Hoaxes, myths,
urban legends




About us


Truth about computer security hysteria
Truth About Computer Security Hysteria

Rob Rosenberger

Honest, Senator! A computer virus ate my Gulf War records

Rob Rosenberger, Vmyths co-founder
Monday, 10 March 1997

"GULF WAR LOGS may be missing," blurted an Associated Press headline. Senate investigators looking into the causes of 'Gulf War Illness' want to see records kept on the destruction of Iraqi warheads. They want to know if nuclear, biological, or chemical weapons contributed to veterans' ailments, but a new military report delivered to the Armed Services Committee "concludes that only 36 out of about 200 pages of the logs can be found."

The AP newswire highlights the military's assumption that "a computer virus... may have wiped out half the logs." (A virus destroyed the destruction records? How ironic.) At least two other mishandlings of the logs also occurred, but staff writer John Diamond discloses this in his story only after mentioning the computer virus excuse.

Diamond wrote a quick follow-up story, again citing the computer virus excuse before mentioning other bunglings. Reuters and United Press International quickly & predictably chimed in with their own highlights of the virus portion.

Before we go any farther, let's talk about my credentials. I don't speak for the government. I served in the Air Force but I never went overseas for the Gulf War. I never handled documents related to Gulf War Illness. Congress never asked me to testify about anything.

Most important, I haven't yet read the Defense report. It's my word against the military's — and I rely almost entirely on newswires from three organizations with notorious track records when they report on computer viruses.

So let's get on with it. According to newswires, the military lost multiple electronic copies — and lost multiple printed copies — of the crucial Gulf War records in at least two separate mishandlings. "Two sets of the logs on disk and a paper copy shipped to U.S. Central Command headquarters in Florida after the war appear to have been lost from a safe in an office move. A third disk set and hard copy were lost from a safe at Aberdeen Proving Ground," Diamond wrote for AP.

However, these two snafus apparently only account for half of the electronic copies. Where did the rest go? Well, an officer brought a computer virus into the building around that time and, um, we think it destroyed the last of the copies...

PEOPLE USE THIS childishly vague excuse all time. A few years ago, the Houston Police homicide investigation unit discovered the Joshi virus on its computers. When a newspaper reporter asked how the virus found its way in, department officials claimed a police officer downloaded an infected game from a bulletin board.

Legitimate virus experts know Joshi doesn't use bulletin boards as its transmission vector; I challenged the Houston Police Department to prove its claim. They immediately stopped talking about the incident. (I dismissed it as "ironic" for a homicide investigation unit to do such sloppy investigating.)

Students mutter the word "virus" to teachers hoping it will buy them some more time for a late report. Employees mutter the word "virus" to bosses hoping it will... well, hoping it will buy them some more time for a late report.

Even worse, many computer users automatically blame a virus whenever they notice an odd computer behavior. These knee-jerk accusations grow epidemic (pardon the pun) on well-known virus trigger dates like March 6th or any Friday the 13th.

The following exchange took place on the comp.virus newsgroup between Chengi "Jimmy" Kuo of McAfee Associates and a person who identified himself only as Les. Kuo noted the number of computers affected worldwide in a recent virus scare — and Les interjected with a personal anecdote...

Chengi J. Kuo:
Informal poll among 8 or so [antivirus] vendors registered approximately 30 incidents [of the Hare virus] affecting 80 or so machines worldwide.


I had it while my machine was unattended (home PC) and it wiped me out. Two hard disks and a zip disk which happened to be in at the time.

Chengi J. Kuo:

Not to say that you didn't have it but, how does an unattended machine wipe itself out with a virus that only does this stuff on bootup?


Well I guess I am only assuming that that's what it did, because it was the correct date....

Ironically, a stern boss who won't accept excuses for tardiness often will accept a "virus ate my report" excuse without question — and may even go so far as to reward the employee! The Senate might easily fall into this trap.

