FOOLED!
What you're about to read is an interesting and, perhaps, an unintentionally humorous tale of what can happen when inexperience, lack of fact-checking and research interests in Internet computer crime collide.
Most wanderers of the Internet are familiar with the running joke concerning computer viruses with names of celebrities, politicians or institutions.
The names and satirical content evoke a momentary smile or groan. For example:
"Gingrich" randomly converts word processing files into legalese often found in contracts. Victims can combat this virus by typing their names at the bottom of infected files, thereby signing them, as if signing a contract.
"Lecture" deliberately formats the hard drive, destroying all data, then scolds the user for not catching it.
"Clinton" is designed to infect programs, but it eradicates itself when it cannot decide which program to infect.
"SPA" examines programs on the hard disk to determine whether they are properly licensed. If the virus detects illegally copied software, it seizes the computer's modem, automatically dials 911, and asks for help.
Rather amusing -- or boring -- depending on how many times you've seen different spins on them. Except Crypt News can't take the credit for making them up. The honor goes to an April Fool's Day issue of Datamation magazine. Normally, that would be the end of the joke but David L. Carter and Andra J. Katz, two professors interested in computer crime, bit down hard on the Datamation article and cited it as a source of real world examples in papers presented to the FBI and The Academy of Criminal Justice Sciences.
But I'm getting ahead of the story.
All this came to Crypt News' attention when the Federal Bureau of Investigation's Law Enforcement Bulletin, published monthly out of the organization's training academy in Quantico, Virginia, apparently thought they were real, too.
Writing in the December issue of the magazine, Carter and Katz, respectively academicians at Michigan State and Wichita State, cited them as real examples of "insidious" new computer viruses in the magazine's feature article entitled "Computer Crime: An Emerging Challenge for Law Enforcement."
The authors seemed to genuinely believe these computer viruses were in circulation, even to the point of citing the "Clinton" joke again in an paragraph attempting to explain the motivations of virus-writing system saboteurs.
"Some employees could be motivated to infect a computer with a virus simply for purposes of gamesmanship. In these cases, the employees typically introduce a virus to play with the system without intending to cause permanent damage, as in the case of the 'Clinton' virus."
Put in perspective, this was similar to reading a scientific paper on the behavior of elephants and suddenly running across a section that straightforwardly quotes from some elephant jokes as proof of what pachyderms really do when wandering the African veldt.
Just before Christmas, alert reader Joel McNamara hipped Crypt News to this gem and wrote:
"The two researchers with the Dr. in front of their names seem to be totally clueless that this was a tongue-and-cheek joke that is still floating around the 'Net. If they did know it was humor, they made no effort to inform readers - [readers] I highly doubt are technically adept enough to recognize it.
Acutely embarrassed over the mistake, the editor of the Law Enforcement Bulletin did not initially return repeated phone calls from Crypt Newsletter. Andra J. Katz, reached over Christmas, said only that her co-author was responsible for the goofed-up material in question. Her co-author, David L. Carter, in turn cited an indeterminate "British scholarly magazine" as the original fool. (This comes from an editorial written by Margie Wylie of CNET.)
Eventually, Crypt was able to reach the Bulletin's editor, Kathy Silesky, who placed the blame squarely on the authors of the bulletin's computer crime piece. The "British scholarly magazine" was invoked again as the escape clause. Two anonymous "security experts" had also "verified" the jokes were real viruses for Carter and Katz, said Silesky. [In reality, the jokes came from an April Fool's Day issue of Datamation magazine -- but more about this later.]
In any case, increasing interest since the Bulletin's mistake was first published in Crypt Newsletter 40 resulted in a hasty edit in which the references to the jokes-as-viruses were simply yanked from the article published on the FBI's World Wide Web site.
However, the rewrite is still imperfect, the content still in a twist. Reference to the "Clinton" virus remains in the feature's section on "Virus introduction." And the print run sent to 55,000 subscribers is beyond intervention.
Even more bizarre: Katz and Carter were informed their research had been contaminated by joke virus tales almost a year before publication of their essay in Law Enforcement Bulletin!
Gene Spafford, A Purdue University faculty member and extremely well-known computer security expert, wrote to Crypt Newsletter after seeing its initial series of articles on the FBI gaffe.
