CRYPT NEWSLETTER 41 February - March 1997 Editor: Urnst Kouch (George Smith, Ph.D.) Contributing Editor: Stephen Poole INTERNET: 70743.1711@compuserve.com crypt@sun.soci.niu.edu Who reads Crypt Newsletter: ========================== The great majority of Crypt Newsletter readers do it on company time. While there are accesses at all hours, heaviest usage and downloading of current issues occurs during U.S. business hours, beginning at around 7:30 EST and continuing to 4:40 Pacific time. Readers of Crypt Newsletter log in monthly from organizations like Lucent Technologies, Loral, Lockheed, MITRE Corporation, MITRE Technology, NASA-JPL, Electronic Data Systems, Intel, Digital, CSIRO, Science Applications, Unisys, the World Bank, Fujitsu, DuPont, the Securities and Exchange Commission, FermiLab, the US Dept. of the Treasury, the US Naval Undersea Warfare Center, the EPA [?!], Disney [?!?], Oak Ridge National Lab, Argonne Laboratory, Lawrence Berkeley, Vandenberg AFB, China Lake Naval Weapons Research, the Pentagon and many anonymous U.S. military Internet domains that refuse open telnet connections and "finger" queries. Others log in from media organizations like the BBC, The Bloomberg Business News Service, New York Times, the Sacramento Bee, various newspapers from the hinterlands, Federal Computer Week, The Net magazine, and The Age, too. Crypt Newsletter articles may not be copied or reproduced in or on other media, on CD-ROM collections of data, or offered - in part or in toto - as part of any database, data survey, information or research service for pay without consent of the editor. Rates based on word count are reasonable. Queries by e-mail are welcome. ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ Contents: Crypt Newsletter #41 ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ THIS ISSUE MEDIA REVIEW Piled higher & deeper: The John Seabrook book tour The dog that wouldn't hunt: More book tour fiascos NEWS Liquor in the front, poker in the rear of the flyin' saucer Wazzu! Gesundheit! Viruses in Antarctica Bypassing U.S. export controls Another episode of _electronic bogeyman_ Science Applications Info-warriors and the Defense Science Board report Info-warriors at National Defense University Corporate Propaganda, Inc.: Symantec Awareness Month The Nutty Professors: More on the FBI's LEB gaffe QUACKWATCH MARCH 1997: Nathan Myhrvold MISCELLANY Letters page Crypt Masthead Info Credits/Acknowledgment PILED HIGHER AND DEEPER: THE JOHN SEABROOK BOOK TOUR To set the right stage for the following bit of news on author and New Yorker reporter John Seabrook, it's necessary for Crypt News to steal outright from Eric Alterman's description of the pundit Morton Kondracke in "Sound & Fury," an analysis of the Beltway political punditocracy. Alterman likened Kondracke disparagingly to Ayn Rand's Lancelot Clokey, a social critic in "The Fountainhead" whose literary celebrity was purely the creation of the people he worked for. Like Morton Kondracke, John Seabrook is another Lancelot Clokey -- cyberspace's. In the past, he's been memorable for overwrought features in New Yorker magazine on swapping e-mail with Bill Gates and being flamed by David Sternlight. The latter incident apparently so unnerved Seabrook, he momentarily believed he'd been attacked by a computer virus. Like Lancelot Clokey, John Seabrook is an author -- "Deeper: My Two-Year Odyssey in Cyberspace" (Simon & Schuster). In the months to come you can expect Seabrook's book, like Clokey's "The Gallant Gallstone," to be praised to the heavens by critics who assuredly know better. Soon thousands and thousands of copies of "Deeper" will sell and the name "Seabrook" will be on the lips of all the wired kingdom's digerati. Like Clokey, Seabrook will believe his reviews, lose all perspective (actually, he's already in this phase if the following interview is an indicator), and live the life of the brilliant social critic and public philosopher when in reality he's done "nothing more outstanding than sleeping, eating and chatting with neighbors." On the p.r. junket for "Deeper," Seabrook came to CompuServe this week and talked on-line for about an hour in front of an audience of five -- six or seven if you count his mother plus the handler from People magazine, the outlet sponsoring the conference. It didn't matter that there weren't many real questions, Seabrook had answers: cliches as quips, contradictory statements, whizz-bang "hey-even-I-coulda-thought-of-that" pronouncements and some clowning. Here then, a sampling of Seabrook quote from the interview -- To no one in particular: "Pop culture is a weird thing." On why the Net is sometimes "nasty:" "There is a nasty side to lots of people, but some people do a better job of keeping it civilized -- which is good. On-line lowers the curtain of civilization. But sometimes it's good to be nasty. It gets the nastiness out that would otherwise be used in the real world." On the ["mountain men and pioneers"] of the Internet: "They [the mountain men] are going to have to figure out how to get along. The frontier is over. Now it's the next phase. It's more like the town than the frontier now. The mountain men are probably feeling a little blue." On journalism and reporting from the Internet: "If I had to do my reporting work on the Net, I'd be fucked. [But not _too fucked_ for the New Yorker gig and book tour. -- Crypt News] I never use the Net for information gathering -- it's lousy for that. The public library in NYC is much better." On Bill Gates and how the jig's up for the master of Microsoft: "It's amazing Gates caught onto the Net at all. He is about one man alone with his machine, not connectivity. He's faking it now -- I don't think he's [going to] survive for long." And then, contradicting himself in the same breath, how Gates will conquer Netscape: ". . . as to Netscape, I think it will end up like Apple. Microsoft has already successfully copied Netscape, just as it did Apple. It will slowly market it out of business." The next one is quite original. Wouldn't you want to read a book by an author who had this to say about America On-Line in early 1997: "AOL sucks!" Again on Bill Gates, the one-time subject of a lengthy Seabrook/New Yorker treatise: "I don't exchange e-mail with him. I don't have that much to say to him, I guess. If I really wanted to talk to him, I'd e-mail him, but I doubt he'd e-mail me back. Fuck him." On the Internet, again, this time parroting the People magazine handler who asked if the Internet was a "giant time sink:" "The Net is a giant time sink." On what he's writing about now: "Now I am writing a story about a young would-be rock star." And on writing about the Net, again: "Actually I don't think I'll be writing about computers or the Net again for awhile, maybe never. I feel like I said everything I have to say . . . or what I haven't, I'll say on the book tour gigs." Near the end, Seabrook's handler asked how his book could do well in a time when Net books are classed as "failed" because they're Net books (Nope, I'm not making this up.) The answer, of course, was Seabrook's Net book is _different_ because it's not really a Net book: ["Deeper"] is sort of different though. It's not really about the Net, it's about one man's experience of the Net. It's more of a memoir of Net use than a book about the Net." THE DOG THAT WOULDN'T HUNT: MORE ON-LINE AUTHOR/BOOK PROMOTION Author Jon Katz may be the Big Kahuna of WIRED magazine, but on CompuServe this week, attendance at a conference to promote his new book, "Virtuous Reality: How America Surrendered Discussion of Moral Values to Opportunists, Nitwits, and Blockheads like William Bennett," was a gold-plated bummer, drawing three people, not counting the promotion's handler from PEOPLE magazine. That's three -- not three hundred, not three thousand, not even thirty. Not a baker's dozen. Three. And it was three less than the number who attended John Seabrook's promotional, also hosted by PEOPLE, the week before. (However, Katz didn't bring his mother, like Seabrook.) If you get out your cyber-pencil and consider CompuServe's membership to be approximately 3.2 million, the audiences for these heavily peddled on-line conferences was an infinitesimally small .000009 percent of the base that was the target of the on-line advertising. And it demonstrates the futile nature of mainstream media efforts in cyberspace by the likes of such as PEOPLE magazine. Despite