Vmyths.com


Hoaxes, myths,
urban legends

Columnists

Newsletter
signup

Addictive
Update
Model

False
Authority
Syndrome

About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

Rob Rosenberger

Did China try to make the FBI look stupid?

Rob Rosenberger, Vmyths co-founder
Wednesday, 22 March 2000 AN UTTERLY RELIABLE source complained about "intrusive" and "suspicious" activities originating from FBI hosts. It seems FBI launched a ping flood against his company. I myself suspect a misconfigured HP OpenView discovery attempt — these things happen if you try to discover everything in a Class A address space, for example. Even an accidental ping flood is still a ping flood. "Oops." Another expert chimed in to say a hacker might have wanted to tie up this guy's bandwidth. (Or the FBI's.) You can easily "forge" a ping so it looks like it came from the White House or the Kremlin. (Or the FBI.) However, the attacker must amass more bandwidth than the victim in such a case. I believe it would take a distributed coordinated attack these days to choke a large company. (Or the FBI.) Don't get me wrong: last month's DDoS attacks proved you can hijack plenty of bandwidth for evil purposes. You wield immense power if a mere 0.02% of AOL users do your bidding! But to waste it all on a ping assault? We're talking about an "oxy-moron hacker" smart enough to collect bandwidth yet too stupid to use it. Again, I'd search the Hoover building for a misconfigured HP OpenView package.
Mulder & Scully will track down anyone who secretly tries to make them look foolish — right after they arrest the terrorist who defaced Janet Reno's website in 1996.
Then I paused for thought. What if someone out there just wanted to make the FBI look foolish? It takes brain bandwidth to make a network administrator look like a dunce over time. Think of what you could do to FBI's cyber-reputation if you wrote "Emulate Stupidity v1.0." It might duplicate all sorts of high-visibility goofs. You know, like a misconfigured HP OpenView discovery attempt... I admit hackers could write a stupidity emulator, but I don't think they could use one effectively. It takes too much time, patience, and strategy to make the world perceive someone as stupid. A 14yr-old wannabee with a long-term strategy? Get real! The hacker@mtv.com crowd would rather deface websites for the instant gratification. On the other hand, "Emulate Stupidity v1.0" sounds like an excellent tool for Internet PSYOPs. A devious Chinese military unit might employ it in an effort to lower Taiwan's perceived cyber-IQ. (Or the FBI's.)
"INTERNET PSYOPS TOOLS"? Man, I gotta quit pausing for thought. Mulder & Scully will track down anyone who secretly tries to make them look foolish — right after they arrest the terrorist who defaced Janet Reno's website in 1996. Speaking of the FBI: why didn't they follow up on my private 2/21/00 email about the Aastrom Biosciences hack/hoax? At least one stone remains unturned. I guess I'll contact Aastrom's people directly.