CRYPT NEWSLETTER 43 June -- July 1997 Editor: Urnst Kouch (George Smith, Ph.D.) Contributing Editors: Stephen Poole, Rob Rosenberger INTERNET: 70743.1711@compuserve.com crypt@sun.soci.niu.edu Mail to: Crypt Newsletter 1635 Wagner St. Pasadena, CA 91106 ph: 818-568-1748 Who reads Crypt Newsletter: ========================== The great majority of Crypt Newsletter readers do it on company time. While there are accesses at all hours, heaviest usage and downloading of current issues occurs during U.S. business hours, beginning at around 7:30 EST and continuing to 4:40 Pacific time. Readers of Crypt Newsletter log in monthly from organizations like Lucent Technologies, Loral, Lockheed, MITRE Corporation, MITRE Technology, NASA-JPL, Midwest Research Institute, Electronic Data Systems, Intel, Digital, CSIRO, Science Applications, Unisys, the World Bank, Fujitsu, DuPont, the Securities and Exchange Commission, Boeing, FermiLab, the US Dept. of the Treasury, the Department of Energy, the US Naval Undersea Warfare Center, the EPA [?!], Disney [?!?], Oak Ridge National Lab, Argonne Laboratory, Lawrence Berkeley, Vandenberg AFB, China Lake Naval Weapons Research, the SPAWAR Submarine Command Office, the Pentagon and many anonymous U.S. military Internet domains that refuse open telnet connections and "finger" queries. Others log in from media organizations like the BBC, The Bloomberg Business News Service, New York Times, the Sacramento Bee, various newspapers from the hinterlands, Federal Computer Week, The Net magazine, and The Age, too. Crypt Newsletter articles may not be copied or reproduced in or on other media, on CD-ROM collections of data, or offered - in part or in toto - as part of any database, data survey, information or research service for pay without consent of the editor. Rates based on word count are reasonable. Queries by e-mail are welcome. ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Contents: Crypt Newsletter #43 ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ THIS ISSUE NEWS A military coup and the infowar fetish Science Applications: Pentagon Contracts, Inc. High concept virus sci-fi thriller in production in Hampton Roads Electromagnetic pulse weapons: Urban legends mesmerize infowarriors "I Had To Go Sick": Crypt News is pulled over by the Cyber Patrol US Department of Agriculture Website hack Computer Virus Hysteria Awards 1997: some winners MISCELLANY Letters page -- We get letters! Crypt Masthead Info Credits/Acknowledgment
--------------------
CRYPT NEWSLETTER NEEDS YOUR HELP:
Crypt News has never asked its readers for a favor but it has to ask for one now. What was shiny and new twenty issues ago in 1995 is now starting to squeak and groan with age. Crypt Newsletter needs a hardware upgrade!
If you enjoy Crypt News regularly, you can help keep the news
coverage hot by purchasing a copy of my book "The Virus Creation Labs."
It's available through Amazon and all good bookstores.
Eventually, a small but reasonable royalty gets to Crypt News and helps the
publication. Or, you might consider passing on a piece of used
equipment -- that actually works
Now, back to our regularly scheduled transmission.
------------
A MILITARY COUP AND THE INFOWAR FETISH
An October 1996 essay written by Colonel Charles Dunlap and published by the USAF Institute for National Security Studies at the Air Force Academy in Colorado, tells of a fictitious military coup in the United States in 2012. Not to worry, civilians come to their senses and boot the generals by 2015.
In any case, Crypt News deems Dunlap's satire dry and eminently worth your perusal.
In "MELANCHOLY REUNION: A REPORT FROM THE FUTURE ON THE COLLAPSE OF CIVIL-MILITARY RELATIONS IN THE UNITED STATES," Dunlap pokes savagely at Science Applications, the secretive Pentagon mega-consultant think-tank/engineering firm that pops up infrequently in Crypt Newsletter pieces on information warfare.
Dunlap morphs Science Applications, or SAIC, into "VAIC" for "Violence Applications International Corporation." "Eventually, the Pentagon's aversion to fighting compelled the ultimate form of outsourcing: hazardous, unpopular operations were contracted out to the newly formed Violence Applications International Corporation (VAIC)," Dunlap writes. "For years, VAIC and its stable of retirees did the military's dirty work, thereby allowing the armed forces the opportunity to deepen their involvement in popular domestic activities and trendy overseas enterprises."
However, the "VAIC" careerists prove somewhat frangible when it comes to the work of real military men. "But when the Second Gulf War broke out in 2010 and the Iranian Tenth Armored Corps began crushing everything in its path, VAIC defaulted on its contract as its employees scattered . . . Corporate loyalty, it seems, has its limits," writes Dunlap.
Also in for skewering is the concept known as "Total Quality Management." Dunlap's essay is unequivocal in its condemnation of the practice. Unsurprisingly, Crypt Newsletter was able to find quite a bit on "Total Quality Management" in the U.S. government, some of it vended by whiz-bangs at -- take a guess, yes, that's right -- Science Applications.
On the FedWorld Website, Crypt News found a Science Applications "president" and mouthpiece Roger Garrett burbling on about "Total Quality Management" and its utility in pursuing contracts with the Pentagon.
". . . we're in a highly competitive and uncertain market because of the Department of Defense (DOD) budgets," Garrett says.
Garrett continues on about barriers to "Total Quality Management": "The biggest one is the buy-in of management and supervisors, because you're taking away their sand box. They now start dealing with issue from below instead of issues from above.
"There is this fear of empowerment, that if we empower the people, you'll have anarchy, they are going to do whatever they want. The truth is, if you do a good job of empowering people, you're going to have more power because you'll have more time to worry about other things instead of being a benevolent dictator."