daily advertising, the push from PEOPLE On-line and lots of the usual rah-rah from cyberspatial shills, these dogs won't hunt. The irony of mainstream media being such a certified non-starter in cyberspace cannot be lost upon an author as quick as Katz. Paradoxically, Katz's conference was quite interesting -- much more pointed and thoughtful than Seabrook's. On the endless handwringing about on-line pornography, Katz said: "Concerns about sexual imagery and children are not hysterical and should not be dismissed. I don't dismiss them. "I just feel the need to point out that the Internet has no history of harming children. About 30 young people have been harmed as the result of online encounters in the history of the Internet, making it one of the safest media ever. Pornography is an 8 billion dollar industry in America that has always existed and will always exist . . . I argue that we keep it in perspective and teach our children how to deal with it in a rational way." Katz also skewered the TV, newspapers and magazines repeatedly, maintaining they are increasingly isolated and as a result, meaningless to the public. "I think passive media . . . will be relevant and accessible only when they begin conversations with their readers in the way Web writers do as a matter of routine. This is common, Katz said, where "media is passive -- by which I mean media like newspapers, local and national telecasts, that provide no integral means for consumers to reach journalists, challenge them, correct them, or otherwise communicate with them." Later, sounding a lot like U.S. News & World Report's journo-bashing editor James Fallows, Katz invoked Thom Paine as a personal hero. "Paine was courageous and intelligent and saw journalism as a powerful medium of change . . . His spirit is very much alive on the Net, but sadly he would be unemployable in any newspaper in America. He would hate objectivity, would be appalled at the corporatization of journalism, and would find his heirs timid and fearful, and dependent on a culture of experts and spokespeople. At one point Katz was asked if he could offer any examples of mainstream politicians who genuinely understood the "pop culture/technology" thing. "No," he said. LIQUOR IN THE FRONT, POKER IN THE REAR OF THE FLYING SAUCER: JIM SCHNABEL'S 'REMOTE VIEWERS' IS A CAPTIVATING READ ON GOVERNMENT PSYCHICS, CULTISTS AND MISCELLANEOUS WEIRDOS [Another part in an infrequent Crypt Newsletter series.] "Ph'nglui mglw'nath Cthulhu R'lyeh wgah'nagl fhtagn. [Translation: In his house at R'lyeh dead Cthulhu waits dreaming.]" -- H. P. Lovecraft, "The Call of Cthulhu" H. P. Lovecraft created the Cthulhu Mythos, a loose collection of stories built around a pantheon of horrible otherworldly beings banished from our dimension in eons past but still plotting plots of conspiracy and overthrow. The lore surrounding government psychic research, non-lethal weapons and, now, the catch-all term "information warfare" is our contemporary Cthulhu mythos. In it, horrible, otherworldly citizens banished from the realm of credible thought publicize themselves or other unnameable forces plotting plots of conspiracy and overthrow. Jim Schnabel's "Remote Viewers: The Secret History of America's Psychic Spies" (Dell) is a fast, amusing and quite thorough read about a number of very interesting flakes and kooks who formerly worked for the U.S. military on "remote viewing" -- a euphemism for carrying out government intelligence and reconnaissance work while in a psychic trance. "Of Herbert West, who was my friend in college and in after life, I can speak only with extreme terror." --Lovecraft, "Herbert West -- Reanimator" "Remote Viewing" is remarkable for its collection of whacked-out quotes and feats attributed to military men. The guru of non-lethal weapons, John Alexander, holds forth -- mentally bending forks and spoons galore for generals in the U.S. Army. This pass-time became so popular according to Schnabel, that a general in charge of U.S. Army Intelligence, Albert Stubblebine -- a patron of Alexander's -- was given the nickname "Spoonbender." General Spoonbender is custom-made for myth-making: He sent soldiers for psychic sessions and trance workshops at a resort in the Blue Ridge mountains. He hired yet another soldier, Lyn Buchanan, for psychic warfare because the man steadfastly maintained he had crashed his base's computer network simply by telepathically commanding it. Eventually, Spoonbender, Alexander and Buchanan were banished from the military by superiors at the Pentagon and intelligence agencies, just like Hastur, Great Cthulhu and Yog-Sothoth -- Lovecraft's Elder Gods -- were banished from Earth after a long, titanic battle with even greater powers. However, the legacy of Spoonbender, Alexander and Buchanan -- as well as others -- lives on, dreaming in its own dead house of R'lyeh, that indeterminate place on the Internet were the paranormal and conspiracy thinking hold sway. And if the entertainment industry's increasing interest in this material is any barometer, even the lowliest of our discredited psychic warriors won't be dreaming in R'lyeh much longer. Invoked by the powerful interest of tabloid-reading, X-File enjoying Americans -- the demand is such that their Great Cthulhu, in some way or another, must always be released from his temple. "Where can I go that I don't sense movement behind the scenes?" --Ramsey Campbell, "The Franklyn Paragraphs" Yep, a whole ball of insane wax is present in "Remote Viewers:" UFO's emerge from icy mountain fastnesses in Alaska, unspeakable machines lurk concealed beneath the Martian dust of Cydonia, a woman reads tarot cards for the Defense Intelligence Agency, strange apparitions haunt the corridors of intelligence agencies, and Soviet psychics who could slay with a thought (although their aim wasn't too good) are alleged to conduct fiendish experiments. Schnabel reels it all out with a wink and an omnipresent dry sense of humor. Finally, aided by an ultimate psychic warrior named Ed Dames, Schnabel does his own "remote viewing" and succeeds in -- lo! -- scaring his girlfriend. You certainly don't want to miss "Remote Viewing" if you're at all curious about how the U.S. military finds novel ways to waste a portion of the fifteen cents out of every dollar it receives from your yearly tithe. Notes: 1. Please do not write Crypt Newsletter with the information that the Great Cthulhu, John Alexander, has been seen with financier Bob Bigelow at the National Institute for Discovery Science. Alert readers have already furnished this data. WAZZU! GESUNDHEIT! On January 14, a military source forwarded a hysterical warning issued by the Joint Chiefs of Staff computer office in coordination with the Defense Information Systems Agency. Sent to ALL U.S. military offices around the world, the JCS alert claimed the Wazzu macro virus -- in particular, a variant of it named Meatgrinder -- could "destroy hard drives, or at a minimum, data on hard drives . . . Be advised, many virus detection packages do not detect or eradicate [Wazzu]." The warning was remarkable only for its paranoia and misconceptions -- the Wazzu virus can't destroy hardware and Meatgrinder was detectable, just about the opposite of JCS/DISA claims. The alert was also immediately posted anonymously to several Usenet news groups. [This raises another interesting question. If the Department of Defense is genuinely knowledgeable about alleged threats posed by foreign agents and hackers trying to make off with its secrets, how does it categorize simultaneous posting of internal computer security memos to Usenet news groups by its own warriors?] In any case, the Wazzu alert was immediately dismissed as idiotic nonsense issued by anonymous nincompoops within the bureaucracy way too quick on the trigger but very successful at embarrassing themselves and others who certainly knew better. Nevertheless, Wazzu virus variants do exist. Crypt Newsletter did a cursory search of the Web for military publications and sites that have wrestled with them and came up with one interesting example from remote McMurdo Station, Antarctica. Writing in the November 24 issue of the Antarctica Sun Times, a publication edited by an arm of the U.S. Naval Support Force at McMurdo, Jacqueline Kiel documents Wazzu infection at the base. A Wazzu infection ran wild, according to Jim Johnson, assistant manager in the base's information systems department, when the virus