Interesting People mailing list archives
"Misunderstanding" a CERT advisory -- Europe reports
From: David Farber <farber () central cis upenn edu>
Date: Tue, 8 Feb 1994 16:11:11 -0500
Date: Mon, 7 Feb 1994 16:37:14 +0100 From: Klaus Brunnstein <brunnstein () rz informatik uni-hamburg d400 de> Subject: "Misunderstanding" a CERT advisory Waves went high in some German media on Friday, Feb.5 1994, when news from Philadelphia (via CMU-SEI's press release) and Washington's Post was mediated by some European news agencies. Germany's 2nd TV channel (ZDF) informed the surprised public that *hackers had succeeded to invade a secure network which had been installed in times of Cold War to protect US Armed Forces even in the case of a Nuclear War*. As several 10,000 passwords had been hacked, now more than 20 million users have to change their password. Regional and private TV and radio stations followed on Saturday, though only few newspapers took this up on Monday. Nothing of this (mis)information was in the CERT advisory distributed on Febrary 3, where users of some UNIX systems (esp. SunOS with /dev/nit) were informed that it might be wise to take precautionary action against a potential sniffer attack. Now, 3 days later, responsible journalists inform us that there were *2 agency reports*, one delivered by German press agency (dpa) which was rather serious and non-speculative, and another one from Agency France Press (AFP) which ZDF based it's report upon (as it was the more "interesting one :-). Here is this in-famous text (translation by messenger): "Washington, February 5 (AFP) - Computer pirates have cracked the largest computer network in the world. Totally 20 million users on 'Internet' should receive new passwords, told the emergency committee installed by US ministry of defence. Internet is used by universities, government agencies, enterprises and private persons. The network was established in times of the Cold War to serve US Armed Forces also in case of Atomic War as 'invulnerable' information network. The hackers, so far unidenti- fied, succeeded according to the emergency committee to read data from ten thousands of systems on 'Internet'. They succeeded by using a program named 'Trojan Horse' which allows legal access to Internet central com- puter but then does not go any further." Apart from the many wrong or misunderstood facts in this news, the reaction of some experts was interesting. German Information Agency (GISA) said: "Old stuff, no reason panic!" Another expert said: "CERT is in actual fight for money from US administration, they needed some public attention!" General comments were: "Blind actionism of US' CERT!" Somehow, the media uproar reminds of the Michelangelo case where cautious warnings of experts (infection at most small percentage of PCs) were publicly raised *up to 50 mio infected PC systems* by badly informed journalists. No expert can ever exclude that her/his warnings are always correctly under- stood, but in this case, the serious question is: With so many unknown parameters (how many different sniffer trojans existed? How many nodes were affected? For what purposes were the sniffers used? etc): why issued CERT/CC a press release (which it very rarely did so far), in addition to its advisory? Unfortunately, this unjustified media hysteria will fall back, as in previous cases, on those who work hard for improving security and safety of systems and networks:-) This is why the background must be carefully analysed. Klaus Brunnstein (Feb.7,1994)
Current thread:
- "Misunderstanding" a CERT advisory -- Europe reports David Farber (Feb 08)