Slashdot Mirror
Microsoft Calls Viruses "Industrial Terrorism"
evenprime writes: "John Ashcroft wants congress to
declare computer crimes to be terrorism, and now
it looks like microsoft is trying to jump on the
bandwagon. In a recent column discussing microsoft's
new
STPP security program, microsoft's Michael Lane
Thomas stated that destructive viruses should be recognized
as acts of 'industrial terrorism.' Sounds like microsoft's
future security plans may depend more on legislation than
on code audits."
If you call it a virus, then you have to deal with it yourself. Microsoft has repeatedly shown an inability to handle such things. If you call it terrorism, it's the government's responsibility.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
If that is the case, then Microsoft's total lack of security, and lack of timely response to reported security holes should be regarded as "harboring a terrorist".
If we're going to make virus' a terrorist crime, then we need to follow through all the way.
-This sig intentionally left blank
I found it interesting that nimda was released a week, almost to the minute, after the WTC attacks. Certainly if I were a cyber terrorist I'd launch something like nimda or code red that gave me a list of compromisable systems. I'm surprised that the people who launched the attacks on CNN didn't get hit with terrorism charges. This'd be a very good time for the skript kiddiez to lay low. How do you tell the difference between and idiot script kiddie and a cyber-terrorist?
Best Slashdot Co
[...] destructive viruses should be recognized as acts of 'industrial terrorism.'
And MicroSoft is harboring them? Time for retaliation, I say...
...if i leave my back door unlocked and hanging wide open, and somebody robs me blind while i sit by and watch them do it, am i a victim of terrorism? Fuck no. Am i a victim of my own poor judgement and stupid decisions? Absolutely. So where does Gates and Co. get off calling this terrorism when they basically invite hackers to do their worst?
Sounds like another desperate attempt at grabbing some public sympathy during a time of crisis. Pity that Microsoft's million-dollar PR department couldn't come up with something better.
So now, in addition to "industrial espionage" (which has somehow entered the common lexicon), we will have "industrial terrorism?" What's next? Industrial Treason? Industrial Murder? Disturbing the Industrial Peace?
Schwab
Editor, A1-AAA AmeriCaptions
Early afternoon. Your 20+ IIS boxen automatically get the newest hot fix..and all reboot at the same time!
Not that would be anything out of the ordinary...
"History doesn't repeat itself, but it does rhyme." Mark Twain
Patriot ACT, USA ACT, ATA:
I know everyone has read and knows something about these bills, but here is a break down of what they mean in terms of things like computer crime and vandalism...
(a) Our Constitution gaurantees "due process" to all PERSONS, not all CITIZENS, meaning that immigrants may also enjoy these rights. However, under these acts, immigrants can be held on suspiscion of potential crime (ridiculous!). The Senate Bill allows for indefinite jail time without due process...
(b) These new laws broaden the definition of Terrorism to include things that include vandilism, computer crime, and (un)civil disobedience. There already exist laws that broadly define terrorism, and flying planes into buildings filled with thousands of innocent people meets those requirements. Marching in a demonstration is not terrorism, throwing a brick through a starbucks window is vandalism and property damage not terrorism, and hacking a website is not terrorism, (it is vandalism!). Also, under terrorism laws, people who harbor terrorists, or give terrorists advice can also be tried as terrorists! If you stay on my couch and then throw a brick at starbucks the next day, I am a terrorist. If I post a security weakness in Microsoft web servers on my website to warn people, and some kid uses the info to hack into someone's site, I am a terrorist!
(c) The laws give the FBI new powers to wiretap and read emails without a warrant. They can also read e-mails and URLS. If I want to read news about Bombs and Terrorists on google, and I type in "Bombs" and "Terrorists" into the field, that is all the FBI needs to suspect me of crime and set up a phone tap or a Carnivore search on me. The FBI is supposed to only be able to know where an email comes from and where it is going. They are supposed to only read the "To:" and "From:" fields of the e-mails, but how can you look at the header of an e-mail and not happen to glance at the "Subject:" line? Basically, that is what is happening in these laws and with Carnivore. ISP's have to install it on their servers. It is like a black box, no one can monitor what the FBI is doing or reading!
