Hot News Hoaxes Resources Rantings Absurd About Us Search
Resource categories

New to Vmyths?

Newsletter Sign-up

Can Screensavers Give Your Business a Competitive Edge?

Resources | Hysteria roll call: DHS NIPC

The case against DHS NIPC
Listen to this advice (MP3) The Department of Homeland Security's National Infrastructure Protection Center (DHS NIPC, née FBI NIPC) touts itself as "the long arm of the cyberlaw." President Bill Clinton chartered DHS NIPC to protect America's "critical infrastructures" such as the banking system, the electrical grid, national water supplies, emergency & medical services, and so on. However, the agency focuses almost exclusively on Internet protection. Even the president's Critical Infrastructure Assurance Office recognizes DHS NIPC's myopia.

Former FBI assistant director Michael Vatis served as NIPC's first director. He grew famous for jet-setting around the world and generating media exposure -- both for himself and his organization. Indeed, one seldom read about then-FBI NIPC in 1999-2000 without reading about Vatis. Critics believe he guided his agency away from its presidential charter for publicity reasons.

Beneath all the chest-thumping lies a "paper tiger" staffed largely by contractors and personnel on loan from other agencies. The Secret Service recalled its cadre in disgust, and the Pentagon at least once considered recalling its own on-loan personnel. One persistent rumor accused DHS NIPC of strong-arming other government information protection programs to subordinate them, thereby assuring a continued political existence.

DHS NIPC also plagiarizes the investigative work of others and takes full credit for it in the press. Plagiarism of corporate materials continued at least until the latter half of 2001. Rampant plagiarism of government materials continued throughout 2002 and probably still occurs.

Michael Vatis was fired at the end of 2000 and career FBI agent Ronald Dick was put at the helm. Dick failed to turn the agency around at first -- but the terrorism of 9/11/01 ironically helped him to achieve some of his goals. However, these changes came too little, too late. FBI later cannibalized NIPC's (limited) talent pool for a new cyber crime division before DHS took the remainder for itself.

NIPC's fate as a DHS agency -- actually, as a sub-agency under the Information Analysis and Infrastructure Protection (IAIP) Directorate -- remains to be seen. Vmyths surmises IAIP may chisel away at NIPC until only its lucrative presidential charter remains.

Reporters love a nerd with a badge, and NIPC generated some intense media coverage thanks to their (former) FBI status. However, their lack of progress includes the following:

