Cheap thrills on the cyber-terror beat

Did you hear of the computer virus that could "attack the Pentagon's ability to mobilize or communicate with its forces" and cripple all government services in a city? I read about it in the Center for Defense Information's July Defense Monitor newsletter. It would be part of an "electronic Waterloo," readers were informed.

These days "electronic Pearl Harbor" and "digital Armageddon" are fit only for the nitwit's book of cliches, but "e-Waterloo" is grossly underused. As such, I recommend gnomic cyber-security gurus massage it into worldwide circulation posthaste.

While on the subject, I would also like to take a moment to field suggestions in the naming game -- terms somewhat less belligerently idiotic but still intriguing to suckers and cub reporters. I favor adoption of "Cyber-Remember the Maine" or "e-Gulf of Tonkin" -- two that can do double duty as rationalizations for attacking someone else. But feel free to coin your own.

Also arriving via The Daily Electronic Crapper was news that organized crime was in the business of disseminating computer viruses. Why the underbosses might be involved in virus surplus was not explained by Reuters, but the news did mix nicely with word from a colleague a week earlier that an "expert" at a recent CERT-hosted conference was chattering excitedly about the Mafia carrying out hits over the Internet.

It's probably this type of colorful apocrypha that moved Sophos' Graham Cluley to complain to The Register last week. Those who prattle on about such things, indicated the anti-virus technologist, were messing up the natural order, "doing a disservice to security by misstating [the] importance" of viruses.

For every Graham Cluley, though, there is a brigade of journalists and pundits who deliver weekly about the coming or the lack of coming (Where is it? What's taking it so long? If not now, when?) of a computer virus or cyberterror end. Further, candor of this nature from inside the industry would not be tolerated long in the good ol' USA. For approaching the media with frankness and not getting with the terror program, Cluley might be quickly furloughed to Camp X-Ray, or at least expelled from the industry.

'Klez Bites Dog'
However, that's only part of the operating dynamic which dictates whose reality is going to get the big push. No one wants to write a story about the fellow who e-mailed me recently to say: "I can get people to spill their drinks by telling them that... we have lost no data to viruses since 1991 ... The money we save on non-working, never-up-to-date copies of [software] goes to a couple of reasonable mail scanners, a firewall which we keep in good order, and a couple of people who know what the hell they're doing."

"Big Gov Network Pretty OK! Modest admin shuns limelight" isn't a story an editor can dig. However, anyone even slightly capable of self-examination will admit to feeling a pleasant surge of anticipation at merely the possibility of: "Net Destroyed by UBL Worm! Nation paralyzed, communications down to runners."

The galvanizing aspect of pleasure should not be minimized.

It's fun to get caught up in the chase of disaster. Passing on official fictions seasoned with anecdotal accounts of pandemic human screw-up salted with the infrequent loquacious virus-writer or hacker eager to play the part of pitiful but sinister freak (the porn-obsessed virus-writer, hackers thought to have Asperger's Syndrome) always lands above the fold, is guaranteed high transfer in mailing lists, and spawns same-day copycat journalism. Tales which lack these ingredients don't.

And nothing could have been more fun in this regard this summer -- if you need more proof -- than the work of the Washington Post. On the front page -- big, smokin' stories about al Qaeda drawing up plans for cyberterror and a computer security firm patriotically penetrating an Army network and squealing about it to the newspaper.

The latter was especially delightful because the Post allowed the reporter to focus on the thrilling parts -- the exposing of the Army's underwear through uninvited penetration -- without discussing how it differed from, say, teenagers arrested for similar actions or, possibly, the Princeton administrators loudly denounced for getting into Yale's admissions accounts.

When news trickled in that the source of the Post's expose was being investigated by the FBI and an Army criminal division, it lacked the same top A-section sass and was delivered buried inside. There it escaped boring discussions of what it might mean for a computer security firm's future if it had to regularly explain to clients why it was visited by the FBI.

© 2002 SecurityFocus.com, all rights reserved.