A bunch of hysterical computer security stories popped up on my radar in the last few days. A huge bunch. I mean really huge. {sniff} Do I smell an annual hacker conference?

You can always count on hysteria before & during a global hacker conference…

I thought for sure the global economic recession would hit them in the digital pocketbooks … but, no. Untold numbers of elite hackers and government middle-managers with discretionary budgets have descended on Las Vegas to impress each other with their hilarious hijinxs and their nonchalant predictions of a looming cybergeddon based on some lecturer’s byte-tacular discovery he made while toying around with a debugger after clocking out from the evening shift at Taco Bell.

You can always count on hysteria before & during a global hacker convention — especially the siamese twins known as “Black Hat” and “DEFCON.” Panelists & presenters alike go shopping every year at this time for reporters who will breathlessly pre-announce the horrifying lectures they’ll give in a nonchalant fashion to their fellow hackers and to government middle-managers whose agency budgets let them play the role of a hacker.

“C’mon, Rob. Nonchalant lectures about terrorist hacker methodologies that supposedly threaten all of the inner planets of our solar system?” Look, folks, I just expose the hysteria; I never said it makes any sense.

No doubt the House of Lords will call for the closure of all British intelligence agencies after hackers discovered a vulnerability in MI5′s public website. No doubt Congressman Edolphus Towns will demand prison for LimeWire CEO Mark Gorton over the heinous crime of marketing the P2P software that was used to leak a Google Maps route to Michelle Obama’s safe house. And I still can’t explain how security celebrities Dan Kaminsky & Kevin Mitnick escaped death when their websites got hacked.

On a sidenote — and I swear I don’t make this stuff up — the theme for this year’s Black Hat / DEFCON shindig is pasty white boys lip-syncing to African American hoodlum tone poems. In keeping with the theme, the organizers even slapped together a “Security B-Sides” conference for “speakers whose programs weren’t accepted by Black Hat.”

No joke — the theme for this year’s Black Hat / DEFCON shindig is pasty white boys lip-syncing to Afri­can Ameri­can hoodlum tone poems…

“A digital rave, Rob?” Exactly. But without all the underage girls so willing to strip naked and make out with each other while you watch. At a Las Vegas convention, you gotta pay for that kind of fun.

Say, you know what would be super really ironic? Waking up to hear Robin Meade say “North Korea’s elite military hacking unit remotely logged into the Hoover Dam’s SCADA controls, unleashing trillions of gallons of water that drowned one hundred of the world’s greatest hackers plus more than a thousand government middle managers attending a rap music party at a computer security conference in Las Vegas…”

Ah, but I digress.

So, anyway. You’ll understand the context of the question if your government middle manager neighbor comes home from his week-long trip to ask “did the ‘Obama Mama’ die yet?” He’s just convinced that a horrifying BIND 9 vulnerability has combined with a leaked top secret P2P file to guarantee the death of the First Lady…

---

Oh! I almost forgot to tell you. The top secret Google Maps route to Michelle Obama’s safe house leads to—

“Let me guess, Rob. It leads to Congressman Towns’ local hangout, right?” ExactlyUh, I can neither confirm nor deny your belief.

A truly amazing story in Wired reveals that “Rep. Peter Hoekstra (R-Michigan), the lead Republican on the House Intelligence Committee, said the U.S. should conduct a ‘show of force or strength’ against North Korea for a supposed role in a round of attacks that hit numerous government and commercial websites this week.”

“A show of force?” Sure, let’s do that. Our vaunted U.S. military electron defenders can counter-attack North Korea with that horrifying new “DAOS weapon system” we’ve heard so much about. And Obama can pick John McClane to lead the counter-attack. Yeah, that’ll strike some fear in Kim Jong-il!

Study all the faces I circled in the photo you see here. It certainly looks like HoaxsterHoekstra held an impromptu press conference … yet the crowd is filled with Asian (!) reporters. Go figure.

Wouldn’t you like to know how many of them knew in advance this guy would drop an amazing soundbite about North Korea?

Ironically — and you know how much I love irony — the general concensus right now is that North Korea didn’t orchestrate the horrifying cyber-attack that killed millions thousands hundreds dozens zero people around the world. But hey, that didn’t stop HoaxsterHoekstra from demanding a retaliatory military strike against a warlord nation run by a completely insane narcissist who suffered a bit of brain damage right before he showed the world how much he likes to play with nuclear weapons.

I really hate to say this, folks, but HoaxsterHoekstra’s verbal antics might plausibly help convince North Korea to resume war with the United Nations, thus sending thousands of soldiers to their deaths on both sides of the DMZ, possibly leading all the way up to a series of nuclear tit-for-tats—

—all because one federal employee unwittingly disabled a firewall. This, sadly, may be HoaxsterHoekstra’s legacy as a civil servant of the United States. “Hurray.”

(Memo to the Asso­ciated Press copy­right enforce­ment team: I high­lighted the Asian reporters in Susan Walsh’s photo­graph under the “criticism” clause of the U.S. Fair Use Doctrine. Thanks for understanding.)

In 1998, I bashed President Clinton’s speech where he made a hysterical assertion that “[criminals] extort money by threats to unleash computer viruses. If we fail to take strong action…” Clinton then announced a directive inspired by a flawed presidential report.

Eleven years later, President Obama repeated history in a speech where he made a hysterical assertion and then announced a directive inspired by a flawed presidential report.

Obama’s cyber­security speech is essen­tially the same as Bill Clinton’s speech 11 years ago — right down to the debut of a flawed presi­den­tial report…

In part 1 and part 2 of this series, I revealed Obama spouted an urban legend about cyber-terrorism and he spouted a bizarre “$1 trillion” guesstimate for computer crime.

