaster FCW.COM is a product of FCW Media Group. Application Development Trends | Campus Technology | CertCities.com | The Data Warehousing Institute E-Gov | EduHound | ENTmag.com | Enterprise Systems | Federal Computer Week | Government Health IT IT Compliance Institute | JavaSPEKTRUM | MCPmag.com | OBJEKTspektrum | Recharger | Redmond magazine Redmond Channel Partner | SIGS-DATACOM | TCPmag.com | T.H.E. Journal | TechMentor Copyright 2000-2005 101communications. See our Privacy Policy 4 of 4 3/6/2006 11:13 AM Exhibit W AT&T News Release, 2004-03-22, AT&T Intrusion Alerting And Firewa... http://www.att.com/news/2004/03/22-12972 News Release FOR RELEASE MONDAY, MARCH 22, 2004 AT&T Intrusion Alerting And Firewall Services Help Thwart Cybersecurity Attacks BEDMINSTER, N.J. -- AT&T today introduced two new security services, AT&T Internet Protect and AT&T Personal Firewall, to businesses and government agencies worldwide some of the most powerful weapons available to date in their ever-increasing b against cyber security attacks. According to Computer Economics in Carlsbad, Calif., the worldwide impact of cyber attacks has grown steadily from $3.3 billion 1997 to an estimated $12 billion in 2003. As a result, protecting networks against malicious intruders and unauthorized activities become critical to business today. The new capabilities provide early warning of potential threats and give businesses and government agencies the ability to secur more effectively protect their networks and employee workstations from cyber attacks. With the introduction of these services, AT extending the management of security vulnerabilities from a company's network to all of its remote end points. Many managed security service providers today offer services that address cyber security attacks after they have affected a cust network and applications. AT&T Internet Protect, on the other hand, is designed to alert businesses via a secure Web portal to p threats before they become full-blown attacks. AT&T will notify customers within minutes of identifying critical malicious activity, including denial of service attacks, and provide recommended immediate action to be taken by the customer. The company will back AT&T Internet Protect with a service level agreement. If AT&T fails to notify a customer of a network-bas denial of service attack before the customer reports it, the customer will be credited the charges for AT&T Internet Protect for tha month's service. AT&T Internet Protect Provides Early Warning of Potential Security Attacks AT&T Internet Protect delivers on the company's commitment to turn its network inside out to give customers secure access to th inherent intelligence of its network. The service: Identifies early malicious activity, Proactively notifies customers, and Provides recommended mitigation steps. "With AT&T Internet Protect and AT&T Personal Firewall, AT&T is changing the game and upping the ante in the fight against cy security attacks", said Matthew Kovar, CFA, Yankee Group Security Solutions and Services Vice President. "Over the last few ye AT&T has quietly been building a world-class managed security services portfolio backed by the innovation engine of AT&T Labs network management platform that is industry leading". The underlying capabilities of AT&T Internet Protect were developed by AT&T Labs over the last few years to protect the compan own network by proactively searching out threats and destroying them before they became real attacks on AT&T's own network. result of the company's own success in bullet-proofing its global network, it now is offering the service commercially to businesse The scale of the global AT&T IP network and the company's advanced management tools provide a significant advantage in the company's ability to identify early malicious activity and notify customers of potential attacks before they cripple customer networ analyzing 100 percent of real-time traffic on AT&T's industry-leading IP network and using heuristics and statistical models, AT&T team of 350 security analysts can identify and pinpoint potential worms, viruses, denial of service attacks and other malicious act before network performance is hampered. "These capabilities illustrate our commitment to bring the innovations and technologies developed in AT&T Labs, as well as by le security vendors, to deliver high-value solutions to address the most critical security challenges facing businesses today," said E Shepcaro, vice president, emerging services. "AT&T Internet Protect is the direct result of our long-term investments, R&D and networking management expertise. We believe it is this type of proactive incident management capability that businesses expec a managed security services provider." 