  1. DHS NIPC never identified the person(s) who in October 2002 launched "the largest and most complex DDOS [distributed denial-of-service] attack ever against the [Internet's] root server system."
  2. U.S. feds never sought extradition for four Israeli teenagers who released the Goner virus in December 2001. They remain free of a U.S. indictment in Israel.
  3. DHS NIPC never identified the person who wrote the Nimda virus. Its debut, a week after the 9/11/01 terrorist attacks, lured attorney general John Ashcroft to postpone his daily counter-terrorism press update to announce the existence of the virus. The White House estimates Nimda added a whopping $2 billion in damages to the newly devastated U.S. economy.
  4. DHS NIPC never identified the person who released the Code Red worm in mid-2001, despite a (lightly publicized) worldwide manhunt. Just the unbridled fear about this worm temporarily crippled U.S. government and U.S. military command & control networks. (Repeat: fear crippled the government and the military.)
  5. U.S. feds never sought extradition for Jan de Wit (aka "OnTheFly"), who released the Kournikova virus in February 2001. A Dutch court convicted him for the crime but he remains free of a U.S. indictment.
  6. DHS NIPC never indicted nor sought extradition for any of the known suspects behind the ILoveYou virus in May 2000. Reonel Ramones, Onel de Guzman, and Irene de Guzman remain free of a U.S. indictment in the Philippines despite the successful completion of a much-publicized worldwide manhunt.
  7. DHS NIPC never indicted nor sought extradition for "Mafiaboy" (aka Mike Calce) -- a then-14yr-old hacker convicted in Canada of masterminding an e-commerce attack that (supposedly) very nearly destroyed, Yahoo!, eBay, CNN, and other U.S.-based firms in February 2000. The Canadian convict remains free of a U.S. indictment in Montreal.
  8. DHS NIPC never identified other persons who launched distributed denial-of-service attacks against, Yahoo!, eBay, and other U.S.-based e-commerce firms. DHS NIPC claims those copycat attacks in early 2000 caused "millions of dollars" in damages and lost revenues.
  9. DHS NIPC never identified the person(s) who launched a much-publicized attack against FBI's web servers soon after the above e-commerce attacks ended.
  10. DHS NIPC never indicted nor sought extradition for acknowledged Chernobyl virus writer Chen Ing-Hau for (supposedly) physically destroying "thousands" of U.S. government, military, corporate, academic, and personal PCs in April 1999. He remains free of a U.S. indictment in Taiwan despite admitting he wrote the virus just to humiliate antivirus firms.
  11. DHS NIPC never identified the person who released the ExploreZip virus in June 1999 despite a publicized worldwide manhunt. Just the unbridled fear about this virus temporarily crippled U.S. Air Force command & control networks. (Repeat: fear crippled the military, not the virus itself.) DHS NIPC's website claimed the virus attack "remains a pending criminal investigation" as of January 2003.
  12. DHS NIPC and the U.S. Justice Dept. waited almost 29 months to secure a punishment against Melissa virus writer David L. Smith after a judge accepted his guilty plea. Smith agreed Melissa caused at least $80 million in U.S. damages -- yet prosecutors delayed his sentence hearing for 870+ days for reasons still not known.
  13. DHS NIPC never identified the person(s) who defaced the Justice Department's website in 1996. A NIPC spokesman described the attack as "criminal."
DHS NIPC likewise suffers from an embarrassing record of bad predictions. Among them:
  1. 1999: agency director Michael Vatis told Congress every nation beginning with the letter "I" would target American PCs on 1/1/2000. (His claims sparked an international incident.) Vatis' accusations fueled global media hysteria ... which resulted in a global media fiasco when Y2K attacks failed to materialize.
  2. 2000: the agency issued a credulous 911 virus alert on April Fool's Day 2000 ... and they typed it entirely in uppercase, just like a novice. The virus failed to wipe out emergency response systems.
  3. 2000: the agency predicted a worldwide hacker attack on 1/1/2001. Agents later executed search warrants on seven teenage braggarts. The feds' alert fueled reports of coming Y2K+1 attacks ... which failed to materialize.
  4. 2000: the agency predicted "cyber attacks" would spawn from physical conflicts in the Gaza region. The feds' alert fueled stories of a coming Israeli-Palestinian cyberwar ... which failed to materialize.
  5. 2001: the agency predicted Chinese hackers would attack the western hemisphere during the first week of May 2001. This alert fueled stories of a China-U.S. cyberwar ... which failed to materialize.
  6. 2001: the agency staged an "unprecedented" press conference where they predicted "the Internet could be seriously degraded by the Code Red worm" ... yet the serious degradation failed to materialize.