arrived in an infected telephone list document generated by Word. "Anybody who received that document and called it up [in Word] was infected," Johnson said. Johnson alluded to Wazzu's payload, the contamination of other documents with instances of the nonsense word "wazzu." "I lost two man-weeks so far this season just dealing with virus corruption," he said. Other virus infections which have plagued McMurdo have been caused by the system-area viruses Ripper, Monkey, and variants of Form. INTERNATIONAL INFO-WARRIORZ FIND BYPASSING SILLY U.S. EXPORT CONTROLS A SNAP It should come as no big surprise that foreign companies interested in obtaining encryption software find that bypassing U.S. export controls aimed at impeding its distribution a trivial challenge. In fact, it appears to happen quite a bit since many foreign developers are continually interested in seeing what U.S. rivals are developing for the American market alone. What follows is a submission from an Indian software developer and it mentions a number of ways in which foreign firms are bypassing export controls, which -- in this case -- appear to be unenforceable, anyway. "To start with, I made a TELNET connection to and using its text browser -- lynx, I connected to the MIT page for download using the link from www.pgp.com. When . . . asked the queries for citizenship etc., I answered 'Yes' to all. MIT's server then allowed me to download the software without any problem. But, this download was in the USA on the disk and hence -- technically -- it was not a [foreign] export from MIT." The encryption software is then downloaded overseas, if the party is so interested. No rocket science or, uh, export licenses needed. "We have found a few other . . . ways to defeat the MIT access control as well." Further, "These involve the POBOX.COM service as well as the Anonymizer site. Also, we have found that many foreign companies have sites in the United States used expressly for this purpose. "They . . . telnet into the site . . . and access any MIT-type 'protected' sites with ease. "This type of access is not preventable using the technique that MIT is [employing] for validation. It [appears] that they are validating the IP address of the user when they are on the site. We have found that having a US CompuServe account and accessing it [through] a [satellite] connection, we can spoof the MIT site into thinking that the IP is from the US. In India, we use a satellite [link] to connect to CompuServe which, for some reason, helps us evade the protection export controls on sites that employ the MIT security model." IN HEARING OF THE ELECTRONIC BOGEYMAN: A CONTINUING SERIES electronic bogeyman: a hacker, instrument of a hacker or anonymous source portrayed in the mainstream media as a menace to society. The electronic bogeyman must always be quoted making grandiose, unverifiable, or nutty claims (e.g., opening all the automatic garage doors in Anaheim, California at precisely 2:00 pm) about feats, usually malicious, that can be performed with a computer. Usage: Reuters interviewed an _electronic bogeyman_ from Croatia who claimed he had invaded an installation where atomic secrets were kept. In a later press release the e-bogeyman downgraded this claim to Anderson Air Force Base on the island of Guam. ------- In this week's episode of _electronic bogeyman_, the popular Web soap opera in which international and American news agencies print the press releases of teenagers who claim to have infiltrated and subverted the Pentagon or some other important and very secret place, we travel to Croatia, where a fifteen year-old hacker made his country so proud, officials there were inspired to hold a press conference so that people in the United States would notice. During the episode, wire news reports about the Croatian electronic bogeyman changed so much from day to day (first a hacker had broken into an "atomic installation," then the hacker said he had downloaded files, later he said he had not, etc.), they reeked strongly of phlogiston. The waffling nature of the story speaks strongly for itself and large elements of it are reprinted verbatim from the original news releases. February 20th -- ". . . Laura Lui of the Reuter News Service says the [Croatian] local press is reporting [that] three high school students, surfing the Internet on their home computer, broke into several U.S. military installations' databases, including those of the Anderson nuclear installation and an unnamed satellite research center." "Lui [said] that following a report in the Zagreb daily Vecernji List, local reporters flocked to the high school in the Adriatic port of Zadar where the . . . teen-age hackers . . . specialize in mathematics and information technology." "One of the teenagers, identified . . . as [Vice Miskovic], told the state news agency HINA he accessed the Pentagon database while surfing the Net [in January]. "[Vice Miskovic] told [Reuters], 'The data are compressed and need to be extracted, so I don't really know everything they contained, but it sure was very interesting.'" " . . . assistant Interior Minister Zeljko Sacic told state radio that invaders broke into the U.S. Defence [sic] Department computer system of the airbase on Guam island . . . " February 21 -- "A report this week that high school computer users in Croatia had broken Pentagon protection codes and copied highly classified files from U.S. military bases has been flatly denied by the U.S. Defense Department . . ." "Zagreb press is reporting [hackers], surfing the Internet on their home computer, broke into several U.S. military installations' databases, including those of the Anderson nuclear installation . . . [the hackers] broke codes . . ." "'They did not,' Defense Department spokesman Ken Bacon told reporters in Washington. 'They did apparently get into some computers at Anderson Air Force Base in Guam.'" March 3 -- "[Vice Miskovic], a Croatian teen-ager, says he modified programs he found on the Internet and used them, 'with a bit of luck,' to hack his way into a U.S. military computer at the Anderson Air Force Base in Guam." "'It was a challenge,' says 15-year-old Vice Miskovic of Zadar. 'I was curious to see whether I could do it or not.'" "Miskovic told Associated Press writer Snjezana Vukic he searched through the Anderson base files during the month of January, but whenever he wanted to download files, they started to disappear." Crypt News translation: Vice Miskovic first claimed he downloaded secret files to get the attention of international wire news reporters like Laura Lui. But when he couldn't produce them weeks later, Miskovic confessed he hadn't actually downloaded any files at all and further confused the issue through clever use of a techno-magic, dog-ate-my-homework alibi. The remainder of the March 3 news release on Vice Miskovic is full of standard, if unfortunate, electronic bogeyman cliches: The electronic bogeyman didn't destroy anything, the electronic bogeyman's computer was seized by government authorities, the electronic bogeyman's grandmother loved her grandson whom -- she said -- preferred computers to dating girls. ". . . Nediljka Miskovic said her shy grandson (other reports named her as his mom) -- known in the computing underground as 'Intruder' -- has always been fascinated by computers. 