With managers like these, who needs hackers? (v2.0)

Rob Rosenberger, Vmyths co-founder
Tuesday, 28 December 1999

I agree with New Zealand Y2K Readiness Commission special advisor John Good. Shut down your computer -- forever. It's the only way to be truly safe from viruses. Turn it off right now and let it collect dust. Go on, do it. We'll all miss you...

LET'S SEE WHO else recommends a precautionary disconnect to avoid unknown Y2K viruses... Hey look, I found an interesting Newsbytes report [emphasis added]:

New Zealand's Y2K Readiness Commission has told Internet users and businesses to be on full alert, and switch their computers off if possible, over the New Year period in case their systems become the target of 'virus freaks and computer hackers.' [The] alert warns computer users that there will be an increased risk of threats to their systems between now and until well after the New Year.

The warning comes from John Good, "the Y2K Readiness Commission's special advisor." Obviously, we should leave our PCs turned off until well after the new year. We might as well leave them turned off until, say, 7 March 2000. (This way you can also avoid Michelangelo's yearly trigger date. Better safe than sorry, eh?) The Newsbytes report continues:

'We know, for example, that elements in the 'virus community' have already set up a competition for the best Y2K virus, so we are taking the issue very seriously,' [Good] said. The alert recommends all users take steps to prevent their PCs contracting damaging viruses... It further recommends that users switch their PC off 'as early as possible before the end of the year, and leave it as long as possible before turning it on again. This will ensure you are not vulnerable during the cyber-terrorists' most active time,' reads the advice. 'It will also give the virus protection agencies more time to develop the countermeasures which will be needed.'

Of course, you'll need to turn your computer on just to install those countermeasures. Turning a computer on before the year 2004 is a disaster waiting to happen. (Just ask the NSA.) I agree with Good — leave your PC turned off. Forever. Let's see, where else will they give up computers? Aha. A Dow Jones newswire notes MIT "is advising campus computer-users to take the Y2K threat seriously by ... shutting down most computers before year-end... The university is well aware of reports that hackers may use the Y2K event as a means to spread computer viruses or wreak havoc." Oddly, "the threats aren't considered much worse than on any other significant date and the university is well prepared to deal with them, said [MIT data security manager Gerald] Isaacson. 'We get people trying to attack our networks all the time but, according to a lot of sources, a number of attacks (from hackers) may be taking place, so we're looking out for that as well.' Just in case of problems, a few of the university's computer-security experts will be asked to stay on campus, rather than be consulted from home, he said. 'We're not adding staff, but we may have some people here that might normally be at home,' over the weekend."

Isaacson will "anticipate or perish," as I used to say. (An inside joke for the 100 people worldwide who know it. Don't ask: it's classified.)

To his credit, Isaacson wants his security experts on campus in case of a blizzard or Y2K phone outage. (Such a catastrophe would prevent them from saving MIT from the comfort of their own homes.) " 'This time we have the luxury of knowing when [Y2K virus attacks are] going to occur. We always try to be prepared for the unexpected.' " Hmmm, who else will shut down? Why, the South African Revenue Service, of course! According to a Xinhua newswire, "SARS said in a statement that it had taken a business decision to shut down the systems from December 24. 'Members of the public are advised to use alternate means of communication with SARS during this period. The Internet and e-mail connections will be re-connected on January 5 after the SARS information technology division has checked and verified the safety of the Internet and e-mail operations,' the statement said." Wow. A committee will decide on 1/5/00 whether or not to turn computers back on. What I wouldn't give to be a South African taxpayer right now! "No no, it's still too dangerous. Leave the computers turned off. I'll send you an email (ha!) when it's safe to turn them back on..." We can always count on the U.S. Air Force to overreact. From an Associated Press newswire:

Some Air Force bases plan to block access to their public World Wide Web sites over the New Year's weekend, officials say. Others bases have been asked to consider closing down their sites temporarily... Timothy Conley [is] deputy director of the 88th Communications Group at Wright-Patterson Air Force Base in Dayton... The concern, he said, is that hackers emboldened by widespread Y2K computer concerns could insert viruses that would alter or destroy information on the sites. 'We feel they may plant some things on servers or e-mail that might go off after (Jan. 1),' Conley said. He said there is no threat to national security because the public-access sites are separated from secure sites, which will remain operational.

