Truth About Computer Security Hysteria
George C. Smith, Ph.D.,
Wednesday, 29 August 2001
LAST WEEK, a judge was cashiered in Los Angeles for relentlessly fabricating stories about his past. As one example, it was said in the local wrapper that the man had claimed to have once been an adventuring CIA operative in Laos during the Vietnam War.
The local judicial system even dragged a real CIA man into hearings on the jurist's basic honesty and psychological fitness to refute the fellow. In defense, the judge's lawyers claimed him to be suffering from pseudologica fantastica, a mental illness "said to cause people to mix fact with fiction to protect their self-esteem."
This tactic failed and the Lying Judge was banished from the juridical kingdom of Los Angeles with the mark of bureaucratic Cain upon him and the admonishment to never return.
However, banishment, embarrassment, or a branding as the community dissembler ("That's Old Joe, son; he's so full of it he squeaks") hardly ever result for embellishment of the mundane truth of one's life with tales of stretchy grandeur when newsmen, computer security, and the topic of computer viruses intermix. Pseudologica fantastica is the preferred mental condition.
Take the case of the English student who saved 400 or so worlds of corporate computing from almost certain destruction on August 16, according to the BBC. "A computer student potentially saved businesses millions ... [a] 'Trojan horse' had already affected at least 400 companies across the world when a [teenage computer geek] detected it on his home PC," reported a Beebster breathlessly.
We were told the young stalwart from Blighty discovered a virus when it "appeared on his machine" while in an Internet chat room. "Like Code Red it 'floods' someone's hard-drive and can cause major damage," claimed the student-who-saved-431-corporations-in-America-Canada-and-France.
Teenagers-Who-Save-The-World have been visible from the first day I logged onto the virtual circuits of a bulletin board system — quite probably well before, too. At least one, sometimes more, could be found in residence in any given electronic community and the less excitable hands (read the realists) would know them in two basic flavors:
Banishment, embarrassment, or a branding as the community dissembler hardly ever result for embellishment of the mundane truth of one's life with tales of stretchy grandeur when newsmen, computer security, and the topic of computer viruses intermix. Pseudologica fantastica is the preferred mental condition.
To tell the truth, the identification of "unique" examples of malicious software is about as challenging as the picking of cat stool from a litterbox. However, it is now common for the media to indulge teenagers or some employees of the computer security industry in their fancy for a "Secret Life of Walter Mitty"-like experience. All it takes is an average affinity for Munchhausen's Syndrome and a listener on deadline mildly entertained by the result.
- Otiose and garrulous ninnies who were always the first in line to get flattened by booby-traps disguised as "free" utility software; and
- Satellites of the computer virus underground enamored of hanging out on virus-exchange bulletin board systems for the purpose of fencing newly-minted bits of malware to antivirus professionals in return for, perhaps, a registered copy of a firm's software and a rep as an unpaid stooge heroically manning the rampart between civil cyberspace and the Dark Side.
AND WHILE NO one can really "Save The World" on the Internet in an afternoon (and who said it needed saving, anyway?), getting someone to publish that you did is always within reach. Even if not true, there will always be a few outlets to say otherwise, useful for silencing the jaundiced.
In more outbreaks of pseudologica fantastica: The Washington Times reported on August 10 that "all intelligence services, including the CIA, Defense Intelligence Agency, and especially the National Security Agency, have launched major searches for [an] elusive computer hacker" named "Red Crack."
It was so decreed, the newspaper said, by unidentified officials from the Bush administration. Anonymous "Internet security specialists" were alleged to have implicated the clever "Red Crack" in cyberwars between the U.S. and the Chinee.
"Red Crack" was also said to have left bellicose anti-American messages on a government website. There was no explanation on how the cyber-Boxer might have come to suffer from pruritus ani.
Close upon its heels, MSNBC added even more pages to the already thick book of nauseatingly unimaginative and repetitive text on the subject. Perceptively entitled "the U.S.-China Information War," it contained all the hackneyed usages, packaged as eye-opening revelations, common to the brand of literature.
You had your anonymous sources of alleged gravitas ("senior government and military officials"), your claims of plans to strike at electronic Mammon ("30 high-ranking experts called for the development of weapons that can throw the financial systems and army command systems of the 'hegemonists', i.e., America into chaos") and the always
"It will be the acme of skill to defeat the prideful military of the Americans through the righteous uniting fists of stealthy digitized roaming mobile code."
-- People's Liberation Army military theorist Fu Man Tzu in "Cyber-Wars Like Grains of Sand," translated by China scholar, Hue Pflong Pu, Center for Strategic and International Studies.
really hidebound trusty saw that computer viruses will be unleashed ("China appears interested in researching methods to insert computer viruses into foreign networks...")
It produced the silly expert, in this case Army analyst Tim Thomas, mildly infamous on Vmyths.com for an older article that crazily cited a Russian 666 virus that could cause heart arrhythmia and nuclear missile silo operators said to be in training to resist telepathic attack! (In the MSNBC report, the Russian 666 virus is no longer the object of interest. Now it's possibly Chinee network-striking "shock brigades.")
The story closes with a routine brag on the utter supremacy of U.S. cyberwar might, supplied by another pro forma anonymous source. "A high-ranking U.S. intelligence official says, U.S. info-war capabilities far outstrip those of China or any other potential adversary."
Vmyths.com conspiratorially informs its readers the usage of the qualifier high-ranking in these types of stories is always critical because without such the audience might become suspicious it was being smoked the empty-headed opinion of any old yahoo.
A story in Inside the Pentagon discussed the U.S. military's month-long disengagement from the Net over Code Red fears. The reasons DoD gave for the battle-turnaway were ... hard to discern.
FINALLY, WHILE STILL on the twin topics of yahoos and the outstripping capabilities of Department of Defense digital fighting men, it must be noted that Inside the Pentagon, published an interesting story on August 23 discussing the U.S. military's month-long disengagement from the Net over Code Red fears.
The reasons given for the battle-turnaway were ... hard to discern. However, substantial credit must be given to the ITP reporter who landed one of the best apparatchik quotes on Code Red from DoD
wretched computer geekscyber-defenders this year:
"Given the fluency of the situation created by the many ongoing actions at all levels of our decentralized information systems architecture, any estimate of the number of sites not available to the public would be speculative at best."
Assertions that employees of the Defense Information Systems Agency and Joint Task Force for Computer Network Operations must demonstrate butchery and obfuscation of the English language as core skills prior to employment are, of course, scurrilous lies!