1 of 2 3/28/2006 9:16 AM AT&T News Release, 2004-03-22, AT&T Intrusion Alerting And Firewa... http://www.att.com/news/2004/03/22-12972 Later this year, AT&T Internet Protect will feature real-time mitigation of security threats for business customers. The AT&T Inte Protect portal is accessible via the award-winning AT&T BusinessDirect(sm) online customer sales and servicing portal, which cu supports about half a million users. AT&T Personal Firewall Centralizes Management of Remote Workstation Applications With AT&T Personal Firewall, businesses can secure one of the most vulnerable points in their networking infrastructure--remote employee workstations and laptops. The service enforces compliance with policies for firewall, anti-virus and software patch management; centralizes management tools for the control of remote end points; and gives customers control over the applicatio operating on employee machines. The growing number of teleworkers has heightened the vulnerability of businesses to cyber security attacks, as employee workst increasingly are used for general Internet use when not connected to the corporate network. As a result, viruses and worms can the machines and be spread when employees reconnect to the corporate network. In addition, employees sometimes also use company assets for unapproved purposes, loading unauthorized applications onto company workstations. AT&T Personal Firewall automatically blocks known and unknown threats by proactively protecting remote employee workstation the larger enterprise network--from costly hacker attacks, including rapidly proliferating worms, Trojan horses, spyware and other malicious code. The service is based on the endpoint security solution, Zone Labs Integrity(tm), from Zone Labs Inc. of San Francisco. It features endpoint security, remote access protection, intuitive end-user interface, central administration and policy enforcement tools as well as privacy and productivity tools. AT&T Personal Firewall is available to customers of AT&T Virtual Tunnel Service (AVTS) Remote Access and Broadband Single virtual private network customers, as well as Business Internet Service (BIS) Dial customers. Later this year, AT&T will start bundling the AT&T Internet Protect and AT&T Personal Firewall so that businesses, after being al to potential security threats, can automatically load the appropriate anti-virus software patches on employee workstations. AT&T Internet Protect and AT&T Personal Firewall are part of the company's comprehensive portfolio of managed security servic which include firewall, intrusion detection and token authentication. The company also provides a wide range of professional serv such as risk analysis, vulnerability assessments and ethical hacking. More information on AT&T Internet Protect and AT&T Personal Firewall is available at www.business.att.com. About AT&T For more than 125 years, AT&T (NYSE 'T') has been known for unparalleled quality and reliability in communications. Backed by research and development capabilities of AT&T Labs, the company is a global leader in local, long distance, Internet and transaction-based voice and data services. AT&T 'Safe Harbor' The foregoing contains 'forward-looking statements' which are based on management's beliefs as well as on a number of assumptions concerning futur events made by and information currently available to management. Readers are cautioned not to put undue reliance on such forward-looking statemen which are not a guarantee of performance and are subject to a number of uncertainties and other factors, many of which are outside AT&T's control, tha cause actual results to differ materially from such statements. These risk factors include the impact of increasing competition, continued capacity oversu regulatory uncertainty and the effects of technological substitution, among other risks. For a more detailed description of the factors that could cause su difference, please see AT&T's 10-K, 10-Q, 8-K and other filings with the Securities and Exchange Commission. AT&T disclaims any intention or obligat update or revise any forward-looking statements, whether as a result of new information, future events or otherwise. This information is presented solely provide additional information to further understand the results of AT&T. Terms & Conditions Privacy Policy Contact Us © 2006 AT&T Knowledge Ventures. All rights reserved. Hosted by AT&T. 2 of 2 3/28/2006 9:16 AM Exhibit X Security on the Wire http://www.eweek.com/print_article2/0,1217,a=139716,00.asp Security on the Wire November 22, 2004 By Dennis Fisher As IT moves deeper into network security, AT&T Corp. is preparing managed offerings that company officials hope will change the way enterprises think about and purchase security products and services. ADVERTISEMENT The centerpiece of the strategy is Project Gemini, an initiative through which the company intends to augment, or entirely replace, customers' edge defenses with security services delivered over the wire. RELATED LINKS Cingular's Acquisition of AT&T Wireless OK'd How Serious Is AT&T