Truth About Computer Security Hysteria
Honest, Senator! A computer virus ate my Gulf War recordsRob Rosenberger, Vmyths co-founder
Monday, 10 March 1997 "GULF WAR LOGS may be missing," blurted an Associated Press headline. Senate investigators looking into the causes of 'Gulf War Illness' want to see records kept on the destruction of Iraqi warheads. They want to know if nuclear, biological, or chemical weapons contributed to veterans' ailments, but a new military report delivered to the Armed Services Committee "concludes that only 36 out of about 200 pages of the logs can be found." The AP newswire highlights the military's assumption that "a computer virus... may have wiped out half the logs." (A virus destroyed the destruction records? How ironic.) At least two other mishandlings of the logs also occurred, but staff writer John Diamond discloses this in his story only after mentioning the computer virus excuse. Diamond wrote a quick follow-up story, again citing the computer virus excuse before mentioning other bunglings. Reuters and United Press International quickly & predictably chimed in with their own highlights of the virus portion. Before we go any farther, let's talk about my credentials. I don't speak for the government. I served in the Air Force but I never went overseas for the Gulf War. I never handled documents related to Gulf War Illness. Congress never asked me to testify about anything. Most important, I haven't yet read the Defense report. It's my word against the military's — and I rely almost entirely on newswires from three organizations with notorious track records when they report on computer viruses. So let's get on with it. According to newswires, the military lost multiple electronic copies — and lost multiple printed copies — of the crucial Gulf War records in at least two separate mishandlings. "Two sets of the logs on disk and a paper copy shipped to U.S. Central Command headquarters in Florida after the war appear to have been lost from a safe in an office move. A third disk set and hard copy were lost from a safe at Aberdeen Proving Ground," Diamond wrote for AP. However, these two snafus apparently only account for half of the electronic copies. Where did the rest go? Well, an officer brought a computer virus into the building around that time and, um, we think it destroyed the last of the copies...
PEOPLE USE THIS childishly vague excuse all time. A few years ago, the Houston Police homicide investigation unit discovered the Joshi virus on its computers. When a newspaper reporter asked how the virus found its way in, department officials claimed a police officer downloaded an infected game from a bulletin board. Legitimate virus experts know Joshi doesn't use bulletin boards as its transmission vector; I challenged the Houston Police Department to prove its claim. They immediately stopped talking about the incident. (I dismissed it as "ironic" for a homicide investigation unit to do such sloppy investigating.) Students mutter the word "virus" to teachers hoping it will buy them some more time for a late report. Employees mutter the word "virus" to bosses hoping it will... well, hoping it will buy them some more time for a late report. Even worse, many computer users automatically blame a virus whenever they notice an odd computer behavior. These knee-jerk accusations grow epidemic (pardon the pun) on well-known virus trigger dates like March 6th or any Friday the 13th. The following exchange took place on the comp.virus newsgroup between Chengi "Jimmy" Kuo of McAfee Associates and a person who identified himself only as Les. Kuo noted the number of computers affected worldwide in a recent virus scare — and Les interjected with a personal anecdote...
Chengi J. Kuo:Ironically, a stern boss who won't accept excuses for tardiness often will accept a "virus ate my report" excuse without question — and may even go so far as to reward the employee! The Senate might easily fall into this trap. I only hope they listen to Senator Carl Levin, who branded the military's virus-destruction assumption as a "dog-ate-my-homework explanation." If I could testify before the Armed Services Committee, I'd ask some important questions:Informal poll among 8 or so [antivirus] vendors registered approximately 30 incidents [of the Hare virus] affecting 80 or so machines worldwide.Les:I had it while my machine was unattended (home PC) and it wiped me out. Two hard disks and a zip disk which happened to be in at the time.Chengi J. Kuo:Not to say that you didn't have it but, how does an unattended machine wipe itself out with a virus that only does this stuff on bootup?Les:Well I guess I am only assuming that that's what it did, because it was the correct date....
REMEMBER, FOLKS: MY accuracy here relies on the accuracy of stories from the three major newswires. Given their abysmal track records, it wouldn't surprise me if I wind up looking like a fool for writing this opinion piece. If I do wind up looking like a fool, then it's my own fault. No excuses! I believe General Schwarzkopf when he says the U.S. desperately wanted to find proof of chemical or biological weapons in Iraq. "We're talking about something where one milligram on your skin is fatal and we never had a single report of a serious illness or fatality among 540,000 troops," the AP quoted him as saying. I believe the weapons destruction logs would back up Schwarzkopf's testimony if the military could ever find those records. I further believe the logs' disappearance indicates they weren't considered important to proving the existence of chemical or biological weapons in Iraq. Multiple mishandlings only reinforces my belief. Their disappearance represented nothing substantial at the time to the people who kept those records. Now, however, the Senate Armed Services Committee wants to see them. I can visualize what happened. A military paper-pusher discovers multiple mishandlings of the log files, yet even this can't account for all the known copies. One of the people involved in one of the mishandlings says, "I remember we found a virus on some of our computers right around then..." The paper-pusher believes a pervasive virus myth, so he submits a report saying a virus "may have" destroyed the rest of the copies. The Defense Department once again winds up looking incompetent. I deeply sympathize with veterans who want to learn the truth about their ailments. They deserve so much more than a report which says "honest, Senator! A computer virus ate my Gulf War records..." Update: 10 March 97
The military issued a press release on March 3rd saying the Defense Inspector General will "take over the investigation of what happened to" the missing logs. The next day (as you might expect), the Defense Department spent almost all of its press briefing answering reporters' questions related to this controversy. Two items of extreme interest: