http://vmyths.com/column/1/2008/1/20/ By Rob Rosenberger Vmyths co-founder 20 January 2008 SPEAKING BREATHLESSLY TO the survivors of Hurricane Katrina, SANS Institute research director Alan Paller "confirmed" that (1) cities have suffered blackouts and (2) some people tried to profiteer from it. And he absolutely knows this for a fact because (3) the CIA told him absolutely nothing. In case you missed the amazing irony here, let me break it down for you. Paller told an audience in New Orleans a region that couldn't generate one watt of electricity for itself in September 2005 that the CIA told him that some terrorists out there, somewhere, had crippled entire regions of the earth with electrical blackouts. Wait! It gets better. "But," confirmed the CIA, "it didn't happen here in America. Nope. It happened somewhere else on this mudball we call Earth. And it was horrifying. Corpses rotted in the streets at a time when nomadic urban dwellers killed each other for a single lump of coal just to keep their houses warm during the bitter chill of winter. But we can't give you any specific details, nor can we offer you a single shred of evidence to back our claims. Nope. We can only say it happened, which is ultra-important to your career. Now go warn all the prostitutes [1] in the French Quarter that the CIA told you absolutely nothing." Don't get me wrong: I love Alan Paller. He's amazingly gullible. He believes everything CIA analyst Terrill Mayna waitaminit [2] , that's the wrong CIA analyst. Paller actually quoted a different CIA analyst by the name of Tom Donahue. Quoting from a breathless story in InformationWeek [3]: [Donahue] presented [Paller] with a written statement that read, "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet." This is how urban legends get started, you know. It's even more ironic when you read Paller's October 2007 [4] advice for when "you're trying to share a sense of urgency about a problem." He chimed in to say "don't give the boss horror stories about what could happen, give him real stories of what has happened to other people." "Real stories," Paller says? All right: I'll dare to ask the embarrassing questions... * Who did it? Paller doesn't know. * When did they do it? Paller doesn't know. * Where did it occur? Paller doesn't know. * Why did they do it? Paller doesn't know. * How widespread was the blackout? Paller doesn't know. * Did the extortion scheme succeed? Paller doesn't know. * Whose power grid Internet connection did they exploit? Paller doesn't know. * How many victims perished in the attack? Paller doesn't know. * What did it cost to clean up after the attack? Paller doesn't know. * Does Interpol want to extradite a U.S. citizen so he can stand trial on charges of cyber-terrorism? Paller doesn't know. So there you have it. It absolutely must be true because the CIA told Paller absolutely nothing. {One hour later...} [...] [1] http://vmyths.com/column/1/2002/10/20/ [2] http://vmyths.com/column/1/2000/1/13/ [3] http://vmyths.com/mm/url/8/1.htm [4] http://vmyths.com/mm/url/8/8.htm ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Sun Jan 20 2008 - 22:39:25 PST