04.22.10
Cult of Cyberwar: McAfee surpasses North Korea as cyberattack power
Yesterday McAfee issued an anti-virus update that rung up a false positive on the Windows XP operating system core file, svchost.exe.
When DD read it, he laughed.
(If your PC skills are a little duff, to understand why this was bad funny, open the Task Manager — instructions here. Scroll down and you’ll see a number of svchost.exe processes. Imagine if an anti-virus program suddenly took them all away. Big oof!)
It’s nearly the biggest mistake you can make as an anti-virus software developer. And in one fell swoop, it bricked machines nationwide, allowing McAfee to easily surpass North Korea as a cyberpower to be feared.
Why North Korea?
Because Richard Clarke was on the Maddow show last night, dispensing his usual shtick on cyberwar. And Maddow was drinking it all in, captivated by the idea of North Korea as a serious cyberthreat to the US because, infrastructurally, it is so poor and primitive.
Why, all those wily North Koreans have to do is rent a hotel room in China and launch a cyberattack on the US on the 4th of July against government websites hardly anyone visits!
That’s the argument.
USA Today, in reporting on the consequences of the McAfee false positive:
News reports and Twitter chatter suggest thousands of Windows PCs in large organizations around the globe were thrown into fits of rebooting yesterday after antivirus giant McAfee distributed a routine update carrying an egregious error.
Now each one of those computers will have to be manually cleaned. Affected organizations can expect to expend a minimum of 30 minutes of manual labor per PC to get each one back into working order, says Steve Shillingford, CEO of tech forensics firm Solera Networks.
“There’s no way to automate the process,” says Amrit Williams, CTO of security management system company Big Fix. “It will take however long it takes to touch each single machine. The companies affected by this could be dealing with this for days or weeks.”
—-
Solera Networks, a supplier of network forensics technology, says it helped one large U.S. multi-national company quickly determine that the poisonous update from McAfee threw 50,000 of its PCs into a rebooting frenzy. McAfee advised the company that “remediation time is estimated to be 30 minutes per user, ” says Solera CEO Shillingford.
“Estimating $100 per hour, this organization’s lost time alone can be conservatively estimated to cost more than $2.5 million,” says Shillingford. “And that does not factor in lost productivity while users are down.”
Security experts say false positives are impossible to completely eliminate …
Incidentally, here’s a McAfee press release from last year warning about cyberwar, authored by Paul Kurtz, one of Richard Clarke’s lieutenants. Good Harbor, Clarke’s company, was commissioned to write it.
McAfee Inc. Warns of Countries Arming for Cyberwarfare
The United States, Israel, France, China and Russia are Cyberarmed; Critical Infrastructure is at Risk, According to McAfee’s Fifth Annual Virtual Criminology Report
—-
Former White House advisor Paul Kurtz compiled the report on McAfee’s behalf.
The report for the first time provides a model to define cyberwar, identifies the countries involved in developing cyberoffenses and cyberdefenses, dissects examples of politically-motivated cyberattacks and reveals how the private sector will get caught in the crossfire. Government disclosure is also a major issue, as cyber initiatives and information are often classified by the government, hindering cybercrime defense in the public and private sector.
Experts call for a clear definition and an open debate on cyberwarfare. Without an open discussion among the government, private sector and the public, future cyberattacks targeting critical infrastructure could be devastating.
——
Private Sector is the Most at Risk – Critical infrastructure is privately-owned in many developed countries, making it a huge target for cyberwarfare. The private sector relies heavily on the government to prevent cyberattacks. If virtual shooting starts, governments, corporations and private citizens may get caught in the crossfire. Without insight into the government’s cyberdefense strategy, the private sector is not able to be proactive and take the proper precautions. Experts call for a public discussion on cyberwarfare, bringing it out of the shadows.
Et tu, McAfee?
Only kiddin’.
A comment on McAfee’s cyberwar report from last year.
CyberHoaxes « From Pine View Farm said,
April 23, 2010 at 8:50 am
[...] It’s akin to your older relatives who, in the early days of electricity, feared that current could somehow leak from an outlet that had no plug in it. As George Smith points out, Why, all those wily North Koreans have to do is rent a hotel room in China and launch a cyberattack … [...]
Peter said,
April 24, 2010 at 4:26 am
One thing everybody seems to be missing :
This proves MacAffee doesn’t test their signatures before releasing them
on the defenceless users ..
Mike Sorbal said,
May 22, 2010 at 3:26 am
This is why we here at USAToday use Linux with minimal protections from ClamAV…
Kenneth MacMillan said,
May 22, 2010 at 3:29 am
Mike,
That is why USAToday will fail abruptly, real news sources rely on the stability, reliability, and simplicity of Microsoft products.