Truth About Computer Security Hysteria
TruSecure 'surgeon general' calls the kettle black
Sunday, 26 August 2001
TRUSECURE "SURGEON GENERAL" Russ Cooper (his actual corporate title) recently called the kettle black.
Russ Cooper earned free PR by predicting "the meltdown of the Internet." Then he earned more PR by proclaiming "we don't expect anything out of the ordinary..."
Talk about chutzpah! "Cooper also told NewsFactor that he questions whether some security firms are in business to promote security on the Internet or themselves..."
Trust me: you'll love his chutzpah. But we can't just blurt out the irony. We need to set it up first. Let's go over the surgeon general's recent fearmongering spree:
- On 29 July, Cooper posted a public email in the NTBUGTRAQ forum (which he moderates) to reiterate "my prediction that we're going to experience a 'net meltdown on the 1st or 2nd, I believe far too many machines are vulnerable still and will likely be re-infected. I wonder how effectively the ISPs of the world can disconnect 300,000+ IP addresses? Guess we'll see..."
- On 30 July, a Reuters newswire wrapped up as follows: "Russ Cooper of security services company TruSecure Corp. said Code Red is 'huge' compared to the Melissa and ILoveYou viruses. Code Red is 'enough to cause the meltdown of the Internet,' Cooper told Reuters..."
- On 2 August, after the surgeon general's meltdown prediction tanked, Security Wire Digest editor Shawna McAlearney quoted Cooper as saying "the Internet is melting slowly..."
- On 6 August, NewsFactor reporter Ed Sutherland highlighted the surgeon general in a newswire about the new Code Red II worm. "This latest worm 'will lead to the meltdown of the Internet,' Russ Cooper of security firm TruSecure told NewsFactor..."
- On 8 August, CNN reporter Richard Stenger quoted the surgeon general in a story about the new Code Red II worm. " 'This is going to cause the meltdown of the Internet, the vulnerability that this worm is exploiting,' said Cooper..."
Both of Cooper's "meltdown" predictions tanked. And so, on 17 August, he made an effort to sound reasonable. A Reuters newswire about the reactivation of the original Code Red worm contained this gem: " 'we don't expect anything out of the ordinary [to happen],' said Russ Cooper, surgeon general of TruSecure Corp..."
Now for the chutzpah. NewsFactor reporter Ed Sutherland wrapped up his 17 August newswire as follows: "Cooper also told NewsFactor that he questions whether some security firms are in business to promote security on the Internet or themselves." Yeah, I love it when the pot calls the kettle black.
A CHUTZPAH BONUS: Sutherland quoted Cooper's "meltdown" prediction eleven days before he quoted him as a voice of sanity. You can't buy this kind of irony in any store, folks.
Memo to PR agents: NewsFactor reporter Ed Sutherland is malleable. Keep him at the front of your Rolodex if your experts like to predict the "meltdown" of the Internet...
Sutherland described Cooper in his latter story as "an often-quoted Code Red expert." Hurray for pointing out the obvious. TruSecure's surgeon general gets quoted for a simple reason — his hysteria makes great headlines. His clownish job title doesn't hurt, either.
But did the surgeon general revel in his "meltdown" predictions, or was he goaded? Two sources (one reliable, one assumed reliable) point an accusing finger at TruSecure PR manager Cindy Smith. I've constructed a working theory on how the events might have unfolded:
- Cooper gets swept up in the hysteria (as usual) and he predicts a "meltdown" to reporters.
- Smith notices Cooper's use of the word "meltdown" (I'll bet a soda she first saw it in a Reuters newswire) and urges him to keep saying it in his prediction.
- Cooper's prediction tanks, so he backpedals when Security Wire Digest calls for a quote.
- Code Red II comes along, and Cooper again gets swept up in the hysteria (as usual), and so Smith resurrects Cooper's "meltdown" PR tour.
- Cooper's second prediction tanks, so Smith finally stops
punishingpushing him. He then passes himself off to reporters as a voice of sanity.
To paraphrase the surgeon general: I question whether TruSecure is in business to promote security on the Internet or themselves...