'He had no interest in new jeans, sneakers or girls.'" The casual Net surfer is invited by Crypt Newsletter to use the popular Dejanews Usenet search engine to search for evidence of the dangerous electronic bogeyman, Vice Miskovic. A search keyed to his name returns a mind-rotting number of hits, most of them connected to a get-rich-quick by mail scam (known as Make Money Fast). Some of Miskovic's Make Money Fast posts were later canceled by users from the net-abuse newsgroups. Miskovic's name was also attached to a phoney hacker mailing list. Someone claiming to be a "Vice Miskovic" posted Make Money Fast repeatedly to the Usenet in January with an address in Zadar, Croatia, attached. At the end of one of the Make Money Fast posts, "Miskovic" pleaded: "INCLUDE me ! Ey it is so expensive to connect to NET here in CROATIA! I am spending all MY money on this INTERNET CALL! Can U help by sending money 4 me! I'll repay U when i EARN money! PLEASE!!!! IF yes mail me to virus@openet.freenet.hut.fi I have foreign ADDRESS cause it is FREE! If U mail me I'll reply AND send U my ADRESS!" -------------- Reuters: international misinformation vendor. Usage: Reuters wire news stories told the legend of Vice Miskovic of Zadar, Croatia, a dangerous teenage electronic bogeyman who preferred his computer over various girlfriends. --From the Crypt News "Joseph K Guide to Tech Terminology" Crypt News tip: Hey, international teen hackers! Interested in maximizing your worldwide publicity? Stop wasting time harassing the locals in chat rooms on America On-Line! Instead, buckle down and ensure your place in news wire immortality by sending those electronic press releases to your local Reuters or Associated Press bureau, preferably to a reporter or desk editor _not_ fluent with computers but hungry for a scoop. Be aware that if you are too convincing in the world press your equipment may be seized. Late breaking news: March 6 -- Yikes! Reuters reports still more electronic bogeymen - this time defacing a NASA Webpage in Greenbelt, Maryland. The latest atrocity, only three days after the wire's last dispatch on Vice Miskovic! " . . . the Reuter News Service says a group calling itself H4G13 left a message online claiming responsibility." "During the next month, we the members of H4G13 will be launching an attack on corporate America. All who profit from the misuse of the Internet will fall victim to our upcoming reign of digital terrorism," wrote the electronic bogeymen, rather balefully. [Feel free to mail your suggestions and screenplays for future episodes of _electronic bogeyman_ (tm) to crypt@sun.soci.niu.edu.] SCIENCE APPLICATIONS INFO-WARRIOR SHOOTS OFF HIS MOUTH Some newspapers exploded with stories in January dealing with the release of a new Dept. of Defense treatise, "Report of the Defense Science Board Task Force on Information Warfare Defense." Forgotten it already? Don't worry, here's the summary: On January 6, the Wall Street Journal excerpted fragments of the DSB report including the oft-repeated statement that the Pentagon and the entire rest of the country are vulnerable to an "electronic Pearl Harbor" if acts aren't polished in the arena of Internet security. Journal reporter Tom Ricks termed the report unusually "strident." It was an accurate description. The Defense Science Board report on IWAR-D, as it is called, reads like a Cold War policy document written by Paul Nitze. It is nothing less than a call to arms for the military to start a crash effort in the field. Ricks apparently interviewed Duane Andrews, one of the report's authors, and elicited the comment that Andrews -- a former undersecretary for defense during the Bush administration -- would like to see legislation enacted that would free the Pentagon to attack hackers with polymorphic computer viruses. Andrews would, he said, like to see a capability that seeded hacker or attacker computers with "a polymorphic virus that wipes out the system, takes it down for weeks." There was no obvious comment on how this capability might be approached, aside from wishful thinking. For those unfamiliar with the ins-and-outs of computer virus technology, Andrews request was a side-splitter, akin to asking scientists to work seriously on a method in which sand might be converted into gasoline. [One computer virus expert, unnecessary to name here, once suggested that actively pursuing a strategy of trying to foster virus infections on the computers of alleged national enemies would be about as sensible as "dumping bags of pepper into the jetstream."] Interestingly, the virus quote by Andrews does not appear in the original of the Defense Science Board report. However, the study does address it in elliptical terms. Repeated reference is made to using "active" measures in "Information Warfare -- Defense." What the authors are saying is that they're recommending the Dept. of Defense be able to conduct counterattacks against hackers or nation states discovered to be launching information warfare assaults against the U.S. The report asks that legislation be enacted or rewritten to allow for this. A Freedom of Information Act request to the Defense Science Board returned no further information on the topic. Andrews is currently executive vice president of corporate development at Science Applications, a bona fide Beltway Bandit and secretive mega-contractor to the intelligence community. The company boasts extensive facilities in Tyson's Corner and Ft. Meade. The Defense Science Board report recommends a $580 million dollar investment in research and development to the private sector for hardware and software to implement computer security. Science Applications, of course, stands to benefit greatly from any large spurt of growth in DoD expenditures due to the collision of Cold War-style paranoia and the subject of information warfare. Curiosities in the DSB report: (1) It elevates the DEFCON series of hacker get-togethers to that of strategic menace conducted on US soil; (2) The supersecret MILSTAR satellite system -- a system that responsible elements in the country have been trying to have killed for years -- is invoked as a possible key asset in the coming time of information war. In addition, the report recommends an escalating series of conditions be set by DoD to describe information warfare, similar to the DEFCON grades. However, no concrete information is developed on how, exactly, the government would determine if the U.S. is undergoing an information war attack. And this remains one of the stickiest of problems for information warriors: How in Sam Hill can one distinguish an information warfare attack from the work of 100 Jolt-cola crazed college students fiddling around on a few networks, hoaxes, stupid practical jokes or the usual problems that beset computing networks? It's a double-edged sword, however. There is no reassurance or guarantee that any foreign country willing to waste time developing info-warriors to hack the nation for military aims would even be able to rise above the noise of everyday network mishaps. Perhaps it is even a valid strategy to try to encourage potential adversaries to invest in information warfare if the effort is likely to be unnoticeable. Better that than trying to steal weapons-grade plutonium. Crypt News challenges its readers to ask their favorite info-warriors these questions and not settle for jargon-caked bull or vague policy statements in reply. It is also of note that the authors of the DSB report are primarily drawn from aerospace, not computer security. John Pike of the Federation of American Scientists succinctly characterized them as "heavy metal" and, indeed, the names are: For example, in addition to Andrews -- author Edward Aldridge is a former director of the spy-satellite flying National Reconnaissance Office, Donald Latham is VP at LORAL, Bernard Randolph is NSA and TRW Space & Electronics Group. THE INFO-WARRIORZ OF THE NATIONAL DEFENSE UNIVERSITY: NOT SUCH HOT ESSAYISTS Good info-warriors are never at a loss for words. In fact, one of the strong suits of information warriors appears to be the burying of the enemy with floods of vague military philosophy, impenetrable jargon, cliches, scenarios and aphorisms gathered from popular books attributed to Alvin Toffler, Tom Clancy and Sun Tzu. The National Defense University, a think tank based in Washington, D.C., that advertises itself as a DoD support organization aimed at ensuring "excellence in professional military education and research in the essential elements of national security," recently published a number of essays from the new breed of information warriors being bred in places like Science Applications and various arms of the services. Crypt News excerpts some material from them for the enjoyment of readers. From "The Silicon Spear: An Assessment Of Information Based Warfare (IBW) And U.S. National Security" by Charles B. Everett, Moss Dewindt & Shane McDade." "The First Battles in the Era of Information Based Warfare: The Seizure of Fiery Reef and Mischief Island: July 1997. "In retrospect, it was all quite foreseeable. then, hindsight is always 20/20. The events had been lost in the 'noise.' The Board of Inquiry and the numerous congressional investigations had all come to the same conclusion," writes Everett in a spell-binding Tom Clancy-esque opener to "The Silicon Spear." He tells of an info-war with China and the reader eagerly awaits the denouement of the "congressional investigation" and "conclusion." Unfortunately, Everett never gets around to it, so Crypt News can't reprint it for