A bunch of hysterical computer security stories popped up on my radar in the last few days. A huge bunch. I mean really huge. {sniff} Do I smell an annual hacker conference?

You can always count on hysteria before & during a global hacker conference…

I thought for sure the global economic recession would hit them in the digital pocketbooks … but, no. Untold numbers of elite hackers and government middle-managers with discretionary budgets have descended on Las Vegas to impress each other with their hilarious hijinxs and their nonchalant predictions of a looming cybergeddon based on some lecturer’s byte-tacular discovery he made while toying around with a debugger after clocking out from the evening shift at Taco Bell.

You can always count on hysteria before & during a global hacker convention — especially the siamese twins known as “Black Hat” and “DEFCON.” Panelists & presenters alike go shopping every year at this time for reporters who will breathlessly pre-announce the horrifying lectures they’ll give in a nonchalant fashion to their fellow hackers and to government middle-managers whose agency budgets let them play the role of a hacker.

“C’mon, Rob. Nonchalant lectures about terrorist hacker methodologies that supposedly threaten all of the inner planets of our solar system?” Look, folks, I just expose the hysteria; I never said it makes any sense.

No doubt the House of Lords will call for the closure of all British intelligence agencies after hackers discovered a vulnerability in MI5’s public website. No doubt Congressman Edolphus Towns will demand prison for LimeWire CEO Mark Gorton over the heinous crime of marketing the P2P software that was used to leak a Google Maps route to Michelle Obama’s safe house. And I still can’t explain how security celebrities Dan Kaminsky & Kevin Mitnick escaped death when their websites got hacked.

On a sidenote — and I swear I don’t make this stuff up — the theme for this year’s Black Hat / DEFCON shindig is pasty white boys lip-syncing to African American hoodlum tone poems. In keeping with the theme, the organizers even slapped together a “Security B-Sides” conference for “speakers whose programs weren’t accepted by Black Hat.”

No joke — the theme for this year’s Black Hat / DEFCON shindig is pasty white boys lip-syncing to Afri­can Ameri­can hoodlum tone poems…

“A digital rave, Rob?” Exactly. But without all the underage girls so willing to strip naked and make out with each other while you watch. At a Las Vegas convention, you gotta pay for that kind of fun.

Say, you know what would be super really ironic? Waking up to hear Robin Meade say “North Korea’s elite military hacking unit remotely logged into the Hoover Dam’s SCADA controls, unleashing trillions of gallons of water that drowned one hundred of the world’s greatest hackers plus more than a thousand government middle managers attending a rap music party at a computer security conference in Las Vegas…”

Ah, but I digress.

So, anyway. You’ll understand the context of the question if your government middle manager neighbor comes home from his week-long trip to ask “did the ‘Obama Mama’ die yet?” He’s just convinced that a horrifying BIND 9 vulnerability has combined with a leaked top secret P2P file to guarantee the death of the First Lady…

Oh! I almost forgot to tell you. The top secret Google Maps route to Michelle Obama’s safe house leads to—

“Let me guess, Rob. It leads to Congressman Towns’ local hangout, right?” ExactlyUh, I can neither confirm nor deny your belief.

Let’s begin with a straightforward statement. McAfee expert Francois Paget got duped by a YouTube video, he went “nutty professor,” and he wrote a hysterical blog about it on McAfee’s official website (archived here).

And then, just for good measure, Paget touted a new McAfee product that can protect you from being duped— protect you from the hysteria he— protect you from the threat he concocted— oh, never mind.

It disturbs me that Francois Paget got duped so easily. Memo to Paget: click here.

Wired pundit Kevin Poulsen exposed Paget’s stupidity in a rather blistering story. Poulsen reveals a German “viral video” production firm conceived the “Blair Witch” script to promote (get this!) a conference for video gamers.

It disturbs me that Paget got duped so easily. A quick glance at the video stats reveal it’s been watched more than a million times in just the last half-year. Clue, anyone?

If this was a genuine SCADA attack, all the SCADA hype-meisters out there would have pounced on this video the very day it came out. Why, then, would Paget be the first expert to label it a SCADA attack a half-year later? How could he not realize this?