Oddly, "the Pentagon's main Web site should stay operational over the weekend, said spokeswoman Susan Hansen." Scratch another bad prediction on my part, folks. I thought DEPSECDEF Hamre or undersecretary Money would order a precautionary disconnect by now for all ".mil" sites. Let's see what else we can learn about the government sector... oooh! Check out this paragraph from another Newsbytes newswire:

While [Clinton administration Y2K czar John] Koskinen said that there is always a danger of viruses and cyber attacks, he has no credible information suggesting that cyber-crime will increase during the rollover. Still, some observers fear that computer vandals and terrorists will attempt to strike at critical systems during the rollover.

Hmmm. "No credible information." I berate FBI NIPC director Michael Vatis for spreading hysteria with no hard evidence to support it. At any rate, it seems Dow Jones reporter Dawn Kopecki didn't speak to Koskinen:

Worries now turn to intentional acts of sabotage, according to law enforcement and technology officials. Already, some 2,000 computer viruses slated for release during New Year's weekend have been detected. Up to 30,000 viruses are reportedly waiting in the wings for their chance to become the most notorious Y2K computer bug, according to the GartnerGroup, a Stamford, Conn.-based information technology research group... Lou Marcoccio, a research director for the GartnerGroup [said] 'Malicious activity and industrial espionage ... It's likely these people will target Jan. 1 because it will look like a Year 2000 failure.' And there's no telling what kind of disruption could fall out from a successful hacker or cyber-terrorist attack.

Let's see... A newswire from Mexico titled "Y2K Time-Bomb Ticks Louder" begins with the death of the world. "If doomsayers are correct, the millennium-bug time-bomb will explode at midnight Dec. 31, causing much of the world — particularly developing nations — to experience everything from elevators malfunctioning, power supplies being cut to life-support systems freezing in some hospitals." I, too, fear getting trapped in an elevator after drinking a magnum of champagne. I'd much rather tumble down the stairwell in a drunken stupor. Ahhh, but Mexico continues with a dire warning about (you guessed it!) Y2K viruses:

South Africa however seems to be more worried about computer viruses rather than the Y2K problem. Businesses in particular are on full alert following warnings that hackers will not be out partying on New Year's eve, but unleashing their deadliest onslaught. Industry analysts are expecting at least 2,000 deadly viruses to be unleashed during the period before and after the change-over adding to the nearly 50,000 known viruses that the computer world has already identified across the world.

I always turn to Mexican newswires when I need to learn about South African computer security efforts...

Let's see... A UPI newswire disagrees with Mexico, saying "the actual year 2000 bug might not be as harmful as the potentially nasty viruses and hackers waiting to disrupt the computerized world on January 1st." You'll love this next part: "the Computer Emergency Response Team says there are about seven key viruses lurking right now...and many system administrations may've overlooked them in their zeal to remediate Y2K glitches. There's also fear that hackers will use potential Y2K chaos as a cover for their activities." Seven viruses? Seven? Why doesn't the world's premiere computer security agency know about the 2,000 Y2K viruses already detected? Waitaminit, I meant the 30,000 viruses already detected. No waitaminit, I meant the 200,000 viruses already detected... Oh, you know what I meant. Hold on, it gets better. UPI notes "the U-S government, the Defense Department-funded CERT and the Beaverton, Oregon-based Anti-Virus Emergency Response Team [aka McAfee.com] are among those who'll be on alert around the turn of the year. AVERT [aka McAfee.com] will be tracking networks worldwide as soon as 2000 dawns on the Fiji Islands just over the international date line. The object is to catch Y2K-related viruses before they reach major European and North American systems." Assuming you use one of AVERT's — oops, I meant McAfee's — products, of course. Still, this Dow Jones report seems to agree with UPI:

Antivirus software engineers also have been busy. The industry already has seen an influx of viruses this month, many trying to take advantage of the concern and confusion around the date change, said Trend Micro's [Dan] Schrader. One worm virus claims to be the Y2K fix and attaches itself to an e-mail message. 'We don't expect a major disaster,' but 'there will be a greater-than-normal number of people affected by computer viruses over the next few weeks,' he said.

Let's see... You'll love this outtake from a Wall Street Journal story. "The next day, while he was at work, Mr. Wadhwa lost control of the mouse and was helplessly watching it move around his screen when he received a message: 'Hey Dad. It's me. Isn't this neat?' From a computer at home, Vineet had used a virus to take over his father's office computer. 'He could have done anything,' says Mr. Wadhwa, who immediately approved the $30,000 worth of new security his network administrator had been advising him to buy."

A Reuters newswire said "[the space shuttle] Discovery would be launched on Friday evening and shorten its mission to nine days so that the orbiter can be on the ground with all its systems powered down before the end of the year. NASA had previously expressed concerns about the Y2K computer virus."

