CRYPT NEWSLETTER 42
April -- May 1997

Editor: Urnst Kouch (George Smith, Ph.D.)
Contributing Editors: Stephen Poole, Rob Rosenberger
INTERNET: 70743.1711@compuserve.com
          crypt@sun.soci.niu.edu



Who reads Crypt Newsletter:
==========================

The great majority of Crypt Newsletter readers do it on company
time.  While there are accesses at all hours, heaviest usage and
downloading of current issues occurs during U.S. business hours,
beginning at around 7:30 EST and continuing to 4:40 Pacific time.

Readers of Crypt Newsletter log in monthly from organizations like
Lucent Technologies, Loral, Lockheed, MITRE Corporation, MITRE Technology,
NASA-JPL, Electronic Data Systems, Intel, Digital, CSIRO, Science
Applications, Unisys, the World Bank, Fujitsu, DuPont, the Securities
and Exchange Commission, FermiLab, the US Dept. of the Treasury, the US
Naval Undersea Warfare Center, the EPA [?!], Disney [?!?], Oak
Ridge National Lab, Argonne Laboratory, Lawrence Berkeley, Vandenberg
AFB, China Lake Naval Weapons Research, the Pentagon and many anonymous
U.S. military Internet domains that refuse open telnet connections and
"finger" queries.  Others log in from media organizations like the BBC,
The Bloomberg Business News Service, New York Times, the Sacramento Bee,
various newspapers from the hinterlands, Federal Computer Week, The Net
magazine, and The Age, too.

Crypt Newsletter articles may not be copied or reproduced in or on other
media, on CD-ROM collections of data, or offered - in part or in toto - as
part of any database, data survey, information or research service
for pay without consent of the editor. Rates based on word count are
reasonable. Queries by e-mail are welcome.


ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
³ Contents: Crypt Newsletter #42      ³
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ

 THIS ISSUE

NEWS
Hoisted on the petard of Penpal: The Moynihan commission's mistake
Bunker mentality among the info-warriors of Goodfellow AFB
Australian hacker dies of drug overdose at 21
The favorite slogan of U.S. info-warriors
McAfee Associates' media assault tactics
Computer Virus Hysteria Awards 1997
Spy prof fires up U.S. info-war training
Kadena AFB Netizens give away their passwords
QUACKWATCH MAY 1997: Nicholas Negroponte
MISCELLANY
  Letters page
  Crypt Masthead Info
  Credits/Acknowledgment

HOISTED ON THE PETARD OF PENPAL

In an astonishing gaffe, government intelligence experts writing for the Moynihan Commission's recent "Report . . . on Protecting and Reducing Government Secrecy" reveal they've been hooked on one of the Internet's ubiquitous e-mail computer virus hoaxes known as "Penpal Greetings"!

In a boldly displayed boxed-out quote (page 109) in a part of the report entitled "Information Age Insecurity" authors of the report proclaim:

"Friendly Greetings?

"One company whose officials met with the Commission warned its employees against reading an e-mail entitled Penpal Greetings. Although the message appeared to be a friendly letter, it contained a virus that could infect the hard drive and destroy all data present. The virus was self-replicating, which meant that once the message was read, it would automatically forward itself to any e-mail address stored in the recipients in-box."

The Penpal joke is one in half-a-dozen or so permutations spun off the well-known GoodTimes e-mail virus hoax. Variations on GoodTimes have appeared at a steady rate over the past couple years. Real computer security experts -- as opposed to the Moynihan commission's -- now occasionally worry in the press that they spend more time clearing up confusion created by such tricks than destroying actual computer viruses.

The report's authors come from what is known as "the Moynihan commission," a group of heavy Congressional and intelligence agency hitters tasked with critiquing and assessing the Byzantine maze of classification and secrecy regulation currently embraced by the U.S. government. The commission also devoted significant print space to the topic of information security and network intrusion.

Among the commission's members are its chairman, Daniel Moynihan; vice-chairman Larry Combest, Jesse Helms, ex-CIA director John Deutch and Martin Faga, now at a MITRE Corporation facility in McLean, Virginia, but formerly a head of the super-secret, spy satellite-flying National Reconnaissance Office.

The part of the commission's report dealing with "Information Age Insecurity" merits much more comment. But in light of the report's contamination by the Penpal virus hoax, two paragraphs from the March 4 treatise become unintentionally hilarious:

"Traditionally, computer security focuses on containing the effects of malicious users or malicious programs. As programs become more complex, an additional threat arises: _malicious data_ [Crypt Newsletter emphasis added] . . . In general, the outlook is depressing: as the economic incentives increase, these vulnerabilities are likely to be exploited more frequently.

---W. Olin Sibert, 19th National Information Systems Security Conference (October 1996)"

And,

"Inspector General offices, with few exceptions, lack the personnel, skills, and resources to address and oversee information systems security within their respective agencies. The President cannot turn to an Information General and ask how U.S. investments in information technology are being protected from the latest viruses, terrorists, or hackers."

Got that right, sirs.

--------------------

Notes: Other authors of the commission report include Maurice Sonnenberg, a member of the President's Foreign Intelligence Advisory Board; John Podesta, a White House Deputy Chief of Staff and formerly a visiting professor at Georgetown University's Cyberlaw Center; Ellen Hume, a media critic for CNN's "Reliable Sources" and former reporter for the Wall Street Journal and Los Angeles Times; and Alison Fortier, a former National Security Council staffer and current director of Missile Defense Programs in a Washington, D.C.-based arm of Lockheed Martin.

The Penpal Greetings hoax appeared in November of 1996 which would seem to indicate the section of the report containing it was not written until a month or so before the report's publication on March 4 of this year.