Did Paget do basic research to learn where this SCADA attack took place? No. Did Paget do basic research to learn which hacking group took credit for this SCADA attack? No. Did Paget do basic research to learn how this hacking group pulled off their SCADA attack? No. Did Paget do basic research to learn…

Hey, you know what I just did? I did some basic research on Paget for this column. “Basic research, Rob? That’s amazing!” Thanks for the facetiousness but, really, it was nothing. Anyway, I came across Paget’s LinkedIn profile (or at least a cleverly disguised hoax profile which, according to Paget, is as good as the original.) He’s worked at McAfee since at least 1993 when he—

—waitaminit, I just got an email from the Frenchman. It reads:

“Dear Rob, I heard that you work for the CIA. Can you give me some details on how NCIS agent Timothy McGee hacked into your CIA network so easily? TIA! All my love, Francois.”

Even worse for Paget’s stupidity level — you can watch the YouTube video in high def. That’s what we call “a subtle clue.” Al Qaeda’s movie studio couldn’t possibly match Hollywood’s infinite resources to produce HD video. Heck, you can’t even watch this staged remote-control diesel engine attack in high def.

(Hmmm. You know, I couldn’t have bashed Paget so easily if he’d used the diesel engine attack video. Lucky me.)

The production company calls it a “viral video.” Sadly, Paget got infected. And McAfee spread the virus through their official blog. Much to the production company’s delight, I’m sure.

Let’s run with this absurdity, shall we? Let’s pretend Paget got duped by the trailer for the new movie “Pontypool“:

Last week, I discovered a video posted on YouTube. We can see an entire town getting infected by a virus that spreads via the English language. Two guys having a conversation can spread the virus! I have some doubts about the technical aspects of a virus spreading through the spoken word. But fake or not, the video confirms that terrorists have got their eyes on lexicon viruses. Perhaps the first demo was just for fun, but the others will have less juvenile goals. An attack can involve nationwide damage, a terrible effect on the public’s morale, and huge financial losses. Modern language is more vulnerable than ever…

Or hey, what if Paget got duped by the movie “Eagle Eye“? Or what if he got duped by this episode of “Fringe“? Or what if he got duped by the movie “Fatal Error“?

It’s a “viral video.” Sadly, Paget got infected. And McAfee spread the virus through their official blog…

Or — good grief, what if Paget got duped by the new “Land of the Lost” comedy? “I have some doubts about the technical aspects of using tachyons to travel instantly through time and relative dimensions in space. But fake or not, this movie trailer confirms that terrorists have got their eyes on TARDIS machines…”

(“Uh, Rob. You mixed up ‘Land of the Lost’ with ‘Dr. Who.’” I did? Crud. I should have done basic research before I wrote that last paragraph. But no matter! Paget will agree with me that the Enterprise is the same as the Jupiter II and Joey from “Friends” was as good a starship driver as Sulu was in “Galaxy Quest.”)

Run with it, folks! Make up a parody of Paget’s blog and post it as a comment to this column. Or post it on your own blog and throw me a pingback. Let’s tear a pound of flesh out of this hysteria-monger.

If we follow Paget’s {ahem} “logic,” then the solution to our woes is simple. We just need to get McAfee to sponsor these horrific viral videos.

Seriously! If you’re a fan of the TV show “24,” then you know Cisco firewalls stand strong while everything else of a cyber nature collapses as part of a diabolical Hollywood plot line. The only reason Cisco firewalls are impenetrable is because Cisco sponsors the show.

So. By Paget’s {ahem} logic, if McAfee sponsored every SCADA attack video, then our problems would be solved!

“I have some doubts about the technical aspects of a firewall standing up to a SCADA attack just because McAfee sponsored the video production. But fake or not, those videos will confirm that terrorists cannot get past the security of McAfee software…”

You know what’s really sad about all this? Every absurdity in this column passes muster if we follow Paget’s {ahem} logic.

Folks, something bad is happening at McAfee. First David Milam goes insane; now Francois Paget. And I finally understand why.

