[ISN] SANS director confirms the CIA confirmed ... absolutely nothing

From: InfoSec News (alerts@private)
Date: Sun Jan 20 2008 - 22:25:11 PST


http://vmyths.com/column/1/2008/1/20/

By Rob Rosenberger
Vmyths co-founder
20 January 2008

SPEAKING BREATHLESSLY TO the survivors of Hurricane Katrina, SANS 
Institute research director Alan Paller "confirmed" that (1) cities have 
suffered blackouts and (2) some people tried to profiteer from it. And 
he absolutely knows this for a fact because (3) the CIA told him 
absolutely nothing.

In case you missed the amazing irony here, let me break it down for you. 
Paller told an audience in New Orleans a region that couldn't generate 
one watt of electricity for itself in September 2005 that the CIA told 
him that some terrorists out there, somewhere, had crippled entire 
regions of the earth with electrical blackouts.

Wait! It gets better.

"But," confirmed the CIA, "it didn't happen here in America. Nope. It 
happened somewhere else on this mudball we call Earth. And it was 
horrifying. Corpses rotted in the streets at a time when nomadic urban 
dwellers killed each other for a single lump of coal just to keep their 
houses warm during the bitter chill of winter. But we can't give you any 
specific details, nor can we offer you a single shred of evidence to 
back our claims. Nope. We can only say it happened, which is 
ultra-important to your career. Now go warn all the prostitutes [1] in 
the French Quarter that the CIA told you absolutely nothing."

Don't get me wrong: I love Alan Paller. He's amazingly gullible. He 
believes everything CIA analyst Terrill Mayna waitaminit [2] , that's 
the wrong CIA analyst. Paller actually quoted a different CIA analyst by 
the name of Tom Donahue. Quoting from a breathless story in 
InformationWeek [3]:

     [Donahue] presented [Paller] with a written statement that read, 
     "We have information, from multiple regions outside the United 
     States, of cyber intrusions into utilities, followed by extortion 
     demands. We suspect, but cannot confirm, that some of these 
     attackers had the benefit of inside knowledge. We have information 
     that cyberattacks have been used to disrupt power equipment in 
     several regions outside the United States. In at least one case, 
     the disruption caused a power outage affecting multiple cities. We 
     do not know who executed these attacks or why, but all involved 
     intrusions through the Internet."

This is how urban legends get started, you know.

It's even more ironic when you read Paller's October 2007 [4] advice for 
when "you're trying to share a sense of urgency about a problem." He 
chimed in to say "don't give the boss horror stories about what could 
happen, give him real stories of what has happened to other people."

"Real stories," Paller says? All right: I'll dare to ask the 
embarrassing questions...

    * Who did it? Paller doesn't know.
    * When did they do it? Paller doesn't know.
    * Where did it occur? Paller doesn't know.
    * Why did they do it? Paller doesn't know.
    * How widespread was the blackout? Paller doesn't know.
    * Did the extortion scheme succeed? Paller doesn't know.
    * Whose power grid Internet connection did they exploit? Paller 
      doesn't know.
    * How many victims perished in the attack? Paller doesn't know.
    * What did it cost to clean up after the attack? Paller doesn't 
      know.
    * Does Interpol want to extradite a U.S. citizen so he can stand 
      trial on charges of cyber-terrorism? Paller doesn't know.

So there you have it. It absolutely must be true because the CIA told 
Paller absolutely nothing.

{One hour later...}

[...]


[1] http://vmyths.com/column/1/2002/10/20/
[2] http://vmyths.com/column/1/2000/1/13/
[3] http://vmyths.com/mm/url/8/1.htm
[4] http://vmyths.com/mm/url/8/8.htm


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Sun Jan 20 2008 - 22:39:25 PST