Jan 20 2008

SANS director confirms the CIA confirmed … absolutely nothing

This is how urban legends get started, you know
No Gravatar

Speaking breathlessly to the survivors of Hurricane Katrina, SANS Institute research director Alan Paller “confirmed” that (1) cities have suffered blackouts and (2) some people tried to profiteer from it. And he absolutely knows this for a fact because (3) the CIA told him absolutely nothing.

Irony, anyone? The research direc­tor for the SANS Insti­tute went to New Orleans to reveal that cities have suffered black­outs and some people tried to profi­teer from it.

And he abso­lu­tely knows this for a fact because the CIA told him abso­lu­tely nothing.

In case you missed the amazing irony here, let me break it down for you. Paller told an audience in New Orleans — a region that couldn’t generate one watt of electricity for itself in September 2005 — that the CIA told him that some terrorists out there, somewhere, had crippled entire regions of the earth with electrical blackouts.

Wait! It gets better.

“But,” confirmed the CIA, “it didn’t happen here in America. Nope. It happened somewhere else on this mudball we call Earth. And it was horrifying. Corpses rotted in the streets at a time when nomadic urban dwellers killed each other for a single lump of coal just to keep their houses warm during the bitter chill of winter. But we can’t give you any specific details, nor can we offer you a single shred of evidence to back our claims. Nope. We can only say it happened, which is ultra-important to your career. Now go warn all the prostitutes in the French Quarter that the CIA told you absolutely nothing.”

Don’t get me wrong: I love Alan Paller. He’s amazingly gullible. He believes everything CIA analyst Terrill Mayna— waitaminit, that’s the wrong CIA analyst. Paller actually quoted a different CIA analyst by the name of Tom Donahue. Quoting from a breathless story in InformationWeek:

[Donahue] presented [Paller] with a written statement that read, “We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet.”

This is how urban legends get started, you know.

It’s even more ironic when you read Paller’s October 2007 advice for when “you’re trying to share a sense of urgency about a problem.” He chimed in to say “don’t give the boss horror stories about what could happen, give him real stories of what has happened to other people.”

“Real stories,” Paller says? All right: I’ll dare to ask the embarrassing questions

This is how urban legends get started, you know.

It’s even more ironic when you read his Oct ’07 advice for when “you’re trying to share a sense of urgency about a problem.”

Paller chimed in to say “don’t give the boss horror stories about what could happen, give him real stories of what has happened to other people.”

  • Who did it? Paller doesn’t know.
  • When did they do it? Paller doesn’t know.
  • Where did it occur? Paller doesn’t know.
  • Why did they do it? Paller doesn’t know.
  • How widespread was the blackout? Paller doesn’t know.
  • Did the extortion scheme succeed? Paller doesn’t know.
  • Whose power grid Internet connection did they exploit? Paller doesn’t know.
  • How many victims perished in the attack? Paller doesn’t know.
  • What did it cost to clean up after the attack? Paller doesn’t know.
  • Does Interpol want to extradite a U.S. citizen so he can stand trial on charges of cyber-terrorism? Paller doesn’t know.

So there you have it. It absolutely must be true because the CIA told Paller absolutely nothing.

{One hour later…}

Good grief, I feel like a fool for not believing Paller! CIA analyst Terrill Maynard dropped his strawberry-flavored crack pipe long enough to type a written reply on my RV blog with all the gory details! Quoting him verbatim:

It seems Enron caused that blackout in an effort to raise the price of electricity. Ken Lay, a company insider, orchestrated the whole thing. The blackout happened last year in Elbonia and it encompassed nearly all of the villages that make up the capitol region. Twenty-nine tribesmen, four Americans, one homeless Japanese conscientious objector from WWII, and — ironically enough, one Canadian cyber-terrorist who was on the lam — all died in the attack. Two “digital catastrophe” experts (D.K. Matai and Michael Erbschloe) issued a classified press release saying the country suffered US$1.6 trillion in damages.

Wait! It gets even better. A guy named Kevin Coleman issued a bizarre press release over this whole CIA shebang. He’s the Chief Strategist at “Technolytics,” a firm that makes its home roughly 93 miles from the Flight 93 crash site.

How does a company respond when it’s in such close proximity to a terrorist airstrike? Well, if they’re like Technolytics, they’ll distribute “Confidential & Proprietary” brochures on the topics of “cyber war,” “cyber terrorism,” “cyber defense,” etc. And if a company responds with brochures like the ones Technolytics distributes, they’ll suffer from poor composition, a hysterical overtone, and blatant grammatical errors (check out the subtitle of this document).

No doubt he’ll email me to say “I’m not that Kevin Coleman!” Guys like him will never under­stand why I use humor against their hysteria.

No doubt he’ll accuse me of being non-funny, too, but who is he to judge?

You might remember Kevin Coleman as Netscape’s former chief strategist. Then again, you might not remember him — Netscape doesn’t exactly qualify as a textbook example of good corporate strategy. Coleman’s Wikipedia bio reveals he also was the original drummer for Smash Mouth. In other words, the guy just can’t seem to hold down a job. I’d chalk it up to his lack of skills in English composition, but who am I to judge?

Coleman filed his press release “on the heals of this announcement” and it brims with grammatical errors as you might guess. Read it and you’ll realize it lacks focus. Visit his website and you’ll understand why — all of the content on the site lacks focus, too.

Click on the site’s “Security & Intelligence Center” button and you’ll learn the “fact” that “each year more people are killed or injured at work than in road accidents.” But don’t worry: Technolytics can help you combat this threat with “Corporate Marketing Event Security Advice.” I don’t know how all of this applies to “cyber war,” but it undoubtedly makes perfect sense to Coleman.

The company’s “up-to-the-date” PR page hasn’t seen an update since May 2006. Need I mention the grammatical errors?

“Rob, you’re not making any sense. You seem to lack focus.” Yeah, that usually happens when I quote bizarre people who write English as a second language. Let’s return to the topic of Alan Paller, shall we?

I wonder what happened to Paller after he stood at Katrina’s Ground Zero and told the urban legend of a computerized blackout. “I expected the hurricane victims would empathize with the residents of that unknown city. But to my horror, the attendees rose up from their seats as an angry mob, shouting ‘lynch him!’ as they rushed toward the stage to attack me…”