Truth About Computer Security Hysteria
Honest, Senator! A computer virus ate my Gulf War recordsRob Rosenberger, Vmyths co-founder
Monday, 10 March 1997
"GULF WAR LOGS may be missing," blurted an Associated Press headline. Senate investigators looking into the causes of 'Gulf War Illness' want to see records kept on the destruction of Iraqi warheads. They want to know if nuclear, biological, or chemical weapons contributed to veterans' ailments, but a new military report delivered to the Armed Services Committee "concludes that only 36 out of about 200 pages of the logs can be found."
The AP newswire highlights the military's assumption that "a computer virus... may have wiped out half the logs." (A virus destroyed the destruction records? How ironic.) At least two other mishandlings of the logs also occurred, but staff writer John Diamond discloses this in his story only after mentioning the computer virus excuse.
Diamond wrote a quick follow-up story, again citing the computer virus excuse before mentioning other bunglings. Reuters and United Press International quickly & predictably chimed in with their own highlights of the virus portion.
Before we go any farther, let's talk about my credentials. I don't speak for the government. I served in the Air Force but I never went overseas for the Gulf War. I never handled documents related to Gulf War Illness. Congress never asked me to testify about anything.
Most important, I haven't yet read the Defense report. It's my word against the military's — and I rely almost entirely on newswires from three organizations with notorious track records when they report on computer viruses.
So let's get on with it. According to newswires, the military lost multiple electronic copies — and lost multiple printed copies — of the crucial Gulf War records in at least two separate mishandlings. "Two sets of the logs on disk and a paper copy shipped to U.S. Central Command headquarters in Florida after the war appear to have been lost from a safe in an office move. A third disk set and hard copy were lost from a safe at Aberdeen Proving Ground," Diamond wrote for AP.
However, these two snafus apparently only account for half of the electronic copies. Where did the rest go? Well, an officer brought a computer virus into the building around that time and, um, we think it destroyed the last of the copies...
Legitimate virus experts know Joshi doesn't use bulletin boards as its transmission vector; I challenged the Houston Police Department to prove its claim. They immediately stopped talking about the incident. (I dismissed it as "ironic" for a homicide investigation unit to do such sloppy investigating.)
Students mutter the word "virus" to teachers hoping it will buy them some more time for a late report. Employees mutter the word "virus" to bosses hoping it will... well, hoping it will buy them some more time for a late report.
Even worse, many computer users automatically blame a virus whenever they notice an odd computer behavior. These knee-jerk accusations grow epidemic (pardon the pun) on well-known virus trigger dates like March 6th or any Friday the 13th.
The following exchange took place on the comp.virus newsgroup between Chengi "Jimmy" Kuo of McAfee Associates and a person who identified himself only as Les. Kuo noted the number of computers affected worldwide in a recent virus scare — and Les interjected with a personal anecdote...
Chengi J. Kuo:Informal poll among 8 or so [antivirus] vendors registered approximately 30 incidents [of the Hare virus] affecting 80 or so machines worldwide.
Ironically, a stern boss who won't accept excuses for tardiness often will accept a "virus ate my report" excuse without question — and may even go so far as to reward the employee! The Senate might easily fall into this trap.
I only hope they listen to Senator Carl Levin, who branded the military's virus-destruction assumption as a "dog-ate-my-homework explanation." If I could testify before the Armed Services Committee, I'd ask some important questions:
Sadly, the Defense Department suffers from incompetence regarding computer viruses. In a recent example, the Joint Chiefs of Staff computer branch sent an alert to every U.S. military office around the world claiming macro viruses physically destroy hard drives.
In the 1980s, the U.S. Transportation Command purchased infected retail software — so they shut down their own (virus-free) bulletin board to protect against future purchases of infected retail software. I could dazzle you with other anecdotes, but you get the point. I doubt the Defense Department can competently answer the questions I posed above.
I believe General Schwarzkopf when he says the U.S. desperately wanted to find proof of chemical or biological weapons in Iraq. "We're talking about something where one milligram on your skin is fatal and we never had a single report of a serious illness or fatality among 540,000 troops," the AP quoted him as saying. I believe the weapons destruction logs would back up Schwarzkopf's testimony if the military could ever find those records.
I further believe the logs' disappearance indicates they weren't considered important to proving the existence of chemical or biological weapons in Iraq. Multiple mishandlings only reinforces my belief. Their disappearance represented nothing substantial at the time to the people who kept those records. Now, however, the Senate Armed Services Committee wants to see them.
I can visualize what happened. A military paper-pusher discovers multiple mishandlings of the log files, yet even this can't account for all the known copies. One of the people involved in one of the mishandlings says, "I remember we found a virus on some of our computers right around then..." The paper-pusher believes a pervasive virus myth, so he submits a report saying a virus "may have" destroyed the rest of the copies. The Defense Department once again winds up looking incompetent.
I deeply sympathize with veterans who want to learn the truth about their ailments. They deserve so much more than a report which says "honest, Senator! A computer virus ate my Gulf War records..."
Update: 10 March 97
The first item proves interesting because it provides a way for the Defense Department to (ahem) stop assuming a computer virus destroyed some copies of the logs. The second item proves interesting because it could imply a fourth mishandling of the logs (if you count the computer virus assumption as the third mishandling). Again, I stress my opinion that the logs' disappearance indicates they weren't considered important to proving the existence of chemical or biological weapons in Iraq.
FOOTNOTE: in a twist of irony, Rob Rosenberger lost four hours of work on this opinion piece when he accidentally overwrote the final copy. (He meant to overwrite an old draft.) If the Senate wants to see the original first edition ... um, a virus may have eaten it. Yeah! That's what probably happened.