Expose the US virus war machine (more)

Posted in Cyberterrorism, Virus Creation Labs at 2:41 pm by George Smith

You can count there being no end to the hypocrisy of the US national security complex, “the self-licking ice cream cone.”

It looks in the mirror, sees its own menacing face, grins and runs screaming that it’s seen someone else preparing to attack.

So now we have the news of the US virus war program being used to justify the argument that others, Iran included, are readying cyberattacks on us. Digital 9/11s.

It takes a special kind of low and shady character to do this so smoothly. And a special lousy mainstream press not to point it out.

One example, from The Hill:

The revelation that the United States used a computer virus to damage Iranian nuclear facilities has added urgency to a push in Congress for cybersecurity legislation.

Top administration officials, such as National Security Agency Director Keith Alexander and Homeland Security Secretary Janet Napolitano, have long argued that the nation is at risk of suffering a devastating cyber attack …

Paul Wolfowitz, a former Deputy Secretary of Defense under President Bush, said he hopes the news of the attack would “put some added urgency” on Congress to pass cybersecurity legislation.

“Maybe it will raise awareness,” Wolfowitz said. “I hope we don’t have to wait for the cyber-equivalent of 9/11 before people realize that we’re vulnerable …”

“I hope the urgency with which we must treat cybersecurity issues is becoming clear to policymakers,” Rep. Jim Langevin (D-R.I.) said. “Putting aside the anonymous sources in that story, we know that foreign adversaries are developing capabilities to harm us and our interests in cyberspace. We must be proactive in strengthening our cyber defenses now, before a major attack, and this requires comprehensive cybersecurity legislation.”

Yes, it takes mucho gall to twist the American virus war against Iran around until it’s a convenience for claims that others are about to launch “devastating” attacks and that we should immediately beef up cybersecurity.

It’s so rotten to the core the eyes water just scanning it.

As for Paul Wolfowitz, he’s certainly a man for the job. Everyone will remember (although the Hill chooses not to recover the ground) he was one of the disgraced architects of the pre-emptive war to find the non-existent WMDs in Iraq. His name, as it turns out, is not to difficult to find associated with the praiseworthy description — “war criminal” — through Google.

“He is a bad man,” said one e-mail to yours truly today.


[Adam Segal], a fellow at the Council on Foreign Relations, said the attack may actually undermine the moral authority of the U.S. government.

“If the U.S. is trying to get the owners of critical infrastructure to agree to certain standards for security, and it turns out we’re creating the malware to attack it, it becomes slightly more difficult,” he said.

Slightly more difficult is a bit of an understatement. The situation is untenable and I’ll explain why.

Our national malware writers have created an environment where the
objective is to discover and keep secret security vulnerabilities so that they may be exploited in ongoing and future attacks. This is anathema to the international computer security model which spends considerable time and money researching and finding holes so they can be patched.

You can’t have both operations existing side by side. It’s indefensible and a conflict of interest. However, arms manufacturing companies have no problems with such things. They will only be too happy to provide defense and offense at the same time, with one operation discovering flaws and keeping them secret and another operation, allegedly, doing the opposite.

But, internationally, how can you trust such a business? You can’t.

The anti-virus companies know this. So do most computer security companies, I would think. In fact, at the beginning of the a-v industry, and I’ve written about this, there was always a suspicion among a hard core of conspiracy minded people that the anti-virus industry wrote viruses to help grease its business. It did not although one minor company did hire the hacker who wrote the virus that knocked the US Secret Service’s network off-line in 1993 to write cures for his viruses.

And I’ll get to this, as an addendum, in a little bit.

This defines the problem with writing viruses for the military.

The US academy has been charged with training people in computer security and it is these programs which will furnish graduating students, some of whom may be hired by arms manufacturers/contractors to write malware. In fact, they have probably already trained people presently working in the US virus war program.

In such cases the computer security academics will be put in the same hard position as anti-virus companies. Some of them will know they have readied people who are producing state-sponsored malware.

Maybe some will be OK with it. But some will find it ethically troubling just as many scientists don’t want money from DARPA because they believe it will largely result in things that make the world a worse place.

In other words, the US has created an untenable situation for itself. It has cultivated a poison tree and wants everyone else to trust the fruit.