About the Linux Desktop? Verizon, AT&T to Broaden 3G Services AT&T Wireless Launches High-Speed Wireless Data Service AT&T Wireless, Sprint Ready New Business Offerings Some 30 customers are testing Project Gemini's network-based IDS (intrusion detection system) and firewall services, and AT&T plans to add other options, including anti-spam services, in the near future. Also coming soon is an advanced security management console, dubbed Aurora, and a major professional services initiative, which will initially focus on security consulting. Project Gemini, for which development began nearly a year ago, sprang from AT&T's belief that it could better manage customers' security by having the defenses on the company's IP backbone network rather than simply administering security devices on the customers' premises. As a result, customers would have the choice of adding these security services to the bandwidth they purchase from AT&T. 1 of 2 3/28/2006 9:17 AM Security on the Wire http://www.eweek.com/print_article2/0,1217,a=139716,00.asp The concept is a departure from the traditional managed security model, but, so far, AT&T officials said enterprises have been surprisingly receptive to the idea. "We were managing edge firewalls for 2,000 customers and doing a really good job, but we looked at the whole thing and said the security should be sitting on our network," said Ed Amoroso, chief information security officer at AT&T, based in Bedminster, N.J. "It turned out to be a lot easier than we thought. It became obvious that it was easier and cheaper, and it was a trivial change for the customer." Click here to read more about AT&T's Internet Protect service. While beneficial to users, the move is hardly altruistic. AT&T, which has endured several years of falling revenue and layoffs, is searching for ways to wring more value out of its network infrastructure. Under the proposed model, AT&T will handle all the day-to-day operations of the security services delivered through Project Gemini, but customers still have control over the policies in the firewalls, IDSes and other defenses. And customers also can tunnel into their boxes through a VPN to make emergency changes. "The idea of not having to set up a DMZ and monitor the perimeter is a little different, but it works for us," said one AT&T customer, who asked not to be named. "It's not a question of having less security; it's just in a different place." In addition to the network-based services, AT&T is also working on a security event management system called Aurora that it plans to sell as a software solution. The system relies on the company's Daytona database and is designed to do more than simple event correlation and normalization. Aurora includes a console that gives administrators access to real-time alerts about attacks and vulnerability advisories, as well as live case management and descriptions of the methods and procedures AT&T analysts are using to handle the event. AT&T has been using Aurora internally for approximately 18 months, Amoroso said, and only started selling the event management system on a limited basis recently after a customer saw the system and asked for it. The company is unsure precisely how Aurora will be packaged for sale, but it will likely include the option of having AT&T personnel at the customer site to help manage the solution. That option is part of the company's plan to exploit its deep pool of networking talent to bring in more consulting work, officials said. Amoroso said that he envisions AT&T developing its consulting group into something resembling IBM's Professional Services arm, which accounts for a huge amount of that company's revenue. "We're in a perfect position to do consulting. We're not deciding to do it because we need the money. Every business we talk to is desperate for this kind of help," Amoroso said. "We're going to use security as the front door and build it out from there." Amoroso said that the main stumbling block in getting customers to adopt the Project Gemini concept of a perimeterless network comes in dealing with the people in the IT department, not the inherent technical challenges. "By outsourcing the DMZ to us, the same security team needs to be there at the customer site to set policy, make decisions and all of that," Amoroso said. "The social process in convincing these folks that it won't put them out of a job is key. All we're doing is outsourcing a lot of the unattractive components of running a DMZ." Security blanket Elements of AT&T's security plan for next year Project Gemini network-based defenses, including IDS, anti-virus, firewall and anti-spam Aurora security event management system Amped-up security consulting services Copyright (c) 2006 Ziff Davis Media Inc. All Rights Reserved. 