Unsurprisingly, much of the report appears to be written by staff members for the commission chairmen. An initial phone call to the commission was answered by a staffer who declined to name the author of the part of the report carrying the Penpal hoax. The staffer did, however, mention he would forward the information to the author. And he was as good as his word. The following week, Crypt Newsletter was told to get in touch with Alison Fortier by way of Jacques Rondeau, a U.S. Air Force colonel who served as a commission staff director and was instrumental in writing the chapter on "computer insecurity."

Fortier was surprised by the information that Penpal Greetings was a hoax and could shed no light on the peer-review process that went into verifying items included as examples in the report. She said the process involved readings of the material by staffers to the commissioners. Examples were presented and this was one of the ones that was picked, apparently because it sounded good.

At first, Fortier argued that Penpal Greetings, as an example, was difficult to distinguish from the truth. Indeed, Fortier wasn't even convinced it wasn't a real virus. And this demonstrates the thorny problem that arises when hoaxes work their way into the public record at a very high level of authority: Simply, there is a great reluctance to accept that they ARE rubbish, after the fact, because the hearsay has come from multiple, supposedly authoritative, sources.

Crypt Newsletter then told Fortier that verification of whether or not Penpal was bogus could have been accomplished by spending five minutes of time on any of the Internet search engines and using it as a keyword ("Penpal Greetings" returns numerous cites indicating it is a hoax) and the Moynihan commissioner backed off on insistence that it might still be real.

"It's unfortunate that this error occurred because it can interfere with the recommendations of the commission, which are still valid," Fortier said. "When policy meets science -- it's always an imperfect match."

Crypt Newsletter also queried commissioner and ex-NRO director Martin Faga. "I've been aware of the error since shortly after publication of the report, but I'm not familiar with the background," Faga told Crypt.

Commissioner Ellen Hume was also at a loss as to how Penpal Greetings had arrived in the report.

Commission staff director Eric Biel had more to say on the subject in a letter to Crypt Newsletter dated April 24. In it, Biel wrote: "I am very frustrated that we failed to get our information correct in this regard; as you note, the error only adds to the confusion concerning a very complicated set of security issues. You are quite right when you indicate this portion of the report was added late in the day. We had been urged to provide some anecdotes to complement the narrative text; this example thus was added to give greater emphasis to the points already being described . . . Obviously, there was not an adequate fact-checking and verification process with respect to the Penpal information."

Biel added that he was still confident of "the soundness of [the report's] findings and recommendations, including [those in the chapter 'Information Age Insecurity.']"

Go ahead, contact the Moynihan Secrecy Commission at 202-776-8727 and verify for them that Penpal Greetings is a hoax. After all, it's your money, too. But hurry, they're moving out of the office by the middle of the month.

Acknowledgment: A copy of the Moynihan Commission report is mirrored on the Federation of American Scientists' Website. Without FAS' timely and much appreciated efforts to make government reports and documents of strategic interest freely available to an Internet readership, Crypt Newsletter's rapid tracing of the travel of the Penpal hoax into the commission's record might not have been possible.

----------------

WE ARE THE ENEMY: BUNKER MENTALITY IN USAF INFO-WAR KOOKS

Just in case you've harbored the suspicion that Crypt Newsletter exaggerates the outright paranoia now gripping portions of the United States military with regards to the Internet, in this issue I've excerpted substantial portions of an article which appeared in a July 1996 issue of Intercom, an electronic publication published on a Web server out of Scott Air Force Base in Illinois. Intercom is a good source of US Air Force orthodoxy on the topic of information technology as it pertains to members of the service.

In this article, the information airmen of Goodfellow AFB, Texas, tell us they're already under attack. Computer viruses, say soldiers, are continuously assaulting the base, leaving it in essentially a continual state of information war. While the article may appear reasonable to the principals who commissioned it, publishing it on the Internet has only served to reinforce the notion that some "info-warriors" in the U.S. military are starkly paranoid nutcases.

It's a whole new realm of warfare and you're no longer safe at work or at home," said Lieutenant Randy Tullis, for Intercom.

"As evidence of the increase in information warfare activity, communications officials at Goodfellow have logged 12 incidents of computer viruses in less than four months this year," said Sgt. Michael Minick.

The Intercom feature continues, "In all of 1995, [Goodfellow] handled 14 cases [of computer virus infection.]"

"While viruses are not an all-out war waged against the base with weapons of mass destruction, the results can be devastating," states the article, rather balefully.

"Information warriors will try to deal heavy blows in future wars, and Goodfellow and its 315th Training Squadron is at the forefront in training defenders against these warriors," the article says.

"The most popular aspect of [information war] is the process of attacking and protecting computer-based and communication information networks," said Goodfellow AFB's Captain Tim Hall.

Hall had also advertised on the Internet in mid-November 1996 for an info-war instructor at Goodfellow. The job description called for a captain's rank to "[Create and develop] infowar curricula for all new USAF Intelligence personnel; Supervise IW Lab development, student training, infowar instructional methods and infowar exercises."

"Some attacks are by people who unintentionally access networks and others are by those bent on destroying government computer data through use of devastating viruses and other means," said Hall.

"Students also learn how other countries such as Russia, China and France plan to conduct [information warfare] operations," said Hall.

"Indeed," said Crypt Newsletter.

It's war -- war against hackers, say the information soldiers of Goodfellow.

Instruction courses at the base are designed to inculcate "basic awareness in the defensive skills needed to recognize and defeat information warriors, commonly called computer hackers," Hall said for Intercom.

Goodfellow is stepping up efforts to train its information warriors. "We are going to propose Team Goodfellow build an advanced [information warfare] course," said another soldier. "It will teach offensive and defensive concepts in a classroom and hands-on training in a lab environment," which is a tricky way of saying that soldiers think hacking the hackers, or whoever they think might be launching info-war attacks, is a savvy idea.