Col. Dunlap, apparently sick-to-death of "Total Quality Management," writes in a manner seemingly directed pointedly at fellows like Roger Garrett:
"Especially insidious was the assault of a new ideology known as total quality management or TQM. No one back then [Dunlap means in the Nineties.] truly objected to teaching better management skills. But TQM and, more accurately, the corruption of its beneficial aspects became much more than that. With cultish frenzy, its devotees attempted to reduce to metrics the ultimately unquantifiable nature of combat readiness and warfighting. Somehow the performance of military functions was equated with the production of 'products.'
". . . Traditional superior-subordinate and comrade-in-arms relationships were replaced by faddish customer-supplier associations. This eventually undermined discipline as military personnel began to believe they were 'empowered' to ignore orders that didn't suit them . . . Plenty of officers in the 1990s recognized the lunacy of TQM, but few were willing to confront its powerful zealots."
Overclassification and the current fetish with information warfare were also leading indicators that the U.S. military was about to turn on the civilian government, writes Dunlap.
You'll want to read the original.
SAIC consultants and the Sommy of the Pentagon
Science Applications has appeared in Crypt Newsletter recently because any careful study of the twin phenomena of "electronic Pearl Harbor" and the alleged grave menace posed by electronic bogeymen often winds up pointing to SAIC mouthpieces.
For instance, more SAIC employees in the public record, telling us the sky is falling, has fallen, or is about to fall, due to hackers, pan-national info-terrorists, cybergangs or more frequently, the unnameable:
"A terrorist state that doesn't have [info-war] technology can hire the technology," says Duane Andrews in a March 17 issue of USA Today. Andrews, a mouthpiece and executive vice president of Science Applications who has starred in prior Crypt missives, is almost ubiquitous in mainstream news on the subject. What is never mentioned is that Andrews, as the leader of DoD's Defense Science Board is in the unique position of being able to write policy recommendations that feed directly to services that Science Applications consultants provide. And nothing that he's saying is new. Andrews was singing the same tune about imminent national catastrophe in 1992. It wound up being quoted in Alvin Toffler's "War and Anti-War" in 1993. In the land of Crypt Newsletter, Andrews and Science Applications are working a bald-faced conflict-of-interest, but in Washington, D.C., very few seem to mind.
"The Internet bulletin boards are littered with people offering their [terrorist] services," continued Andrews for USA Today.
Further, in the USA Today article, yet another salesman for Science Applications, Michael Higgins, says: "Who says we haven't seen an electronic Pearl Harbor?"
We've already seen "electronic Pearl Harbor." We haven't yet but it's just around the corner. We're in the middle of it. Or it's a "digital Chernobyl. These are some of the claims Science Applications consultants can be documented as saying for the public record in 1997, depending on what time of day a reporter calls them.
Higgins says we may have already suffered "electronic Pearl Harbor" because he and colleagues at SAIC -- the type of Dept. of Defense "retirees" Charles Dunlap ridicules -- are said to be chasing a dangerous computer intruder -- unnamed, of course -- through Pentagon computers. And they can't catch him yet. But he's dangerous and menacing to the security of the kingdom.
Sound familiar? If it does it's because it fits the script for countless stories on nameless info-terrorists. The USA Today claim is most reminiscent of the furor that surrounded the legend of Sommy. In case you missed it, Sommy was the name of a mysterious uber-hacker said to be terrorizing a Canadian family to the point where his victims wanted to sell their home. Sommy was an eavesdropper. He controlled the TV, the telephone and family ATM cards. Sommy was said to be untraceable, untouchable. One of the major TV network news shows even sent a "crack" security team to find him. The team, for the camera, anyway, was stumped. However, Sommy turned out to be a 15-year old kid in the family with a talent only for extreme mendacity in the face of his parents and the newsmedia.
And still another SAIC salesman, Ronald Knecht, warns of imminent national doom in the same article. "If somebody was going around and wiring high explosives to the infrastructure of this country, we'd be concerned . . . Well, if I were to write a novel and describe the preparation of the battlefield for electronic warfare attack on the U.S. . . . it wouldn't look too different."
Summary: A list of Science Applications consultants to Department of Defense who have (1) warned of imminent "electronic Pearl Harbor;" (2) warned that "electronic Pearl Harbor" is going on right now; (3) warned that "electronic Pearl Harbor" has already happened; or (4) any combination of the first three.
Duane Andrews -- multiple times, dating from 1992. Ronald Knecht -- promised he could write a novel on how to do it. Ronald Gove -- could occur anytime, quotes from 1995 to present. Michael Higgins -- "electronic Pearl Harbor" is happening, or might have already happened.
----------------
SCIENCE APPLICATIONS: PENTAGON CONTRACTS, INC.
Since Crypt Newsletter has mentioned Science Applications International Corporation (SAIC) so many times, it would seem only logical to spend some time explaining exactly what SAIC is.
A trip to the company's Website exposes the reader to an exercise in pitiless bragging and corporate puffery that makes the grandiose press releases of the anti-virus industry seem almost anemic by comparison. Press releases and files describe SAIC's contributions to the world which turn out to be -- somewhat comically -- almost everything.
Like silly Pavel Chekhov, who had an amusing penchant for insisting anything discussed was the invention or intellectual property of Russia during various episodes of Star Trek, SAIC engineers, scientists, mouthpieces and ex-Pentagon staffers can be seen tooting the company horn for everything from karaoke to therapies for AIDS.
"Karaoke?" Crypt hears you ask. Yes, you read right.
A press release on SAIC's O'Fallon, Illinois, office proclaims, "Today, SAIC produces roughly 30% of the U.S. karaoke CD+Graphics product for various publishers . . ."
But SAIC's company magazine is where the company's promotion really shines.
According to SAIC magazine, the company is building computing infrastructures to support HMO's in Northern California, has won Midwestern medical information systems contracts for linking hospitals in Kansas and Missouri, ensures clean disposal of hazardous waste, is working on preventing train derailments, designs simulations to analyze plasma eruptions on the sun and is working on helping the Department of Energy determine spending priorities and resource allocations.