I only hope they listen to Senator Carl Levin, who branded the military's virus-destruction assumption as a "dog-ate-my-homework explanation." If I could testify before the Armed Services Committee, I'd ask some important questions:

  1. The military can describe in detail how some of its electronic and paper records disappeared during office moves. (The Defense report apparently goes so far as to claim twelve separate copies of the logs existed at some time.) Then they merely speculate a virus destroyed the copies they can't account for. What specifics do they know? What evidence can they present to support such a claim?
  2. Agencies now habitually destroy paper records once the information flows into a computer database. Permanent loss of data occurs in numerous cases because adequate backups fail to exist. What adequate precautions, if any, did the offices in question take to insure the viability of archived computer data?
  3. Exactly who speculated a virus destroyed electronic copies of the logs? What kind of credentials does this person hold in the computer virus field? Who counter-checked this person's claim, and what credentials does that person hold in the computer virus field?

Sadly, the Defense Department suffers from incompetence regarding computer viruses. In a recent example, the Joint Chiefs of Staff computer branch sent an alert to every U.S. military office around the world claiming macro viruses physically destroy hard drives.

In the 1980s, the U.S. Transportation Command purchased infected retail software — so they shut down their own (virus-free) bulletin board to protect against future purchases of infected retail software. I could dazzle you with other anecdotes, but you get the point. I doubt the Defense Department can competently answer the questions I posed above.

REMEMBER, FOLKS: MY accuracy here relies on the accuracy of stories from the three major newswires. Given their abysmal track records, it wouldn't surprise me if I wind up looking like a fool for writing this opinion piece. If I do wind up looking like a fool, then it's my own fault. No excuses!

I believe General Schwarzkopf when he says the U.S. desperately wanted to find proof of chemical or biological weapons in Iraq. "We're talking about something where one milligram on your skin is fatal and we never had a single report of a serious illness or fatality among 540,000 troops," the AP quoted him as saying. I believe the weapons destruction logs would back up Schwarzkopf's testimony if the military could ever find those records.

I further believe the logs' disappearance indicates they weren't considered important to proving the existence of chemical or biological weapons in Iraq. Multiple mishandlings only reinforces my belief. Their disappearance represented nothing substantial at the time to the people who kept those records. Now, however, the Senate Armed Services Committee wants to see them.

I can visualize what happened. A military paper-pusher discovers multiple mishandlings of the log files, yet even this can't account for all the known copies. One of the people involved in one of the mishandlings says, "I remember we found a virus on some of our computers right around then..." The paper-pusher believes a pervasive virus myth, so he submits a report saying a virus "may have" destroyed the rest of the copies. The Defense Department once again winds up looking incompetent.

I deeply sympathize with veterans who want to learn the truth about their ailments. They deserve so much more than a report which says "honest, Senator! A computer virus ate my Gulf War records..."

Update: 10 March 97
The military issued a press release on March 3rd saying the Defense Inspector General will "take over the investigation of what happened to" the missing logs. The next day (as you might expect), the Defense Department spent almost all of its press briefing answering reporters' questions related to this controversy. Two items of extreme interest:

  1. The Defense spokesman said their report "was inadvertently sent to the Armed Services Committee... It was incomplete since there were individuals who were still working on the issue."
  2. One reporter commented, "there are twelve separate copies of these logs [according to the Defense report]. All of them have either been destroyed or vanished. Twelve of them — including the ones at ARCENT, including ones at Corps levels — 7th Corps and 18rd Corps. All those are missing as I read that report."

The first item proves interesting because it provides a way for the Defense Department to (ahem) stop assuming a computer virus destroyed some copies of the logs. The second item proves interesting because it could imply a fourth mishandling of the logs (if you count the computer virus assumption as the third mishandling). Again, I stress my opinion that the logs' disappearance indicates they weren't considered important to proving the existence of chemical or biological weapons in Iraq.

FOOTNOTE: in a twist of irony, Rob Rosenberger lost four hours of work on this opinion piece when he accidentally overwrote the final copy. (He meant to overwrite an old draft.) If the Senate wants to see the original first edition ... um, a virus may have eaten it. Yeah! That's what probably happened.

[second edition]