Long-time Crypt Newsletter readers probably can't help but recognize trenchant similarities between the quote of Goodfellow info-warriors and examples of the paranoid rantings found sprinkled through the writings of teenager-composed 'zines from the computer underground ca. 1992.

We'll kick them off Internet Relay Chat. They'll never get channel ops on our watch. Yeah, that's the ticket.

----------------

Additional color: Alan Dunkin promptly wrote to Crypt Newsletter with some additional local commentary on the environment in which Team Goodfellow operates. He speculates on possible causes of institutional paranoia.

"My freshman year straight out of high school I decided to go out of town and went to Angelo State University, in San Angelo, Texas," writes Dunkin. "I'm not sure why, but Angelo State had a good music program and a [supposedly] decent computer science program, which was my major back then. And I decided to go the 300 miles or so [from Dallas] and see what it was like."

"The USAF runs classes right out of Angelo State and, of course, I'd also see training aircraft from Goodfellow, which is based in San Angelo, all the time. I also knew students who were either in ROTC or knew someone inside of Goodfellow.

"During and after I left, I kept track of Goodfellow throughout the years, and that base has been the center of some strange happenings which might explain a lot of broad paranoia about that place:

* In 1993 I was told that Goodfellow was the center of intelligence
  training in the USAF, and computer technology.  I really didn't believe
  it, and still don't -- to an extent.

* A high ranking officer was caught distributing child pornography
  throughout the BBSes in the San Angelo area, though apparently not
  from the base itself.

* Angelo State was supposed to be one of the top notch computer
  science schools in the entire "Key" country -- west-central Texas --
  although the its facilities were fairly pitiful and the labs were
  constantly infected by viruses. (One of which I nearly transmitted on
  diskette to Jim Thomas at NIU by mistake.) [The viruses] supposedly
  got spread by the ROTC students who worked on Goodfellow machines.
  I could never confirm this though.

* There are a lot of pranksters and techno-weenies at Angelo State, many
  whom I knew created viruses for the express purpose of destroying
  information, records, etc., on school computers.  I never heard of any
  successes (in such a relatively small town and university things like
  this spread  quickly via word-of-mouth) but the air force base systems
  would have been a tempting target [for these types].

"I think the combination of incidents, the apparent breaching of Goodfellow AFB security -- which was weak to begin with, the numerous technological problems that surrounded Goodfellow and the jump on the technology bandwagon, may have contributed to the feeling of distinct paranoia at Goodfellow as described by Crypt. I'm not really surprised. In 1993 during my Freshman year they had hardly heard of the Internet in San Angelo, while I petitioned in the local newspaper for access. Supposedly school access would be attempted within 2 years, an appalling [lag] for a school -- and city -- that likened itself to be a technological mecca in the west Texas scrublands."

Dunkin also commented one searing case in 1995 involving base security. Tracy McBride, a 19-year old servicewoman, was abducted from a Goodfellow laundry and later found dead under a highway bridge in an adjacent county. Her murderer, an out-of-state man, was captured.

Paranoid or not, for a long time Goodfellow has been a training school for some air force intelligence activities. From a biographical sketch of the base:

"In 1958, Goodfellow's mission became the training of Air Force personnel in the advanced cryptologic skills that the Security Service required at installations worldwide. Eight years later, in 1966, the mission expanded further to include joint-service training in these same skills for Army, Navy, and Marine Corps personnel.

"[By the 80's] senior intelligence personnel had . . . begun seriously to contemplate the consolidation of all Air Force-managed intelligence training to one location. The site selected for intelligence training consolidation was Goodfellow, and the base was designated a Technical Training Center in 1985. During the next three years, ITC brought to Goodfellow advanced imagery training from Offutt AFB, Nebraska, electronic intelligence operations training from Keesler AFB, Mississippi, and targeting, intelligence applications, and general intelligence training from Lowry AFB, Colorado."

Not all USAF intelligence training is conducted at Goodfellow. However, a sampling of the Top Secret courses taught at the base are:

Military Geography as Related to US Intelligence Problems
Clearance: TOP SECRET/SCI
Objective: Provides a brief overview of geography, geopolitical
environment, society, economics, lines of communications and military
forces structure of the CIS, and other strategic areas as they relate
to intelligence problems.

Introduction to US Imagery Reconnaissance
Clearance: TOP SECRET/SCI

Special Studies
Clearance: TOP SECRET/SCI

Objective: Provides advanced multi-sensor imagery analysis techniques
to solve specific intelligence problems. Examines doctrine,
techniques, and countermeasures unique to denial and deception,
low-intensity conflict, counter narcotics, and special operations.

----------------

EX-VIRUS WRITER CLINT HAINES DIES OF OVERDOSE AT 21

Long-time readers of Crypt Newsletter will be astonished to hear death -- due to heroin overdose -- came to the famous Australian virus-writer Clint Haines on his twenty-first birthday, April 10. He was from Brisbane.

Writing in the Usenet comp.virus newsgroup On April 19, Rod Fewster, a moderator of one of the Fidonet's virus information newsfeeds and one who knew Haines, said:

"Clinton Haines, who earned his place in virus-writing history at the age of fifteen as Harry McBungus, became a household name in the virus world by the time he was eighteen as Terminator-Z and TaLoN . . . [Haines] gained widespread fame a couple of years ago with front-page newspaper headlines yelling about how his No Frills virus had stopped the Australian Taxation Office dead in its tracks for two days, and was regarded by his peers as one of the best virus writers of all time . . . [He] will be cremated tomorrow morning.

"Clint quit virus writing two years ago to concentrate on his university studies and he had the intelligence to go a long way in his chosen field of microbiology, but unfortunately being intelligent doesn't always give you street smarts.