However, SAIC's real bread and butter is military work and while the magazine mentions it, you'll find no fascinating details or even a comprehensive overview of this world. A more realistic SAIC footprint emerges upon examination of newspaper databases for the company's business dealings.
SAIC has countless offices worldwide and large installations in San Diego; McLean, VA, and Ft. Meade, Maryland. SAIC employs thousands of workers, 22,000 by a citation in the Los Angeles Times. The vast majority of its contracts -- 83 percent -- are with the government and military, meaning the company survives almost solely on taxpayer dollars.
In recent years, SAIC has been purchasing other companies including nine in 1996, alone. In the 1996 spurt, SAIC purchased Network Solutions, the Herndon, VA, company that runs the Internic and administers the registration of addresses on the Internet. The Network Solutions purchase resulted in a flurry of news articles noting that SAIC, as a secretive Pentagon contractor, was gaining control of one of the lynchpins of the Internet.
However, one of the most interesting deals was one that was shot down. SAIC was ready to spend $200 million in an attempt to purchase Aerospace Corp. in El Segundo, California, in 1996.
Last November, the U.S. Air Force rejected SAIC's bid to acquire the Pentagon-funded installation as "not in the best interest of of the U.S. government." Aerospace Corp. was a non-profit federally funded laboratory. Ninety three percent of its yearly $350 million dollar business went to the Pentagon and the Air Force, according to a November 15 article in the Los Angeles Times, said it didn't like the "prospect of losing the objectivity, independence and freedom from conflict of interest" that the company provided U.S. space operations, particularly those through the super secret National Reconnaissance Office.
"We're disappointed, obviously," Aerospace Chief Executive Edward C. "Pete" Aldridge Jr. said of the thwarted merger for the Los Angeles Times. "We were looking forward to doing something new and different." Aldridge, of course, would have been a SAIC chief executive had the deal succeeded.
Remember the name Edward C. Aldridge? No? Check in Crypt Newsletter 41. Yep, that's the same Edward Aldridge seen as a co-author on the recent Duane Andrews/Pentagon Defense Science Board report about looming electronic Pearl Harbor. The report recommends a "czar" be appointed to stave off electronic Pearl Harbor. It recommends crash investment -- millions of taxpayer dollars, $280 million, actually -- be spent on the task. And, as a good Crypt Newsletter reader, who is one of the loudest advertisers for protecting the infrastructure from electronic Pearl Harbor? That's right. SAIC! Duane Andrews is a SAIC very-important-person. In effect, Edward Aldridge was negotiating to become a SAIC employee while the DSB report was being written. Heh-heh. Nice deal, no? Sometimes Crypt News wishes it possessed this kind of business moxie.
Ironically, the LA Times included paraphrased comment from one of Aerospace's former presidents, Eberhardt Rechtin: "Fear of . . . conflicts of interest was what prompted the [U.S.] government in 1960 to create Aerospace by spinning off the systems engineering unit of TRW . . . The idea was to place some distance between engineers who were making recommendations on high-tech hardware and the manufacturers of the same hardware . . ."
But wait. Lets take a look at another intriguing SAIC business venture.
In 1995, a movement started within the Pentagon to outsource a function of the Defense Logistics Agency -- the supervision of DoD junkyards around the country.
The DoD junkyards weren't profitable, according to companies wishing to take control of them in the name of better business practices.
Guess what company wanted to be put in charge of military junk? That's right. In 1995, SAIC in conjunction with EG&G, a Boston firm, was interested in taking control of DoD junk.
Here's the scenario. Taxpayer dollars -- your money -- pays for everything bought by DoD, including, for example, PCs, keyboards, peripherals, funny pictures from the officer's clubs, etc. Eventually, a great deal of the material winds up in the military junkyards, where it rots, or is not sold at competitive price, according to the people who want this business.
But if SAIC were in charge, then it could sell goods that you already paid for back to you at more competitive pricing. So the U.S. citizenry could pay for the items twice, with SAIC making a profit and the rest, presumably, going back to DoD.
Neat! Include Crypt News in for a share of that business when it starts.
And here's some more SAIC business activity not included in the company's press releases. At the end of 1995, federal prosecutors in San Diego announced a division of SAIC, Science Applications International Technology, had agreed to pay a $2.5 million settlement to the government stemming from a whistle-blower's claim the company had tricked the U.S. Air Force over navigational equipment.
Of course, a SAIC mouthpiece said the settlement did not constitute admission of wrongdoing. Rather, it was a business decision based on evaluating the cost of litigation against the amount of the settlement.
SAIC raided by military investigators in 1994
Crypt News also found military investigators had raided SAIC offices in San Diego in 1994 while investigating alleged fraud in the DoD's Comanche helicopter program.
Agents from the Defense Criminal Investigative Service, a part of the U.S. Defense Department, and the U.S. Air Force Office of Special Investigations, entered SAIC and seized dozens of boxes of documents.
SAIC developed liquid crystal displays used in the control panels of the Comanche. The company said it would cooperate fully with the investigation.
SAIC convicted of false statements in 1991-2 federal case
SAIC has also been charged with falsifying the results of test samples taken from a Superfund hazardous waste site it managed.
This particular case, from 1991, resulted in what was termed by federal prosecutors "the largest environmental fraud fine" they'd seen at the time.
SAIC, in this settlement, pleaded guilty to seven counts of making false statements to the Environmental Protection Agency and three counts of making false claims for payment in the Superfund case.
The company had been taking in more samples from the site than it could do. Melanie K. Pierson, an assistant U.S. attorney who prosecuted the case said, "They were more interested in money than they were in health and safety concerns."
SAIC later fired six employees after an internal company investigation. No senior managers were involved, according to the SAIC probe.
And SAIC was ordered to pay $1.3 million as a result. Federal Judge Rudi M. Brewster called the case an example of "corporate greed."
Can you say the words corporate criminal? Crypt knew you could.
But we've strayed from SAIC's business endeavors as architects of cyberfear.
