RE: [Full-Disclosure] Electronic Jihad on August 26, 04 ??

From: Rob Rosenberger (junkmail_at_barnowl.com)
Date: 08/25/04

  • Next message: labs_at_NGSEC: "[Full-Disclosure] [NGSEC-2004-7] NtRegmon, local system denial of service." 
    To: <full-disclosure@lists.netsys.com>
Date: Wed, 25 Aug 2004 02:08:17 -0500

    Vmyths.com Virus Hysteria Alert
    Truth About Computer Security Hysteria
    {25 August 2004, 01:20 CT}

    CATEGORY: Dire predictions of a cyber-war or cyber-terrorism

    Russian news site MosNews.com has reported "terrorists will paralyze the
    Internet on August 26" (this Thursday). The story cites virus experts
    Alexander Gostev and Eugene Kaspersky, both who work for Kaspersky Labs, a
    large Russian antivirus firm. MosNews ran the story under the headline
    "Russian Computer Expert Predicts Internet Terrorist Attack."

       MosNews.com story (English):
       http://www.mosnews.com/news/2004/08/24/internetend.shtml

    The web page address includes the phrase "internetend" -- an obvious
    reference to the end of the Internet as we know it.

    Vmyths dismisses this "Internet Terrorist Attack" story as baseless
    hysteria, for numerous reasons explained below.

    It appears MosNews derived their story from a newswire published by
    Lenta.ru, which may have derived their own story from a Novosti newswire.
    In other words, it's "hand-me-down" news, and this is a systemic problem in
    computer security. Reporters will often quote each others' stories as their
    main sources of information. Worse, these stories originated in Russia,
    where many news agencies have dissolved into sensationalist tabloids since
    the breakup of the Soviet Union.

    Speaking directly to Novosti's reporters, Gostev supposedly claimed "the
    United States and Western Europe will suffer from the attack" on Thursday,
    while Kaspersky supposedly "reminded that similar attacks had earlier
    paralyzed [the] Internet in South Korea. He added that it would be
    'impossible' to stop terrorist organizations if they 'get down to
    business.'"

    As expected, the Novosti newswire described the cyber-terrorists as
    "Islamic" fundamentalists who declared Thursday a day of "electronic jihad."

    Gostev and Kaspersky claimed they learned about the cyber-terror attack from
    data "published on specialized sites," and Gostev admitted "it is difficult
    to say how true this information is." Statements like this raise a RED FLAG
    at Vmyths. We believe the men studied messages left by narcissistic
    braggarts, not Islamic cyber-warriors. Vmyths has seen NO objective
    corroborating evidence for an Internet armageddon in the near future.

    Narcissistic braggarts have a notorious habit of (1) declaring an attack
    date and then (2) failing to show up for duty at the appointed time. One of
    the most hilarious examples of this took place in 1997; see
    http://Vmyths.com/hoax.cfm?id=28&page=3 for details.

    According to Novosti, Kaspersky concluded by saying "it is ghastly enough
    that these people have mentioned 'electronic jihad' for the first time."
    Kaspersky is clearly mistaken if the newswire quoted him in context.
    Hackers and the media have used this exact term for years; a Google search
    returns 500+ matches. Israel's Jerusalem Post newspaper used a similar
    term, "virtual jihad," four years ago. mi2g (a well-documented fearmonger)
    has issued predictions over the years for electronic jihads which have NEVER
    come to pass.

       Remember this when virus hysteria strikes:
       http://Vmyths.com/resource.cfm?id=31&page=1

    MosNews quoted Lenta.ru, which quoted another virus expert, who insisted
    "Kaspersky Labs has been foretelling the doomsday for a long time." Vmyths
    agrees they occasionally sensationalize threats -- but a global cyber-terror
    prediction seems highly out of character for them. And the Kaspersky.com
    website so far offers no special news/advice for its clients. The Novosti
    newswire oddly claims Kaspersky Labs "will be switched over to the 'yellow'
    danger level" on Thursday, but this, too, seems highly out of character for
    the antivirus firm.

    For all of these reasons, Vmyths dismisses this "Internet Terrorist Attack"
    story as baseless hysteria.

    Vmyths assumes Alexander Gostev & Eugene Kaspersky were quoted out of
    context -- but we don't know HOW MUCH they were quoted out of context. This
    may be an example of a "worst-case scenario briefing" gone awry. (See
    http://Vmyths.com/rant.cfm?id=540&page=4 for more on this subtopic.) We
    asked Kaspersky Labs to comment on the Russian news stories and we'll
    publish their response as soon as we get it.

    Unfortunately, the global media has a FETISH for "end of the Internet"
    stories. Vmyths predicts the following:

       (1) On Wednesday, news outlets around the world will report the Novosti
    newswire (and stories derived from it) without question. A sensationalist
    reporter might even link cyber-terrorism to the breaking news of two Russian
    jetliners that just crashed. "Did Islamic hackers take over the cockpits?"
       (2) On Thursday, a few news outlets will acknowledge the prediction
    flopped.
       (3) On Friday, reporters will dump the story as a non-event.

    The SANS "Internet Storm Center" (http://isc.sans.org) currently reports a
    "green" status for the Internet. SANS "predicts that the Internet will not
    vaporize into a cloud of nothingness this Thursday, but if it does, it's
    been our pleasure to help stave off its inevitable annihilation this long."
    Vmyths applauds SANS for its sense of humor.

    Don't bet on an Islamic cyber-attack this Thursday. Stay calm. Stay
    reasoned. And stay tuned to Vmyths.

    Rob Rosenberger, editor
    http://Vmyths.com
    Rob@Vmyths.com
    (319) 646-2800

    Acknowledgements:
      * Cory Altheide (SANS), for URLs to Russian news stories
      * Confidential source, for the Novosti newswire

    CATEGORY: Dire predictions of a cyber-war or cyber-terrorism

    --------------- Useful links ------------------

    Common cliches in the antivirus world
    http://Vmyths.com/resource.cfm?id=22&page=1

    False Authority Syndrome
    http://Vmyths.com/fas/fas1.cfm

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: labs_at_NGSEC: "[Full-Disclosure] [NGSEC-2004-7] NtRegmon, local system denial of service."