http://vmyths.com/column/1/2008/1/20/
By Rob Rosenberger
Vmyths co-founder
20 January 2008
SPEAKING BREATHLESSLY TO the survivors of Hurricane Katrina, SANS
Institute research director Alan Paller "confirmed" that (1) cities have
suffered blackouts and (2) some people tried to profiteer from it. And
he absolutely knows this for a fact because (3) the CIA told him
absolutely nothing.
In case you missed the amazing irony here, let me break it down for you.
Paller told an audience in New Orleans a region that couldn't generate
one watt of electricity for itself in September 2005 that the CIA told
him that some terrorists out there, somewhere, had crippled entire
regions of the earth with electrical blackouts.
Wait! It gets better.
"But," confirmed the CIA, "it didn't happen here in America. Nope. It
happened somewhere else on this mudball we call Earth. And it was
horrifying. Corpses rotted in the streets at a time when nomadic urban
dwellers killed each other for a single lump of coal just to keep their
houses warm during the bitter chill of winter. But we can't give you any
specific details, nor can we offer you a single shred of evidence to
back our claims. Nope. We can only say it happened, which is
ultra-important to your career. Now go warn all the prostitutes [1] in
the French Quarter that the CIA told you absolutely nothing."
Don't get me wrong: I love Alan Paller. He's amazingly gullible. He
believes everything CIA analyst Terrill Mayna waitaminit [2] , that's
the wrong CIA analyst. Paller actually quoted a different CIA analyst by
the name of Tom Donahue. Quoting from a breathless story in
InformationWeek [3]:
[Donahue] presented [Paller] with a written statement that read,
"We have information, from multiple regions outside the United
States, of cyber intrusions into utilities, followed by extortion
demands. We suspect, but cannot confirm, that some of these
attackers had the benefit of inside knowledge. We have information
that cyberattacks have been used to disrupt power equipment in
several regions outside the United States. In at least one case,
the disruption caused a power outage affecting multiple cities. We
do not know who executed these attacks or why, but all involved
intrusions through the Internet."
This is how urban legends get started, you know.
It's even more ironic when you read Paller's October 2007 [4] advice for
when "you're trying to share a sense of urgency about a problem." He
chimed in to say "don't give the boss horror stories about what could
happen, give him real stories of what has happened to other people."
"Real stories," Paller says? All right: I'll dare to ask the
embarrassing questions...
* Who did it? Paller doesn't know.
* When did they do it? Paller doesn't know.
* Where did it occur? Paller doesn't know.
* Why did they do it? Paller doesn't know.
* How widespread was the blackout? Paller doesn't know.
* Did the extortion scheme succeed? Paller doesn't know.
* Whose power grid Internet connection did they exploit? Paller
doesn't know.
* How many victims perished in the attack? Paller doesn't know.
* What did it cost to clean up after the attack? Paller doesn't
know.
* Does Interpol want to extradite a U.S. citizen so he can stand
trial on charges of cyber-terrorism? Paller doesn't know.
So there you have it. It absolutely must be true because the CIA told
Paller absolutely nothing.
{One hour later...}
[...]
[1] http://vmyths.com/column/1/2002/10/20/
[2] http://vmyths.com/column/1/2000/1/13/
[3] http://vmyths.com/mm/url/8/1.htm
[4] http://vmyths.com/mm/url/8/8.htm
___________________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Sun Jan 20 2008 - 22:39:25 PST