Vmyths.com


Hoaxes, myths,
urban legends

Columnists

Newsletter
signup

Addictive
Update
Model

False
Authority
Syndrome

About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

Computer virus command & control

Rob Rosenberger, Vmyths co-founder
Thursday, 15 August 2002 As read by the author (MP3) LET'S TALK ABOUT "nuclear command & control" for a moment. Bear with me: it leads to computer virus hysteria.
If one American citizen gives computer viruses to a hostile nation, everyone will call him a traitor. Yet if a large antivirus firm does the same thing, everyone will grumble, but they'll still buy the firm's software.
We'll state the obvious. The leaders of almost every country on the planet fear the threat of poor nuclear command & control. They know mushroom clouds would spring up all over the place if terrorists and/or dictators could easily lay their hands on a uranium artillery shell or a plutonium torpedo. Better-than-poor nuclear command & control kept the "atomigeddon" at bay for the last 57 years. But the doomsayers have warned for a long time that our safety won't last much longer. Many such doomsayers live in Iowa City, which officially declared itself a nuclear weapon-free zone in 1985. Now let's talk about "biological command & control" for a moment. Bear with me again: it leads to computer virus hysteria. We'll state the obvious. The leaders of almost every country on the planet fear the threat of poor biological command & control. They know bacterial clouds would spring up all over the place if terrorists and/or dictators could easily lay their hands on a jar of anthrax or a vial of smallpox. Better-than-poor biological command & control kept the "poxigeddon" at bay for the last ten months. But the doomsayers have warned since the deadly anthrax attacks in 2001 that our safety won't last much longer, even with a renewed interest in stifling university research. Many such doomsayers live in Iowa City, so I imagine they declared it a germ weapon-free zone, too. As you know, the threat of atomigeddons and poxigeddons diminished in the late 1990s with the rise of the Internet. Congressman Curt Weldon (R-PA) claims Osama bin Laden threw away his radioactive materials & anthrax spores in favor of CD-ROMs filled with computer viruses. Indeed, the Armed Forces Communications & Electronics Association quotes an unnamed CIA official (aren't they all?) who described the Blitzkrieg server computer virus as "potentially more dangerous than nuclear weapons."
Ask yourself why we'll accept it at the corporate level when we won't tolerate it at the personal level.
I don't make this stuff up, folks. Officials in Washington still fret about nuclear & biological wars — but they fret a lot more about computer wars these days.
THE THREAT OF a Chinese computer virus particularly scares those in Congress and those in the White House. Senator Charles Schumer (D-NY) fears a Mongolian virus attack. He actually wonders if we should restrict computer education in U.S. schools for national security reasons. Schumer warned Americans in February 2002 about the cyber-threat China poses to our great nation. You can actually listen to the fear in his voice:
Audio clip courtesy of C-SPAN We now know that North Korea, Iran, Iraq, and China are all training people in Internet warfare. Hostile foreign nations are sending students to American universities to learn computer science so they can go home and possibly use it against us. Our own schools that our children attend, that our tax dollars fund, are probably now serving as digital training grounds for future cyber-terrorists. And we're doing nothing about it. Audio clip courtesy of C-SPAN When I learned that some of the countries [White House computer security advisor Richard Clarke] mentioned — Iran, Iraq, North Korea, China — are training citizens in how to use the Internet as a weapon, it's become even clearer to me that this is possibly the principle form of 21st century warfare.
That's Schumer for you. The senator from New York just can't find enough regular terrorism to worry about, I guess. Schumer and many other officials paint a simple formula for America's pending cyber-destruction:
Beijing + computer virus = bad mojo
And yet longtime Vmyths readers know the antivirus industry supplies China with deadly computer virus technology. Ironic, eh? It's only a matter of time before Iowa City declares itself a computer virus weapon-free zone. A layman would think Washington wants to implement better-than-poor computer virus command & control. Right? Washington officials should at least order U.S. antivirus firms not to supply Beijing with dangerous computer virus technology. Right? Wrong! The White House tacitly approves the transfer of computer virus technology to an oppressive communist regime. I don't make this claim lightly. Washington officials fear the threat of a Chinese über-virus — but they don't mind if America's leading virus experts supply China with über-virus technology.
The White House tacitly approves the transfer of computer virus technology to an oppressive communist regime. I don't make this claim lightly.
That's Washington for you. Logically, if U.S. officials fear a Chinese über-virus, then they should work on a law to stop The China Syndrome. Logically, Schumer and Weldon should collaborate to re-classify computer viruses as a military munition subject to extensive export controls.