you. Everett then back-tracks his science-fiction scenario and begins setting the stage for the coming info-war with China. However, no "silicon spears" are in evidence, just nuclear missiles. "The US military attach in New Delhi reported that [Chinese long range aircraft had overflown Indian airspace on three occasions. Reports coming out of one of the few news services remaining in Hong Kong noted that the 2nd Artillery-the PRC's nuclear rocket force-had begun to disperse firing battery's well south of Lop Nor, near the headwaters of the Mekong River in terrain that might preclude the travel of US cruise missiles through the rugged Himalayas." Then Everett abruptly shifts gears and defines "information war." "Information based-warfare is both offensive and defensive in nature-ranging from measures that prohibit the enemy from exploring information to corresponding measures to assure the integrity, availability, and interoperability of friendly information assets." No! Crypt Newsletter did not steal this from the Joseph K Guide to Tech Terminology! Everett loves acronyms in "The Silicon Spear." He mentions one called "GAP" for Gray Area Phenomena. GAP applies to: "Ethno-religious-nationalistic conflicts; Weapons proliferation-both conventional and nuclear, biological and chemical; Conflict over scarce resources; AIDS and other infectious diseases; The globalization of Organized Crime; Drug Trafficking; Economic Warfare and conflict over technology; Emigration; and, Famine." I bet you didn't know that "AIDS and other infectious diseases" and "famine" were part of information war in the age of silicon spears! You fool, you. The Chinese, writes Everett, are the leaders in information warfare. Everett also invokes "robotics, nonlethality, pyscho-technology, cyberdefense, nanotechnology, 'brilliant' weapons systems, hyperflexible organizations, and 'fire ant warfare,'" in his essay. Apparently, all of the disciples of Spoonbender and the Great Cthulhu have not yet been banished from positions in which they dispense military advice. (See "Liquor in the front, poker in the rear of the flyin' saucer" in _this issue_). "Matthew G. Devout, Brian K. Houghton, and 'Nil A. Polaroid' of Science Applications do significantly better than Everett in "Information Terrorism: Can You Trust Your Toaster?" They, too, devote much of their essay to a science fiction tale. Unlike Everett's, this one has an end to it and involves Croatian electronic bogeymen. (Presumably more effective than Vice Miskovic, but about of the same talent in the p.r. department.) It goes something like this: The e-bogeymen obtain a weather forecast for their neck of the woods from the CNN Webpage. (What? The television doesn't work?) Stormy weather is the prediction and the terrorists have a plan all worked out: They go to a NATO airfield during violent weather and use their computers to jam the air traffic controller. Two C-130's on approach subsequently collide and crash. The e-bogeymen run off and immediately send communiques taking credit for the feat -- just like Vice Miskovic -- to the international newsmedia. They include a Webpage address in Holland. International news broadcasts publicize the Website. U.S. military men sitting around twiddling their thumbs all jump up in unison, turn on their PCs and surf to the Holland page. The page contains a boobytrap that is downloaded to their computers. The boobytrap goes off 24 hours later and the military suffers untold damage to its networks. This actually sounds almost plausible until one starts to stack up the variables. The weather has to be stormy. The airfield has to remain open. The jamming has to work. The planes have to collide. The international news media must be paying attention and not fixating on O.J or JonBenet Ramsey _and_ it has to publicize the Dutch Website with its boobytrap instead of sending out reporters at the local bureaus in Croatia to try and find the terrorists for interview. Crypt News stopped suspending disbelief at this point. In the essay of "Nil A. Polaroid" and his colleagues as well as the writings of other information warriors, a common thread is the axiom that the military must be called in to work more closely with law enforcement in domestic issues. Crypt Newsletter sees this only as an extension of Cold Warrior paranoia. Now that the one big enemy is gone, the military needs new enemies. The best enemies are ones that are both internal and external at once, always vaguely definable in faux Tom Clancy-ish scenarios but never characterized or described with any great precision. The Science Applications authors also have their own acronym, this one copped from an older acronym. Computer emergency response teams are known by the acronym CERT. Now, there must be DIRT, or a Digital Integrated Response Team. DIRT, or DIRTs, will be the same as CERT, except DIRT can attack an enemy. DIRT will also get its marching orders from "[an] information terrorism counterpart to the White House 'Drug Czar.'" There are other information essays at the National Defense University Website (http://www.ndu.edu) but a better closer is this definition lifted from yet another of the information warriors: "Machines and Microbes - Although one thinks of Star Trek and other science fiction when the subject of _nanny machines_ [emphasis added, the author really means "nano-machines"] comes up, it is actually a feasible plan." A vision of many Fran Dreschers -- "nanny machines" -- running amok on a distant battlefield hectoring the enemy into submission should bring a smile to your face and frame the discussion appropriately. CORPORATE PROPAGANDA, INC. Rejoice, rejoice! Symantec Corp. has declared the period between Feb. 15 and March 15, "Virus Awareness Month" -- even though it's not a month. The driven marketing managers of the Cupertino, California, anti-virus software publisher claim the promotion is designed to educate computer users about new virus threats. So said a typical Symantec press release disguised as news a week or so ago. "Because of the tremendous growth in communications via the Internet, computer virus threats are on the rise. Symantec is committed to protecting our customers from viruses, therefore we have established Virus Awareness Month," claimed Symantec pitchman, Enrique Salem. Inspired by Symantec's Virus Awareness (tm) and its pseudo-informational marketing aimed at maximizing the appearance of the company's nam the news, Crypt Newsletter and Rob Rosenberger's Virus Myths are declaring the month of March as Symantec Awareness Month. Unlike Symantec marketers, we know the 12 months of the year and are setting aside March as a special time in which everyone is invited to educate PC users about Symantec's merciless pummeling of Netizens with ad campaigns passed off as consumer news. As you know, anti-virus companies enjoy a considerable amount of valuable free publicity. They spend a lot on advertising but they'd much rather get mentioned in a news story. Every time a virus appears, anti-virus firms compete to get quoted in print or are called upon to frown on cue for the TV camera. However, Symantec's own ringer press releases mailed to 1,400 media outlets via the PR Newswire aren't quite good enough. Poor Symantec doesn't like this because it means competition with every other company willing to spend $500 for 400 words uploaded to PR Newswire. Why, on a bad day, a reporter might be forced to pick and choose between as many as half-a-dozen quasi-fraudulent press releases, all from different companies! Symantec could get lost in the noise! Symantec salesmen might not get a telephone call! No, Symantec wants reporters to salivate on command for it, just like Pavlov's dogs. To that end, the company has made it even easier for reporters to get their daily dose of propaganda. On February 10th, the company issued a press release for its future press releases under the headline: "Symantec Announces the Opening of the Symantec Antivirus Research Centre (SARC) News Bureau for the Media!" [Note the too hip European English spelling of "Center." It's not just a "Center," it's a "Centre"!] Symantec's outlet will serve as an information center -- some would say a Sales Information Centre -- for the media only . . . Editors and producers will be able to sidestep pesky competitors and contact the SARC _News Bureau_ [our emphasis added] via a special toll-free 1-888 number to obtain information on topical issues such as . . . easy anti-virus protection through Norton AntiVirus products, of course. "We will be able to spread the word," burbled Symantec product manager Alex Haddox in the press release to cover all future press releases. And spread _it_, Symantec certainly does. Without pause. On February 14, Symantec marketroids _again_ spammed journalists, editors and -- by proxy -- most of cyberspace via PR Newswire with a software promotion, this one hung on a stunt pulled by the Chaos Computer Club. Instead of using company resources to research and publish a thoughtful and perhaps even valuable analysis of the Chaos Computer Club's dog-and-pony show using ActiveX controls to allegedly subvert the Quicken checking and banking software package, Symantec merely used the opportunity afforded by momentary bad news to hector users into buying more of its new products. [No mention, either, that Intuit, Quicken's holder, claimed that the CCC stunt wouldn't work on American copies and installations of its software.) ". . . Norton Secret Stuff today announced that [two Symantec software solutions] can protect users against malicious ActiveX or Java applications such as the recently discovered ActiveX control created by the Chaos Computer Club . . . Internet users need to protect themselves with encryption products such as Norton Your Eyes Only. At a minimum, they should get started with a free trial of Norton Secret Stuff," said Bob Pettit, the day's designated Symantec huckster. PC Users are invited to recall that it was just at the end of last year that Netizens voted Symantec a winner in the 1996 Virus Hysteria Awards. Yes, instead of dispelling misinformation and confusion about computer viruses, Symantec was deemed guilty of the just the opposite in 1996 with a March press release describing a new Norton Anti-Virus feature: the ability to detect Java viruses. However, the press release admitted "no current Java virus threats exist." This led some to question how you could test this feature to see if it really worked. Actually, none of this mattered since all that was really important was getting the company's name into more publicity thinly disguised as consumer news. Additionally, computer users are invited to point out a 1996 study (probably _not_ available through the in the "Symantec Antivirus Research Centre (SARC) News Bureau for the Media!") published by the trade publication, Secure Computing, that demonstrated Symantec's Norton Anti-virus was a poor performer when it came to Word Macro virus detection and removal. The ensuing vendor fight over these lousy results became even more embarrassing when competitor McAfee Associates started a war of the press releases, employing the Business NewsWire to tar Symantec. In September, McAfee Associates CEO Bill Larson thundered in a press release delivered over that wire: "Symantec appears to have repeatedly and blatantly [misled] software consumers about the capabilities of Norton AntiVirus . . . Once again, Symantec has tried to fool customers by deliberately exaggerating the capabilities of Norton AntiVirus. We call on Gordon Eubanks, Symantec's CEO, to come clean and own up to - and correct - his company's false and misleading claims." For the sake of continuing Symantec Awareness, users are also invited to reflect on the following: [1]. In 1988, Peter Norton declared in _Insight_ magazine that computer viruses were an "urban myth." "It's like the story of alligators in the sewers of New York," he said. "Everyone knows about them, but no one's ever seen them." Today Peter Norton is still ridiculed for that quote. [2]. And in yet another press release, this one from August 1996, a Symantec marketing agent declared PC users needed the Norton Anti-virus "to fight [today's] more sophisticated polymorphic viruses." As usual, the Symantec marketroid was full of air: Polymorphic computer viruses were old news around 1992 when virus writers like the Dark Avenger and Mark Washburn popularized them in computer security circles with viruses that demonstrated the effect. But in _August 1996_ the company asked users to believe they should protect themselves against this "new" threat. Of course, polymorphic viruses do exist. They have for quite awhile. But lots of different anti-virus software flavors find and eliminate them, or claim to -- not just Symantec. [3]. Another thing you will never read from the "Symantec Antivirus Research Centre (SARC) News Bureau for the Media!": Programmers for the Norton Anti-virus have deserted the company regularly since 1995. A recent loss was to competitor S&S International. Three developers went to McAfee sometime in 1995. One went to Command Software, another to IBM. When Symantec asked what it would take to keep the IBM defector at the company, he replied, "Buy IBM." [4]. In a hot-off-the-presses (February 20) anti-virus scanner test conducted by computer virus researchers at the University of Hamburg in Germany, (not the "Symantec Antivirus Research Centre News Bureau for the Media!") Norton Anti-virus finished _behind_ the competition in a convincingly consistent manner. In the study's top rating, Norton Anti-virus finished _behind_ Solomon's Findvirus, Anti-virus Professional, Alwil's Avast, Sophos Sweep, F-Prot, and McAfee Associates' Scan. Against "in the wild" computer viruses, Norton Anti-virus finished _behind_ Solomon's Findvirus, Anti-virus Professional, F-Prot and McAfee Associates' Scan. In detection against file-infecting viruses, Norton Anti-virus finished _behind_ Solomon's Findvirus, Alwil's Avast, Sophos Sweep, Thunderbyte Antivirus, IBM Antivirus, McAfee Associates' Scan, F-Prot, Norman Data Defense's VC and an obscure Russian program called Dr. Web. In detection of boot-sector infecting viruses, Norton Anti-virus _did not finish_, completely failing mention against better-rated competition. And, finally, in detection of Word macro viruses, the University of Hamburg test showed Norton Anti-virus behind the same competition mentioned previously. And please remember, "'Symantec Awareness Month' ends on April Fool's Day!" ----------- [Users are encouraged to make like their own personal local bureau of the PR Newswire and copy this memo freely throughout cyberspace -- in the interest of Symantec Awareness, of course.] THE NUTTY PROFESSORS: ON THE DANGERS OF RELYING ON 'EXPERTS' [Regular readers of Crypt Newsletter recall last issue's on the academicians who had pulled the FBI's Law Enforcement Bulletin along for a ride down the slippery slope of hoaxes and Internet jokes. On closer examination, the story became even more bizarre than originally reported. Rather than confuse readers by abruptly taking up the piece where Crypt 40 left off, it is presented again -- but with a whole lot of difference.] "One of the hackers, known as 'Brain Dead' said, "getting arrested for hacking is the first significant step in my career goal of becoming a highlid security consultant.' [cite: _Datamation, April 1, 1995_]" -- David L. Carter and Andra Katz, from "Trends and Experiences in Computer-Related Crime: Findings From A National Study" -- A Paper Presented at the Annual Meeting of the ACADEMY OF CRIMINAL JUSTICE SCIENCES, Las Vegas, Nevada,1996 What you're about to read is an interesting and, perhaps, an unintentionally humorous tale of what can happen when inexperience, lack of fact-checking and research interests in Internet computer crime collide. Most wanderers of the Internet are familiar with the running joke concerning computer viruses with names of celebrities, politicians or institutions. The names and satirical content evoke a momentary smile or groan. For example: "Gingrich" randomly converts word processing files into legalese often found in contracts. Victims can combat this virus by typing their names at the bottom of infected files, thereby signing them, as if signing a contract. "Lecture" deliberately formats the hard drive, destroying all data, then scolds the user for not catching it. "Clinton" is designed to infect programs, but it eradicates itself when it cannot decide which program to infect. "SPA" examines programs on the hard disk to determine whether they are properly licensed. If the virus detects illegally copied software, it seizes the computer's modem, automatically dials 911, and asks for help. Rather amusing -- or boring -- depending on how many times you've seen different spins on them. Except Crypt News can't take the credit for making them up. The honor