Fame, Infame, All the Same


  • alert
  • submit to reddit

Securing Web Applications Made Simple and Scalable

Opinion A New York Times researcher -- that's what they're calling themselves these days -- contacted me a couple of weeks ago about a story the newspaper was considering, writes SecurityFocus columnist George Smith.

"The World's Most Famous Virus-writers and Hackers!" was the general idea. The researcher was preparing memos on the subject so higher-ups could decide what development path to take. Should it be a photo-essay or written exposition? The researcher wasn't even sure it would see the light of day.

The name of Jeffrey Lee Parson came up. You may recall him as the slug arrested for spreading a spin-off of the Blaster virus. Well, it just so happened Parson's contribution to net wildlife had snarled the New York Times.

Yep, he wanted his virus to be famous, and it was, with just the right people. Fifteen thousand citations in Google-- among them, my favorite, "Evil Fiend or Sad No-lifer?"

The dull and sweaty Parson whined he was being set up as a scapegoat -- a scapegoat [!] -- by the FBI because the original author of Blaster was
still running around loose. True, but tough beans.

If the New York Times took sufficient interest in him, perhaps Parson could get an agent and pitch a book proposal: "My Country Versus Me." Maybe Rick Bragg, the famous journalist given the job of ghost-writing the Jessica Lynch story, could be hired.

Also mentioned was Kevin Mitnick. Do you think the Times ought to do more high visibility stories on him?
But the unmentioned elephant standing in the room was Adrian Lamo.

As the very definition of an Exxon Valdez-sized cybersecurity oil slick, Lamo hardly needed me to point him out to the Times -- again. Google citations: 50,000 or so.

What I couldn't make sense of was why Lamo was allegedly so interested in using the paper's Lex-Nex subscription? If true, he couldn't be quite as brilliant as portrayed. Using the Google news tab or a variety of search engines to look himself up would have worked just as well, maybe better, and kept the ridiculous claims in dollar damages out of the FBI's indictment.

"Adrian speaks!" from Security Helpnet, Croatia, for example, is in Google -- but I bet not in Lex-Nex.


Anyway, crushing vanity comes before a fall. And at some point in the distant past, the story of the wandering good-hearted young bum drawing attention to the computer security lapses of bloated sitting-duck corporations went from being quaint to an exercise in psychosis. He couldn't fix the nation's corporate security troubles, and he won't fix himself, so the FBI will attempt to fix him and everyone remotely connected.

So more spreads in the New York Times would be just the thing. Agent, publishing deal, Hollywood options. Call it "The Trial of Billy Jack, strike that, Adrian Lamo" or "My Country Versus Me (and some reporters)."

A good sidebar to our famous criminal-computer-security-expert-or-hacker-something expo could be "How To Start a Computer Security Business."

The featured player would be Brett Edward O'Keefe of ForensicTec, San Diego.

A little over a year ago O'Keefe entered the Fool's Hall of Fame when he landed on the front page of the Washington Post. The story told how his company had done unauthorized entries into Department of Defense networks and -- out of the goodness of its heart -- decided to inform the nation through the pages of its capital's newspaper of record.

A very stupid person might have believed the altruistic computer security town-crier angle if O'Keefe hadn't been pitching to the San Diego Union-Tribune at the same time. With the interest of the bigger newspaper in the pocket, he unceremoniously jilted his homeys.

Google citations of ForensicTec after appearance in Washington Post: Over one thousand, all varying flavors of bad.

O'Keefe, like everyone else here, made the tyro's mistake of confusing fame with success. Now he is considering these issues under the gun of six felony counts, which is what the FBI hit him with after a year of investigation from the day the Post made him frontpage grist. Two co-workers, it seemed, had also been persuaded to impeach their boss after being roped into the prosecution.

Brett, start working on your entertainment pitch now: "My Country and My Co-workers versus Me and My Company."

Finally, time to spike the myth that the only way to fix the nation's computer security trouble is to give cold showers to easy designated victims in the nation's leading two newspapers. Call a spade a spade over eager computer security men and hackers: you want the infame!

If you don't want to be thought of this way, stop chasing the media giants.

Copyright © 2003,

George Smith is a Senior Fellow at GlobalSecurity.org, a defense affairs think tank and public information group. He also edits the Crypt Newsletter and has written extensively on viruses, the genesis of techno-legends and the impact of both on society.

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story


Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.