"Clinton Haines/Harry McBungus/Terminator-Z/TaLoN died from an overdose of heroin . . . on his twenty-first birthday."

Haines' interest in controlled substances could be seen in frequent posts to the Usenet where the University of Queensland student waxed enthusiastically on topics ranging from the synthesis of LSD and methamphetamines to his own experiences with Prozac. In April, it all came off the rails, rendering him dead and an acquaintance comatose.

For example, on the date-rape drug, rohypnol: ". . . a friend of mine had 10 rohypnols and a 6-pack, woke up in the lockup with 25 stitches in his head and a broken arm, and couldn't remember a single thing from the last 12 hours . . . turns out he was vandalizing a train seat and the security guards beat the shit out of him . . . then he got off at the next station only to try skateboarding and broke his arm."

On speed and LSD: ". . . I assure you people that LSD and amphetamines are a rather wondrous combination, the ceaseless and energetic progression of thought along a myriad gossamer threads of abstract reality . . . throw nitrous on top of that and you have God mode happening . . . thinking is simply a matter of choosing where you want to go inside your mind and insight/thought rushes abound to the point of not having enough time in which to follow every branch point . . . to the point where your individual thought threads meld themselves into higher denominations . . ."

Haines rambled wildly on his thrill at sniffing laughing gas: ". . . nitrousing out in this state of mind can be wicked because you go so far out on a mental limb . . . sometimes you get to this point where everything becomes completely fluid, not in the physical sense, but one can see, perceive, visualize, etc., every ramification of everything that goes on in the particular mental environment you construct . . . including, say, the passage of a tennis ball under the influence of gravity, or the evolution of an argument and the interplay of multiple factors, even your own thought reasoning . . . when one nitrouses out to a point of total thought fusion, and the concurrent realization/visualization of an extended range of thought capabilities occurs, one gets the rare chance to 'refit' aspects of one's mind, much like getting into newly-washed clothes or something."

And, sadly, on heroin synthesis in a post on September 20, 1996: "WARNING ---- MAKE SURE you cut the rock so produced down to NO MORE than 30% purity -- otherwise you'll end up killing a whole bunch of people . . street-grade heroin is usually in the range of 10-20%, maximum."

The Australian VLAD virus-writing group promptly published a memorial virus to Haines, called "RIP Terminator Z," according to a story by technology writer Julie Robotham in a piece published in the April 29 edition of the Sydney Morning Herald.

Fewster commented to Crypt Newsletter, "[Clint Haines] had a bright future ahead of him, and in my opinion could have done some good in the world if he'd just kept his head together."

----------------

THE FAVORITE SLOGAN OF U.S. INFOWARRIORS

electronic Pearl Harbor (or "EPH"): a bromide popularized
by Alvin Toffler-types, ex-Cold War generals, assorted corporate
windbags and hack journalists, to name a few. EPH is
meant to signify a nebulous electronic doom looming over U.S.
computer networks. In the real world, it's a cue for the phrase
"Watch your wallet!" since those wielding it are usually doing
so in an attempt to convince taxpayers or consumers to fund
ill-defined and/or top secret projects said to be aimed at
protecting us from it.

                         --from the Crypt Newsletter "Joseph K"
                         Guide to Tech Terminology

"Electronic Pearl Harbor" and variations on it, Crypt Newsletter has noticed, are now some of the most over used buzz-phrases in the topic of computer security and information warfare. Using Internet search engines, it is possible to quickly find over 500 citations for the phrase in on-line news archives, military research papers and press releases.

Paradoxically, overuse of the phrase has had quite the opposite effect desired by those who unwittingly wield it. One can easily imagine p.r. handlers coaching our leaders, generals and corporate salesmen to not forget to say "electronic Pearl Harbor" at least one time just before giving a speech or interview. Since it is a gold-plated cliche, anyone with more sense than it takes to pour piss from a boot can use it as an infallible detector of Chicken Little-like cyber-bull. Paraphrased: Anyone still caught uttering "electronic Pearl Harbor" in 1997 is either completely out of it or a used-car salesman/white-collar crook of some type.

Here then, Crypt News presents for your amusement, a selection of the unclothed emperors speaking of "electronic Pearl Harbor:

Twice in the May issue of WIRED magazine, both in John Carlin's "Farewell to Arms."

1. "We will have a cyber equivalent of Pearl Harbor at some point, and we do not want to wait for that wake-up call," attributed to former U.S. Deputy Atty. General Jamie Gorelick.

2. "I-war can be the kind of neat, conceptually contained electronic Pearl Harbor scenario that Washington scenarists like -- collapsing power grids, a stock market software bomb, an electromagnetic pulse that takes the phone system out."

---------------

Twice in Robert Minehart's tutorial on Information Warfare, a course currently presented by the U.S. Army's training school in Carlisle, PA. Minehart's bio refers to him as an NSA/CIA/DIA agent and Visiting Professor of Information Warfare at Carlisle. Minehart prefers "Information Pearl Harbor" to "electronic Pearl Harbor" but as far as Crypt Newsletter is concerned, they're the same thing.

1. "So what would an effective Information Pearl Harbor look like?"

2. "The U.S. may find it difficult to use military force in response to an Information Pearl Harbor-type attack."

---------------

Once by John Woodward, a mouthpiece for MITRE Corporation in McLean, VA, in a long-winded 1997 company Website sales pitch for hiring MITRE expertise in avoiding "electronic Pearl Harbor":

"It's MITRE's job to keep the information warfare equivalent of [electronic] Pearl Harbor solely and exclusively in the realm of simulation."

Also attributed to Woodward, "MITRE is the best source on information warfare in the world." Of course, how could it be otherwise?