goes to an April Fool's Day issue of Datamation magazine. Normally, that would be the end of the joke but David L. Carter and Andra J. Katz, two professors interested in computer crime, bit down hard on the Datamation article and cited it as a source of real world examples in papers presented to the FBI and The Academy of Criminal Justice Sciences. But I'm getting ahead of the story. All this came to Crypt News' attention when the Federal Bureau of Investigation's Law Enforcement Bulletin, published monthly out of the organization's training academy in Quantico, Virginia, apparently thought they were real, too [Crypt News 40]. Writing in the December issue of the magazine, Carter and Katz, respectively academicians at Michigan State University and Wichita State, cited them as real examples of "insidious" new computer viruses in the magazine's feature article entitled "Computer Crime: An Emerging Challenge for Law Enforcement." The authors seemed to genuinely believe these computer viruses were in circulation, even to the point of citing the "Clinton" joke again in an paragraph attempting to explain the motivations of virus-writing system saboteurs. "Some employees could be motivated to infect a computer with a virus simply for purposes of gamesmanship. In these cases, the employees typically introduce a virus to play with the system without intending to cause permanent damage, as in the case of the 'Clinton' virus." Put in perspective, this was similar to reading a scientific paper on the behavior of elephants and suddenly running across a section that straightforwardly quotes from some elephant jokes as proof of what pachyderms really do when wandering the African veldt. Acutely embarrassed over the mistake, the editor of the Law Enforcement Bulletin did not initially return repeated phone calls from Crypt Newsletter. Andra J. Katz, reached over Christmas, said only that her co-author was responsible for the goofed-up material in question. Her co-author, David L. Carter, in turn cited an indeterminate "British scholarly magazine" as the original fool. (This comes from an editorial written by Margie Wylie of CNET.) Carter never returned a query from Crypt Newsletter. Eventually, Crypt News was able to reach the Bulletin's editor, Kathy Silesky, who placed the blame squarely on the authors of the bulletin's computer crime piece. The "British scholarly magazine" was invoked again as the escape clause. Two anonymous "security experts" had also "verified" the jokes were real viruses for Carter and Katz, said Silesky. [In reality, the jokes came from an April Fool's Day issue of Datamation magazine -- but more about this later.] In a later call, Silesky admitted everyone had been caught with their pants down. When told the originals of the jokes were taken from an April Fool's story, there was a brief silence on the end of the line, then a short laugh. In any case, increasing interest since the Bulletin's mistake was first published in Crypt Newsletter 40 resulted in a hasty edit in which the references to the jokes-as-viruses were simply yanked from the article published on the FBI's World Wide Web site. However, the rewrite remains imperfect, the content still in a twist. Reference to the "Clinton" virus remains in the feature's section on "Virus introduction." And the print run sent to 55,000 subscribers is beyond intervention. Even more bizarre: Katz and Carter were informed their research had been contaminated by joke virus tales almost a year before publication of their essay in Law Enforcement Bulletin! Gene Spafford, A Purdue University faculty member and extremely well-known computer security expert, wrote to Crypt Newsletter after seeing its initial series of articles on the FBI gaffe. "Sometime in early 1996, Carter and Katz issued a press release on their research into computer intrusions," Spafford relates. "I thought the research was interesting, and I contacted Katz via e-mail for more info." Spafford continues, writing that he was "sent . . . a longer press release that contained the same erroneous statements about joke computer viruses that were printed in the FBI newsletter. I tried to call Carter, and ended up talking to Katz. I explained to her that those were not real viruses but jokes. I further explained that they should correct that release immediately or else face ridicule from those who understood viruses." "I never heard from them again." But wait! The truth gets stranger. The joke viruses also appeared in a supposedly scholarly paper presented by Carter and Katz at a meeting of the Academy of Criminal Justice Sciences in Las Vegas, Nevada, sometime during 1996. Crypt News dug up an electronic copy of "Trends and Experiences in Computer-Related Crime: Findings From A National Study" on the Michigan State University Intranet. The FBI's Law Enforcement Bulletin piece appears to be a condensed version of this paper. Located in a directory seemingly devoted to college course readings, it still contains the full text of jokes reprinted by the FBI. Carter and Katz' "Trends and Experiences in Computer Crime: Findings From a National Study" cites a 1995 _April Fool's Day_ article in Datamation magazine as the source for its information on the "SPA," "Clinton," and other computer viruses. The April 1, 1995 issue of Datamation featured a column of ridiculous and humorous stories that were clearly April Fool's jokes. In addition to the virus jokes there is a news brief on the League of Information Systems Professionals or LISP, a "group" working to ensure that "Dilbert" is carried in all local newspapers. LISP is also said to be working for "the reinstatement of the slide rule, especially in belt-mounted leather cases . . ." Also in the Datamation article cited by Carter and Katz in their research paper, the reader finds himself bemused by the tale of computer scientists and anthropologists at the "Moe Fein National Laboratory in Nevermore, Calif." The scientists are testing the "feasibility of monkeys writing computer applications . . . We calculate that if each monkey randomly pounds its computer's keyboard for six to eight hours a day, the entire group will create a word processor . . . within three to four months," is one excerpt from it. "The research is being sponsored by a large New York bank that hopes to cut its in-house development efforts by getting the monkeys to work for peanuts," it concludes. If this isn't sufficiently absurd, consider that Carter and Katz cited Datamation's April Fool's stories _twice_ in their national study on computer crime. In addition to joke viruses, Carter and Katz also write of a government dragnet in which federal agents arrested a dangerously successful hacker gang. "The hackers reportedly broke into a NASA computer responsible for controlling the Hubble telescope and are also known to have re-routed telephone calls from the White House to Marcel Marceau University, a miming institute," write Carter and Katz in "Trends and Experiences in Computer-Related Crime." They even name one of the nefarious hackers involved in this heinous crime: "Brain Dead." Except "Brain Dead" didn't exist. He was a creation of a Datamation writer. "In one episode, the hackers broke into a NASA computer responsible for controlling the Hubble telescope, aimed the telescope at Earth and then proceeded to spy on a nudist colony near Camden, Maine. In another shocking case, the hackers rerouted telephone calls from the White House to Marcel Marceau University, an institution for mimes, based in Inabox, Montana," reports Datamation in the April Fool's Day issue. Not to worry, though. The Datamation spoof reports the hackers were arrested by agent "Slim Steel" during "Operation _Moon_ Angel." Marty Moore at Datamation magazine laughed on recollection of the April 1, 1995 issue. "You mean someone published the . . . 