THESE LAWS ARE UNECESSARY FOR COMBATING TERRORISM! CURRENT LAWS ARE SUFFICIENT! WHY IS THE FBI, CIA, AND JUSTICE DEPARTMENT DOING THIS?
Resources:
DEAR RECEIVER,
You have just received a Taliban virus. Since we are not so
technologically advanced in Afghanistan, this is a MANUAL virus.
Please delete all the files on your hard disk yourself and send this
mail to everyone you know.
Thank you very much for helping me.
Abdulla
Talibanian hacker
Oh yeah, piss Bill Gates off and get more boxes to DOS yahoo with. Damn silly of me not to see this political movement. I wonder do they have a PAC (political action comity) yet?
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
But at a time when the word terrorism has an exceptionally heavy load of connotations and emotional overtones, when our government has declared a formal war on its existence, it is irresponsible in typical, egomaniacal Microsoft fashion to choose that term to describe a kind of mischief (and I'm sorry but all the recent worms and virii are mere mischief compared to, oh, I don't know, say crashing a plane into a building full of people) that it is universally recognized they and their customers make themselves unecessarily vulnerable to.
It Is the Nature of Information to Transgress Artificial Boundaries
Teenage script kiddie finds gaping hole in Outlook. SK writes virus to exploit it. Microsoft blames the government for not stopping it.
Microsoft is starting to get scared of this "System Admin or Microsoft?" blame game so they figure if they add the Government into it, there's only a 1 in 3 chance that they're liable. They just need another way to avoid the accusations that their software is insecure. The next Nimda/Code Red/Melissa/whatever attack Microsoft can sit back and yell at the government for not stopping it, rather than take the responsibility of patching their software.
There is no reasonable defense against an idiot with an agenda
:wq
You're going to leave it up to the *politicians* to discriminate between white hat and black hat, good and bad viruses? Thanks but no thanks, I'd rather have no legislation at all, and us techies can sort it out. Once you let politicians into the mix, all of a sudden campaign donators are the ones consistently making "good" viruses, while political enemies are the ones making "bad" viruses.
It's 10 PM. Do you know if you're un-American?
I would say that some viruses ARE terrorism. What about the big ol' DDoS we had a year or so ago? It was a smallish group targetting a list of victims for political means. Sounds like terrorism to me.
And can we really blame the architects of the WTC for not making the building plane-proof? No, I think they performed "reasonably" well.
So, hypothetically, if a software company took reasonable precautions and had a good record concerning quality and THEN had their software hit by a non-obvious virus I have no problem with the label of terrorism or the use of legislation.
What'd be really sweet is to turn this back on Microsoft. Get the congress-critters to define "reasonable precautions" and "non-obvious virus" and then only afford protection to MS if they clean up their act (i.e. fix Outlook, IIS and the macro system at the very least).
324006
No, there really isn't much that makes sense about this. You think virus writers should face prison time? Guess what, they already do, at least in the U.S. (and if they use them to infect a machine-- if they simply write one and don't release it into the wild, they certainly should NOT be prosecuted). We already have plenty of laws to land computer criminals in jail, and many have already been convicted and are currently serving time.
/. story isn't about some bill that would make virus writing a crime. At the risk of being on topic, I'll point out that the story is actually about MS taking advantage of the terrorism scare to make releasing a virus disproportionately penalized. There is additional leeway provided to law enforcement when dealing with things classified as terrorism, and the minimum penalties on conviction go way up. Some stupid script kiddie who accidentally writes and runs something on his own box, which then gets into the wild, could face life in prison if this trend continues.
The
Finally, I'd like to point out this statement by Thomas:
"As long as the spirit of innovation is preserved and destructive viruses are recognized as industrial terrorism, Microsoft will continue to provide revolutionary ideas.". That's the best case I've seen against this idea so far! I think he's saying that if destructive viruses aren't recognized as industrial terrorism, MS will stop making products. If anything can rouse the geeks to action, this has to be it.
