Vmyths.com


Hoaxes, myths,
urban legends

Columnists

Newsletter
signup

Addictive
Update
Model

False
Authority
Syndrome

About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

Here comes the Code Red hysteria

Rob Rosenberger, Vmyths co-founder
Sunday, 29 July 2001

As read by the author (MP3) KUDOS TO NAVCIRT, the U.S. Navy's Computer Incident Response Team, for their handling of the recent Code Red worm. It's what they didn't do that sets them apart from the rest of the military.

Kudos to the U.S. Navy's computer security team! They didn't call for a precautionary disconnect when the Code Red worm surfaced.
Fraidy-cats in the U.S. Air Force ran for cover, though. "Boo!"
NavCIRT didn't recommend a precautionary disconnect for the fleet.

The "cyber-squids and web-jarheads" sent out at least five separate Code Red bulletins & advisories over a ten-day period — including one to "ALCND" (all naval/marine computer network defense officials). NavCIRT urged webmasters to "block the offending IP addresses" of any computer which tried to compromise their web servers.

"If this is not feasible due to the number of IPs," they warned, "block port 80 inbound (TCP & UDP) for the duration of the [incident]." NavCIRT understood some random Navy & Marine servers might suffer a distributed denial-of-service attack thanks to Code Red. Our protectors of the cyber-seas didn't tell webmasters to run away as a precaution — they told them to retreat only if they got overwhelmed.

Contrast this with the mighty U.S. Air Force. Their servers stopped talking to the rest of the world the moment Code Red shouted "boo!" Ironically, USAF web servers remained online; they simply ignored visits from non-military PCs. It appears infected Air Force servers could still spew the Code Red worm to any computer they wished, worldwide.

Ah, the beauty of it all. "You can't infect USAF, but USAF can infect you." (Smart thinking.)

The Joint Task Force for Computer Network Defense took a cue from the zoomies and ordered a precautionary disconnect for all bases worldwide and all ships at sea. NavCIRT's sage advice got lost in the hysteria. Ironically, all military web servers remained online; they simply ignored visits from non-military PCs. It appears infected DoD servers could still spew-- Waitaminit, I already said that.

Uniformed fraidy-cats eventually peeked out from under the covers and reopened their web sites to the public. " 'The Code Red worm appears to have gone dormant,' [DoD spokeswoman] Susan Hansen said in a brief statement released by the Pentagon. 'Accordingly we are able to allow public access to DOD [Department of Defense] Web sites to resume.' "

Thank goodness. The public can once again view Air Force golf course layouts. So, to make a long story shortend: "squids & jarheads beat out the zoomies & purples." Go Navy!


BUT WAIT! THE official U.S. fearmongers at FBI NIPC announced today — and I quote — "A Very Real and Present Threat to the Internet." Code Red will renew its attacks on Tuesday starting at 8pm ET. "Users who have deployed software that is vulnerable to the worm ... must install, if they have not done so already, a vital security patch."

Email servers will clog up on Monday & Tuesday with warnings about Code Red. Please forward them to our HoaxFYI service so we can study the hysteria.
Hmmm. I didn't know FBI NIPC could issue orders to the Internet. They once again deputized the media in a feverish bid to save the computing world. I should note Reuters and the Associated Press have already taken the bait. Others will follow.

And I suppose the Joint Task Force for Computer Network Defense will order another precautionary disconnect. Study those golf course layouts while you still can, folks.

FBI NIPC desperately needs good publicity right now. As you may know, they suffered intense humiliation last week when the agency's director faced a senate subcommittee. You watch: FBI NIPC will go on a Code Red publicity tour on Monday & Tuesday. You'll see their somber nerds on TV newscasts. You'll hear them on talk radio. You'll read their quotes in daily newspapers and on web-based news sites.

(Oh! Keep your eye out for FBI NIPC security analyst Vincent Rowe. His office PC got infected last week by the Sircam virus.)

Antivirus vendors, too, will jump on Code Red's coattails — now that they can at least detect the vulnerability it exploits. If you wonder why they didn't foment a media circus the last time it struck, well, now you know. History tells us they'll join FBI NIPC's new PR campaign.

Right now I'll make a simple prediction. Email servers will clog up on Monday & Tuesday with warnings about this "horrifying" worm. If you receive any alerts — and I predict you'll receive a lot! — please forward them to our HoaxFYI service so we can study the hysteria. In the meantime, check out our special resource on the things you should remember when hysteria strikes.

"Boo!"