2 of 2 3/28/2006 9:17 AM Exhibit Y EQUITY RESEARCH January 24, 2003 AT&T (T - $20.50) Change of Price Target 3-Underweight United States Telecommunications Telecom Services - Wireline Red. BS Gwth Outlook- Lwring Targ to $20 Investment conclusion GQ was characterized by revenue softness and 4 EPS (FY Dec) 2001 2002 Old 0.06A 0.07A 0.06A NA NA New 0.06A 0.07A 0.06A NA NA NA St. Est 0.30A 0.35A 0.30A 0.70E 3.24E Old NA NA NA NA NA margin pressure, while the '03 outlook was modestly below our expectations, especially for the BS unit. While 4Q revs modestly beat our very low forecasts, wholesale voice drove most of this as the general business economy remained under intense pressure. This lower growth outlook and potential for a re-emerging price battle in the commercial markets are causing us to lower our price target to $20 from $25, based on SOP. We are maintaining our 3-UW rating. 2003 New NA NA NA NA NA NA St. Est 0.69E 0.64E 0.61E 0.58E 2.43E % Change 2002 0 75 50 NA NA 2003 NA NA NA NA NA 1Q 2Q 3Q 4Q Year P/E Actual 0.06 0.04 0.04 0.05 0.19 Market Data Market Cap Shares Outstanding (Mil) Float Dividend Yield Convertible 52 wk Range 74804.5M 3649.0 NA 3.7% No 93.60 - 25.11 Financial Summary Revenue FY02 Five-Year EPS CAGR Return on Equity Current BVPS Debt To Capital NA NA NA 9.9 38.5 Summary Gotal revs of $9.2b were $225m better than our T forecast, but data revenues grew a surprisingly low 3% as a continued slump in the IT markets refuses to abate. Wholesale voice, stabilizing consumer LD voice price points aided this performance, but is a low margin prod. G e remain cautious as BS mix shifts toward W wholesale voice and aggressive commercial pricing seems to be re-emerging. G S is highly levered to the continuation of UNE-P in C its current format, while margins continue to decline hl Stock Overview 40 35 30 25 20 15 000'S AT & T NEW 16/1/03 Stock Rating: Target: New: 3-Underweight Old: 3-Underweight Sector View: -- PLEASE SEE END OF D OCUM EN T FOR IM PORT ANT DISC LO SURE S - New: 20.00 Old: 25.00 40 20 0 VOLUME 1-Positive Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan SUMMARY ­ 4Q REVS OK; MARGINS HIGHLY PRESSURED AS EXPECTED; 2003 GUIDANCE PAINTS A DIFFICULT PICTURE 4Q02 Earnings Takeaways ­ Revs OK, but Margins Challenging: While total revenue of $9.3b beat our $9.1b forecast by $225m, it was all apparently centered around lower than expected declines in LD voice driven by increases in wholesale LD voice (very low margin business) and stabilization in new LD voice price points and some fee increases. Data revenues continued to be under pressure, even with the disruption at T's largest competitor, with data revenues only growing 3% yoy in 4Q. This implies data revenues were flat to down $10m sequentially in the quarter, not an encouraging sign for the long distance data market, especially since management indicates that their fourth quarter does include some market share gains from distressed competitors, arguing that that overall market likely didn't grow at all in 4Q. This tells us the that the broader data economy is still under material pressure with nothing leading us to believe that a near-term improvement is likely. Additionally, the pressure on data revenues appears to be exacerbated by increasingly aggressive pricing behavior by both distressed LD carriers as well as incumbents keen on capturing share during this period. Particularly concerning to us were management's comments implying that pricing within Business Services (BS) was coming under increased pressure and that, while T is still holding firm at their current price points, if they can't generate meaningful share increases their prices may be headed lower. This would largely stifle the expectations for meaningful revenue improvements at the incumbent LD carriers, leaving consensus expectations within BS likely too high for 2003. Consumer Services (CS) beat our revenue forecast by $130m indicating that their "All Distance" bundle may have gotten some traction in 4Q. However, EBIT margins were under extreme pressure indicating that spending on customer acquisition may be diluting the apparent revenue gains. Guidance for 2003 was somewhat disappointing, particularly within BS. We are lowering our price target to $20 from $25 to reflect the BS challenges (maintaining our 3-Underweight rating), and adjusting our 2003 forecasts between the two operating units, but leaving our overall T revenue and EBITDA forecasts unchanged at $34.2b and $8.5b respectively. PLEASE SEE IMPORTANT DISCLOSURES BEGINNING ON PAGE 5 1 EQUITY RESEARCH 2003 Guidance ­ Continued Declines in '03: Guidance was somewhat disappointing to us (primarily on the BS side), and we tend to be more conservative than most on the LD markets. Management implied that the commercial economy continued to slip in the fourth quarter, implying that, without the share gains they managed from distressed competitors, data revenues would have been flat-to-down. Further, they specifically indicated that they do not see any significant turnaround in the near term