Vmyths.com


Hoaxes, myths,
urban legends

Columnists

Newsletter
signup

Addictive
Update
Model

False
Authority
Syndrome

About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

As read by the author

The China Syndrome, part 6

As read by the author Rob Rosenberger, Vmyths co-founder
Friday, 26 April 2002 A NUMBER OF Vmyths readers pointed out a story published in the Los Angeles Times:
U.S. intelligence officials believe the Chinese military is working to launch wide-scale cyber-attacks on American and Taiwanese computer networks, including Internet-linked military systems considered vulnerable to sabotage, according to a classified CIA report... U.S. intelligence analysts have become increasingly concerned that authorities in Beijing are actively planning to damage and disrupt U.S. computer systems through the use of Internet hacking and computer viruses... Taiwan, which China regards as a renegade province, appears to be the driving force behind the Chinese interest in hacking and viruses.
The Oval Office tacitly approves the U.S. trans­fer of "dangerous" virus tech­nology to China. I don't make this claim lightly.
If Beijing "terrorizes" our great nation with a virus, it'll be be­cause Net­work Asso­ci­ates & Syman­tec & Trend Micro helped them while Bush's "special ad­vi­sor for cyber­space secu­rity" looked the other way. In a related event, demoted White House fearmonger Richard Clarke recently told senator Charles Schumer (D-NY) the president might resort to every means at his disposal — including the use of military force — to repel hackers & virus writers. I sat in the back row of a senate room in February when Clarke told this to Schumer. He implied the president could launch a physical counterstrike if China ever attacks the U.S. with a computer virus. Now, Clarke didn't come right out and say this to the three reporters who flanked him after the public meeting, but he certainly did imply it to Schumer. As you may recall, the White House refrained from a nuclear response last year when Beijing's hackers declared an all-out cyberwar against America. Bush's top demoted fearmonger used his C-SPAN coverage to send a strong signal to China: "leave our PCs alone!" According to the Los Angeles Times, the classified CIA report claimed "China's virus attack capabilities are [currently only] similar to those of sophisticated hackers." In other words, Beijing's cyberwarriors need to do a lot of catching up if they ever hope to cyber-attack our great nation. But catching up shouldn't prove too difficult — because U.S. antivirus vendors supply China with "deadly" computer virus technology. And Clarke knows all about it! Clarke said (and I quote) "oh s--t!" during a high-level briefing in January 2001 when an aide told him about The China Syndrome. The Oval Office now tacitly approves the U.S. transfer of "dangerous" virus technology to China. I don't make this claim lightly. Clarke could have done something about this in 2001. Heaven knows I gave him some good advice but he chose not to follow it. The classified CIA report mentioned "sophisticated [Chinese] hackers," and I assure you Clarke fears them like he fears nothing else. He fears Osama bin Virus, not Osama bin Laden. Quoting Clarke from a keynote speech he gave after the physical terrorist attacks:
We still have a system that is fragile, that is vulnerable to sophisticated attackers, not the 14-year old but a sophisticated group or a nation state [e.g. China] doing multiple simultaneous attacks on the system. Think of the functional equivalent of four 767s crashing into buildings, not the little car bomb. It could be a catastrophic damage to our economy, and if done at a time of national security crisis, it could be a catastrophic damage to our national defense.
Clarke previously went on the record to predict the United States will suffer a "digital Pearl Harbor" so large and so deadly that "the federal government needs a reconstitution plan" just to survive it. And yet if Beijing "terrorizes" our great nation with a computer virus, it'll be because Network Associates & Symantec & Trend Micro helped them while Clarke looked the other way. (Hmmm, let me retract Trend Micro — they're a Chinese firm masquerading as a Japanese firm who won a lucrative contract to protect the U.S. House of Representatives from viruses. You can't fault a Chinese firm for supplying virus technology to their alma mater.)
SPEAKING AS AN industry observer, I want you to know it doesn't violate my personal code of ethics when antivirus vendors supply virus technology to any government of their choosing. I repeat myself from more than a year ago:
Antivirus firms want China to hire them to protect communist computers. As the devil's advocate, what gives me the right to decide what a sovereign nation may demand from its cyber-bodyguards?