---------------

"Electronic Pearl Harbor" was invoked three times by strategist Martin Libicki, in "Defending Cyberspace and other Metaphors," a paper on info-war published by the Pentagon-administered National Defense University in Washington, D.C. The paper appeared earlier this year and Libicki uses the term "digital" in place of "electronic."

1."A strategic motive for a digital Pearl Harbor could be to dissuade the United States from military operations (perhaps against the attacking country) or to hinder their execution by disrupting mobilization, deployment, or command and control.

2. "How much damage could a digital Pearl Harbor cause?"

3. "A more pertinent question than how much damage a digital Pearl Harbor might cause is how well hackers attacks can delay, deny, destroy, or disrupt military operations."

---------------

In the January 6, 1997 edition of the Wall Street Journal, reporter Tom Ricks attributes Duane Andrews of Science Applications and the Pentagon's Defense Science Board with:

"Warning of a possible 'electronic Pearl Harbor,' the task force appointed by the Defense Science Board also said the Pentagon should seek the legal authority to launch counterattacks against hackers."

Keep in mind Science Applications, like MITRE Corporation, advertises its skills in avoiding problems related to "electronic Pearl Harbor."

---------------

"We could be on the brink of an 'electronic Pearl Harbor' or an 'information Chernobyl' and not even know it."

This one was uttered by Frank Morgan, an Air Force Intelligence Agency officer out of Kelly AFB, Texas, in an article for the September 1996 issue of Airman magazine entitled "Info Warriors!"

---------------

In Cybernautics Digest, Vol. 3, No. 7 (1996), "All's Not Quiet on the Information Front":

"Pentagon officials fear an electronic Pearl Harbor: an attack which could go undetected until it is too late."

---------------

"[John] Deutch favors center to avoid `electronic Pearl Harbor' and [it] would not require hiring new personnel," showed up in a July 1, 1996 story on Congressional testimony on the subject of hackers and info-war. It appeared in Federal Computer Week.

If you've been following newspapers, sometimes it seemed as if CIA-director Deutch spent most of 1996 talking about "electronic Pearl Harbor," a remarkable feat from someone who could not distinguish the PenPal Greetings Net virus hoax from reality.

And in the same story, a couple paragraphs on:

"I don't know whether we will face an electronic Pearl Harbor, but we will have, I'm sure, some very unpleasant circumstances in this area," said John Deutch.

---------------

"Senator Sam Nunn (D-Ga.), who chaired the hearing, raised the issue of 'an electronic Pearl Harbor' against the 'national information infrastructure,' and asked 'are we fully alerted to this danger now?"

The above quote came from an article written by John Elliston for something called "Dossier." It, of course, also repeats the Deutch "electronic Pearl Harbor" quote -- published by hundreds around the country -- taken from the same July 1996 Congressional hearings.

---------------

"We're facing an electronic Pearl Harbor," said Ronald Gove, a vice president of Science Applications, at a 1995 National Computer Security Association Info-war conference, as reported by a September '95 issue of the Arizona Star.

---------------

"The Pentagon's New Nightmare: An Electronic Pearl Harbor" was the title of a Neil Munro-penned editorial in the July 16, 1995 edition of The Washington Post.

---------------

And in Alvin and Heidi Toffler's 1993 book entitled "War and Anti-War," "electronic Pearl Harbor" is said to be just waiting to happen. (Page 149 in a section entitled "Info-terror.")

Duane Andrews of Science Applications also makes an appearance in the Toffler book, and similar to what he said in 1997, he says in "War and Anti-War:" "Our information security is atrocious, our operation [secrecy] is atrocious, our communications secrecy is atrocious."

---------------

MCAFEE'S MEDIA-ASSAULT TACTICS

A 1997 opinion piece by Rob Rosenberger (1st edition, 4/22/97)
  _________________________________________________________________

DID YOU KNOW McAfee Associates pays employees to find flaws in competitors' products? This fact came to light when McAfee launched a new volley of media assaults against Symantec and Dr. Solomon's Software, two major rivals in the antivirus market.

In the first case, McAfee's beta-test division discovered an obscure flaw in Symantec's Norton Utilities. Instead of notifying Symantec, McAfee chose to notify only the media. They even wrote a blatant demonstration program so Windows Sources magazine could include it as part of a fear-inducing online story.

Symantec believes McAfee should have notified them instead of helping the media write scary stories about a trivial flaw. Product manager Tom Andrus told Associated Press: "We were taken aback that they would go to the press, create something akin to a virus and then basically show the world how to do that." Symantec also berated Windows Sources for providing McAfee's code to any malicious hacker who wanted it.

Editors pulled McAfee's blatant demo from the Windows Sources website the next day. Symantec quickly released a software patch to calm the nerves of frightened customers -- and paid PRNewswire to distribute an extremely polite press release announcing the patch.

IN THE SECOND case, McAfee's beta-test division discovered a supposed "cheat mode" in Dr. Solomon's Anti-Virus Toolkit. McAfee went on the war path, paying PRNewswire to distribute a press release accusing Solomon's of committing heinous crimes against humanity:

"The cheat mode can cause Dr. Solomon's Anti-Virus Toolkit to show inflated virus detection results when the product is being reviewed by trade publications or independent third party testing organizations. McAfee has forwarded its evidence to the National Computer Security Association . . ."

Solomon's struck back with a hilarious press release: "McAfee Pleads with Dr Solomon's to Reduce Dr Solomon's Virus Detection Rate." They proudly admit their "heuristic" function works exactly as described. "The product given to reviewers is exactly the same product delivered to customers . . . The technology is available to every user."

