Truth About Computer Security Hysteria
Another publicity bonanza for mi2gRob Rosenberger, Vmyths co-founder
Thursday, 4 November 1999
MI2G PULLED OFF another publicity bonanza centered around founder D.K. Matai. Let's begin with the first few lines from a story in London's Sunday Times:
British companies are being attacked by mystery hackers with a virus that dupes computers into thinking that the millennium has already arrived. The bug, which forwards internal computer clocks to January 1, 2000, is capable of crippling systems for up to three days, during which time valuable data can be stolen or wiped out. Security software experts have been called in to combat the threat posed by the virus. They believe it is capable of overpowering almost all computers, including Y2K-compliant systems which have been deemed ready for the rollover to the new millennium.
One perfectly timed press release begins: "on the eve of the mi2g software event on 'How to manage e-risk?™' organised in conjunction with Reuters and First Tuesday, it was revealed that most of the serious electronic attacks taking place against financial institutions, multi-nationals and major on-line businesses are highly covert and seldom become public knowledge." Two days later, mi2g conveniently announced "two serious cases in October of clients being attacked" by hackers who set computer clocks forward to January 2000. Unnamed clients, natch.
mi2g's hysteria flies in the face of current Y2K preparedness assessments. Oddly, they don't seem concerned by their implication of global catastrophic failure in two months. mi2g only cares if the computing world dies before its scheduled demise on 1/1/2000. It's like hearing someone say "this death-row inmate needs a heart transplant." Seems kind of pointless, doesn't it?
A quick recap: mi2g turned into a computer security firm almost overnight this year. I surmise they didn't do so well after creating an "Internet paradigm shift" with a "breakthrough" concept known as, um, "lounges." mi2g's clock-forwarding fetish surfaced soon after Matai declared himself a renowned security expert.
So far as I can tell — I don't make this claim lightly — Matai apparently just decided Y2K will destroy computers if it arrives even one day too soon. mi2g claims they performed extensive date-forwarding tests, but no one I've encountered to date claims to have seen paperwork on it. The two or three other full-time employees (counting Matai's wife) probably just go along with his statements. He is the company's founder, after all.
In Matai's defense, I didn't ask him yet for a copy of the test results. I tried to learn about it from various clients highlighted on mi2g's website. That's another wild story, but we need to stay focused on the imminent demise of computing...
So let's talk about this über-Trojan in the Sunday Times story. I put out a general call to antivirus vendors for confirmation & details. The experts know of Matai, but no one knows about this malicious code. Sample comments from the field:
"No one at ICSA has seen it or know of anyone who has. It appears convenient that in the last weeks two unnamed companies have seen evidence of a type of code that Mr. Matai has been predicting to be possible for several months."
Conclusion? Only mi2g can protect you from an unconfirmed beast which sets your computer clock two months ahead. Beg them for help and pay Matai any price if you value your personal safety.
Oh, and remember: Y2K itself will set clocks to 1/1/2000 on New Year's Day. Enjoy the Internet and your personal safety while it lasts.
Editors sometimes reject me as a source because I won't tell reporters where I work, let alone speak for my employer. The media prefers to quote sources with corporate credentials. Answer: D.K. Matai. Editors embrace him because he founded a corporate entity with professional office space and slightly more than one full-time employee. (The media likewise once embraced John McAfee, founder of McAfee Associates.) Hey, you can take Matai at face value — after all, a British knight serves as his company's chairman.
I could do what Matai does, you know. I could easily launch www.infowar.nu. I just need to incorporate myself, offer the chairmanship to a respectable businesswoman, rent office space, hook up a T1, let my wife play secretary, then print letterhead for the "Securität Intelligencia Directorate" within my firm. I could claim I worked on top-secret information warfare programs for NATO. Yeah, that's the ticket! How many people can say they've been to CIA headquarters? (True! My cab driver pulled up to the gate to ask for directions.)
I could lead reporters to think I have access to classified White House documents. I could make them believe I know all about the cyber war in Kosovo. " 'That's what Area 51 was built for,' Rosenberger asserted. 'Not alien autopsies, but computer armageddon.' "
Hang on while I advance my laptop to 12/31/99 at 11:59:55pm. 4,3,2,1... Hmmm. It clearly says "Saturday, January 01, 2000" when my mouse hovers over the system tray. My active-matrix panel didn't even flicker. Oh well: I probably just didn't do it right. Maybe if I go back in time? Hmmm. Same nothingness. I wish I knew how mi2g conducted their experiments.
Hey, waitaminit! Do you think curious users at those two companies set computer clocks ahead just to see wha... Nah, only a hacker or a trained professional would conduct such a dangerous experiment. Forget I said it.
I could do what Matai does, you know. I just need to overcome one pesky little obstacle...