Getting back to it, Crypt readers will be pleased to learn SAIC has linked up with the Encino, California-based Pinkerton's detective agency. In a venture slated to run at least two years, Pinkerton's and SAIC have joined together to protect the citizenry (big business, actually; the citizenry isn't suitably fungible) from the faceless shadows of Internet evil. Again, can you say the magic words? Cybergangs, terrorists, computer hackers and cyber-criminals.
SAIC is even promising an "information warfare center." However, no Website is up yet, company mouthpieces say. Stay tuned.
-------------------
HIGH CONCEPT VIRUS FILM IN PRODUCTION
While visiting the East Coast in June, Crypt Newsletter ran across the filming of a computer virus movie in Hampton Roads, Virginia. Starring Jamie Lee Curtis and William Baldwin, the movie is based on a old comic book series entitled "Virus." Alert readers may remember Crypt News covering it -- tongue in cheek -- way back in 1993.
For those who don't, here's the scoop.
Originally published by a company called Dark Horse, "Virus" was the very essence of high concept: non-stop action, nonsensical pseudo-science, absence of plot, and gruesome mutilations with a somewhat pretty-looking woman heroine thrown in for punctuation.
Dark Horse made its name peddling an endless flood of such titles, most devoted to squeezing the last drop of greenish ichor from movies like "Alien" and "Predator." That philosophy ensured just about anything it printed was a big hit, selling out immediately in the kinds of comic stores run by tubercular-looking men with an intense dislike for patrons who don't reserve at least ten new titles each month.
That said, the first issue of "Virus" was almost OK. But almost only counts in quoits and horseshoes. "Virus featured fair art, tiresome dialogue and a story that revolved around an abandoned Chinese radar and telemetry ship that comes under the power of some inter-cosmic computer virus that has been beamed down from the aether through a radio antenna connected to the ship's mainframe computer. The original crew of Chinamen is, of course, dispensed with through a spasm of casual mechanized butchery, necessitating the trapping of some ocean-wandering riff-raff who think they're going to appropriate the vessel's equipment for lots of cash money. Apparently, this is where Jamie Lee Curtis comes in.
Anyway, "Virus" -- the villain -- nixes this plan at once by ripping the breast-bone out of one of the looter/scientists with the aid of a computer-controlled winch. E-mail Risks Digest and report this to Peter Neuman at once!
"Aaaiiieeee!" screech the trapped sailors. They want out, but not before being attacked by something that looks like a cross between a kite and a flying pipe-wrench made from sails and human integument.
While potentially interesting to infowar shamans at the National Defense University, Crypt News suspects the movie adaptation will be as numbingly contrived and psychotically bloody as the original. Look for it next summer.
Postscript: Rumors that John Buchanan is serving as technical advisor on the "Virus" set are scurrilous lies!
-----------------
EMP WEAPONS: URBAN LEGENDS MESMERIZE INFOWAR KOOKS
From the Josef K Guide to Tech terminology:
EMP gun: n. Always suspected but never seen, the EMP -- electromagnetic pulse -- weapon is the chupacabra of cyberspace. Accordingly, it is said to be responsible for much nettlesome corporate computer and bank failure, almost always in countries where such things cannot be verified.
Usage: Pelham was amused when the overly gullible newspaper reporter published his frank lies about Russian computer programmers knocking over international banks with emp guns made from stolen Radio Shack equipment.
------------
One of the most persistent fairy tales propagated in information warfare circles is the urban legend of the electromagnetic pulse gun. When it shows up in the mainstream media, courtesy of Reuters or the Associated Press, it looks something like this:
"Dateline BRUSSELS -- Criminals can use the Internet to create powerful electromagnetic weapons that threaten society with chaos and destruction, a Latverian military officer warned Friday.
"Underground sites on the Internet contain instructions on how to put together dangerous weapons that use electromagnetic or high-energy pulses that cripple computer systems, telephone systems and alarms, according to Victor von Doom, chief engineer at the Defense Materials division of the Latverian armed forces' electronic systems division.
"High-tech goods found everywhere in the world can be used to create powerful weapons using recipes found on the Internet," said von Doom at a meeting of the International Association Of Quack Computer Consultants in Europe.
"The problem is spreading from Russia, von Doom said."
Pretty scary. But sensationalistic garbage that was actually published by one of the wire news services. Crypt News only changed the names of the parties involved.
Crypt News took the time to talk to some scientists at Sandia National Laboratory in Albuquerque. Neal Singer pronounced it an interesting urban legend. Sandia, of course, is one of the national laboratories responsible for weaponization of the U.S. nuclear arsenal. The lab has also done extensive research into shielding against and generation of electromagnetic pulse effects.
Awareness of electromagnetic pulse effects happened in 1962 when a 1.4 megaton nuclear weapon was detonated in Test Shot Starfish. The Starfish shot was conducted 400 kilometers high above the mid-Pacific and the electromagnetic pulse from it destroyed satellite equipment and blocked high frequency radio communications across the Pacific for 30 minutes. "Strings of street lights in Oahu went out and hundreds of burglar alarms set off when the pulses overloaded their circuits," wrote William Arkin in "S.I.O.P.: The Strategic U.S. Plan for Nuclear War." A scientist at Lawrence Livermore, Nicholas Christofilos, had predicted this effect earlier in the rear, calculating that high energy particles from a nuclear burst high in the atmosphere would become trapped in the Earth's magnetic field, producing a series of lightning-like pulses.
Since then, the idea of using electromagnetic effects as a death ray, of sorts, produced without a messy 1.4 megaton nuclear explosion, has become increasingly interesting to fans of the weird quack-science of non-lethality and, for some reason, computer security experts and teenage hackers. For example, Crypt Newsletter frequently receives poorly spelled advertisements put together by teenagers advertising schematics for electromagnetic computer death rays for about $5.00 cash U.S. These, along with instructions for turning the telephone handset into an electric chair, software for melting the circuitry in a PC, and recipes for poisoning enemies with arsenicals -- come dirt cheap on pink photocopying paper or cheesy-looking pamphlets sold at "Survival Books" in north Hollywood.
