[ISN] Cyberwar is Hell

From: InfoSec News (isnat_private)
Date: Wed Jul 03 2002 - 04:37:10 PDT

  • Next message: InfoSec News: "[ISN] Security certification choices"

    http://www.theregister.co.uk/content/55/25986.html
    
    By George Smith
    Posted: 02/07/2002 at 10:27 GMT
    
    Cyberwar is Hell, but never too hellish for feverish salesmanship.  
    Take, for example, McAfee's recent botched attempt to sell the public
    on the merits of the fiendish "JPEG virus" said to be hanging over
    beloved digital stockpiles of family photos and Swedish pornography
    like the sword of Damocles.
    
    The corporate deployment of fear and loathing started strong but
    quickly fizzled. While the Associated Press fell for the McAfee news
    ruse, publishing a corporate mouthpiece's blank claim that
    "[potentially] no file type could be safe" -- few others were quite so
    impressed.
    
    The citizens of Slashdot, always edgy bellwethers of computer-geek
    tech and opinion, scoffed and revolted. A brief lynching-in-absentia
    party in honor of the anti-virus firm was held. A few loose cannons
    even went Oliver Stone, going so far as to toss around the old and
    much beloved conspiracy theory that the A-V industry is either hiring
    virus-writers or spreading their wares in order to massage sales.
    
    But even though the JPEG virus stunt fell flat, when cyberwar is
    threatening, no amount of potential ill will or discouraging word can
    stay the dedicated computer security shill from his work.
    
    So last week the Business Software Alliance emitted a "survey" which
    claimed many of its participants were convinced a major cyber-attack
    would be launched at the American government in the next twelve
    months.
    
    It was critical, wrote flacks for the BSA, that the Bush
    administration move swiftly and not shirk in its "financial and
    philosophical commitments" -- i.e., the accelerated purchasing of more
    security software and consulting services -- in order to secure the
    infrastructure of the nation against the approaching cyber-attack.  
    Vendors camouflaged within the BSA press release emerged to beat their
    breasts and assert that they stood ready to do their duty to help
    protect against the foul strike they knew was coming. Hurry with those
    financial and philosophical commitments, though.
    
    "This survey accentuates the importance of network security and
    availability of solutions in the fortification of our homeland
    defense," said the president of Network Associates. It was insincere,
    stilted theatre but slightly superior, by virtue of vagueness, than
    the easily laughed off claims about the JPEG virus. (But will it be
    enough to make people forget about that unfortunate SEC
    investigation?)
    
    Pros were hired and separate public relations firms with names like
    Ipsos and Edelman were enlisted to take the word of cyber-strike to
    the press for their BSA clients.
    
    One foolish but very enthusiastic adjutant even wrote me to attest
    that security reps were alertly standing by to provide me with "color
    commentary" on the cyber-attack. He assured me that they would be able
    to tell readers and, by extension, government buyers what they should
    be thinking while preparing for the assault. They would know the right
    stuff, he indicated, because the clients had contracts with the
    Department of Defense, the FBI, the National Security Agency, and
    such. Since color comment is my specialty, there was no need to take
    him up on the offer.
    
    Then it occurred to me that the cyberwar on terror, just like the real
    war on terror, really was a new kind of conflict. It was obvious that
    the job of rallying the country against the virtual danger of viruses
    could not be left to amateurs. Only heavy-handed PR and other stealthy
    special operations were to be trusted with this task. The cyberwar on
    terror would only be won if we were treated like fragile mushrooms,
    carefully kept in the dark and fed a rich mix of manure on the nature
    of roving computer danger.
    
    Appeals to open the wallet in the name of patriotism and duty are
    common ingredients.
    
    The National Cyber Security Alliance is another obscurely named group
    of vendors that has tasked itself with this job. One of its websites,
    Stay Safe Online, purports to offer on-line "tech talk" on net
    self-defense. While the substantive talk is thin, the message is
    thick.
    
    "Protect Your Computer, Protect Your Country's Cyber-Infrastructure!"  
    was the title of one safety chat, hosted by a Norton anti-virus
    salesman. "Your computer can be used to launch a cyber attack against
    the Web sites of other people and businesses, so make sure your
    computer has the proper Internet security software installed and help
    protect your country!" its introduction thundered.
    
    Infected chips sink ships! Beware of careless installs!
    
    Remember, Uncle Sam wants you ... to buy anti-virus software.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Jul 03 2002 - 07:36:29 PDT