Michael Lane Thomas write in his article:
Give me a break. The implication that IIS is a jet plane while Apache is a bus is just a little over the top. How about a better analogy: ABC Airlines and XYZ Airlines each have their own security philosophies and implementations (not true, but the airline industry isn't exactly like the web server market, after all). Terrorists analyzed and subverted ABC's security methods, but were unable to subvert XYZ's. Gartner recommends fliers switch to XYZ until ABC gets its act together.
Is this a victory for terrorists?
--
What do you mean they cut the power? How can they cut the power, man? They're animals!
Yes, Virii writers and script kiddies should be punished, but "Terrorists"??
New virus comes out. You know it can happen to you. Do you fear for your life so as not to turn on the computer????
Terrorism is starting to become a buzzword, but it is a state of combat (a step below guerilla warfare) where you have the finances and a small group of men to do some small damages, but not enough to do "hit and run tactics" (guerilla warfare).
How about using another word and lay off the terrorism?
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
All cynicism aside (okay, about half of it), I think this is one of the funniest MS articles ever. This reads like it's straight out of the Onion. First, here's a bit where IIS is compared to Christianity:
.NET will continue to be provided to the consumer, one innovative step at a time.".
"Just like the ideologies and religions of the world or the political parties of a given country, the technical innovations promoted by competing software companies will always be at odds because they embody the ideas of individuals.".
Even better, however, is the part where he tells you that if you stop using MS software, the terrorists have won:
"Following Gartner's recommendation to seek alternatives to IIS only accomplishes what the industrial terrorists want.".
Finally, though, I especially like the part where he threatens that MS might (Bill forbid) stop making software. Wow, I just don't know what we'd do without a new version of Word! Here's the threat-- if we don't classify this as industrial terrorism, MS might not charge you that yearly subscription fee:
"But as long as the spirit of innovation is preserved and the implementation of destructive viruses is recognized as the industrial terrorism that it is, then revolutionary ideas like
One innovative step at a time, indeed-- one more step, and he'll be writing for the Brunching Shuttlecocks.
Consider these two scenarios:
1) Your wife and son are sitting in front of a cafe having lunch. You head to an ATM to get some cash to pay for lunch. A car bomb blows up in front of the cafe killing your wife and son.
2) Your wife and son are sitting in front of a cafe having lunch. You head to an ATM to get some cash to pay for lunch. A hacker has somehow managed to steal all of the money from your checking account.
Only one of these scenarios inspires terror. Legislators and business persons need to maintain a sense of perspective here. Hacking does not by itself terrify.
It is honestly shameful that corporations are playing off the fears of the public brought on by 9/11 to promote their own political agendas. By equating hacking with terrorism, they belittle the event.
Lets remind ourselves what the word actually means. Merriam Webster defines it as the systematic use of terror especially as a means of coercion , and the pertinent definition of terror it gives is violence (as bombing) committed by groups in order to intimidate a population or government into granting their demands [insurrection and revolutionary terror]
Computer viruses are of course nowhere near this. But since there will now be special rules for "terrorism", it is not surprising to see everyone scrambling to get classified as a terrorist victim. We've seen it before with people trying to get classified as disaster victims, minority members, or any other form of state sanctioned victimhood. It's just how people are.
The pressure will be to get every form of non trivial crime defined as terrorism, and morally equal to killing 7000 people with hijacked airplanes.
Instead of posting virulently on Slashdot, did anyone email the author(mlthomas@microsoft.com) of the "Industrial terrorism" article?
This is probably the most tasteless attempt to use the September 11th events to further an agenda I've seen yet.
Congratulations! You have just launched SaveTheChildren.jpg.vbs! Your harddrive is now cleared of all files, including any material potentially harmful to children.
Just *try* and argue against that one, Chester... it's for the children! Think of the children!
The US claim to enforce human rights all over the planet. However there seems to be a blind spot.
