Truth About Computer Security Hysteria
Osama bin VirusRob Rosenberger, Vmyths co-founder
Tuesday, 16 October 2001
Let's answer the second question first. I know bin Laden won't destroy our computers in the next attack because he didn't try to do it in any previous attacks. The guy wants to kill humans, not hard disks. He loves the exquisite finality of a simple bayonet thrust and he uses kamikaze pilots & kamikaze truck drivers to achieve his goals.
Your computer means nothing to bin Laden. He wants you.
Now let's tackle the first question. I know bin Laden can't wipe us out with an über-virus because no one can do it. Hundreds of thousands of people have pondered this issue over the years with zero success.
It's a race of sorts. The bad guys (most of them young enough to date your daughter) want to find the "nuclear security hole" so they can destroy our electrical power grid and pollute our national water supply. The good guys want to find the "nuclear security hole" so they can plug it before the bad guys come along. Yet in all these years ... with all these people ... with all this knowledge ... no one can say "eureka, I found the nuclear security hole."
I therefore insist bin Laden cannot destroy our society with a laptop and a 56k modem. It's not within the state of the art.
"But Rob," you wail, "what about Mudge's testimony before the U.S. Senate? He claims his homies can destroy civilization in 30 minutes with ten laptops. What about James Adams? He claims NSA showed him how to destroy civilization in 15 minutes with nine laptops."
Bah. Mudge isn't a hacker — he's a hacker celebrity. He acts out a role in the computer security world. He spouts exactly what his audience wants to hear. The senate wanted to hear him brag in 1998 about his ability to kill terrorists with an "rm -R /usr/bin/Laden" command.
Adams isn't an NSA insider — he's an NSA exploiter. "No one in the mafia brags about being in the mafia," and the same goes for spy agencies. Adams hawks himself to the media as an NSA insider, which proves he is not. The same goes for Richard Clarke, Michael Vatis, and other political appointees who maneuvered themselves into cyber-security posts.
Egomaniacs like bin Laden don't like to fail — especially not after a spectacular success like the destruction of the World Trade Center. If he really wanted to mess with us, he'd let fearmongers attach his name to all sorts of hysteria. Then we'd all run around like idiots trying to protect our computers with our very lives...
We have nothing to fear from cyber-terrorism but fear itself. So stop worrying about Osama bin Virus.
[continued in part 2]