Feeds

Fame, Infame, All the Same

ForensiFelons

  • alert
  • submit to reddit

SANS - Survey on application security programs

Opinion A New York Times researcher -- that's what they're calling themselves these days -- contacted me a couple of weeks ago about a story the newspaper was considering, writes SecurityFocus columnist George Smith.

"The World's Most Famous Virus-writers and Hackers!" was the general idea. The researcher was preparing memos on the subject so higher-ups could decide what development path to take. Should it be a photo-essay or written exposition? The researcher wasn't even sure it would see the light of day.

The name of Jeffrey Lee Parson came up. You may recall him as the slug arrested for spreading a spin-off of the Blaster virus. Well, it just so happened Parson's contribution to net wildlife had snarled the New York Times.

Yep, he wanted his virus to be famous, and it was, with just the right people. Fifteen thousand citations in Google-- among them, my favorite, "Evil Fiend or Sad No-lifer?"

The dull and sweaty Parson whined he was being set up as a scapegoat -- a scapegoat [!] -- by the FBI because the original author of Blaster was
still running around loose. True, but tough beans.

If the New York Times took sufficient interest in him, perhaps Parson could get an agent and pitch a book proposal: "My Country Versus Me." Maybe Rick Bragg, the famous journalist given the job of ghost-writing the Jessica Lynch story, could be hired.

Also mentioned was Kevin Mitnick. Do you think the Times ought to do more high visibility stories on him?
But the unmentioned elephant standing in the room was Adrian Lamo.

As the very definition of an Exxon Valdez-sized cybersecurity oil slick, Lamo hardly needed me to point him out to the Times -- again. Google citations: 50,000 or so.

What I couldn't make sense of was why Lamo was allegedly so interested in using the paper's Lex-Nex subscription? If true, he couldn't be quite as brilliant as portrayed. Using the Google news tab or a variety of search engines to look himself up would have worked just as well, maybe better, and kept the ridiculous claims in dollar damages out of the FBI's indictment.

"Adrian speaks!" from Security Helpnet, Croatia, for example, is in Google -- but I bet not in Lex-Nex.

ForensiFelon

Anyway, crushing vanity comes before a fall. And at some point in the distant past, the story of the wandering good-hearted young bum drawing attention to the computer security lapses of bloated sitting-duck corporations went from being quaint to an exercise in psychosis. He couldn't fix the nation's corporate security troubles, and he won't fix himself, so the FBI will attempt to fix him and everyone remotely connected.

So more spreads in the New York Times would be just the thing. Agent, publishing deal, Hollywood options. Call it "The Trial of Billy Jack, strike that, Adrian Lamo" or "My Country Versus Me (and some reporters)."

A good sidebar to our famous criminal-computer-security-expert-or-hacker-something expo could be "How To Start a Computer Security Business."

The featured player would be Brett Edward O'Keefe of ForensicTec, San Diego.

A little over a year ago O'Keefe entered the Fool's Hall of Fame when he landed on the front page of the Washington Post. The story told how his company had done unauthorized entries into Department of Defense networks and -- out of the goodness of its heart -- decided to inform the nation through the pages of its capital's newspaper of record.

A very stupid person might have believed the altruistic computer security town-crier angle if O'Keefe hadn't been pitching to the San Diego Union-Tribune at the same time. With the interest of the bigger newspaper in the pocket, he unceremoniously jilted his homeys.

Google citations of ForensicTec after appearance in Washington Post: Over one thousand, all varying flavors of bad.

O'Keefe, like everyone else here, made the tyro's mistake of confusing fame with success. Now he is considering these issues under the gun of six felony counts, which is what the FBI hit him with after a year of investigation from the day the Post made him frontpage grist. Two co-workers, it seemed, had also been persuaded to impeach their boss after being roped into the prosecution.

Brett, start working on your entertainment pitch now: "My Country and My Co-workers versus Me and My Company."

Finally, time to spike the myth that the only way to fix the nation's computer security trouble is to give cold showers to easy designated victims in the nation's leading two newspapers. Call a spade a spade over eager computer security men and hackers: you want the infame!

If you don't want to be thought of this way, stop chasing the media giants.

Copyright © 2003,

George Smith is a Senior Fellow at GlobalSecurity.org, a defense affairs think tank and public information group. He also edits the Crypt Newsletter and has written extensively on viruses, the genesis of techno-legends and the impact of both on society.

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.