DoJ analysis of the Anti-Terrorism Act:
"This retroactivity provision ensures that no limitation period will bar the prosecution of crimes committed in connection with the September 11, 2001 terrorist attacks. The constitutionality of such retroactive applications of changes in statutes of limitations is well-settled."
Declaration of human rights, Article 11.2:
No one shall be held guilty of any penal offence on account of any act or omission which did not constitute a penal offence, under national or international law, at the time when it was committed. Nor shall a heavier penalty be imposed than the one that was applicable at the time the penal offence was committed.
Check out Open Secrets and do a search on Microsoft. Their contributions were nickle and dime stuff for them, though it is interesting to note how they hedge their bets (Though the republicans seem to be getting about 3x more from them lately than the dems are.)
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
As an Internet discussion grows larger, the probability of a comparison involving terrorism or bin Laden approaches one.
i n's-Law.html)
(see http://www.tuxedo.org/~esr/jargon/html/entry/Godw
Sigh.
Hand me that airplane glue and I'll tell you another story.
Makes the computer run slow
unexplained disk activity
makes files disappear randomly
causes machine lockups
Couldn't MS code then be said to harbor terrorists? Or couldn't it at least be said to supply terrorists needs? If terrorists take over airplanes once, the US government wants to mandate steel cockpit doors. Since "terrorists" regularly take over computers running MS pructs, shouldn't the same government force MS to replace their ultra-flimsy "cockpit" doors?
Is that this legislation - making computer crimes terrorist acts - would undoubtedly incur legal liability on their part. If computer crimes are terrorist activities, then Microsoft is an accomplice by extension - they not only provide the terrorists with the tools of the trade, but specifically engineered virus weaknesses into their products. Thus, they could be tried in the same manner as the UNIX programmer who wrote a backdoor into the system. Interestingly, a EULA can't shield Microsoft from criminal liability.
The society for a thought-free internet welcomes you.
Newspeak like this shouldn't be tolerated.
People in the WTC had a reasonable expectation that a 767 wouldn't land there. It's not normal for an airplane to crash into a skyscraper. It had been many years since the last time it had happened. (B25 into Empire State Building, maybe?) It probably won't happen again for a very long time. They people in WTC were unconsenting victims.
People who use MS Outlook, or run potentially overflowable servers with full privledges, do not have a reasonable expectation of being free of attacks. It is normal for Outlook to execute viruses. It is normal for Windows to load and execute code on removable media by merely inserting media. It happens all the time. It will happen again. People who catch Outlook viruses are consenting victims, making them not victims at all. They are simply unwise.
If you know that you are a sitting duck, and you can trivially do something about it, then when the duck gets shot, the shooter is not a terrorist. He is merely a teacher and fulfiller of destiny.
Changing the statute of limitations for a crime does not change the definition of a crime (so doesn't violate the first clause you italicized) nor does it change the penalty for the crime (so it doesn't violate the second clause). I agree that there's a bit of questionable morality going on here, but they're careful to keep it Constitutional, and that seems to be sufficient to keep it within UN guidelines as well.
The New American Buzzword (sarcasm folks)
I don't like football. Football is terrorism.
Smoking is bad for people's health. Smoking is terrorism.
Stealing is wrong. Stealing is terrorism.
I dislike the winter. Winter is terrorism.
I ate a burger yesterday, and it tasted horrible. It was pure terrorism.
Racism is nothing more than terrorism.
Ford Explorers plus Firestone tires are nothing more than terrorism.
Hippies? Sheesh! They are terrorism born flesh.
P2P filesharing hurts our bottom line. Napster is terrorism.
Them peoples over in the middle east... yeah, they are different, and I don't like it. The only explanation is that they are terrorists.
Sooner or later, running red lights and other traffic violations will be equated with terrorism. Not long after that, the latest type of music popular amongst teens will be branded terrorism, just because the older generation dislikes it.
Reminds me of Object-Oriented Programming in the 90s. EVERYTHING IS AN OBJECT. Well now, EVERYTHING IS TERRORISM!