Sure, sure. Why can't I make someone spend $30k just by moving my mouse around from the comfort of my own home? Let's see... the Washington Post chimed in:

Some of the government's Y2K watchers are warning of computer problems on New Year's Eve that may arise not from the date rollover, but from pranks committed by mischievous hackers. They are watching for intentional acts perpetrated at the stroke of midnight under the cloak of Y2K problems - perhaps by hackers sitting at their terminals determined to breach computer networks, but likelier through the stealthy attacks of viruses, worms and other damage-dealing software that already have made their way across the Internet and corporate computer networks. In recent weeks, the warnings have become louder and more fretful. Deputy Secretary of Defense John Hamre told reporters that 'the hacker chat rooms' were buzzing with Y2K plans, and that 'we're apprehensive enough about it that we've put special watch procedures in place.' And the FBI will hold a briefing [on 12/21] to issue further warnings about the potential for New Year's cyber-attacks.

An FBI briefing led by NIPC director Michael Vatis, I'll bet. Australia doesn't come away unscathed... Reuters and Kyodo newswires say Graeme Inchley, Down Under's top Y2K official, "sees the [Y2K] bug itself causing only sporadic and minor problems for Australian business. His main fear is vandalism — either physical damage to infrastructure or a computer virus designed to simulate a Y2K problem. 'I'm absolutely certain that someone out there has decided to write something nasty that'll hit on January 1,' he said." Attorney General Daryl Williams and acting Communications Minister Ian Campbell also chimed in about the Y2K virus threat. Thankfully, Inchley believes computer security will help. " 'I'm also confident the major organisations and the banks in particular will have insulated their systems enough to reduce the risk to a very, very low level.' "

Clinton Y2K czar John Koskinen announced a new federal monitoring agency known as the Y2K Cyber Assurance National Information Center (CANIC). MITRE will lead the team. The group will protect U.S. assets from a Rapid Binary Dangerous Cyber Assurance National Information Network Emergency (RABID CANINE)...

We might not say the same for Africa, though. This urgent Y2K virus report comes from the New Vision in Kampala, Uganda:

Prices of anti-virus computer elements have shot up sharply following the extensive disruption of computer systems countrywide by a stubborn virus early this week. A survey carried out by The New Vision during the week, indicates that most computer vending companies had run out of stock for anti-virus protection kits after reporting 'unexpected gains.' The prices of obtainable software, mainly of Norton brand of anti-virus products range between US$100 and $300, up from $50 originally sold. Other products include the Dr. Solomon's and Mcaffee. 'We are so overwhelmed by the rush. Our anti-virus protection stocks have now run out,' said a saleswoman at Computers and Accessories Limited on Buganda Road in Kampala. 'We don't have any (anti-virus products) left at the moment. We hope to get our new shipment next,' said salesman with Business Systems Limited. Panicky PC users rushed to buy the software after losing data to Y2K imitation viruses... The National Y2K Task Force has warned of more virus attacks during the transition into the new millennium.

Price gouging? In the computer security arena? Just because users panicked? Shameful. We've got enough to worry about with all these deadly Y2K viruses lurking on our hard disks, thank you very much. Amazingly, New Vision soothed readers by telling them "bank deposits are safe." It seems "the virus that hit most computers Monday sent the public into a fright, worried about the safety of their deposits... The security of depositors' money is assured, because the general accounts, pay-roll systems and ledger accounts do not use the Microsoft word program." Aha! A Word macro Y2K virus — the most deadly Y2K virus of all. "[Kampala banking systems] are not window based but by UNIX." (Do tell.) Latin America, you say? Let me check. Yep, got one. A Dow Jones story about their Y2K efforts includes a proverbial Y2K virus threat. "GartnerGroup's [Lou] Marcoccio said tough-to-calculate variables not related to [Y2K] computer problems, such as virus threats and terrorist attacks, could disrupt normal operations. 'That's going to throw anxiety,' he said." (Wow, ya think?)
OKAY, ENOUGH MEDIA hysteria. Let's look at some computer security press releases. Finjan's default home page warns "Y2K attacks are coming!" (You may recall they discovered the most dangerous threat in Internet history. In their opinion, anyway.) Their website offers links to various news stories about the Y2K virus problem. They offer a white paper about the problem, too.

Network Associates spokesmen warn of a Y2K virus armageddon — yet their website doesn't support it. "The following [six Y2K virus] threats have been analyzed by AVERT researchers and though these threats have some references to Y2K they are not considered a serious threat at this point..."

