FC: Why the "Code Red" worm is a red herring, by Wayne Madsen

[Declan McCullagh <declan () well com>]

********

From: WMadsen777 () aol com
Date: Wed, 1 Aug 2001 15:01:06 EDT
Subject: Code Red = Red Herring Update
To: jstanton () ndia org, Washauthor () aol com, VGSmith () sar med navy mil,
        DRFagg () aol com, banisar () 2rad net, wrodger () home net,
        john.m.hamlet () lmco com, hoofnagle () epic org, Juhani.Saari () pp inet fi,
        HQ2600 () aol com, LMcNulty () cyberhost com, speacock () warren-news com,
        declan () well com

CODE RED ­ A RED HERRING

Wayne Madsen

30 July 2001

Washington, DC

Here we go again folks. The White House, NSA, and National Infrastructure
Protection Center (NIPC) are warning of a dangerous new Internet worm called
"Code Red." We've been here before. Just last year, we were all treated to
the impending doom caused by a series of "Distributed Denial of Service
Attacks" that resulted in a host of web sites going down. Imagine the
disruption to the nation's infrastructure caused by someone's failure to
auction off their great grandmother's curios on e-Bay.

Conveniently, a few weeks after the dreaded attacks on the dot coms (many of
which are now dot gones ­ and it wasn't a result of hackers), President
Clinton hosted a cyber-security roundtable at the White House. The gloom and
doom sayers pointed out why the nation was on the verge of an "electronic
Pearl Harbor." Chief among them was Richard Clarke, the National Security
Council's "Dr. Strangelove" of cyber-security.

However, it is not an e-Pearl Harbor we must be concerned about but an
e-Reichstag Fire. Back in 1933, Hitler's Propaganda Minister Joseph Goebbels,
a pioneer of perception management, hired a bunch of Nazi hooligans to burn
down the Reichstag. The next day, while the German Parliament was still
smoldering, the Nazis passed the Reichstag Decree, which effectively
relegated the German Constitution and all of its civil liberty provisions to
the toilet.

But would the United States take advantage of such a situation in cyber-space
to advance a secret agenda? They've probably already done so. Back in 1988,
the Internet was treated to its first worm. Programmed and launched by Robert
Morris, Jr., the worm crippled hundreds of thousands of computers connected
to the Internet. It just so happened that young Mr. Morris's dad was the
Chief Scientist at NSA ­ during a period when the agency was feverishly
trying to test the vulnerabilities of various operating systems and
application programs.

But that was then, and Code Red is now. We are told that Code Red only
affects web sites relying on Windows NT and Windows 2000. Of course, why
would any self-respecting 24-hour cable news network want to show a housewife
trying to struggle with a virus-infected home computer operating Windows 95?
Better to capture viewers' attention with hordes of computer programmers and
managers wrestling with downed web sites at Ford, Xerox, Charles Schwab, and
Amazon.com.

And that's the way the government (and apparently Microsoft) wants it.
Microsoft, the humbled post-anti trust suit corporate giant, seems to be
cozying up with the Feds and their cyber-security agenda as of late. At a
recent Interagency Technical Forum at the National Institute of Standards and
Technology (NIST), Microsoft's director of Mobile Code Security revealed that
Microsoft now maintains a full-time resident office at NSA headquarters with
a fully-cleared staff.

Even the term Code Red is a red herring. Just like Distributed Denial of
Service attack, it is more out of the Pentagon's lexicon than that of
computer crackers. Code Red is just too campy ­ seems like it belongs in the
same league with the movies "Deep Impact" and "Armageddon." But Code Red is
just the kind of term that might impress our otherwise attention deficit
disordered President. Computer crackers, of course, like to be a bit more
original and artsy, opting for terms like "Melissa," "Back Orifice," and
"Michaelangelo" How many original code names ever came out of NSA? "Echelon,"
for example. Boring! Now Code Red, that's something that could have been
conjured up by the Faulkners of the Fort!

Why the Code Red hoopla? Well, in a few weeks, President Bush (with Dick
Cheney looming over his shoulder) will be issuing a new Executive Order on
Cyber-Security. He will appoint an inter-agency Cybersecurity and Continuity
of Operations Board and his current cyber-security guru Clarke stands a good
chance of being selected chairman. If so, Clarke will have transcended three
administrations in essentially the same executive branch job ­ a record
surpassed only by FBI Director J. Edgar Hoover.  And tomorrow NIPC head Ron
Dick gets a jump start on things with a press conference on cyber security at
the National Press Club. Hyping Code Red is a sure fire way to ensure the
conference is covered by all the talking head networks. And it does not hurt
that today, while FBI Director designate Robert Mueller is fielding some
questions on what the FBI will do on cyber security during his Senate
conformation hearings, Code Red is a backdrop.

Coming on the heels of the G8 Summit in Genoa, Code Red also bolsters one of
the items on the agenda of the leaders. It was at the G8 Summit in Lyon in
1996, that the leaders first put cyber crime on their docket, a decision that
was ultimately manifested in the Council of Europe's soon-to-be-enacted Cyber
Crime Treaty. When enacted, the treaty will enable police agencies to reach
beyond borders to seize Internet communications record traffic. The
anti-globalization Genoa Social Forum got a taste of what is to come when
Italian police stormed their headquarters and seized computer disks and Inte
rnet traffic records. This past April, the FBI, acting on behalf of the
Canadian police, seized similar records from the Independent Media Center in
Seattle after the Summit of the Americas in Quebec. Not to be outdone by his
peers, British Prime Minister Tony Blair ­ who resembles Big Brother more and
more every day ­ hurried back to London to urge Parliament to pass a bill
that would equate computer hacking with terrorism.

Perception Management actually was part and parcel of the agenda of the same
coterie of Pentagon brass and Beltway Bandits who dreamt up information
warfare in the first place. They knew to be successful, the public would have
to be force fed large diets of disinformation and sensationalized news. Ah,
Dr. Goebbels would be so proud of them.

So in the meantime, we should all head for hills. Because just like Y2K, our
government says our American Way of life is threatened by unknown computer
toxins. Time to erect  our Computer Defense Shield.

Fear is the greatest weapon but the truth is the greater defense!



POSTSCRIPT:

Not getting the media bounce from the 8:00 PM EST Code Red meltdown hour on
July 31 (nothing happened!), the FBI began spinning the story the very next
morning that 22,000 computers had been hit with Code Red. Considering that
viruses and worms probably strike many more computers than that on any given
day, 22,000 is a relatively low number.

The cyber-security perception management machinery was also put into high
gear in the August 1 edtion of The Washington Times. A story by Ben Barber
hyped the threat posed by Palestinian computer users who have launched a
so-called "cyber-Jihad" against Israeli government and corporate computers.
The article states that the U.S. government-funded firms RAND and iDefense
are urging the United States to adopt the same cyber defenses as those used
in Israel. And the article gives us the potential next phase of the U.S.
government's perception management campaign: Palestinian sites will start
distributing viruses aimed at the United States -- one Palestinian site is
blamed for distributing the Love Bug and Melissa viruses. If one remembers,
however, Love Bug originated in the Philippines while Melissa came from
Trenton, New Jersey. They are a long way off from Nablus and Ramallah on the
West Bank.

Even in pseudo cyber-war, the truth is the greatest casualty!




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------