Cyberwar is Hell

[InfoSec News <isn () c4i org>]

http://www.theregister.co.uk/content/55/25986.html

By George Smith
Posted: 02/07/2002 at 10:27 GMT

Cyberwar is Hell, but never too hellish for feverish salesmanship.  
Take, for example, McAfee's recent botched attempt to sell the public
on the merits of the fiendish "JPEG virus" said to be hanging over
beloved digital stockpiles of family photos and Swedish pornography
like the sword of Damocles.

The corporate deployment of fear and loathing started strong but
quickly fizzled. While the Associated Press fell for the McAfee news
ruse, publishing a corporate mouthpiece's blank claim that
"[potentially] no file type could be safe" -- few others were quite so
impressed.

The citizens of Slashdot, always edgy bellwethers of computer-geek
tech and opinion, scoffed and revolted. A brief lynching-in-absentia
party in honor of the anti-virus firm was held. A few loose cannons
even went Oliver Stone, going so far as to toss around the old and
much beloved conspiracy theory that the A-V industry is either hiring
virus-writers or spreading their wares in order to massage sales.

But even though the JPEG virus stunt fell flat, when cyberwar is
threatening, no amount of potential ill will or discouraging word can
stay the dedicated computer security shill from his work.

So last week the Business Software Alliance emitted a "survey" which
claimed many of its participants were convinced a major cyber-attack
would be launched at the American government in the next twelve
months.

It was critical, wrote flacks for the BSA, that the Bush
administration move swiftly and not shirk in its "financial and
philosophical commitments" -- i.e., the accelerated purchasing of more
security software and consulting services -- in order to secure the
infrastructure of the nation against the approaching cyber-attack.  
Vendors camouflaged within the BSA press release emerged to beat their
breasts and assert that they stood ready to do their duty to help
protect against the foul strike they knew was coming. Hurry with those
financial and philosophical commitments, though.

"This survey accentuates the importance of network security and
availability of solutions in the fortification of our homeland
defense," said the president of Network Associates. It was insincere,
stilted theatre but slightly superior, by virtue of vagueness, than
the easily laughed off claims about the JPEG virus. (But will it be
enough to make people forget about that unfortunate SEC
investigation?)

Pros were hired and separate public relations firms with names like
Ipsos and Edelman were enlisted to take the word of cyber-strike to
the press for their BSA clients.

One foolish but very enthusiastic adjutant even wrote me to attest
that security reps were alertly standing by to provide me with "color
commentary" on the cyber-attack. He assured me that they would be able
to tell readers and, by extension, government buyers what they should
be thinking while preparing for the assault. They would know the right
stuff, he indicated, because the clients had contracts with the
Department of Defense, the FBI, the National Security Agency, and
such. Since color comment is my specialty, there was no need to take
him up on the offer.

Then it occurred to me that the cyberwar on terror, just like the real
war on terror, really was a new kind of conflict. It was obvious that
the job of rallying the country against the virtual danger of viruses
could not be left to amateurs. Only heavy-handed PR and other stealthy
special operations were to be trusted with this task. The cyberwar on
terror would only be won if we were treated like fragile mushrooms,
carefully kept in the dark and fed a rich mix of manure on the nature
of roving computer danger.

Appeals to open the wallet in the name of patriotism and duty are
common ingredients.

The National Cyber Security Alliance is another obscurely named group
of vendors that has tasked itself with this job. One of its websites,
Stay Safe Online, purports to offer on-line "tech talk" on net
self-defense. While the substantive talk is thin, the message is
thick.

"Protect Your Computer, Protect Your Country's Cyber-Infrastructure!"  
was the title of one safety chat, hosted by a Norton anti-virus
salesman. "Your computer can be used to launch a cyber attack against
the Web sites of other people and businesses, so make sure your
computer has the proper Internet security software installed and help
protect your country!" its introduction thundered.

Infected chips sink ships! Beware of careless installs!

Remember, Uncle Sam wants you ... to buy anti-virus software.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.