'Marcel Marceau University' in a paper? Oh, n-o-o-o-o!" Datamation still publishes staff written satirical material in its monthly "Over The Edge" column. Moore said there are a number of subscribers who mistake it for reality every issue. The reader may note that academic research appears to be fraught with hidden danger when one lacks an appropriate sense of humor. Notes: 1. To examine the originals mentioned in this piece, surf to Crypt Newsletter's Website on the following URL: http://www.soci.niu.edu/~crypt/other/quant.htm Links in the document take you to the original papers. When surfing to the David Carter page at Michigan State University, use your browser to search for the words "Brain Dead" and "Marcel Marceau." After absorbing this treatise, you might consider e-mailing the professors to warn them their flies remain open in cyberspace. Postscript: A recent issue of The State News, Michigan State University's student newspaper, reports in an article on chasing criminals through cyberspace: David L. Carter is engaged in teaching police how to use the Internet. MARCH 1997 TECHNOQUACK WATCH Golden Pizzle of Information: any authority figure accustomed to being publicized unquestioningly; or, computer experts fond of making dumbly obvious, fraudulent, indecipherable or insane statements which few dare to seriously question. Usage: Assuming the leaden mantle of _Golden Pizzle of Information_, Microsoft's Nathan Myhrvold told a rapt audience that computers would be able to outsmart people in the next decade or two. ------------ Reuters, the international news wire frequently cited by Crypt Newsletter as an example of mainstream info-rubbish, reported Microsoft's Nathan Myhrvold declaiming before credulous masses from within the redoubt of the fiftieth anniversary conference of the Association of Computing Machines. "We're not getting smarter every year. [Computers] are," quacked Myhrvold, as published by Reuters. As proof of the imminent superiority of computers, Myhrvold claimed "Humans take 20 years to boot." LETTERS TO THE EDITOR: ====================== A LONE VOICE OF SANITY CRIES OUT FROM THE MILITARY INDUSTRIAL WILDERNESS Dear Crypt: I am a Department of Defense international law attorney researching legal aspects of information warfare [don't stop reading]. A number of my colleagues and myself are thinking that the whole information warfare thing has been blown out of proportion. The purveyors are saying that we will have to rewrite the entire foundation of international law to accommodate IW. Since this claim struck me as hysterical, I was delighted to find your refreshing newsletter. If you know of any other useful sites, especially the internet address location of the infamous GAO report, I would appreciate a response. Sincerely, A concerned law attorney at DoD [Your gut feeling is correct. Information warfare is many things: the old wine of psy-ops, electronic warfare and network security in new bottles, a hook used to drag moribund careers from the frozen muck of the Cold War, mind-numbing exaggeration, and healthy doses of international paranoia and fear-mongering. Skepticism makes for healthy intellectual armor. Keep your bullshit detector set to "destroy" at all times. The Federation of American Scientists' Cyberstrategy Project is an excellent source of information. The GAO reports, I believe, are also mirrored here (or links to them). http://www.fas.org Computer underground Digest is good, too. http://www.soci.niu.edu/~cudigest Don't forget Virus Myths: http://www.kumite.com/myths DATAMATION BITES ACADEMICS ========================== This isn't the first time, though the incident I remember did *not* involve spoofs, it just involved Datamation's (ahem) casual approach to verifying some of its facts and the declining state of modern scholarship. About a dozen years ago the MIT Press published this book on the history of computing, written by some guy who had been chief somethingorother at IBM France. The book was intended as a serious reference work in computer history. Gordon Bell, an old hand in the computer business (chief engineer of DEC and hip deep in some of their best early work), wrote a truly scathing review that cited one factual blunder after another. The author wrote a rebuttal, most of which consisted of "It's not my fault. I copied the info out of Datamation's 'Twenty Years Ago' column and *they* should have gotten it right. If I ever have to teach a class on doing research, I'm going to use that review and rebuttal as an example. Rick Smith CRYPT FANS WRITE ================ Crypt: We all enjoy the Crypt Newsletter -- just wanted you to know that you have fans in low places. Best regards! Covert -=The Crypt Newsletter welcomes thoughtful mail from readers at crypt@sun.soci.niu.edu. Published letters may be edited for length and clarity or anonymized to protect the naive from themselves.=- REACHING CRYPT NEWSLETTER Send software, books, subscription orders ($10.00/year) to: George Smith Crypt Newsletter 1635 Wagner St. Pasadena, CA 91106 E-mail: crypt@sun.soci.niu.edu or 70743.1711@compuserve.com CRYPT ON COMPUSERVE Crypt Newsletter is now concentrated in two places on Compuserve. GO CRYPTNEWS brings the user to dedicated Crypt Newsletter message and file bases! For example, in addition to the usual issues Crypt maintains copies of electronic documents like the Federation of American Scientists' Secrecy & Government Bulletin and the recent GAO report on hacking incidents at Department of Defense. CRYPT NEWSLETTER WORLD WIDE WEB HOME PAGE You can visit Crypt & The Virus Creation Labs on the World Wide Web, download back issues and sample a chapter from VCL! Set your browser to: URL: http://www.soci.niu.edu/~crypt ---------------------------------------------------------------- What? You've been reading Crypt Newsletter regularly and you haven't purchased a copy of "The Virus Creation Labs"?? Well, what are you waiting for? A gold-plated personal invitation? What people are saying about THE VIRUS CREATION LABS: "Crypt Newsletter editor George C. Smith's entire book exposes an insane world where everybody claws at each others' throats -- and where even the virus writers have marketing departments. 172 pages written with an utterly cynical sense of humor . . . This book gets my highest recommendation. Required reading for anybody who claims the sky is falling in the computer world." ---Rob Rosenberger, Computer Virus Myths, October 1996 "I couldn't stop reading it . . . As hype continues to build about security on the Internet and movies like _Hackers_ ooze the real hackers into the mainstream arena, this book is definite apropos material for the time. Read it! A+" ---The Net magazine, February 1996 "[VIRUS CREATION LABS] is informative and stunningly incisive . . . " ---Secure Computing, October 1995 "George Smith . . . takes a look at the world of virus writers and anti-virus software vendors in a style similar to that of 'Cyberpunks' -- anecdotal, humorous and revealing . . . a lucid and entertaining read." ---Computer Security Journal "There are relatively few books on the 'computer underground' that provide richly descriptive commentary and analysis of personalities and culture that simultaneously grab the reader with entertaining prose. Among the classics are Cliff Stoll's 'The Cuckoo's Egg,' Katie Hafner and John Markoff's 'Cyberpunk,' and Bruce Sterling's 'The Hacker Crackdown.' Add George Smith's 'The Virus Creation Labs' to the list . . . 'Virus Creation Labs' is about viruses as M*A*S*H is about war!" ---Jim Thomas, Computer underground Digest 7.18, March 5, 1995 "THE VIRUS CREATION LABS dives into the hoopla of the Michelangelo media blitz and moves on to become an engaging, articulate, wildly angry diatribe on the world of computer virus writers . . . Expert reporting." ---McClatchy NewsWire -------------------------order form------------------------- Yes, I want my wig flipped and wish to receive a copy of George Smith's "The Virus Creation Labs: A Journey Into the Underground" (American Eagle, ISBN 0-929408-09-8). Price: $12.95/copy plus $2.50 shipping per book (add $7.50 overseas) NAME: _____________________________________________ ADDRESS: __________________________________________ CITY/STATE/ZIP: __________________________________ Payment method: ___ Master Charge ___ Money Order ___ Check ___ Visa Credit Card # ___________________________________________ Expiration date _________________________________________ Name: ____________________________ Orders can be taken by voice or fax through regular phone number and/or 1-800 number in USA. COD welcome. American Eagle: 1-800-719-4957 1-520-367-1621 POB 1507 Show Low, AZ 85901 ACKNOWLEDGMENTS =============== Rob Rosenberger, editor/webmaster of Virus Myths. Visit -- http://www.kumite.com/myths for a savage read. Alan Dunkin of On-Line Game Review for useful press releases. ------------------------------------------------------------- George Smith, Ph.D., edits the Crypt Newsletter from Pasadena, CA. copyright 1997 Crypt Newsletter. All rights reserved.