Once again, we are shamed by the national security infrastructure and our leadership for reasons of short term, short-sighted, often just plain venal business gain.

This is hardly new. Unfortunately it’s been the on the record of standard behavior for the last dozen years, at least.

And now to addendum from The Virus Creations Labs.

After Priest wrote a virus that knocked the US Secret Service’s network off-line in 1992 he was hired by a minor anti-virus firm.

Here it is, excerpted.

From A Priest Deploys His Satanic Minions

Programming the Satan Bug computer virus in 1992 had turned out to be richly rewarding for Priest. Not only had it made him immediately recognized in the computer underground, he was also feared in the trenches of corporate America to the point where the Secret Service had felt compelled to intervene.

But the most interesting fallout from the Secret Service visit was a job offer from a small anti-virus company called Norman Data Defense Systems, said Priest. A director at the company wanted the virus programmer to come to work for them, starting in the summer of 1994, after the hacker finished high school.

Priest said they were interested in his opinion about the use of virus code in anti-virus software. Such code wasn’t copyrighted, so it was fair game.

Priest thought this was a bad idea. Too much virus code, in his opinion, was crappy anyway, so why would anyone want to use it? But Priest said he would think about the job offer.

By May 1994, a different Priest virus called Natas — that’s Satan spelled backwards, haw-haw — had cropped up in Mexico City, where, according to one anti-virus software developer, it had been spread by a consultant providing anti-virus software services. Through ignorance and incompetence, the consultant had gotten Natas attached to a copy of the anti-virus software he was using, sort of like some scrap of dog dirt you have neglected to scrape from your shoe.

However, like most of Priest’s viruses, Natas was a bit more than most software could handle. The software detected Natas in programs but not on itself or another critical area of the machine where the virus also took up shop. The result was tragicomic.

The consultant would search computers for viruses.

The software would find Natas!

Golly, the consultant would think, “Natas is here! I better check other computers, too.”

And so, the consultant would take his Natas-infected software to other computers where, quite naturally, it would also detect Natas as it spread it around and could not remove it fully from new, formerly uninfected computers!

Natas had come to Mexico from Southern California. The consultant frequented a computer underground bulletin board system in Santa Clarita which stocked Natas. He had downloaded the virus, perhaps not fully understood what he was dealing with, and a month or so later uploaded a desperate plea for help with Priest’s out-of-control program. You could tell from the date on the electronic cry for help — May 1994 — when Natas began being a real problem for him in Mexico.

Back in San Diego, Priest was still being interviewed on the telephone by people from Norman anti-virus. They were concerned that Priest might leak proprietary secrets to competitors after hiring so it was a must he be absolutely sure of the seriousness of his potential employment.

By the end of the interview, Priest thought he didn’t have much of a chance at the job, but by July he’d accepted an offer and moved to Fairfax to begin working for them. Paradoxically, this was the same company that had removed Priest’s Satan Bug virus from the US Secret Service’s crippled network.

But what was Priest working on at the anti-virus company?

“A cure for Natas,” he laughed softly one afternoon in late July, 1994, in telephone interview from the company office. Looking over the virus once more, Priest sardonically concluded that his disinfector made it clear the hacker had made Natas a little too easy to remove from infected systems.

By the end of the summer things were ending badly. Another manager at the anti-virus company, unsurprisingly, didn’t like the idea of the hacker working for the company, Priest said. And when management representatives arrived from the parent corporation in Norway on an inspection tour and were appraised of Priest’s status at a meeting, the hacker heard, they were also not warmed upon learning a virus writer was on staff. Officially, said Priest, there was no reaction, but in reality, the hacker felt, the atmosphere was deeply strained.

Jack Lewis, one of the Secret Service agents who had interviewed the hacker after learning he was the author of the virus that had knocked over the agency’s network, had contacted the anti-virus company to set up a luncheon date with the hacker to discuss more technical issues, Priest said.

However, the luncheon eventually fell through. The Secret Service, said Priest, thought it might be construed as a conflict of interest. Unknown to him at the time, the agency had also started spying on his comings-and-goings in Fairfax.

The entire business relationship of a famous virus writer at an anti-virus company proved totally unworkable. Paranoia escalated, trust was impossible. Priest was a hot potato. He was eventually let go.

Comments are closed.