Interestingly, Winn Schwartau did much to embed the myth of the emp weapon in the mainstream imagination with his 1994 book "Information Warfare." In it, Schwartau wrote of secret U.S. missiles used against Iraq in the Gulf War to short circuit communications through bursts of microwaves. It was an interesting mistake based on a more prosaic reality having nothing to do with emp weapons. In the Gulf War, the Navy used a few Tomahawks containing spools of carbon filament. The filament was deployed across Iraq's power lines and stations by the Tomahawks, causing black-outs by short circuit around Baghdad. According to Michael R. Gordon and Bernard Trainor in "The Generals' War," an account of the Gulf conflict, the military had gotten the idea for the special Tomahawks in the mid-80s when one carrying filament went awry over Orange County, California, and caused a local power blackout.
Since Schwartau's book, the tale has been seized upon by hackers rather too eager to sell gullible journalists on the pseudo-reality of imposing feats of technical legerdemain. In one such story, "Hack Attack," published as a cover feature in a 1996 issue of Forbes ASAP magazine, a number of "dangerous ex-hackers" played the game, "Let's lie to the journalist." The emp-weapon-used-against-Iraq myth was deployed:
Forbes writer: Have you ever heard of a device that directs magnetic signals at hard disks and can scramble the data?
Dangerous ex-hackers, in unison: Yes! A HERF [high energy radio frequency] gun.
Dangerous ex-hacker A: This is my nightmare. $300: a rucksack full of car batteries, a microcapacitor and a directional antenna and I could point it at Oracle . . .
Dangerous ex-hacker B: We could cook the fourth floor.
Dangerous ex-hacker A: . . . You could park it in a car and walk away. It's a $300 poor man's nuke . . .
Dangerous ex-hacker A, on a roll: They were talking about giving these guns to border patrol guards so they can zap Mexican cars as they drive across the border and fry their fuel injection . . .
Dangerous ex-hacker A, really piling it on: There are only three or four people who know how to build them, and they're really tight lipped . . . We used these in the Persian Gulf. We cooked the radar installation.
In other parts of the article the "dangerous ex-hackers" discuss the ease of building what purports to be a $300 death ray out of Radio Shack parts and car batteries. In a rare moment of intellectual honesty and self-scrutiny the "dangerous ex-hackers" admit there are a lot of "snake oil salesmen" in the computer security business.
The sticking point of the legend, according to Sandia's Singer and others Crypt News interviewed, is the generation of militarily interesting amounts of electromagnetic pulse. To generate the effects ascribed to the notional weapon requires power fluxes that would kill everyone triggering the device and everyone in the vicinity of the detonation and target. Far easier to use Tim McVeigh's fuel oil-soaked fertilizer truck bomb.
John Pike, director of the Federation of American Scientists' Space Policy Project puckishly commented, "[This] is sorta like Dr. Strangelove saying that a Doomsday Machine 'would not be dificult'! It is easily within the reach of even the smallest . . . nuclear power."
Nevertheless, the myth of electromagnetic pulse weapons remains powerful, gaining lodgment in the damndest places. Indeed, in Crypt Newsletter 42 one article discussed how a U.S. Army course on information warfare in Carlisle, Pennsylvania, was instructing about them in its sub-lecture devoted to weaponry.
Now, Crypt News provides a thumbnail list of the myth's characteristic hearsay.
1. The emp gun is always seen in remote places, as in "Boris Badenov, a computer security consultant, said criminal hooligans had destroyed a bank network in Dvinsk with an emp gun and escaped with 8 millions rubles in blackmail money."
2. The emp gun is always developed by adjunct professors, fringe military reservists, or hackers. For example: "Glip Popple, an adjunct professor of information warfare at the Technical University of Gobble-Wallah in Australia, said he had built a working emp gun for $2,000," or "Uber-Fiend, a hacker for a group calling itself Karn Evil 9, told Reuters correspondents he had built a 12 gigaJoule electromagnetic pulse projector."
3. Emp guns are always secret, protected by classification, as in, "W. E. van Azathoth, a computer scientist genius working for the northern Virginia company Nefari US Electronics, had written a working paper on constructing emp weapons from four bags of sour cream and onion potato chips, a roll of aluminum foil and a positronic hammer -- it was immediately seized and classified by the National Security Agency.
4. Sometimes only unnamed "experts" talk about emp guns, as in: "Experts have revealed to Associated Press reporters that U.S. banks lost $90 billion due to electromagnetic pulse attacks in 1996 -- the assaults untraceable, the perpetrators -- unknown."
5. Illicit emp gun blueprints are on the Internet. Usage: "This reporter was told by a very highly placed Pentagon consultant that plans for emp guns were on the Internet and that teen hooligans and criminal gangsters had obtained them."
Indeed, it must be considered that in a country where a googly-eyed eunuch can persuade a large group of educated adults to poison themselves in preparation for hitching a ride on a flying saucer and a significant portion of the citizenry cannot be convinced that aliens didn't land at Roswell, the emp gun must be a lead pipe cinch to sell.
-----------------
I HAD TO GO SICK: PULLED OVER BY THE INFO-HIGHWAY PATROL
Take back your politicians, Take back your snoops and moles. Take back your superstitions. Take back the Cyber Patrol. --- paraphrased from Tom Petty's "Yer Jammin' Me"
Hey, buddy, did you know I'm a militant extremist? Cyber Patrol, the Net filtering software designed to protect your children from cyberfilth, says so. Toss me in with those who sleep with a copy of "The Turner Diaries" under their pillows and those who file nuisance liens against officials of the IRS. Seems my Web site is dangerous viewing.
Crypt discovered he was a putative militant extremist while reading a story on Net censorship posted on Bennett Haselton's PeaceFire Web site. Haselton is strongly critical of Net filtering software and he's had his share of dustups with vendors like Cyber Patrol, who intermittently ban his site for having the temerity to be a naysayer.