and expect total business telecom spending will be down again in '03. They believe they can grow modestly in the face of overall industry declines due to share gains from distressed competitors but indicated that they may have to cut prices to achieve this, leaving us concerned about margins and profitability. Bolstering our concerns here, management indicated that the biggest factor impacting near-term margins is what happens to pricing within the business market. This is an open issue that will be vetted over the next 2-3 quarters. Management further indicated that it will not be providing quarterly or annual EPS guidance past 1Q03, as it attempts to take a longer term approach to expectations. The guidance it did provide was limited and includes the following: · Full year '03 operating income margin decline, excluding Latin America charge, to be comparable to the 2002 decline ­ this implies to us that '03 operating income margins of around 10% (assuming a 440 bp decline from '02 to '03, which represents the decline that occurred from '01 to '02) · Diluted EPS for 1Q03 of 50-55 cents · Capex for 2003 of $3.3-3.5b · BS expects a slower rate of revenue decline in 2003 compared to 2002 · CS expects the 2003 rate of decline to be slightly better than the decline in 2002 Price Target & Forecast Changes ­ $20 New Target; BS Data Reduced $500m, CS LD Voice Increased $500m: We are lowering our price target on T from $25 to $20, based on sum-of-the-parts, due to our concerns that pricing pressure and aggressive competitive behavior within the commercial LD market will weigh on BS' ability to grow revenues and EBITDA in the intermediate future. This reflects a reduction in our valuation of BS from 4-5x '03 EBITDA to 3-4x '03 EBITDA due to our decreased view on growth potential over the next 6+ quarters resulting from a continued, depressed LD data market and potential additional pricing pressure from competitors. We are also adjusting our revenue forecasts for 2003, adding $500m to CS (modestly decreased substitution effects and certain fee increases) but subtracting $500m from BS' data revenues (ongoing slippage in commercial LD data market and gathering signs a renewed pricing battle), leaving '03 total revenues unchanged for T. We have modestly increased BS and CS margins to reflect the 3,500 HC reduction, but left our overall '03 T EBITDA forecast essentially unchanged at $8.5b. We emphasize our thesis that investors need to evaluate T as a combined company (BS+CS) until management exits or otherwise th divests itself of the CS unit (as we highlighted in our November 18 2002 downgrade note "'03 ­ Last Year for AT&T Consumer?" And while CS revenues modestly exceeded our forecast, its margins were much as expected-to-modestly lower, leaving us concerned about the unit ultimately reaching EBITDA breakeven later this year or early next year. The potential for CS' fixed costs being amortized over the BS unit is something that we believe needs to be considered as we estimate it to be as much as $1-2b and could reduce BS margins by 800-900 bps. If you assume that CS is exited and that $1.5b of fixed costs revert to BS, we estimate that proforma BS' EV / EBITDA multiple is approximately 4.2x '03 EBITDA, reasonably above FON's current multiple of 3.6x. BUSINESS SERVICES REVIEW ­ REVS IN-LINE, BUT MIX CONCERNING; PRICING PRESSURE A CONCERN BS' revenues declined 3.0% to $2.7b, modestly better than our forecast 3.8% decline. However, the mix was somewhat concerning as material increases in wholesale LD voice, which now comprises a stunning 40% of BS' LD voice traffic, drove essentially all this upside and more, since data revenues came in approximately $140m below our forecast. Wholesale LD voice margins are extremely thin and therefore not likely to drive material cashflow. Data revenues grew 3% yoy in 4Q, but appeared to be flat to modestly down sequentially. Specifically, we estimate that total data/IP revenues were $2.56b in 4Q, $140m shy of our forecast and very similar to 3Q's $2.57b. This makes us cautious on material near-term improvements in data revenues that many have assumed would flow to T BS as a result of the disruption at the competition. EBIT margins of 6.9% were nearly 450 bps below our forecast, again indicative of revenue mix shifts to lower margin wholesale voice and potential early warnings of price competition. We are reducing our 2003 BS revenue forecast by $500m, all due to lower expected revenue in data/IP, and very modestly increasing EBIT margins to reflect the 3,500 HC reduction, leaving our BS '03 EBIT forecast about $35m lower at $3.3b. · Total Revenues of $6,588m beat our forecast by $55m, while the 3.0% decline was 80 bps better than our forecast 3.8% decline · All the revenue upside, and then some, was driven by lower than expected declines in LD voice, with that being driven by wholesale LD traffic (wireless and RBOC LD entry). Retail