McAfee responded with another inflammatory press release claiming Solomon's had engaged in a "disinformation campaign." In an incredible twist, McAfee quoted Patricia Hoffman, "a well-respected independent virus research[er] based in Santa Clara, Calif." Hmmm, McAfee coincidentally bases its operations in Santa Clara, too. You can discover a lot of interesting coincidences surrounding Hoffman & McAfee, but let's not digress.

The National Computer Security Association stepped in at this point with its own press release "reaffirm[ing] that Dr. Solomon's Anti-Virus Toolkit meets stringent NCSA anti-virus product certification standards." The heuristic function "did not and does not affect the NCSA labs present or past certification testing." McAfee Associates apparently gave up the fight at this point.

McAFEE'S MEDIA ASSAULTS stretch back to the 1980s when the press built a sacrificial alter to founder John McAfee. Josh Quittner's definitive expose in New York Newsday showed just how effectively McAfee corrupted an all-too-willing media. Pamela Kane (then a competitor to McAfee) also wrote an expose in her book, "V.I.R.U.S. Protection."

"Big John's" teachings continue to inspire employees long after his departure from the company. A 1996 media campaign against Symantec demanded no less than a worldwide recall of Norton AntiVirus, to which Symantec issued a rather wimpy response.

Symantec's well-oiled propaganda machine doesn't smell like a rose either, as Crypt Newsletter's exposes point out. Symantec shamelessly exploit the media to gain free publicity; McAfee shamelessly exploits the media as a weapon.

In another example from 1996, McAfee issued a press release "extend[ing a] safety net to displaced Cheyenne customers" after Computer Associates acquired the firm. "Displaced"? McAfee makes it sound like Cheyenne got run over by a truck. Rather, Computer Associates gave them access to a lucrative customer base and plenty of cash for research & development.

Its tactic against Cheyenne seems even more odd when you realize a competitor can use the same trick against them -- McAfee buys companies on a regular basis. Indeed, they tried to purchase Cheyenne first (right after acquiring a firm called Vycor). They've since purchased a company called FSA and put in a bid for a Japanese antivirus vendor.

A rival could use the same tactic against McAfee to increase bottom-line revenues. Just ignore that pesky "ethics" issue standing behind the curtain . . .

GRAHAM CLULEY, A virus researcher at Solomon's, called from his office in Britain after the latest media attack subsided. "McAfee [is] worried because we have heuristics for finding new file viruses and they don't," he emphasized. "It's odd that a company which claims to have such a large market share in the States should devote so much of its time attacking competitors."

Odd? Not really. McAfee controls a huge share of the market, buys out companies, takes over product lines, hires rivals' employees, doubles its revenues on average every year -- yet they continue to slowly lose total market share. McAfee slows the decline by generating negative publicity for its rivals.

McAfee's percentage of the total customer base dwindles for (at least) two important reasons. First, they evolved beyond a simple "antivirus firm," venturing into the overall concept of computer security. McAfee now sells antivirus software, Internet-based storage solutions, data encryption packages, network audit tools . . . you can even buy advertising space on their website.

Diversification is a big sword, but it's a two-edged sword. Small, focused companies can easily upstage the behemoth. Consider EliaShim: they released an intriguing antivirus software development kit last year. Niche firms like Stiller Research (they focus on data integrity) long offered solutions foreign to McAfee's product line.

Second, McAfee's market share slowly dwindles because every major antivirus firm now offers its products as shareware. The "try before you buy" approach gave McAfee unparalleled product exposure in the 1980s; it no longer makes them stand out today.

"YOU KNOW THE old saying: "if you can't beat 'em, beat 'em up." McAfee long ago learned they could level the playing field faster if they used a gun. A willing media supplies the bullets in order to satisfy its fetish for virus-related news.

Who ultimately wins? PRNewswire. McAfee pays them to distribute inflammatory press releases, competitors pay them to distribute responses, and reporters pay them to get on the distribution list.

Addendum
========

DID SYMANTEC FINALLY READ MCAFEE'S MEDIA-ASSAULT HANDBOOK?

On 23 Apr 97, Symantec paid PRNewswire to distribute an eye-popping
press release accusing McAfee of "stealing code" from one of its
products. They filed a copyright infringement lawsuit demanding a U.S.
recall of McAfee's PC Medic software and all profits from its sale.
Symantec admitted it staffs a beta-test division (just like McAfee) to
dissect competitors' products: "close inspection through the use of
debugging tools shows that a critical section of code . . ."

No response yet from McAfee -- but rest assured, they'll pay
PRNewswire to distribute it.

[Rob Rosenberger is the well-known Webmaster of Virus Myths --
http:/www.kumite.com/myths.  His well written editorials puncturing
computer virus myth-makers are required reading for the
discerning Net user.]

---------------

COMPUTER VIRUS HYSTERIA AWARDS 1997

Due to an overwhelming number of knaves and chowderheads, Computer Virus Hysteria 1997 voting has been started now. The list of atrocities is long, the ballot quite fascinating.


The list:

  GOVERNMENT CATEGORY (CHOOSE ONE)

   David L. Carter, Ph.D. and Andra J. Katz, Ph.D.
   Joint Chiefs of Staff computer office
   The Moynihan Commission
   Dr. Bernard Rostker

  CORPORATE CATEGORY (CHOOSE ONE)

   McAfee headquarters
   McAfee Russian division
   Microsoft
   Penguin Press
   PowerQuest
   Symantec "news bureau"
   Ziff-Davis ZDNet division

   WORLD LEADERCATEGORY (CHOOSE ONE)

   Computer Associates
   Data Fellows
   Dr. Solomon's
   EliaShim
   McAfee Associates
   Sophos
   Symantec
   Touchstone
   Trend Micro

   QUOTATION CATEGORY (CHOOSE ONE)

   Duane Andrews
   Guy Gadney
   Marc Gosselin
   Eric Greenberg
   Integralis
   Brian Milburn
   David L. Potter
   Laura E. Quarantiello
   Symantec