Haselton's page included some links so readers could determine what other Web pages were banned by various Net filters. On a lark, I typed in the URL of the Crypt Newsletter. Much to my surprise, I had been banned by Cyber Patrol. The charge? Militant extremism. Cyber Patrol also has its own facility for checking if a site is banned, called the CyberNOT list. Just to be sure, I double-checked. Sure enough, I was a CyberNOT.
Now you can call me Ray or you can call me Joe, but don't ever call me a militant extremist! I've never even seen one black helicopter transporting U.N. troops to annex a national park.
However, nothing is ever quite as it seems on the Web and before I went into high dudgeon over political censorship--the Crypt Newsletter has been accused of being "leftist" for exposing various government, academic, and software industry charlatans--I told some of my readership. Some of them wrote polite--well, almost polite--letters to Debra Greaves, Cyber Patrol's head of Internet research. And Greaves wrote back almost immediately, indicating it had all been a mistake.
Crypt News Web site was blocked as a byproduct of a ban on another page on the same server. "We do have a [blocked] site off of that server with a similar directory. I have modified the site on our list to be more unique so as to not affect [your site] any longer," she wrote.
Perhaps I should have been reassured that Cyber Patrol wasn't banning sites for simply ridiculing authority figures, a favorite American past time. But if anything, I was even more astonished to discover the company's scattershot approach to blocking. It doesn't include precise URLs in its database. Instead, it prefers incomplete addresses that block everything near the offending page. The one that struck down Crypt News was "soci.niu.edu/~cr," a truncated version of my complete URL. In other words: Any page on the machine that fell under "~cr" was toast.
Jim Thomas, a sociology professor at Northern Illinois University, runs this particular server, and it was hard to imagine what would be militantly extreme on it. Nevertheless, I ran the news by Jim. It turns out that the official home page of the American Society of Criminology's Critical Criminology Division, an academic resource, was the target. It features articles from a scholarly criminology journal and has the hubris to be on record as opposing the death penalty but didn't appear to have anything that would link it with bomb-throwing anarchists, pedophiles, and pornographers.
There was, however, a copy of the Unabomber Manifesto on the page.
I told Jim I was willing to bet $1,000 cash money that Ted Kaczynski's rant was at the root of Cyber Patrol's block. Thomas confirmed it, but I can't tell you his exact words. It might get this page blocked, too. Actually, he said it twice.
What this boils down to is that Cyber Patrol is banning writing on the Web that's been previously published in a daily newspaper: The Washington Post. It can also be said the Unabomber Manifesto already has been delivered to every corner of American society.
If the ludicrous quality of this situation isn't glaring enough, consider that one of Cyber Patrol's partners, CompuServe, promoted the acquisition of electronic copies of the Unabomber Manifesto after it published by the Post. And these copies weren't subject to any restrictions that would hinder children from reading them. In fact, I've never met anyone from middle-class America who said, "Darn those irresponsible fiends at the Post! Now my children will be inspired to retreat to the woods, write cryptic essays attacking techno-society, and send exploding parcels to complete strangers."
Have you?
So, will somebody explain to me how banning the Unabomber Manifesto, the ASC's Critical Criminology home page, and Crypt Newsletter protects children from smut and indecency? Sotto vocce: That's a rhetorical question.
Cyber Patrol is strongly marketed to public libraries, and has been acquired by some, in the name of protecting children from Net depravity.
Funny, Crypt thought -- no, Crypt News knows -- a public library would be one of the places you'd be more likely to find a copy of the Unabomber Manifesto.
This essay first ran in C|NET's Perspectives/Soapbox on June 19, 1997.
-----------------
FOREIGN AGRICULTURAL SERVICE WEB SITE HACK INCIDENTAL TO DENIAL OF SERVICE ATTACK ON COMMERCIAL INTERNET PROVIDERS
In the second week of June, the USDA's Foreign Agricultural Website was compromised by intruders using it as a platform to launch a denial of service attack against a handful of commercial Internet providers.
USDA workers did not know about the intrusion until administrators from the attacker providers called and inquired "Why are you doing this to us?" according to an official interviewed by Crypt News.
According to the USDA, the attacker used a utility known as NUKE to flood the targets with spurious messages. The attacker, in the opinion of USDA officials, was probably known to the targeted providers.
The penetrated Foreign Ag Service machine was an older UNIX system that had been set up without adequate security by former contractors, according to the USDA. It was subsequently taken off line and replaced with another more modern system.
The USDA also reported a National Agricultural Library computer running Unix was being abused by junk mail advertisers to send spam.
--------------
COMPUTER VIRUS HYSTERIA 1997 -- WINNERS!
This is a much condensed version. Full version on Rob Rosenberger's http://www.kumite.com/myths .
Our thanks go to Nicole Judy of Ohio who offered $50 to help defray the cost of prizes. (The rest comes out of George & Rob's pockets.) We appreciate your kindness, Judy!
AND THE WINNERS ARE . . .
Government category
DAVID L. CARTER, PH.D. AND ANDRA J. KATZ, PH.D. (87 VOTES)
These law professors wrote a feature article on computer crime for the FBI's Law and Enforcement Bulletin. In it, they cited five -- yes, five! -- virus jokes as the real thing.
Interesting runner-ups:
JOINT CHIEFS OF STAFF COMPUTER OFFICE (43 VOTES)
The "J6" directorate serves as a focal point for the Joint Chiefs of Staff in matters of command & control, communications, and computers. In early January, the "J6Z" branch sent a priority message to every military office around the worldwarning them of deadly new computer viruses. The message claimed Word macro viruses can "destroy hard drives, or at a minimum, data on hard drives."
