Vmyths.com



Hoaxes, myths,
urban legends

Columnists

Newsletter
signup


Addictive
Update
Model

False
Authority
Syndrome


About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

Correction: Internet to die on the real millennium

Rob Rosenberger, Vmyths co-founder
Friday, 8 December 2000 I'D LIKE TO announce a small correction. The Internet will die on the eve of the real millennium. Those who predicted it would die last New Year's Eve stand humbly corrected.
The hackers will soon be here. And I, for one, welcome our new teenage overlords. I'd like to remind them that as a trusted website personality, I can be helpful in rounding up others to toil in their underground chat rooms.
FBI NIPC issued yet another advisory, this time warning of "an increase in hacker activity specifically targeting U.S. systems associated with e-commerce and other Internet-hosted sites." They didn't link it with the Israeli-Palestinian cyber-war, so we should assume these activities tie into the forthcoming death of e-Christmas. "This recent activity warrants additional attention by system administrators," FBI NIPC declared, and they urged "all computer network systems administrators [to] check relevant systems and apply updated patches as necessary." This advisory generated all the typical media exposure. PC World published the best quote this time around:
Eric Hemmendinger, a security analyst at Aberdeen Group in Boston, says the agency's alert should be taken seriously because it comes from the government, not from security firms or antivirus software vendors warning of the end of the world as we know it. "What might be a little bit unusual about this is not what the warning is, but where it's coming from," Hemmendinger says. "When the federal government wakes up to a problem, they're usually not the first ones [to see it]. That means it's worth paying attention to."
"Worth paying attention to"? Hemmendinger needs a reality check. We're talking about FBI NIPC, the jet-setting fearmongers who (I am not making this up) claimed every country beginning with the letter "I" would attack us last New Year's Eve. Uh, then again, perhaps I spoke too soon. A modem user tried to launch a Smurf attack against my T1 router as I composed this editorial. My firewall hardware stopped the attack, but good grief! NostradamISS and FBI NIPC were right all along! Yes, ladies and gentlemen, the Internet will be taken over on the millennium — "conquered," if you will — by a master race of 14yr-old hacker wannabees. It's difficult to tell from this vantage point whether they will destroy or merely enslave our PCs. One thing is for certain, there is no stopping them; the hackers will soon be here. And I, for one, welcome our new teenage overlords. I'd like to remind them that as a trusted website personality, I can be helpful in rounding up others to toil in their underground chat rooms. [Credit where due: I stole the previous paragraph from a Simpsons episode.]
"FBI NIPC" my butt. The (supposed) protectors of e-commerce should fall under the Commerce Department if you ask me.
The government's advisory ended with a generic call to action: "please report any illegal or malicious activities to your local FBI office or the NIPC." Written in boldface text, I might add. Hmmm. Do you think I should drive to my local FBI office to file a Smurf report?
YOUR LOCAL FBI office does not want to hear about generic hacking incidents. Seriously — I urge you to ignore NIPC's advice. Don't waste the valuable time of your nearest G-man. Your hacking incident must affect the stock market before the FBI cares about it. Waste NIPC's time if you wish, but leave the local guys alone. "Okay Rob," you retort. "Out with it. You must have a reason for saying this." Yes, I do. I drove to St. Louis this week and interviewed a retail business owner (name withheld) whose server recently got hacked. The culprit locked out an administrator account and disabled some applications so he could install an IRC daemon. A consultant figured out the obvious when he arrived on-site to learn why the server didn't work correctly. He (1) turned off the box, (2) ripped out its only hard drive, (3) told the owner to take it to the local FBI office as evidence, (4) installed another hard drive, and (5) got the server back up & running. The retail businessman followed NIPC's advice to the letter. "Okay, sure, I thought they'd put our drive in a desk drawer and that'd be the end of it" ... but he honestly expected an agent would go through the motions of taking a report. No such luck. The local FBI office told him they wanted absolutely nothing to do with it. "I told them it cost us money and it affected our commerce," the businessman said, but it didn't help. No criminal reports, no evidence collection, no nothing. Take it to the state/local police or simply reuse the hard drive, the feds told him. Just don't expect anything from the FBI. I met the businessman on a Monday afternoon, so I could've easily driven to the nearby FBI office for a corollary interview. But I didn't. You know why?
I could've easily driven to the nearby FBI office for a corollary interview, but I didn't. You know why? Because it'd just waste an agent's valuable time, that's why! Duh.
Because it'd just waste an agent's valuable time, that's why! Duh. In case you've forgotten, FBI agents catch murderers and serial rapists for a living. Mulder & Scully carry guns, not antivirus software. (How many times must I repeat myself?) They can't afford to open an X-File whenever some bored dweeb hacks into a small retail company's server. "FBI NIPC" my butt. The (supposed) protectors of e-commerce should fall under the Commerce Department if you ask me.
THE BUSINESSMAN I interviewed did find a sympathetic ear — at the office of his insurance carrier. They'll reimburse him for consultant fees and tangible lost commerce. "As far as they're concerned," he said, "it's just exactly like someone took a [baseball] bat to our server." This guy's storefront does very little "e-commerce," but he does need a server with Internet access to conduct most of his business. He made a savvy decision when he insured it. Enough said. Now if you'll excuse me, I need to prepare for tomorrow's face-to-face meeting with my local FBI office...