LD voice volumes were still economically depressed in 4Q, with inbound calling still especially weak. · LD Voice declined 10%, modestly better than our forecasted 13% decline, but LD wholesale voice, which drove this, is very lowmargin business, leading us to believe that this revenue upside won't mean as much to cashflow. · Data/IP grew 3% yoy in 4Q, but was essentially flat sequentially, indicating that the commercial data economy continues to struggle. This fact leaves us concerned about '03 data revenue growth, causing us to reduce our '03 data/IP revenue growth forecast from 9% to 5%, stripping away $500m in revenue from our BS forecasts. · EBIT of $451m, was materially below our $750m forecast, nearly a $300m variance. EBIT margins of 6.9% were 460 bps below our 11.5% forecast. We believe the main driver here is a mix-shift to lower margin wholesale LD voice revenues. · In sum, we have reduced our '03 BS revenue forecast by $500m and our '03 EBIT forecast by $35m, leaving our '03 BS revenue forecast at $25.9b (a 2% yoy decline) and our EBIT forecast at $3.3. 2 EQUITY RESEARCH CONSUMER SERVICES REVIEW ­ REVS BETTER THAN EXPECTED, BUT MARGINS REMAIN TOUGH CS' revenues declined 20.0%, nearly 500 bps better than our forecast 24.8% decline, due to the usual culprits of wireless/Internet substitution, competition, migration to lower priced calling plans and prepaid calling cards. The modest "beat" versus our forecast was driven by better than expected volume declines, apparently due to a moderate reduction in the "substitution effect" and moderate traction in their bundled "All Distance" product. However, while the substitution effect may be flattening somewhat, we believe soon-to-berealized 100% RBOC entry with 271-eligibility could make this the calm before the storm. Additionally, management was fairly straight forward regarding the fact that the company has no other near-term viable strategy for competing with an "All Distance" product other than UNE-P, making it highly exposed to regulatory uncertainty (which should be resolved in mid-February). If the upcoming Triennial Review by FCC works out the way we expect in terms of excluding switching from the UNE-P bundle, CS will be faced with a much more compressed time schedule for determining its strategic course. And while we do not view UNE-P as a strategic, sustainable business for them anyway, the near-term dissolution of this "revenue opportunity" will simply accelerate and put increasing visibility on the ongoing revenue and EBITDA declines the company faces. Thus, while we are raising our '03 revenue forecast by $500m to reflect reduced wireless/Internet substitution, it does not change our fundamental view for the unit. This is highlighted by the fact that we are raising our EBIT forecast by a modest $25m (on the $500m revenue increase). · Total Revenues of $2,736m beat our forecast by $130m, while the 20.0% decline was nearly 500 bps better than our forecast. · This was driven by reduced wireless/Internet substitution and modestly greater than expected net adds for UNE-P · LD voice volumes declined at a low double digit rate, somewhat better than our 20% forecasted decline · However, we believe that full RBOC entry will push voice declines back toward the ­25 to ­30% range for 2003 · UNE-P net adds of 500k, beat our 400k forecast, leaving total UNE-P subs at 2.4m · EBIT margins of 14.2% were in-line with our 14.6% forecast, but represent a material decline from 3Q02 levels of 21.3%. And although there were charges embedded within this number, we believe costs will continue to pressure margins due to the pace of UNE-P marketing, launches and net adds · In sum, we have increased our revenue forecast by $500m to reflect lower wireless substitution, leaving '03 revenue forecast at $8.6b, a 25% yoy decline (up from a 30% decline originally); we have raised our EBIT forecast by $25m to $230m. AT&T TELCO ­ COMBINED BS & CS · Total revenues of $9.3b, were $225m better than our $9.1b forecast, driven by CS at $130m better, BS at $55m better and $40m less in revenue eliminations than forecast · The overall 8.6% decline in revenues was moderately better than our forecasted 10.5% decline Total EBITDA of $2.44b was about $80m better than our $2.36 forecast and margins of 26.3% were essentially in-line with our · 26.1% forecast · We believe T Telco will continue to face high single digit revenue declines and intense margin pressure due to the mix shift toward LD wholesale voice and due to pricing pressures within the BS unit. · Our forecast for '03 calls for T Telco revenues to decline about 10% and EBITDA to fall about 17% to $8.5b · CS is highly leveraged to regulatory risk from the upcoming UNE-P decision · BS is likely to feel revenue pressure from keen price competition as well as margin pressure from this pric

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.


Why Is My Information Online?