   EVENT CATEGORY (CHOOSE ONE)

   Fifth annual Michelangelo hysteria day
   Linux specific Bliss virus scare
   MS-Mail specific ShareFun virus scare
   SexyGirls.com Trojan virus international porno scam modem-based
   con game
   Symantec Virus Awareness Month Retail Promotion
   Valentine's Day Massacre

   ALERT CATEGORY (CHOOSE ONE)

   AOL4FREE alert
   Bisquit alert
   Death69 alert
   Deeyenda Maddick alert
   Ghost alert
   Good Times alert
   Irina alert
   Little Drummer Boy alert
   Matra R-440 Crotale alert
   NaughtyRobotalert
   Penpal Greetings alert
   PKZ300B alert
   Red Alert alert
   Sheep alert
   Valentine's Greetings alert

   PIERRE SALINGER AWARD FOR INVESTIGATIVE JOURNALISM (CHOOSE ONE)

   AsiaInfo Services
   David Berlind, Joe Moran
   John M. Broder, Laurence Zuckerman
   Rene Deger
   Laura Myers
   PRNewswire
   Joel J. Smith

For scintillating analysis and voting, surf to Virus Myths:

http://www.kumite.com/myths

SPY PROF FIRES UP INFO-WAR TRAINING

With a bio that advertises him as an agent of the NSA, CIA and Defense Intelligence Agency at one time or another, Robert Minehart has put on-line a tutorial in information warfare at a U.S. Army training school in Carlisle, PA. Minehart's official title is "Visiting Professor of Information Warfare."

Net browsers can take the tutorial -- apparently part of a larger 30-hour course -- and then answer questions to assess their comprehension.

In one part of the tutorial, Minehart covers weaponry.

"Notice: Due to the sensitive nature of this section, the weapons presented are ones proposed by open source (non-government) authors," he writes.

"The examples offered should only be considered as concepts to stimulate your thoughts on 'what-if' possibilities.

"THIS PRESENTATION NEITHER CONFIRMS NOR DENIES THE EXISTENCE OF SUCH WEAPONS!" states Minehart menacingly.

Then Minehart begins the discussion with viruses. OK. Crypt Newsletter confirms it. Computer virus existence confirmed!

In a section in which he mixes viruses and the Clipper encryption chip, Minehart explains, "Viruses are computer programs that can infect systems and cause damage. They are usually hidden within safe-looking programs (usually shareware or freeware)."

No, professor, most viruses are spread in 1997 through exchanged diskettes with infected system sectors and in infected documents produced by Microsoft Word.

Further, Minehart writes, "A virus must first be identified and its signature catalogued before a virus program can detect its presence and eliminate it."

Minehart is referring to anti-virus scanners but he's made another mistake of omission all the more mystifying because Minehart lists in his bibliography a fellow, Padgett Peterson, whose anti-virus programs don't require the definition of any virus signature strings within the software.

Parts of the discussion on info-war weapons fly off into the "Liquor in the front, poker in the rear of the flyin' saucer" bad science familiar to Crypt Newsletter readers: the electromagnetic pulse death rays; silicon-wafer eating bacteria.

Other portions of the tutorial veer into generic Tom Clancy-derived policy statements. Computer viruses, for example, become strategic weapons, perhaps to be handled like nuclear munitions.

"Strategic IW weapons however, will most likely be reserved for release by the highest level. For example, a computer virus that would cripple a nation's monetary system or may seize control of international satellites must be controlled by either the President (SECDEF if authority has been delegated).[sic]"

A recurrent theme is that Department of Defense must "lead from behind" by being the instrument of government through which the info-war threat is assessed. DoD will work closely with corporate America to determine its weaknesses and then -- Minehart doesn't say this outright -- the American taxpayer gets the bill with the U.S. weapons industry expanding to sell security products and info-war software, like military hardware, worldwide.

"Tomorrow's enemy will only be able to communicate, finance, or logistically relocate that which our leadership allows," writes Minehart, our info-warriors presumably victorious. "Our adversary will be blinded by a complete cyberfog."

Don't take my word for it, look it up yourself at: http://carlisle-www.army.mil/usacsl/iw/tutorial/intro.htm.

---------------

KADENA AFB INFO-WARRIORS ABOUT EQUAL TO AOL-TYPE ON-LINE ROOKIES

Although there's plenty of quote from U.S. military leaders wishing to show they talk the talk of info-warriors, there's little empirical evidence the rank and file are beginning to walk the walk.

For example, in the September 1996 issue of Airman magazine, devoted mostly to fluffy features on information warfare, one weirdly optimistic article revealed most soldiers connected to the Net seem to have about the same savvy with regard to potential computer hotfoots as AOL-style rookies. Unless, of course, it's all an elaborate disinformation campaign.

In a simple test, computer specialists from Kelly Air Force base in Texas sent bogus mail to unsuspecting targets at Kadena AFB in Japan. Like typical bogus mail, it masqueraded as a simple request from system gurus to cough up user names and passwords "in order to restore the integrity of system files."

One hundred forty-nine -- that's right -- one-four-nine -- promptly turned over their passwords and account information to the raiders.

Airman magazine reported Kadena AFB information technology personnel claiming they thwarted the attack, alleging only eight of 149 passwords actually made it back to Kelly. Sure, guys.

Info-warriors also were alleged to have found 14 computer virus infections on Kadena computers and 302 easily guessed passwords.

Kadena AFB representatives wishfully rated themselves as nine on a ten scale in terms of knowing something of proper computer security. Crypt Newsletter hopes never to see the trainwreck that passes for outright failure.