BUT WASHINGTON DOESN'T operate on the theory of logic. Therefore, I will demonstrate the absurdity of poor computer virus command & control. I hooked up with a member of the virus underground who calls himself "4Q." He introduced me to "Yello," a diabolical 23yr-old British virus writer. Yello started writing viruses & worms roughly three years ago. You may know him for his stunning work on IRC-Worm.Lara, the first worm to spread using the Windows desktop decorating file (*.theme). In other words, he's no slouch. Yello likes to code in Microsoft Visual Basic "because it's quick and simple." His hobbies include playing the guitar, writing software, and going to the pub. I don't know what this all has to do with being a deadly über-hacker, but reporters seem infatuated by a virus writer's lifestyle & attire. The media puts a lot of faith in irrelevant details, so I will too. At my request, Yello promised to give me a copy of his next virus creation. I — a respected U.S. virus expert — will then give Yello's newest creation to officials in a hostile nation. And I fully expect the White House will tacitly approve the transfer. Now, according to the rules of the antivirus industry, I'll get to name Yello's new virus (since I will be the one to "discover" it). Therefore, I will call it the Vmyths Applauds The White House For Embracing U.S. Antivirus Experts Who Transfer Dangerous Computer Virus Technology To Hostile Governments virus. (Ha!) I should note U.S. antivirus firms refused to give U.S. officials the virus technology they handed over to Beijing. Therefore, I will not give a copy of Yello's new virus to U.S. officials. Again, I fully expect the White House to go along with this. (Note: at a December 2000 White House meeting, U.S. antivirus vendors who supply China with viruses told presidential computer security advisor Richard Clarke they don't want to look like a tool of the CIA. The White House later discovered U.S. antivirus vendors operate as a tool of the PRC. Clarke tacitly approves the transfer of computer virus technology to Beijing to avoid a political embarrassment. I attended the December 2000 meeting and I don't make these claims lightly.)
A member of the antivirus industry blew his top when I lowered my standards to those of the U.S. antivirus industry. I live for this kind of irony, you know.
So! It only remains to pick a hostile cyber-enemy to receive Yello's next virus. Check out the audio of a "lottery drawing" I held during a pizza party. We even picked a runner-up hostile country just in case our winner declines Yello's diabolical new creation.
IRONICALLY, THE U.S. antivirus industry turned on me when 4Q announced the role he now plays in exposing White House schizophrenia. An irate expert at one antivirus firm called me to terminate our relationship. This same expert contacted Microsoft's computer security team in a desperate bid to "banish" me (from what?) — and he predicted FBI's National Infrastructure Protection Center would launch an armed raid against Vmyths to censor this column before its publication. I swear I don't make this stuff up, folks. A member of the antivirus industry blew his top when I lowered my standards to those of the U.S. antivirus industry. My status as an "industry pariah" jumped when 4Q posted his announcement ... which leads me to suspect the irate expert notified his colleagues at other antivirus firms. I live for this kind of irony, you know. I really do. This guy's anger played right into my hands, too. I repeat myself from more than a year ago:
If one American citizen gives computer viruses to [a hostile nation], everyone will call him a traitor. Yet if a large antivirus firm does the same thing, everyone will grumble, but they'll still buy the firm's software. Ask yourself why we'll accept it at the corporate level when we won't tolerate it at the personal level.
Yes yes yes, I could easily name this expert — but I'd much rather leave you guessing. Does he work for Network Associates? Symantec? Command Software? eEye? Central Command? TruSecure? ISS? Does he work for a non-U.S. firm such as Trend Micro? Sophos? MessageLabs? Finjan? Panda Software? mi2g? Kaspersky? I could easily name this expert — but it doesn't boil down to just one man or one firm or even one country. The antivirus industrycartel itself despises Vmyths for exposing embarrassing truths. They'll sometimes go to absurd lengths to stop us from pointing out their absurdities.
The next time you listen to Schumer rant about cyber-Chinks and E-rabs, you can say to yourself "hey, the senator from New York IS a racist!" He wants to kick turbans & coolie hats out of U.S. computer classrooms.
And even if you knew this guy's name, I insist you'd still buy from his firm. Heck, you continue to buy antivirus software from Network Associates, Symantec, and Trend Micro even though each admits they turn over virus technology to an oppressive Chinese regime. Why does society accept so much absurdity at the corporate level when we won't tolerate it at the personal level?
OUR EDITOR-AT-LARGE HOUNDED me over this column, too — but for a different reason. "There is no real relationship between the think-tank idiots who write about China's threat of cyber-warfare and the people who actually do computer security," George C. Smith asserted. (Very true.) "It's only useful as propaganda" to beltway wonks like Richard Clarke. Vmyths readers know Beijing can't even keep an outlawed religious sect from hijacking a national TV satellite. Clarke & Schumer & Weldon et al. fear China because they don't read Vmyths. What, Smith asked, do I really hope to accomplish with this column? Well, for one thing, I wanted to make fun of the Arch-IE Bunkers in Washington. Seriously. The next time you listen to Schumer rant about cyber-Chinks and E-rabs, you can say to yourself "hey, the senator from New York IS a racist!" Schumer doesn't care about poor computer virus command & control — he just wants to kick turbans & coolie hats out of U.S. computer classrooms. Racism plays well if you can package it as computer virus hysteria. Now if you'll excuse me, I need to freshen up a little bit. I expect the Keystone Kops will break down my door any minute now with their guns drawn...