Vmyths.com


Hoaxes, myths,
urban legends

Columnists

Newsletter
signup

Addictive
Update
Model

False
Authority
Syndrome

About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

Colorado Dept. of Motor Vehicles ''virus'' attack (September 2004)

CATEGORY: Misconceptions about genuine threats

CATEGORY: Misconceptions about genuine threats

Media outlets reported a "virus" infected computers that issue Colorado driver licenses at approximately 2:30pm local time on Friday, 17 September 2004. A spokeswoman for the state's Department of Motor Vehicles said "some of the staff saw something they didn't think was quite right and they knew that it was too risky to keep functioning so they shut the machines down." DMV system administrators decided to reinstall and re-load Colorado's driver license issuance system — a decision that took more than a week to complete.

The "virus" angle may have sur­faced when KMGH-TV asked Colo­rado DMV senior dir­ec­tor Steve Tool what led to the out­age. He said "we sus­pect it may be a virus, but we have our IT people wor­king on that, we have the con­trac­tor wor­king on it, and we're all just trying to figure out what's going on..."
KJCT-TV at first described the outage as a "computer glitch." The "virus" angle seems to have surfaced when KMGH-TV reporter Lance Hernandez asked Colorado DMV senior director Steve Tool if he had "any idea what the problem is." Tool said "no," then added "we suspect it may be a virus, but we have our IT people working on that, we have the contractor [Digimarc Corporation] working on it, and we're all just trying to figure out what's going on."

Vmyths questions anyone who says they "suspect" an unknown virus caused an unspecified computer anomaly. A hand-written note in the window at one DMV office said nothing about a virus nor an attack. On Friday, 24 September, personnel at Colorado's DMV telephone help center blamed the outage on generic "computer problems" and said they expected normal operations to resume on Monday.

However, in a phone call on 28 September, public information officer Diane Reimer "confirmed" Colorado's DMV was attacked by "a virus" in a "self-contained" computer system purchased from Digimarc Corporation. Oddly, though, Reimer has been told this particular "virus" cannot spread to other computers.

A source in Washington (reliability unknown) claims the Department of Homeland Security officials asked Colorado DMV officials for details of the "attack" so they could brief DHS secretary Tom Ridge. Reimer didn't know if this was true or not.

An entire state was crippled and the top man at Homeland Security was probably briefed on the "virus" ... yet you'd never know it from the media coverage. The story hit the national newswires on 21 September and within two days it had pretty much played out. Why would reporters stop covering a computer virus attack when a statewide DMV outage was still in progress? We answered this question five years ago when we said "domesticated reporters wait for computer security firms to feed them stories." Antivirus vendors can't yet claim to protect you from this supposed virus, and DMV officials haven't yet provided any concrete details — so there is no more story here.

Did the Colorado DMV really get hit by a "virus"?

What, exactly, do we know about this supposed "virus" attack?

Vmyths does not be­lieve a "virus" in­fec­ted Colo­rado's driver license sys­tem. The de­ci­sion to re­in­stall the soft­ware parallels a de­ci­sion in 1986 after Donald Gene Burle­son planted a "logic bomb" in his em­ployer's main­frame computer.

  1. Colorado DMV senior director Steve Tool initially "suspect[ed]" a virus caused the computer outage.
  2. Public information officer Diane Reimer "confirmed" Colorado's DMV was attacked by "a virus"
  3. The "virus" infected Digimarc Corporation's popular driver license issuance technology. Oddly, though, IT sources told Reimer this particular "virus" cannot spread to other computers.
  4. No one has provided any concrete details about the "virus." (During our phone call with Reimer, she sounded as if Vmyths was the first to question the anomalies in what the DMV system administrators told her.)
  5. No antivirus firm to our knowledge has proclaimed they can protect customers from this "virus."
  6. DHS secretary Tom Ridge was probably briefed about the "virus."
  7. The "virus" convinced system administrators to reinstall Digimarc's software from scratch and to restore 4.5 million DMV records from backups.
  8. DMV officials told the media the "virus" didn't alter any DMV records, nor did it leak any personal data to identity thieves.
And that's all we know.

Some reporters claim Digimarc referred all queries to Colorado's DMV offices. After Vmyths spoke to Reimer, we learned Digimarc's press relations employee went on vacation. We then located an alternate PR contact who took our questions and promised a response.

Based on what little we know, it appears a virus did not infect Digimarc's driver license issuance technology. If Digimarc's computer system is truly self-contained, then Vmyths would suspect the attack was an inside job. The decision to reinstall the software parallels a decision in 1986 after Donald Gene Burleson planted a "logic bomb" (not a virus) in his employer's mainframe computer.

It could take months before we know what really happened at Colorado's Department of Motor Vehicles. Sadly, computer security experts spout many myths & legends, and history suggests they will describe this attack as a "virus" without regard to the facts.

Last updated: 2004/9/28