"Sometime in early 1996, Carter and Katz issued a press release on their research into computer intrusions," Spafford relates. "I thought the research was interesting, and I contacted Katz via e-mail for more info."
Spafford continues, writing that he was "sent . . . a longer press release that contained the same erroneous statements about joke computer viruses that were printed in the FBI newsletter. I tried to call Carter, and ended up talking to Katz. I explained to her that those were not real viruses but jokes. I further explained that they should correct that release immediately or else face ridicule from those who understood viruses."
"I never heard from them again."
But wait! The truth gets stranger.
The joke viruses also appeared in a supposedly scholarly paper presented by Carter and Katz at a meeting of the Academy of Criminal Justice Sciences in Las Vegas, Nevada, sometime during 1996. Crypt News dug up an electronic copy of "Trends and Experiences in Computer-Related Crime: Findings From A National Study" on the Michigan State University Intranet. The FBI's Law Enforcement Bulletin piece appears to be a condensed version of this paper. Located in a directory seemingly devoted to college course readings, it still contains the full text of jokes reprinted by the FBI.
Carter and Katz' "Trends and Experiences in Computer Crime: Findings From a National Study" cites a 1995 _April Fool's Day_ article in Datamation magazine as the source for its information on the "SPA," "Clinton," and other computer viruses.
The April 1, 1995 issue of Datamation featured a column of ridiculous and humorous stories that were clearly April Fool's jokes. (Clear, Crypt News guesses if you're not _too_ asleep at the wheel.) In addition to the virus jokes there is a news brief on the League of Information Systems Professionals or LISP, a "group" working to ensure that "Dilbert" is carried in all local newspapers. LISP is also said to be working for "the reinstatement of the slide rule, especially in belt-mounted leather cases . . ."
Also in the Datamation article cited by Carter and Katz in their research paper, the reader finds himself bemused by the tale of computer scientists and anthropologists at the "Moe Fein National Laboratory in Nevermore, Calif." The scientists are testing the "feasibility of monkeys writing computer applications . . . We calculate that if each monkey randomly pounds its computer's keyboard for six to eight hours a day, the entire group will create a word processor . . . within three to four months," is one excerpt from it.
"The research is being sponsored by a large New York bank that hopes to cut its in-house development efforts by getting the monkeys to work for peanuts," it concludes.
If this isn't sufficiently absurd, consider that Carter and Katz cited Datamation's April Fool's stories _twice_ in their national study on computer crime. In addition to joke viruses, Carter and Katz also write of a government dragnet in which federal agents arrested a dangerously successful hacker gang.
"The hackers reportedly broke into a NASA computer responsible for controlling the Hubble telescope and are also known to have re-routed telephone calls from the White House to Marcel Marceau University, a miming institute," write Carter and Katz in "Trends and Experiences in Computer-Related Crime."
"In one episode, the hackers broke into a NASA computer responsible for controlling the Hubble telescope, aimed the telescope at Earth and then proceeded to spy on a nudist colony near Camden, Maine. In another shocking case, the hackers rerouted telephone calls from the White House to Marcel Marceau University, an institution for mimes, based in Inabox, Montana," reports Datamation in the April Fool's Day issue.
Not to worry, though. The Datamation spoof reports the hackers were arrested by agent "Slim Steel" during "Operation _Moon_ Angel."
Marty Moore at Datamation magazine laughed on recollection of the April 1, 1995 issue. "You mean someone published the . . . 'Marcel Marceau University' in a paper? Oh, n-o-o-o-o!" Datamation still publishes staff written satirical material in its monthly "Over The Edge" column. Moore said there are a number of subscribers who mistake it for reality every issue.
The reader may note that academic research appears to be fraught with hidden danger when one lacks an appropriate sense of humor.
-------
Postscript: A recent issue of The State News, Michigan State University's student newspaper, reports in an article on chasing criminals through cyberspace: David L. Carter is engaged in teaching police how to use the Internet.
[Links at the end of this essay take you to the original papers. When surfing to the David Carter page at Michigan State University, use your browser to search for the words "Brain Dead" and "Marcel Marceau." After absorbing this treatise, you might consider e-mailing the professors to warn them their flies remain open in cyberspace.
-------
Read the original screw-up or view additional relevant links.