Last week, you see, I discovered a video posted on YouTube. It shows how an entire company can get infected by a disease that spreads via the act of breathing. Two guys breathing the same air can spread the disease! I have some doubts about the technical aspects of a disease spreading this way. But fake or not, the video confirms that terrorists have got their eyes on making us suffer this disease…

I’ve got my prejudices and I admit it. Take Marcus Sachs for example: I openly disliked the man when he started working for White House cyberspace flunky Richard Clarke during the “taint era” from 1998 until Clarke’s unceremonious departure.

But the director of the SANS Internet Storm Center has finally won me over with a “very cynical” (his words) opinion on the supposed Russian-Georgian cyber-war. Good for him. I scratched Sachs off my prejudice list.

And speaking of the supposed Russian-Georgian cyber-war…

As Sachs noted, the computer press seems infatuated with a war that includes script kiddies and (ironically) the many “cyber tourists” who visited Georgian websites out of curiosity. Come, now — how can you call it a “war” when media coverage drives tourism through the roof?

This might lead you to wonder “what’s the difference between a physical war and a cyber war?” The answer is simple. In a physical war, a politician will shout “Christiane Amanpour’s plane landed at the airport, everyone flee for your lives!” But in a cyber war, a coworker will shout “John Markoff’s story just went online, everyone click on the links!”

Oddly: the computer pundits tell us only about Russia’s cyber-attacks on Georgia. To quote the legendary Bill Hicks: “a war is when two armies are fighting.” Why don’t we hear incredulousible stories about, who knows, maybe Georgia’s victorious counter-thrust into Russian IP space where they Google-bombed the .ru TLD, or something like that?

The non-computer press, on the other hand, seems far more interested in Russian bomber aircraft over the skies of Georgia. Those bombers recently made a “show of force” along two critical fuel pipelines:

The 45 craters — each some 60 feet across — scar the hillside like footprints left by a giant. Close by lies the BTC pipeline, operated by British oil company BP PLC and buried at a depth of nearly six feet… Another raid Tuesday appeared to have been aimed at a second pipeline, known as Baku-Supsa, which brings Azerbaijan oil from the Caspian Sea.

To hear the cyber-war experts say it, a logic bomb is equivalent to an aerial bomb. So, if Russia did launch a devastating cyber-war with Georgia, then why do they need bombers to demonstrate a show of force near Georgia’s fuel pipelines? To hear the cyber-war experts say it, Russia’s elite military hackers could log into the “SCADA” equipment that controls the pipelines and make it do whatever the Kremlin wants.

You’ll find all sorts of security hype about “SCADA,” the Supervisory Control and Data Acquisition equipment that now automates every critical infrastructure on the planet — international fuel pipelines, continental electric power grids, federal air traffic control & landing systems, state highway toll booths, regional 911 services, county water treatment plants, city transit systems, and local traffic lights.

To hear the SCADA security experts say it, these devices even operate the dual-zone climate controls in your new car. That’s right: SCADA technology controls everything. Just ask the SCADA security experts.

SCADA technology is so insecure, claim the experts, that any college kid can destroy any power generator anywhere on Earth from the comfort of any dorm room or Starbucks café in less than two minutes.

Oh, and Russia secretly enlists every unethical college kid to serve in the Kremlin’s state-of-the-art military cyber squadron. Oh, and they can bring any country to its knees with their dastardly SCADA weapons. Just ask the cyber-war experts.

Toss in the bankrupt & corrupt history of Russia’s post-USSR military … and toss in the U.S. Air Force’s own belief that a logic bomb equals a Hellfire missile … and it only stands to reason that Russia would much rather launch SCADA attacks over bomber attacks.

Yet we see neither the amazing headline nor the amazing video of a Russian military SCADA attack. Go figure.

Did a story in the Wall Street Journal say “Thousands of Georgians feared dead in Russian military cyber attack”? NO. Did The Register announce “Russian army hackers make Georgian fuel pipelines flow backward”? NO. Did the U.S. Air Force website proclaim “Airmen deploy to Tbilisi to stop Russian military hackers”? NO.

Remember this the next time the computer media gets infatuated with the notion of a cyber-war.