And wouldn't you know it? Finjan's white paper mentions John McAfee in the very first sentence. McAfee easily earned his title as the grandfather of computer virus fearmongers (which ironically got me started in 1988 on the crusade against computer virus hysteria). Finjan's paper goes on to quote FBI NIPC fearmonger/director Michael Vatis. To his credit, Finjan CEO Bill Lyons highlighted the world's obsessive-compulsive addiction in a Newsbytes story. "It's ridiculous for companies to rely solely on anti-virus software that cannot protect them [before the fact]. A more proactive approach is required." Let's see... Pete Privateer (who?) popped out of the woodwork with a "media advisory" (read: "press release") urging editors to contact him. Why? To "discuss latest Y2K threats," of course. Privateer "will be available for technical explanations, background discussion and industry insight." No doubt. Network Associates expects a major Y2K virus outbreak. "In an interview with Newsbytes, Networks Associates spokesperson, John Sun, acknowledged that his company was 'expecting the worse over the holidays and Y2K.' Because of these expectations, Sun said that Network Associates' virus researchers who form AVERT ... will be working in shifts around-the-clock beginning Dec. 27, and lasting through Jan. 4." " 'Every researcher will be on one-hour call to the nearest research center,' Sun said, likening his company's Y2K preparations to those of a hospital emergency room before a major holiday weekend or disaster." Ah, how soothing. Newsbytes then interviewed Network Associates' Vincent Gullotto. He bragged about his team's Y2K virus hunting skills. "But everything is not all doom and gloom on the anti-virus front," Newsbyte offered. "Networks Associates also advises, 'Don't believe everything you hear.' There are as many virus rumors circulating as there are actual viruses, Sun confirmed." A typical Network Associates press release augments the hysteria. "Virus writers consider the Year 2000 as a prime opportunity to wreak havoc on consumers and small business owners." OnTrack spokesman Greg Olson extolled the dangers of Y2K viruses in a recent press release. "If Y2K-related data loss does occur, we expect it primarily to be caused by one of two events... Second, and more likely, the Y2K rollover may trigger computer viruses that will corrupt or destroy data." Zurich U.S. announced they will now offer "a comprehensive $50 million Kidnap/Ransom & Extortion (K/R&E) product for kidnapping, hijacking, extortion and computer virus exposures." However, the policy might not apply if an employee gets kidnapped by a computer virus while telecommuting at home. I don't make this stuff up, folks. Notably on the skeptics' side: F-Secure (formerly Data Fellows) and Sophos. It took a lot of guts (and it cost a few grand) to do what they did — but they'll reap big rewards next week when the world uses 20/20 hindsight.

Experts overlooked an obvious solution. These Y2K viruses will supposedly strike at midnight, right? Well — just reset your computer clocks to postpone the armageddon. Ta da!

Sheesh! Do I need to think of everything for the U.S. Air Force?

Sophos issued a killer press release on Christmas Eve just to educate reporters. They "questioned the policy of companies shutting down email servers to protect against Y2K computer viruses." I can definitely see Graham Cluley's handwriting in this press release. Kudos to Sophos for paying good money to distribute it! (A little-known fact: Cluley chose to stay on when Network Associates purchased Dr. Solomon's. He left abruptly a few weeks later for unpublicized^[1] reasons. I surmise he didn't mesh well with new supervisor Vincent Gullotto. You'll understand my speculation if you contrast Cluley's media interviews with Gullotto's.)
SYMANTEC NOTABLY DIDN'T show up for the latest Y2K virus festivities. They neither sounded a cry of alarm nor debunked hysteria. I suspect they just want to sit it out until the whole thing blows over. Don't get me wrong: Symantec's PR impresses me these days. They now serve as a voice of reason -- no easy feat in this industry and certainly not an easy turnaround for them. I honestly thought Symantec would offer sane counterpoints against the McAfee/Network Associates tripe. Symantec perhaps lost their opportunity due to a bad slip-up. My source inside the firm (decent reliability) tells me the bigwigs slapped Carey Nachenberg's hand when his "200,000 viruses" quote took on a life of its own. A group of Y2K end-of-the-world freaks turned his quote into a monster if you can believe it. I recently interviewed a woman who canceled her ISP account because of Nachenberg's statement. I swear I don't make this stuff up, folks. The owner of a local cyber café introduced me to her. I'd never heard "Symantec," "Gorbachev," and "Trilateral Commission" in the same sentence before she came along! (Here, honey: you'll want to read this press release.) Yes yes yes, anything could set off a Y2K armageddon weirdo ... but as they say, "somebody gets the commission whether or not they earned it." Accident or no, score one weirdo group for Symantec. {yawn} Man, I gotta go to bed. This worldwide fear of Y2K viruses sapped my will to compute.