One printer, one virus, one disabled Iraqi air defence

[InfoSec News <isn () c4i org>]

http://www.theregister.co.uk/content/55/29665.html

By George Smith, 
Security Focus Online
Posted: 10/03/2003 

Did U.S. infowar commandos smuggle a deadly computer virus into Iraq
inside a printer? Of course not. So why does it keep getting reported,
George Smith asks.

A creepy enthusiasm for tales of weird weapons rises as war
approaches. Denied substantive information by the Pentagon and
grasping for eye-grabbing news, journalists and pundits speculate
daily about what might be used in Iraq.

In this environment, where everyone charges full speed ahead for the
hot scoop or astonishing apocrypha, even the oldest hoaxes can return
for one more bow.

In a February piece for the Memphis Commercial Appeal, a retired air
force man mused on the subject of information warfare and how it might
be used to strike Iraq down. Dabbling in a little history, the author
recounted how in Gulf War I the U.S. drew up plans to take down an
Iraqi anti-aircraft system with "specially designed computer viruses
[to] infect the system from within. Agents inserted the virus in a
printer shipped to an Iraqi air defense site."

Special Forces men were also said to have infiltrated Iraq, where they
dug up a fiber-optic cable and jammed a computer virus into it. "It
remained dormant until the opening moments of the air war, when it
went active..." wrote the columnist. Iraq's air defense system was
vanquished.

Frankly, this is a great story. It's amusing to remember how it kicked
up a storm in 1991 after its initial appearance as an April Fool's
joke in Infoworld magazine.

The gag asserted the National Security Agency had developed the
computer virus to disable Iraqi air defense computers by eating
windows -- "gobbling them at the edges..." The virus, called AF/91,
was smuggled into Iraq through Jordan, hidden in a chip in a printer
-- the latter being a distinguishing feature of many subsequent
appearances of the hoax.

Chat board gossip on it echoed for days, not only from people who
thought the joke quite funny, but also those who missed the original
citation and engaged in laborious discussion on the imagined
technology of the virus.

Inevitably, a large media organization got wind of the story and
pounced without bothering to track down the tale's provenance.

U.S. News & World Report published news of the Gulf War virus in its
coverage of the war, a narrative that also found its way into "Triumph
Without Victory," the magazine's subsequent book on Desert Storm.

The Gulf War virus, wrote U.S. News, attacked Saddam's defenses by
"devouring windows" Iraqi defenders used to check on aspects of their
air defense system. "Each time a technician opened a window ... the
window would disappear and the information would vanish." The virus
was "smuggled to Baghdad through Amman, Jordan" in chips inside a
printer.

> From there, the bogus story was reported by the Associated Press, CNN,
ABC Nightline, and newspapers across the country.

'The Next World War'

When queried about the tale's uncanny resemblance to the Infoworld
joke, Brian Duffy, the primary author of the U.S. News article (and
now executive editor of the magazine) stubbornly defended his sources
-- "senior officials" all. In a follow-up Associated Press article
outlining the imbroglio, Duffy maintained he had "no doubt" that U.S.  
intelligence agents had carried out the Gulf War virus attack, but
admitted similarities to the Infoworld joke were "obviously
troubling." Duffy's sources, were, of course, anonymous.

Many have been enthralled by the Gulf War virus' siren call through
the decade, almost all in efforts to hold up some proof of the magical
power of information warfare.

In the March 1999 issue of Popular Mechanics magazine, in a piece on
cyberwar, the publication wrote: "In the days following the Gulf War,
stories circulated that [cyber] weapons had been unleashed on the
Iraqi air defense system." The nefarious printers were again used
containing "chips [with] programs designed to infect and disrupt..."

A Hudson Institute analyst peddling a paper on Russian thoughts on
cyberwar fell for it and when confronted aggressively argued that it
was true because, well, just because.

Other appearances include an allegedly seminal book on computer combat
entitled "The Next World War." In this instance, the miraculous Gulf
War virus failed to do its job because the U.S. Air Force accidentally
bombed the building where Iraq stored the virus-laden printers. The
author went on to found an infosecurity firm known for its
publicity-happy hyperbolic proclamations on cyberwar.

Why was the hoax so successful?

The easy answer is to simply call everyone who falls for the joke a
momentary idiot. But the Gulf War virus plays to a uniquely American
trait: a child-like belief in gadgets and technology and the people
who make them as answers to everything. Secret National Security
Agency computer scientists made viruses that hobbled Saddam's anti-air
defense without firing a shot! Or maybe it didn't work but it sure was
a good plan!

In this respect, the joke is ageless. People are just as able to
nebulously theorize about the tech of it and its implications in 2003
as they were in 1991. Will an updated version of the nonexistent AF/91
virus be used against unwired Iraq? Stay tuned... April 1st is less
than a month away.


George Smith is Editor-at-Large for VMYTHS and founder of the Crypt
Newsletter. He has written extensively on viruses, the genesis of
techno-legends and the impact of both on society. His work has
appeared in publications as diverse as the Wall Street Journal, the
Village Voice and the National Academy of Science's Issues in Science
& Technology, among others.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.