---------------

MAY 1997 TECHNOQUACK WATCH

Golden Pizzle of Information: any authority figure accustomed to being publicized unquestioningly; or, computer experts fond of making dumbly obvious, fraudulent, indecipherable or insane statements which few dare to seriously question.

---------

Without question, MIT's Nicholas Negroponte is the Pope of Technoquacks. In the May 1997 issue of WIRED magazine, he pimps for a MIT colleague while spouting sunny gobble about "phicons," fusion fired ovens, Sicilians, energy pills and "nanocleaning" knives.

"Perhaps the [Sicilian] bread knives are edged with guaranteed- never-to-go-dull nanoceramic and the oven is fusion fired . . . The Sicilian kitchen is digital, of course . . ."

But of course, Nicholas, and you're Crypt Newsletter's Technoquack for the month of May 1997, too.

----------------


     LETTERS TO THE EDITOR:
     ======================

Dear Crypt:

I ran across your web page. Great stuff. I've been doing this
since the '70s. I think management is worse than Ph.D's in buying
this [hoax] crap (though the Clinton virus is hilarious as are the
others).

When I worked at Edwards, all the idiots became managers as any
engineer or programmer went to school to - __get this__ - be an
engineer or programmer, NOT to be a manager and push paper.

I'm old and cynical enough to look through the bullshit. Position
and a Ph.D. doesn't mean squat. look at the Defense Science Board and
their analyst staff. I went to school with these "staffers." No, you
don't have to know what you're doing to write [their] crap. Who knows,
next week they may be staffing on welfare reform or agricultural
subsidies.

Having worked towards a Ph.D. (Leaving was mutual disgust. They didn't
like my telling them their statistics were at the undergrad level,
and that the great programming example was nothing more than
"Life" revisited -- great code from the '70s.) I know the lobotomy
that you go through to get one.

Keep up the good work. Just never, never get a job where you have to
use government data, like I do. (No, the data doesn't match up -- the
variables are not defined, there is no data dictionary . . .
aaaaagggghhh!!!)

Frank@sdps

-----------------------
Dear Crypt:

As a former cryptolinguist in the Navy -- a job complete with
excruciatingly paranoid and fascist security policies -- I am
grateful for the Crypt Newsletter. Though a drop in the bucket when
compared with the sheer volume of dangerous disinformation spewed
out by the bureaucratic machine that is the Intelligence [sic]
Community, _Crypt_ is an essential source of REAL, unspun news.

Thank you, my WWW bookmark is in place.

Ed Flagg

-----------------------

Crypt:


I remember [Clinton Haines] from NuKENeT days.  It's harsh and unfeeling
and un-Christian and evil and bad and wrong and not-nice to say that
I think there should be a picture of Charles Darwin on his tombstone, so
I won't say it.  Dying in the bathroom in an opiate stupor with a
needle stuck in one's arm is a most unbecoming way to go, don't you
think?

Was it Gary Watson who once suggested (in apparent seriousness) that
virus authors should be executed?  Perhaps he thrills at the news.

If you ever hear that I killed myself in a particularly distasteful
manner, please do your best to show my infinite stupidity to your
readership (who will care for exactly 0.0012 seconds).  Or do it
beforehand, if you wish.

See ya,

Cory Tucker

-----------------------

Crypt:

I enjoy your newsletter, but if you really want to beam in on
Net silliness, you're missing a good bet. What you need is (1) a
grep-like, full-text search capability for the back issues on your
website, and (2) access to logs of the users' submissions for your
continuing amusement and general dismay.

Any distant hope that the superhighway is leading somewhere will be
rapidly dispelled. I run a site called "NameBase," which consists
of a cumulative name index to 500 investigative books on various
topics of concern to those interested in politics, the intelligence
community, current events, scandals, etc. It took the last 17 years
to put this data together.

I've been enduring searches for Michael Jackson, O.J. Simpson, and
other Hollywood hypes for two years now, but I nevertheless managed
to hang on to my sense of purpose.

Recently, however, I added a full-text search to lock on a word or
phrase in our newsletters and 500 book reviews. I wasn't prepared
for what the logs showed -- there's an extremely serious
dumbing-down problem in our culture, and I don't mean maybe. As your
newsletter has often noted, our mass media is leading us down the
primrose path toward terminal culture rot. We deserve to be crushed by
Chinese exports, even if they are produced by prison labor. Rather
like the barbarians picking away at the Romans.

One recent example was the user who searched for "collaboration of
universities with the intellectual community." I could be generous
and assume that this person meant "intelligence community," but a
year ago I stopped writing routines for the purpose of idiot-
proofing the website. No matter what I did, there was some new
level of weirdness staring at me from the next day's log.

In any case, the way this clueless user's search was formulated,
they got zero hits. Needless to say, there hasn't been any
collaboration of American universities with the intellectual
community for some time now. That's why I dropped out of grad
school 20 years ago!

-- Daniel Brandt

----------------------------------------------------------------------
Public Information Research, Inc., PO Box 680635, San Antonio TX 78268
Tel:210-509-3160   Fax:210-509-3161    Nonprofit publisher of NameBase
            http://www.pir.org/          info@pir.org
----------------------------------------------------------------------


-=The Crypt Newsletter welcomes thoughtful mail from readers at
crypt@sun.soci.niu.edu. Published letters may be edited for length
and clarity or anonymized to protect the naive from themselves.=-



ACKNOWLEDGMENTS
===============
Rob Rosenberger, editor/webmaster of Virus Myths.  Visit --
http://www.kumite.com/myths for a savage read. Alan Dunkin of
On-Line Game Review for useful press releases.


-------------------------------------------------------------
George Smith, Ph.D., edits the Crypt Newsletter from Pasadena,
CA.

copyright 1997 Crypt Newsletter. All rights reserved.

More links.