Reliable Security Information


An old cyberwar April Fool's joke proves durable, finds new rubes

In the mainstream public discussion about cyberwar, bull---- walks, particularly here. And so it is not greatly surprising when an infamous old April Fool's joke about a computer virus alleged to have been used in Desert Storm shows up almost right on time for the annual prank fest. At over twenty years old, that's durability.



Voice of America has opened up a new blog called Digital Frontiers.


Reads the banner: "This is the first of a series of Digital Frontiers features, exploring how international tensions translate to the online world."


That's nice.


VOA journalist Doug Bernard, writing from Washington, DC, in the first post from Digital Frontiers, leads with:


"On January 17th, 1991, as the 34-nation coalition of Operation Desert Storm prepared for its first aerial bombardment of targets in Iraq, the U.S. military sprung a surprise.


"Iraqi radar screens suddenly blinked and went dark, momentarily blinding Saddam Hussein's military. The 'Kari' radar control system had been infected with a computer virus, planted and controlled by the Pentagon. 'It was a French system,' notes intelligence historian Matthew Aid of the Iraqi radar control. 'They gave us the schematics and we found a way to insert some buggies into their system as the first wave of American bombers streaked toward Baghdad.'


"It worked brilliantly. Iraq's defenses were paralyzed, allied bombers faced no serious opposition, and the U.S. became the first-ever nation to launch a documented cyber-attack."


In a post entitled, "The Coming Cyberwar with Iran?" the piece goes on to muse about what is and what is not real about cyberwar.


Yes, there is some irony in the hard stone that the very first example of a real cyberattack used is a now notorious joke in computer security circles.


Now, to save on the heavy lifting, I'll just repost the rundown on it, publsihed at Symantec's SecurityFocus website (and syndicated to the Register), back in 2003:


[Over the years], many have been enthralled by the Gulf War virus' siren call, almost all in efforts to hold up some proof of the magical power of information warfare.


A creepy enthusiasm for tales of weird weapons rises as war approaches ... In this environment, where everyone charges full speed ahead for the hot scoop or astonishing apocrypha, even the oldest hoaxes can return for one more bow.


In a February piece for the Memphis Commercial Appeal, a retired air force man mused on the subject of information warfare and how it might be used to strike Iraq down. Dabbling in a little history, the author recounted how in Gulf War I the U.S. drew up plans to take down an Iraqi anti-aircraft system with "specially designed computer viruses [to] infect the system from within. Agents inserted the virus in a printer shipped to an Iraqi air defense site."


[In another embellished version] Special Forces men were also said to have infiltrated Iraq, where they dug up a fiber-optic cable and jammed a computer virus into it. "It remained dormant until the opening moments of the air war, when it went active..." wrote the columnist. Iraq's air defense system was vanquished.


Frankly, this is a great story. It's amusing to remember how it kicked up a storm in 1991 after its initial appearance as an April Fool's joke in Infoworld magazine.


The gag asserted the National Security Agency had developed the computer virus to disable Iraqi air defense computers by eating windows -- "gobbling them at the edges..." The virus, called AF/91, was smuggled into Iraq through Jordan, hidden in a chip in a printer -- the latter being a distinguishing feature of many subsequent appearances of the hoax.


Chat board gossip on it echoed for days, not only from people who thought the joke quite funny, but also those who missed the original citation and engaged in laborious discussion on the imagined technology of the virus.


Inevitably, a large media organization got wind of the story and pounced without bothering to track down the tale's provenance.


U.S. News & World Report published news of the Gulf War virus in its coverage of the war, a narrative that also found its way into "Triumph Without Victory," the magazine's subsequent book on Desert Storm.


The Gulf War virus, wrote U.S. News, attacked Saddam's defenses by "devouring windows" Iraqi defenders used to check on aspects of their air defense system. "Each time a technician opened a window ... the window would disappear and the information would vanish." The virus was "smuggled to Baghdad through Amman, Jordan" in chips inside a printer.


From there, the bogus story was reported by the Associated Press, CNN, ABC Nightline, and newspapers across the country.


When queried about the tale's uncanny resemblance to the Infoworld joke, Brian Duffy, the primary author of the U.S. News article (and now executive editor of the magazine) stubbornly defended his sources -- "senior officials" all. In a follow-up Associated Press article outlining the imbroglio, Duffy maintained he had "no doubt" that U.S. intelligence agents had carried out the Gulf War virus attack, but admitted similarities to the Infoworld joke were "obviously troubling." Duffy's sources, were, of course, anonymous.


Many have been enthralled by the Gulf War virus' siren call through the decade, almost all in efforts to hold up some proof of the magical power of information warfare.


In the March 1999 issue of Popular Mechanics magazine, in a piece on cyberwar, the publication wrote: "In the days following the Gulf War, stories circulated that [cyber] weapons had been unleashed on the Iraqi air defense system." The nefarious printers were again used containing "chips [with] programs designed to infect and disrupt..."


A Hudson Institute analyst peddling a paper on Russian thoughts on cyberwar fell for it and when confronted aggressively argued that it was true because, well, just because.


Other appearances include an allegedly seminal book on computer combat entitled "The Next World War." In this instance, the miraculous Gulf War virus failed to do its job because the U.S. Air Force accidentally bombed the building where Iraq stored the virus-laden printers. The author went on to found an infosecurity firm known for its publicity-happy hyperbolic proclamations on cyberwar. [The firm eventually declared bankruptcy.]


Why was [or has been] the hoax so successful?


The easy answer is to simply call everyone who falls for the joke a momentary idiot. But the Gulf War virus plays to a uniquely American trait: a child-like belief in gadgets and technology and the people who make them as answers to everything. Secret National Security Agency computer scientists made viruses that hobbled Saddam's anti-air defense without firing a shot! Or maybe it didn't work but it sure was a good plan!


In this respect, the joke is ageless. People are just as able to nebulously theorize about the tech of it and its implications in 2003 [and now in 2012] as they were in 1991. Will an updated version of the nonexistent AF/91 virus be used against unwired Iraq? Stay tuned... April 1st is less than a month away.


Now over two decades old, you can still find uninformed US military men who've read about the alleged thing in some "authoritative" source that passed it on years ago, now passing it on again with their own extra dollop of enthusiasm.


In the same way myths and apocryphal stories pick up additional dander over time: "They gave us the schematics and we found a way to insert some buggies into their system as the first wave of American bombers streaked toward Baghdad."


Thrilling!


"The term cyberwar is really just a marketing gimmick," says the same man, who is peddling a book "considered the definitive history of the super-secret National Security Agency, or NSA."


Well, they all get an "E" for effort.


This material was syndicated from Dick Destiny blog.

 
Subscribe to SitRep:
GlobalSecurity.org SitRep RSS Feed GlobalSecurity.org SitRep ATOM Feed