DR. BERNARD ROSTKER (21 VOTES)
The defense department "replaced" (read: "fired") this Special Assistant for Gulf War Illnesses after his team turned over a draft report to the Senate Armed Services Committee. Senate investigators want to see logs kept on the destruction of Iraqi weapons during the Gulf War -- but Rostker's team couldn't locate most of the logs, so they assume a computer virus destroyed roughly half the electronic copies.
Corporate category
THE WINNER!
MCAFEE HEADQUARTERS (62 VOTES): McAfee Associates goes to a lot of effort to keep the world virus-free. For example, they pay employees to beta-test rivals' products. This fact recently came to light when McAfee launched a two-pronged media assault against Symantec and Dr. Solomon's Software.
In the first case, McAfee's beta-test division discovered an obscure flaw in Symantec's Norton Utilities. Instead of notifying Symantec, McAfee chose to notify only the media. They even wrote a blatant demonstration program for Windows Sources magazine (itself a runner-up in the "journalism" category), which they gladly posted on their Website so any malicious hacker could download it.
In the second case, McAfee's beta-test division discovered a supposed "cheat mode" in Dr. Solomon's Anti-Virus Toolkit. McAfee went on the war path, paying PRNewswire (itself the winner in the "journalism" category) to distribute multiple press releases describing Solomon's heinous crimes against humanity.
Interesting runner-up:
MCAFEE RUSSIAN DIVISION (11 VOTES): McAfee Associates' Moscow office faxed a bilingual "security alert" claiming they "received an alert about a message being sent around the world on the Internet. If you receive a message with the subject 'Irina' DO NOT OPEN IT. The virus contained in the message will rewrite your hard drive. Please warn your friends!"
The Irina virus, as you may know, is a hoax . . . And remember: We named the Virus Hysteria Awards in honor of John McAfee, the man who founded McAfee Associates.
Quotation category
1997 was "the year of the virus definition," as you'll soon read . . .
THE WINNER!
SYMANTEC (40 VOTES): Give Symantec credit for truth-in-paid-advertising. This quote appears near the bottom of their recent "Bloodhound Technology" announcement: "The press release contains forward-looking statements concerning product development efforts by Symantec. There are certain important factors that could cause Symantec's future development efforts to differ materially from those anticipated by some of the statements made above . . ."
A fine bit of "don't-blame-us-if . . . " gobble was never penned.
Interesting runner-up:
DUANE ANDREWS (21 VOTES): President Clinton named this former Assistant Secretary of Defense forCommand, Control, Communications, and Intelligence and government insider mouthpiece for Science Applications to chair a special "Information Warfare - Defense task force." Interviewed after his committee issued its report, Andrews said he wants to give the Defense Department the authority to spread viruses:
"[Let the military inject attackers' computers with] a polymorphic virus that wipes out the system, takes it down for weeks."
Go, Duane, go.
Event category
THE WINNER!
SEXYGIRLS.COM TROJAN VIRUS INTERNATIONAL PORNO SCAM MODEM-BASED CON GAME (53 VOTES): Whoops, sorry. We got carried away with the title of this event. But although we admit it, the Royal Canadian Mounted Police don't admit it. RCMP officials learned some Internet users had racked up large phone bills to a company buried in the old Soviet Union. An investigation uncovered a Trojan horse tied to an international phone scam . . .
By the way, did you notice the questions reporters failed to ask of people who got caught up in this Trojan virus international porno scam modem-based con game?
1. What's your name?
2. How long have you been a pervert?
3. How much did the phone company charge you?
4. Do you still surf the Internet?
5. Did you buy Playboy's 'Girls of the Internet' issue?
Pierre Salinger award for investigative journalism:
THE WINNER!
PRNEWSWIRE (49 VOTES): This international newswire isn't one although many journalists appear not to be able to tell the difference. It serves as a clearinghouse for corporate and institutional press releases, especially those issued by the anti-virus industry. What you may not know is that most "virus warnings" are now generated through PRNewswire via company-written propaganda.
Large corporate players in the antivirus industry distribute "virus alerts" via PRNewswire for a couple of fairly obvious (and profoundly anti-consumer) reasons. First, editors and reporters don't pay much attention to Internet newsgroups which have historically served this function. And if editors & reporters don't pay attention, antivirus companies can't get their names mentioned in news stories.
Second, users learn about legitimate threats to computing via Internet channels but there's no money in the process for corporate antivirus vendors. Other competitors can freely critique & snipe, users can freely spit back at distorted pronouncements, and there's little stimulus to corporate sales to show for it. General warnings distributed through the Internet pick up a lot of debate as extra baggage.
PRNewswire proves a cost-effective way to market a "virus alert." At $500 for every 400 words, company mouthpieces can write whatever they want and ensure it rapidly arrives in the hands of pliant journalists. Lazy editors & reporters rely on PRNewswire for their stories instead of relying on industry contacts.
More often than not, a virus story will erupt as "breaking news" solely because anti-virus companies paid PRNewswire to distribute press releases about it. Two recent examples include the Hare media fiasco of 1996 and the Bliss virus scare.