  7. 2001: the agency predicted the deadly terrorist attacks on 9/11/01 would spawn a global tidal wave of sympathetic and retaliatory "political 'hacktivism' " ... which failed to materialize, agency spokeswoman Debbie Wireman later admitted.
  8. 2001: the agency again predicted the deadly terrorist attacks on 9/11/01 would spawn a global tidal wave of "hacktivism" ... which again failed to materialize.
  9. 2003: the agency predicted a pending war with Iraq would lead to a wave of criminal activity such as spam, which "can be state sponsored or encouraged" by the Iraqi regime. The feds' alert fueled stories of a coming Iraq-U.S. cyber-war ... which failed to materialize.
This annotated bibliography exposes DHS NIPC's impotence, controversies, and political machinations...
A Big LOL for FBI Alert
A new FBI NIPC cyber-terror alert flops -- yet again -- and Michelle Delio of Wired laughs out loud. "In a Chicken Little-like incident that flew under virtually every computer security experts' radar, the FBI's National Infrastructure Protection Center bravely predicted and monitored a ferocious cyberattack Tuesday morning on U.S. computer systems, launched by an army of European enemy hackers. Never mind that no independent Internet traffic monitoring service or security expert had even noticed that any sort of cyberattack had occurred..."
FBI plays cyber-fear card again
A new FBI NIPC cyber-terror alert flops -- yet again -- and Thomas C. Greene of The Register plays the sarcasm card. "Perhaps it was just another piece of alarmist fluff cooked up by the NIPC public relations office. It's been a while since NIPC was in the news (and ages since it was in the news for something other than ridicule), so the PR bunnies may well have felt it time for a little publicity stunt..."
FBI NIPC takes a summer vacation
Vmyths editor Rob Rosenberger notices a distinct slowdown at FBI NIPC's website. They failed to issue advisories & alerts for recent serious vulnerabilities. Did everyone at the agency take a mass vacation?
Call it the 'SNMP Enron exploit'
Vmyths editor Rob Rosenberger observed how FBI NIPC "pumped out a typical gobbledygook alert" after computer security experts started to publicize an SNMP exploit. "They fear SNMP hackers will 'potential[ly cause] multi-sector Internet outages.' Oddly, though, the agency didn't follow their newly established precedent of calling a global press conference to save computing as we know it..."
Memo to FBI NIPC webmaster
Vmyths editor Rob Rosenberger chides FBI NIPC's webmaster for continuing to highlight "overzealous advice" on the agency's website -- despite the fact they later moderated their advice on a different web page. Rosenberger pointed to Vmyths' policy on corrections & clarifications, saying "we hope you'll follow our lead. You owe it to everyone who trusts your advice..."
'WinXP hole' misrepresented by FBI
AnchorIS CIO Tim Mullen rails against FBI NIPC's "UPnP exploit" misinformation. "So many people have rushed to be authorities on this bug that many didn't bother to get their facts straight before posting fixes and writing articles about it... The NIPC advisory gives people specific instructions on how to disable the 'UPnP Device Host' on XP and has been widely linked to by many. Unfortunately, this does absolutely nothing. I both phoned and emailed NIPC to inform them at the UPnP Service itself has nothing to do with this bug, and that the 'SSDP Discovery Service' is the [real] issue, but to date they still have not updated the site..."
XP makes it a scary Xmas
Vmyths editor Rob Rosenberger summarizes FBI NIPC's recent hysteria. The list includes two flopped predictions of cyber-terrorism issued after the 11 September disasters, plus two childish "cyber protest" threat analyses, plus an alert about the threat of Christmas PCs with unpatched versions of Windows XP...
'Relax, you've been erased'
"Plagiarize" means to "use (another's production) without crediting the source." Vmyths editor Rob Rosenberger explains how FBI agents asked a key figure for help during the Code Red hysteria, but then didn't want to share credit with him when the media gathered 'round...
A trick question: did FBI NIPC fail its mandate?
Vmyths editor Rob Rosenberger explains how, "theoretically, FBI NIPC should have protected critical infrastructures from Osama bin Laden. Realistically, they only wanted to protect the Internet from Osama bin Virus..."

     Showing 1-10 out of 55 Resources     NEXT>>

Sign up for FREE Vmyths newsletters!
"Virus Hysteria" Alert
Stay on top of the latest computer virus hysteria as it happens -- with no advertisements.
"What's New" Newsletter (weekly)
Keep up on what's new at Vmyths.
"Multimedia" Update
Learn about new & updated multimedia files at Vmyths.
Note: After subscribing, you will be sent a confirmation email. Please reply to it and your subscription will be completed.


Mediaweave: Sophisticated web design and development
 Copyright © 2003 Rhode Island Soft Systems, Inc.
Website designed & programmed by Mediaweave