But where did the president get this hysteria? Obama’s top intelligence advisor all but admits it didn’t come from government sources. Obscure footnotes in the president’s report reveal:

• Obama’s “$1 trillion” guesstimate came from a McAfee press release — a company not involved in economic assessments.
• Obama’s urban legend that “cyber attacks have plunged entire cities into darkness” came from a SANS newsletter that cited a CIA analyst who gave absolutely no details whatsoever.

This forces us to ask two philosophical questions. First, why didn’t Obama’s cybersecurity report cite a respected government economics expert? Second, why didn’t Obama’s cybersecurity report directly cite the CIA analyst who gave absolutely no details whatsoever?

Remember this, folks. Obama’s “$1 trillion” guesstimate comes from McAfee, the very same company that insists email spam contributes to global warming — and that secretly armed China with computer viruses at a time when the White House ironically feared China would attack the U.S. with computer viruses.

The flaws in President ClintonObama’s cybersecurity report fail to impress me, and the hysteria in President ClintonObama’s speech fails to move me. Enough said.

{Update: Mikko Hypponen tweeted “Vmyths is, once again, right on the money. Cheers to Rob.” His kudos spurred at least ten people to follow Vmyths on Twitter.}

F-Secure flunky Mikko Hypponen loves to express his thoughts on Twitter. But he really needs to think before he tweets. Check out this classic case of irony from Hypponen:

“Just woke up and learned about XSS Twitter worm last night. You can see from here how it started. Don’t click links. http://bit.ly/lV34d”

A warning to “don’t click links” followed by … a link. You gotta love irony.

In Mikko’s defense, he probably hadn’t yet downed his first cup of coffee. If you’ve woken up next to him like I have, then you know it takes a few sips of joe to get his brain started in the morning.

(Hmm? Oh, I woke up next to him in an adjoining hotel room in the middle of a hurricane. Why do you ask?)

Hypponen rattled off two more tweets a few hours later. See if you can spot the irony:

{#1} I guess there’s going to be quite a few Twitter worms for a day or two. Be careful, don’t view profiles, don’t follow links. Go outside?

{#2} Basic info on current Twitter worms from our blog: http://bit.ly/3xozo #stalkdaily #mikeyy #onedegree #worms

A warning to “don’t follow links” followed by … a link in his next tweet. Like I said: you gotta love irony.

I think we can also say “Mikko Hypponen can’t see his own irony.” Luckily, F-Secure employs a guy named Patrick who can see irony. Let’s hope Mikko sets down with him for a bit of remedial instruction.

Naturally, I tweeted Mikko’s irony to those who follow Vmyths on Twitter…

The U.S. government recently held a two-day “cyberwar simulation” (another name for a “tabletop exercise”). Reuters filed
a typical story about this event. In perusing it, the casual reader might think “the Obama administration should develop a reconstitution plan to survive an Al Qaeda cyber-attack.”

How much monetary damage did bureau­crats inflict in their “cyber­war simu­la­tion”? Did it come close to the $700 billion we shelled out to protect bankers from their own incom­petence?

And then the casual reader will move on to the next story and forget all about the looming death of this great country we’ve come to know & love. Tsk tsk tsk. What a pity.

That’s one of the nice things about computer security hysteria — even after all these years, the Cassandras still have no examples of computerized death & destruction. They’re reduced to making invalid comparisons to 9/11/01.

But this particular Reuters story struck me for its irony. Check out this snippet:

“Democratic U.S. Rep. James Langevin of Rhode Island, who chairs the home­land security sub­commit­tee on cyber­security, said: ‘We’re way behind where we need to be now.’ Dire conse­quences of a suc­cessful attack could include failure of banking or national electri­cal systems, he said.”

Aha! Yes, of course. “Dire consequences.” Did a North Korean cyber-attack cause $700 billion in damages to the U.S. banking system? Did Al Qaeda cyber-terrorists cut electrical power to 1.25 million people in the northeast during this month’s deadly ice storm? Did a teenage hacker single-handedly cancel thousands of airline flights in the northeast during that same deadly ice storm?

This kind of irony forces us to ask three simple questions:

1. How much economic damage do these bureaucrats think was inflicted in their ‘simulation’?
2. How many people do these bureaucrats think suffered without power in their ‘simulation’?
3. How many thousands of airline flights do these bureaucrats think got canceled in their ‘simulation’?”

Listen to me, folks. The U.S. doesn’t seem all too worried that a pervasive attitude of greed & incompetence in the banking industry added $0.7 trillion to the national debt. But boy oh boy, if a cyber-savvy enemy should attack our banking system, we’ll see the total collapse of capitalism! And the U.S. doesn’t seem all too worried about downed power lines in a deadly winter storm. But boy of boy, if a cyber-terrorist ever cuts power to our homes in the dead of winter, it will positively turn America into a third-world country!

And the U.S. doesn’t seem all too worried when thousands of airline flights around the country get canceled due to weather. But boy oh boy, if a hacker ever grounds thousands of jets, it will positively rape the U.S. air transportation industry!

Remember this when you hear about U.S. government “cyber wargames.”

---

Oh, I almost forgot — longtime readers will recall when virus expert Mary Landesman went through an ice storm. Her family survived without electricity and without Internet access for nine days. Heck, they didn’t even lose a finger or toe to frostbite.

But boy oh boy, if a cyber-savvy terrorist or soldier does the exact same thing to Landesman, her entire family will perish!

“Look at the frozen teardrop on this woman’s face,” a parka-clad cadaver retrieval supervisor will say. “She obviously realized the helplessness of her situation. She must have known she would have survived this cybertastrophe if only it had been just a major ice storm…”