LETTERS ======= Dear Crypt: I got lumbered with the Info Sec job - recommended to the I.T. manager by my predecessor because I was 'tough.' The first thing that I noticed was the 'False Authority Syndrome.' My predecessor involved himself in every aspect of I.T. as a 'guru' under the InfoSec umbrella. ANYTHING - Networks, server setup, h/w or s/w purchasing. WOW. He reminded me of my mother-in-law, a some time professional hypochondriac that had, by age 50 odd, undergone 25 - 27 abdominal operations, many conducted by leading lights of the appropriate medical field. Now with one kidney, vastly reconstructed internals, impaired lung function and a heart disorder, she will tell any that will listen, what doctors should or should not do for any given condition. Her assumed authority is never impaired by such mundane issues as fact or common sense. Like many 'authorities,' she acquired a survival kit which rewards her better than my full time job does. She eats well and dispenses her rather dangerous advice with an aplomb only rivalled by the FBI and other government bodies on anything that they neither understand nor can control. Anti-virus companies in South Africa supply products like DR. Solomon with sales competence and support indifference, but make sure that they appear on the news whenever the latest 'virus scare' originates from some equally ignorant media type overseas. The most time consuming part of my job is the e-mail replies to colleagues saying 'no, that's a hoax and please don't mail warnings like this to half the world before you clear it with me.' I also get a fair number of hardware failure / software (finger) foul-up's which are attributed to viral attacks by authoritative I.T. support personnel. Finally, I would like to align myself with those folk appointed to this job for all the wrong reasons and with the wrong qualifications. My predecessor claimed that the job gave you all the time to do things properly and enabled you to educate yourself and plan your life. This is probably true, but after joining every newsgroup that looked remotely promising and attempting to involve the firewall and AV suppliers (Gauntlet and Dr Solomon) in formatting a set of policies covering information and data security, I have concluded that there is an awful lot of BS and ego-boosting that goes with InfoSec. Most issues can be dealt with by an ounce of common sense, reasonable data backup procedures and an active management of the staff under their control. The field is fascinating and I look forward to the time when I can supply SOME answers instead of perpetually asking WHY? If you got this far, congratulations on your stamina and thanks for your indulgence, Kevin Sizer Information Security Siemens Ltd South Africa. [Good observations. More people need to read material just like your letter, Kevin. --Ed.] --------------------------- Dear George: I must congratulate you on your Crypt Newsletter. I've just been exposed to it for the first time, and I'm relieved to learn that I'm not the only one who realizes that the "infowar" crowd are spewing merely what amounts to intellectual masturbation. Ironically, these people rake in the bucks by hosting seminars for private-sector alarmists and feds (who should know better), while apparently no one has bothered to check their credentials (or lack thereof). I think a little irreverence -- ala your newsletter -- is just what the doctor ordered. Keep up the good work. Thomas Manzi --------------------------- Dear Crypt: I wrote to you about three years ago, letting you know of my appreciation for your newsletter. In that time the World Wide Web has gone from a prototype idea from CERN into an amalgam of fact, fiction and all too much pure, unadulterated crap. Perhaps it is the tendency of the general public to believe as true whatever they see in print that creates the largest risk of the Web. Eclipsing the minor 'threats' of the Four Horsemen of the Infocalypse -- terrorists, drug dealers, money launderers and pedophiles -- that law enforcement would have us believe will bring the immediate downfall of Western Civilization, the ease with which so-called facts can be created, exploited, modified and removed on the Web far exceed capabilities only dreamed of by the most cynical and manipulative of Madison Avenue executives. There are, however, at least three saving graces: (1) Attention and a sense of history are both scarce resources in our society therefore limiting some types of bunk; (2) the general public has been steadily and consistently lied to by television and only in the most ignorant of the population has there failed to arise at least a rudimentary bullshit detector, and; (3) the possibility exists that the overwhelming onslaught of hype and overhype on the Web will achieve an early burn-out of the curiosity and suspension of disbelief that characterizes elements of current media perception. (This is, however, more hope than actuality right now.) To further my belief that there are others among us who still have a sense of rational analysis, I have enclosed a couple of news clippings I thought you might find interesting. Thanks again for producing the newsletter and please keep up the insightful work! Dan Veeneman [Crypt remembers your letter! You sent a box of diskettes and a copy of your cryptography magazine with it! I think you're right about Net burn-out. My significant other is a newspaper journalist and now refuses to read any stories about the Net written by those in her profession. "I'm sick of the Net stories," she says. "I don't want to hear about them. They give me a headache." --Ed.] ------------------------ Crypt: I appreciate your views. Please understand I took the "weapons" section straight from open source and made no effort to correct such. As I'm sure, we both agree it is important to communicate the threat of Info-War. Your newsletter does that well to your select audience. One correction: If you research the term agent vs. employee there is a distinct difference. I have never been an agent for anyone. This may seem trivial but the distinction is significant from my perspective. May I offer that you keep track of the Army War College's home page, as I have several students who have published excellent theses. I hope to post them soon. Best Wishes, Bob Minehart [Editor: And the Website is: http://carlisle-www.army.mil/usacsl/iw/] -------------------------------- Crypt: This is great stuff. Do you regularly write on internet legal issues? I'm a doctoral student who's been the target of an organized harassment campaign (because I allow men to discuss anything they wish on an unmoderated discussion list). Because of this experience, I'll probably research legal issues on the Internet for my dissertation (already have a pretty good advisor on board with great legal issues in higher education experience). Anyway, thanks for some great stories on clueless Ph.D.s Michael Osterbuhr -------------------------- Dear Crypt: Not to try to be smarter than the guy next door, but is [Cyber Patrol] supposed to read every page they ban? How could they? There are more sites sprouting up every month than any of us could browse -- let alone read -- in a lifetime. So, in what follows I'll be careful not to include the words 'sex' and 'penis' in my pages, nor the phrases 'bomb the *', '* the KKK' and 'let * know what we can do with a few pounds of *'; not even as mockery. Hmm. . . on a second thought, maybe FBI officials have thought of that and are already scanning the 'net for these same phrases. So I've better erase some words and save them a trip to Spain. Ok, now it's safe to send. I solidarize with your position. Cyber Patrol is a stupid way of making money. Cheers from Sunny Spain! Alex Fernandez ------------------------- -=The Crypt Newsletter welcomes thoughtful mail from readers at crypt@sun.soci.niu.edu. Published letters may be edited for length and clarity or anonymized to protect the naive from themselves.=- ACKNOWLEDGMENTS =============== Rob Rosenberger, editor/webmaster of Virus Myths. Visit -- http://www.kumite.com/myths for a savage read. Alan Dunkin of On-Line Game Review for useful press releases. ------------------------------------------------------------- George Smith, Ph.D., edits the Crypt Newsletter from Pasadena, CA. copyright 1997 Crypt Newsletter. All rights reserved.
-------------------
Relevant links: