[ISN] Analysts question "cyberterrorism" hype

From: mea culpa (jerichoat_private)
Date: Tue Dec 22 1998 - 23:35:22 PST

  • Next message: mea culpa: "[ISN] RSA: Crack DES in a Day"

    Forwarded From: Per Kangru <perkat_private>
    Analysts question "cyberterrorism" hype 
    By Tim Clark
    Staff Writer, CNET News.com
    December 21, 1998, 5:55 p.m. PT 
    This morning Network Associates dramatically announced it had identified a
    new family of computer viruses--the first example, it claimed, of
    "cyberterrorism"--but victim MCI WorldCom downplayed the incident, saying
    the virus infection did not affect its customers or operations.
    By afternoon, Network Associates had dropped "cyberterrorism" as a term to
    describe the "Remote Explorer" virus, though it continued saying it was
    the most sophisticated virus the company has ever seen.
    "Now that we've been able to repair the data, it's not as damaging," 
    Network Associates spokesman Cabe Franklin said, noting that the company
    had posted a patch to detect and repair damage from the virus on its Web
    Like most security firms, Network Associates did not reveal the name of
    MCI WorldCom. MCI WorldCom confirmed the attack after its name surfaced in
    media reports.
    Security analysts are divided on how threatening the new virus is, noting
    that the antivirus firm had reason to exaggerate the threat, just as MCI
    WorldCom had reason to downplay it.
    "Security firms across the board tell a very dark story concerning
    vulnerabilities and exposure," said Jim Balderston, network security
    analyst at Zona Research. "They are experts in the area and have thought
    about it a great deal, plus they hope to sell products." 
    Victims of security breaches generally downplay incidents, if they
    acknowledge them at all.
    "To let people know that your security has been breached questions your
    competency in maintaining a proper security perimeter and indicates you
    may be vulnerable," Balderston pointed out. 
    Ted Julian, Forrester Research's security analyst, thinks security
    companies make a big mistake in hyping security threats.
    "From the perspective of large companies, my budget to prevent threats is
    a lot smaller than my budget to enable e-commerce, so if I were a security
    vendor, I'd focus on enabling e-commerce,"  Julian said. "Most security
    companies have figured that out a long time ago." How unique or serious
    Remote Explorer remains in question, in part because so far, only Network
    Associates and MCI WorldCom have their hands on the malicious code--though
    the company said it will make Remote Explorer available to other antivirus
    researchers, including competitors. Symantec and Trend Micro, two other
    top-tier antivirus vendors, said they haven't seen the problem among their
    Rob Rosenberger, who runs Computer Virus Myths Web site, is a skeptic
    about most virus threats. 
    "To call it a world threat or other hyperbole, we have seen that for a
    decade. Extraordinary claims require extraordinary proof. I'm just asking
    for proof," Rosenberger said.
    But Larry Dietz, security analyst at Current Analysis, takes the threat
    "This means Windows NT is a very large target of opportunity now,"  Dietz
    said. "We have to make the leap of faith that attackers are as good as a
    certified NT administrator." 
    With NT servers proliferating on the Net and on corporate networks, he
    added, "This is telling me that there is at least one, and probably a team
    of very capable technical people behind this."
    Dietz suggested the current version of Remote Explorer might not be the
    author's or authors' only effort. "[Attackers] don't have to do everything
    in their initial attack--these things are done a little at a time," he
    said, suggesting "the bomb hasn't gone off yet." 
    Balderston agrees but says he's surprised that so few new antivirus
    attacks have emerged lately.
    "In a year or two, there will be stuff out there that makes this look
    relatively tame. There will always be an ever-escalating fight between
    virus makers and those who defend against them," the analyst said. "For
    anybody to think there's going to be a stasis in malicious code, that is a
    fool's vision." 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:14:23 PDT