One printer, one virus, one disabled Iraqi air defence

You can't keep a good April Fool's down

  • alert
  • submit to reddit

High performance access to file storage

Did U.S. infowar commandos smuggle a deadly computer virus into Iraq inside a printer? Of course not. So why does it keep getting reported, George Smith asks.

A creepy enthusiasm for tales of weird weapons rises as war approaches. Denied substantive information by the Pentagon and grasping for eye-grabbing news, journalists and pundits speculate daily about what might be used in Iraq.

In this environment, where everyone charges full speed ahead for the hot scoop or astonishing apocrypha, even the oldest hoaxes can return for one more bow.

In a February piece for the Memphis Commercial Appeal, a retired air force man mused on the subject of information warfare and how it might be used to strike Iraq down. Dabbling in a little history, the author recounted how in Gulf War I the U.S. drew up plans to take down an Iraqi anti-aircraft system with "specially designed computer viruses [to] infect the system from within. Agents inserted the virus in a printer shipped to an Iraqi air defense site."

Special Forces men were also said to have infiltrated Iraq, where they dug up a fiber-optic cable and jammed a computer virus into it. "It remained dormant until the opening moments of the air war, when it went active..." wrote the columnist. Iraq's air defense system was vanquished.

Frankly, this is a great story. It's amusing to remember how it kicked up a storm in 1991 after its initial appearance as an April Fool's joke in Infoworld magazine.

The gag asserted the National Security Agency had developed the computer virus to disable Iraqi air defense computers by eating windows -- "gobbling them at the edges..." The virus, called AF/91, was smuggled into Iraq through Jordan, hidden in a chip in a printer -- the latter being a distinguishing feature of many subsequent appearances of the hoax.

Chat board gossip on it echoed for days, not only from people who thought the joke quite funny, but also those who missed the original citation and engaged in laborious discussion on the imagined technology of the virus.

Inevitably, a large media organization got wind of the story and pounced without bothering to track down the tale's provenance.

U.S. News & World Report published news of the Gulf War virus in its coverage of the war, a narrative that also found its way into "Triumph Without Victory," the magazine's subsequent book on Desert Storm.

The Gulf War virus, wrote U.S. News, attacked Saddam's defenses by "devouring windows" Iraqi defenders used to check on aspects of their air defense system. "Each time a technician opened a window ... the window would disappear and the information would vanish." The virus was "smuggled to Baghdad through Amman, Jordan" in chips inside a printer.

From there, the bogus story was reported by the Associated Press, CNN, ABC Nightline, and newspapers across the country.

'The Next World War'

When queried about the tale's uncanny resemblance to the Infoworld joke, Brian Duffy, the primary author of the U.S. News article (and now executive editor of the magazine) stubbornly defended his sources -- "senior officials" all. In a follow-up Associated Press article outlining the imbroglio, Duffy maintained he had "no doubt" that U.S. intelligence agents had carried out the Gulf War virus attack, but admitted similarities to the Infoworld joke were "obviously troubling." Duffy's sources, were, of course, anonymous.

Many have been enthralled by the Gulf War virus' siren call through the decade, almost all in efforts to hold up some proof of the magical power of information warfare.

In the March 1999 issue of Popular Mechanics magazine, in a piece on cyberwar, the publication wrote: "In the days following the Gulf War, stories circulated that [cyber] weapons had been unleashed on the Iraqi air defense system." The nefarious printers were again used containing "chips [with] programs designed to infect and disrupt..."

A Hudson Institute analyst peddling a paper on Russian thoughts on cyberwar fell for it and when confronted aggressively argued that it was true because, well, just because.

Other appearances include an allegedly seminal book on computer combat entitled "The Next World War." In this instance, the miraculous Gulf War virus failed to do its job because the U.S. Air Force accidentally bombed the building where Iraq stored the virus-laden printers. The author went on to found an infosecurity firm known for its publicity-happy hyperbolic proclamations on cyberwar.

Why was the hoax so successful?

The easy answer is to simply call everyone who falls for the joke a momentary idiot. But the Gulf War virus plays to a uniquely American trait: a child-like belief in gadgets and technology and the people who make them as answers to everything. Secret National Security Agency computer scientists made viruses that hobbled Saddam's anti-air defense without firing a shot! Or maybe it didn't work but it sure was a good plan!

In this respect, the joke is ageless. People are just as able to nebulously theorize about the tech of it and its implications in 2003 as they were in 1991. Will an updated version of the nonexistent AF/91 virus be used against unwired Iraq? Stay tuned... April 1st is less than a month away. © SecurityFocus Online

George Smith is Editor-at-Large for VMYTHS and founder of the Crypt Newsletter. He has written extensively on viruses, the genesis of techno-legends and the impact of both on society. His work has appeared in publications as diverse as the Wall Street Journal, the Village Voice and the National Academy of Science's Issues in Science & Technology, among others.

Tales from Iraqi CyberWar Trenches

Drp yr WMDs now plse! - debunking Iraqi text psyops
Panic Attack! Mobile terrorist alert service
The US M1A2 Abrams, and war as a video game
Do it with spanners - how the Iraq cyber attack will work

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story


Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.