Clarke played a humili­ating role in last year's physi­cal terrorist attacks (before, after). He now plays a humili­ating role in a CIA-predicted Chinese cyber-attack. Again, I don't make this claim lightly.
Yet speaking as an American, I do object to "international arms dealers" who supply "weapons of mass disruption" to an oppressive communist regime. As an American, it doesn't matter to me if they sell it to China with the White House's tacit approval — they shouldn't do it, period. Millions of red-blooded Americans pay these U.S. firms to protect them from Chinese cyber-attackers. (I sound a lot like senator John Edwards, don't I?) Clarke played a humiliating role in last year's physical terrorist attacks (before, after). He now plays a humiliating role in a CIA-predicted Chinese cyber-attack. Again, I don't make this claim lightly. Only China can launch an "ECBM" at us — and you can thank Bush's Special Advisor for Cyberspace Security (again!) for not doing his job. All of this talk about "The China Syndrome" led me to-- Wait wait wait. Let's remember something important here. If you want to study the antivirus industry's cozy relationship with China, you can only turn to three sources: The Wall Street Journal, Vmyths, and The Register. No other print- or web-based news outlet on Earth covered this taboo story — especially not in the computer security world. So anyway, all of this talk about "The China Syndrome" led me to revisit a "conspiracy theory type question" posed by Vmyths reader Rob Thompson:
With the fact that [antivirus vendors] are feeding the Chinese virii so they can "test" their new software to make sure that it works, you don't by any chance think that they are using those files and then reverse engineering them to come up with some of the new super virii that have been popping up lately??? IE: CodeRed 1 and 2, Nimda. I am NOT by any means a virus expert, but I am a computer professional so unfortunately, I HAVE to work with [antivirus vendors] when my users get infected and I would have to say that those [viruses] and the newer ones that have been coming out are quite nice.
I think Beijing really just wants viruses for two reasons. First & foremost, they need viruses to test "Kill," their national antivirus product. China exhibits a strong xenophobia and they'd love nothing more than to tell the computer security world to shove it. As a corollary, I think the antivirus industry supplies China with viruses because they don't see "Kill" as a viable competitor. No offense to pan-Asia, but ... to put it bluntly, the concept of computer security seems uniquely western.
SECOND, I THINK Chinese military leaders use the antivirus industry to create scary "dog & pony shows."
What does a looming Chinese cyber-attack and The China Syndrome mean to Joe SixPack?
Answer: it means nothing. They do it to foment White Housteria, and I believe Beijing adores Gee-Dubya's fearmongering advisor for this reason alone. Every dollar Clarke spends foolishly (partly thanks to the antivirus industry) is one less dollar the U.S. spends wisely. And Beijing knows how to yank Clarke's chain. You just:
  1. plop some nerdy military cadets in front of computers;
  2. snap a few photos;
  3. make up a story about the cadets' diabolical hacking abilities; and
  4. publish it in a vaunted Chinese military journal.
The CIA translates it for the White House and Clarke forwards it to senators & congressmen. Washington then prints money in a furious attempt to save western civilization from the onslaught of an impossible Chinese über-virus... So! What does a looming Chinese cyber-attack and The China Syndrome mean to Joe SixPack? Answer: it means nothing. All of the pieces will fall into place when I conjecture why the president demoted Clarke instead of firing him outright:
As luck would have it, the man who replaced Clarke abhors publicity. So Clarke struck a deal with the devil to save his civil servant career. He now plays the role of a clown for General Wayne Downing. Clarke satisfies the media's deep-rooted fetish for "cyber-terrorism" stories, and in so doing he draws the spotlight away from the physical counter-terrorism director.
(I call it a "conjecture" for two reasons. First & foremost, this may very well be a classified job description. We're talking about media deception in its purest form. Second, one of my sources has questionable political motives.) To put it another way: Clarke plays Michael Caine's role in the movie "Without A Clue." I do not insult Clarke when I say "Downing picked the best clown for the job." So relax, Joe SixPack. Pour yourself a glass of lemonade. Turn on C-SPAN. And hum a few bars from "Send In The Clowns"...