Truth About Computer Security Hysteria
Another 'expert legend' in the makingRob Rosenberger, Vmyths co-founder
Sunday, 23 December 2001 WE MAKE THORAZINE for guys like this:
A suspected member of the Al Qaeda terrorist network claimed that Islamic militants infiltrated Microsoft and sabotaged the company's Windows XP operating system... Mohammad Afroze Abdul Razzak, arrested by Mumbai (Bombay) police Oct. 2, ... claimed that a member or members of Osama bin Laden's Al Qaeda network, posing as computer programmers, were able to gain employment at Microsoft and attempted to plant "trojans, trapdoors, and bugs in Windows XP"... British intelligence officials have dismissed the claims, according to a report last week in the Guardian, a British newspaper. A defense attorney hired by Afroze's father, a tailor by profession, reportedly asked the court to allow Afroze to receive a psychiatric examination but was rejected. Afroze, who is scheduled to provide a formal confession before a Mumbai court on Tuesday, told the magistrate Friday that he does not wish legal representation and is mentally sound.Read the Newsbytes newswire if you want to laugh some more at Al Qaeda's expense. "Attention all netblocks of the Internet federation! Osama bin Virus has assumed control." He needs only Windows XP to cover all the land in a second darkness. Afroze comes from the planet AL-K-DUH-PAX, no doubt about it. [Credit where due: I stole the "attention all netblocks" line from Rush. I stole the "second darkness" line from Gandalf. My inspiration for "K-duh" came from Dogbert.] If you ever wondered how far the media will go to print a computer security story, then stop wondering. I'll admit Microsoft employs quite a few hermits, but — cave dwellers?!? Al Qaeda members ride horses in Afghanistan, strap guns to their hips, and crash airplanes into skyscrapers. Afroze wants us to think they ride recumbent bicycles in Redmond, strap cell phones to their hips, and crash operating systems on the Internet. Hmmm. So "Afroze's father [is] a tailor by profession," eh? Fascinating! Sadly, Newsbytes correspondent Brian McWilliams didn't tell us what type of clothing Afroze's father hems for a living. I chalk it up to poor investigative reporting. Click here for more irrelevant trivia in computer security stories... McWilliams wasted his time when he called Microsoft for a response — and Microsoft spokesmodel Jim Desler wasted his time when he took the call. McWilliams quoted him as saying "Afroze's claims about the company were 'bizarre and unsubstantiated and should be treated skeptically.' " Do tell. If you ask me, Desler should've laughed into the phone and said "hang on while I transfer you to Mr. Click."
A PREPOSTEROUS STORY? You bet — Microsoft can insert bugs in Windows XP without bin Laden's help. But we can't go another paragraph without mentioning Richard "digital Pearl Harbor" Clarke, the White House's top demoted fearmonger. Clarke's career path depends on thorazine-deprived twerps like Afroze. We could normally expect "Bush's left hand" to drive around the beltway's token ring, waving the Newsbytes newswire above his head as proof of a horrifying cyber-threat. Given the ongoing spat between the feds and Microsoft, we could normally even expect Clarke to call for a top-down review of hiring practices in the "critical OS infrastructure." I mean, how else can you explain the inclusion of full raw sockets support in Windows XP? Only an ingenious cyber-terrorist could deceive Microsoft into following an entrenched Internet specification. Good grief, maybe Al Qaeda did infiltrate Microsoft! I've got two words for Clarke: "nuke Seattle." Better safe than sorry! Ah, but notice how I said "we could normally expect" White Housteria to spawn from a cranial dihydrogen monoxide sufferer like Afroze. These delusions couldn't come at a worse time for Clarke — he recently invited Microsoft's chief security officer to work for him in the Office of Homeland CyberSecurity. If Clarke raised a stink about Afroze's claims, nosy reporters would smell an odor coming from one of his own underlings. This leads me to believe Clarke will dismiss Afroze's police confession as the diary of a madman. You can bet he & Schmidt will load Microsoft operating systems on their PCs. But we can't count on everyone to dismiss the ravings of a lunatic. History suggests this newswire will devolve into yet another legend spouted by security experts. This industry exploits any hysteria it can lay its hands on, no matter how unbelievable or undocumented. In the words of expert Dan Erwin: "it's in the press, so I can use it" to frighten people.
IRONICALLY, IF ANY "infiltration" took place at Microsoft, the trail will probably lead back to Clarke, not bin Laden. I quote myself from a recent WOW newsletter:
Schmidt recently testified before Congress as Microsoft's CSO — but he spoke with Richard Clarke's voice. Indeed, his written testimony came right out of Clarke's handbook. To put it bluntly: Clarke testified before Congress, not Schmidt. Next thing you know, Microsoft will join hands with the government and sing Cumbayah... Yet because Schmidt will move back to the public sector — to fight boogiemen cyber-terrorists, no less — I expect Gates will pat him on the back and say "you'll be sorely missed."If Clarke infiltrated Microsoft as I suspect, the organizational chart would look something like this: