Truth About Computer Security Hysteria
Colorado Dept. of Motor Vehicles ''virus'' attack (September 2004)CATEGORY: Misconceptions about genuine threats
CATEGORY: Misconceptions about genuine threats
Media outlets reported a "virus" infected computers that issue Colorado driver licenses at approximately 2:30pm local time on Friday, 17 September 2004. A spokeswoman for the state's Department of Motor Vehicles said "some of the staff saw something they didn't think was quite right and they knew that it was too risky to keep functioning so they shut the machines down." DMV system administrators decided to reinstall and re-load Colorado's driver license issuance system — a decision that took more than a week to complete.
Vmyths questions anyone who says they "suspect" an unknown virus caused an unspecified computer anomaly. A hand-written note in the window at one DMV office said nothing about a virus nor an attack. On Friday, 24 September, personnel at Colorado's DMV telephone help center blamed the outage on generic "computer problems" and said they expected normal operations to resume on Monday.
However, in a phone call on 28 September, public information officer Diane Reimer "confirmed" Colorado's DMV was attacked by "a virus" in a "self-contained" computer system purchased from Digimarc Corporation. Oddly, though, Reimer has been told this particular "virus" cannot spread to other computers.
A source in Washington (reliability unknown) claims the Department of Homeland Security officials asked Colorado DMV officials for details of the "attack" so they could brief DHS secretary Tom Ridge. Reimer didn't know if this was true or not.
An entire state was crippled and the top man at Homeland Security was probably briefed on the "virus" ... yet you'd never know it from the media coverage. The story hit the national newswires on 21 September and within two days it had pretty much played out. Why would reporters stop covering a computer virus attack when a statewide DMV outage was still in progress? We answered this question five years ago when we said "domesticated reporters wait for computer security firms to feed them stories." Antivirus vendors can't yet claim to protect you from this supposed virus, and DMV officials haven't yet provided any concrete details — so there is no more story here.
Did the Colorado DMV really get hit by a "virus"?What, exactly, do we know about this supposed "virus" attack?
Some reporters claim Digimarc referred all queries to Colorado's DMV offices. After Vmyths spoke to Reimer, we learned Digimarc's press relations employee went on vacation. We then located an alternate PR contact who took our questions and promised a response.
Based on what little we know, it appears a virus did not infect Digimarc's driver license issuance technology. If Digimarc's computer system is truly self-contained, then Vmyths would suspect the attack was an inside job. The decision to reinstall the software parallels a decision in 1986 after Donald Gene Burleson planted a "logic bomb" (not a virus) in his employer's mainframe computer.
It could take months before we know what really happened at Colorado's Department of Motor Vehicles. Sadly, computer security experts spout many myths & legends, and history suggests they will describe this attack as a "virus" without regard to the facts.
Last updated: 2004/9/28