Truth About Computer Security Hysteria
Sasser worm (May 2004 hysteria)CATEGORY: Misconceptions about genuine threats
Category: misconceptions about genuine threats
Headlines around the world warned of the spread of multiple variants of the Sasser worm. "Sasser's toll likely stands at 500,000 infections," a typical headline reads. Vmyths notes security experts have tended to make guesses in the same ballpark — ranging from 200,000 to one million infected computers.
A News.com story penned by Rob Lemos pointed out that "while [these] numbers sound overwhelming, the compromised PCs make up a fraction of a percent of the computers connected to the Internet." Vmyths agrees with Lemos' assessment.
Many security experts failed to predict the Sasser worm would focus more on home computers than business PCs. The reasons for it are obvious in hindsight to these experts, so Vmyths must ask a rhetorical question — "why didn't security experts predict the obvious?" And speaking of predictions...
Security experts didn't agree on what day they thought the Sasser worm would achieve "peak activity." American experts predicted it would peak on Monday "as millions of workers bring their laptops back to their offices, after using them over the weekend to access the Internet from relatively unsecured home locations." On the other hand, experts who live outside the U.S. predicted Sasser would peak on Tuesday due to long holiday weekends in some parts of the world.
(Conflicting accounts of the worm's spread make it difficult to gauge the accuracy of these predictions at the time of this writing.)
Panicky firms have damaged themselves over the years in a trend known as "precautionary disconnects." In the latest example, an AFP newswire revealed "Sampo, Finland's third largest bank, closed its 130 branch offices across the country to prevent the Sasser Internet worm from infecting its systems... 'We decided to close our offices as a precaution, since we knew that our virus protection hadn't been updated,' Sampo spokesman Hannu Vuola [said]." In other words, Finland's third-largest bank voluntarily made itself Finland's smallest bank — because they didn't trust their "antivirus solution" to protect them in a time of crisis.
Contrary to widespread reports, Australia's "RailCorp" railway system may not have been hampered by the Sasser worm. CEO Vince Graham was quoted as saying the company's most recent woes "could very well be a matter related to a virus getting into [RailCorp's] system." Graham did not confirm anything, and other officials conceded they didn't really know what caused RailCorp's most recent problem. This is an important distinction. Vmyths readers may recall security experts incorrectly blamed a computer worm for the U.S. electrical blackout of 2003.
Vmyths has observed new buzz phrases in the media's coverage of the Sasser worm. For example, did you know there is now a "network telescope" which can peer into "the dark matter of the Internet"? Click here for details.
Normally, Vmyths would expect to see "global damage estimates" for the Sasser worm, courtesy of a company known as mi2g. (Click here for details on this firm's antics.) However, mi2g has remained oddly silent since mid-April. Still, Vmyths will watch for mi2g to add Sasser's costs to their astronomical tally for virus damages.
Will U.S. extradite Sasser author?A Reuters newswire says "German police have arrested an 18-year-old man suspected of creating the 'Sasser' computer worm, believed to be one of the Internet's most costly outbreaks of sabotage... [A police spokesman] said the suspect admitted to programming the worm." CNN later identified the teenager's name as "Sven Jaschan."
We predict the fearmongers at mi2g will soon slap an astronomical dollar value on the Sasser worm. The U.S. alone will account for a few billion of mi2g's guesstimate. This leads us to ponder an interesting question:
Will the Justice Department try to extradite the author of the Sasser worm? Will he stand trial on American soil for a multi-billion-dollar crime?If history is a guide, Sasser's author will never appear before a U.S. judge. Consider the following:
Remember your history lessons. Stay calm. Stay reasoned. And stay tuned to Vmyths.
Last updated: 2004/5/11