Slashdot Mirror
BBC Links Linux To MyDoom
minus_273 writes "It seems the BBC has a story on their front page titled 'Linux cyber-battle turns nasty', very specifically linking Linux users to the MyDoom virus. Some lines to note: 'If anyone's anger has no measure, it is the wrath of internet zealots who believe that code should be free to all (open source). So, it seems likely that the perpetrators of the MyDoom virus and its variants are internet vandals with a specific grudge.'"
Why don't Steven Evans tell the whole story about SCO's claims being unsubstantiated? Maybe the guy didn't care or was serving his own agenda's? Either way, this is objective reporting at it's finest.
Sig not found.
The BBC has always been a reference in public broadcasting. The only one that dared challenge its own government (Irak invasion), the one that produces the best series and documentaries, the envy of every other European country.
Let's hope this is not the beginning of a downwards slope towards the most atrocious yellow press... this is comparable to accusing all Muslim people of Bin Laden's crimes. Oh quality journalism, where are you when we need you most!
I would argue that this violent reactionism is one sign that OSS is on the verge of mainstream acceptance. Throughout history, as new ideas have supplanted older, closely held ones, the group that holds fast to those practices and principles becomes more and more marginalized and reacts by lashing out viciously. Could this be the case here? I think it is. Hopefully these opposing voices will continue to get smaller and more violent, alienating even more people from their cause. Besides, who can argue with free publicity?
Also, I, being a 'run-of-the-mill geek', am quite flattered that I now have the ability to gleefully (and apparently psychotically) 'wreak damage' on people's computers. Guess I picked that up and didn't even realize...
[BBC: "Deep in the darkness of the psyche, vandals and arsonists no doubt have their reasons - and so, presumably, do the run-of-the-mill geeks who wreak damage on the unsuspecting computer user."]
"For good measure, SCO is seeking at least a billion dollars from IBM....
SCO is the big, bad company that violates one of their sacred principles, as they would see it."
I don't think this article sees very much of the issue. Why didn't they do a more serious analysis of SCO and the fact that many top executives are dumping stock? Why didn't they look at it from a legal standpoint focusing on the etymology of the code supposedly in question? Why didn't they point out keenly that SCO has not produced any real evidence?
Regardless of what side you're on, you have to look at these things. These facts at least are concrete, vs. the complete lack of evidence specifically implicating a linux user as the author of MyDoom. For all we know, it could be SCO spreading FUD over linux and painting themselves as the victim when they in fact are responsible. We don't know now, do we?
Stories such as these are incredibly worrying to me as a journalist and as a citizen who partakes in news constantly. If people can't properly research something that is already incredibly well documented and reasonably simple, I'm wondering how utterly smegged (to use a BBC coined term) their coverage of the various complex political situations occuring worldwide.
Directly from the article:
The attack also raises the possibility of internet blackmail, with companies threatened by individuals or even an individual who might be anywhere.This attack, though, is not blackmail. It is about malice not money.
Perhaps the MyDoom virus was written to blackmail the Linux community? Without knowing the author how could you establish if it is indeed malice by an over zealous Linux user?
This article wreaks of sensationalism from a writer who sounds like he's on SCO's payroll. Shame on the BBC.
On a more serious note I have to agree with tempest.. It's unfortunate that someone decided to create this virus, and cause anyone in IT (who supports windows boxes) to have to deal with it. At the same time they make the linux community look bad to people who take what they read in the news at face value. Which I'm sad to sad is most likely a large percentage of people...
:(
You could almost argue that it was created by a Anti-Linux user as a way of discrediting the linux community...
I'm a little confused. The BBC website has this in the news section. Now I've always understood news to be the (hopefully) unbiased reporting of facts. The "article" seems little more than the rambling musings of someone who clearly doesn't understand the situation at all - which ordinarily would put it under "editorials".
This sort of baseless conjecture should always be clearly marked as such. To pass this off as "news" smacks of the kind of wild sensationalism the BBC is world famous for.
"And then I visited Wikipedia
That's not FSF's position. They believe ALL software published should be Free Software.
Je ne parle pas francais.
I wrote some feedback:
0 4/ 28worm.htmls news/detail/d efault.asp?contentItemId=733®ion=america
>>>>>>>>>>
There are several points completele missed in this article. Evidence for my claims is given by the links mentioned below.
1) The main function of the worm is not to attack SCO Servers but to turn the infected desctop into a remote controlled robot with a keylogger.
2) The worm is _very_ likely not written by a private person in his freetime but by the russian Spam mafia wich needs those remotely controlled desktops as mail-relays to send spam.
3) The big majority of the Linux-Community does not think at all that all Software (or even all Operating Systems) have to remain free. They just expect that a license applied to a software is to be honored. This claim should be valid for any license, even the GPL.
http://www.ajc.com/business/content/business/01
http://www.messagelabs.com/news/viru
For more evidence about the complete voidness of SCOs IP-Claims information is gahtered at
http://www.groklaw.net
All information there is elaborated and with information where the source of the information is.
regards
PS: I'm a progammer earning my money with closed source. That does not hinder me to be a fan of Open Source products and to publish something once in a while.
Hope, it was politely enough and the spelling ok. I'm a native German, was never very well in foreign languages.
Trolling is a art!
Bill Thompson (BBC Technology Guy) spins conspiricy stories that suit /. frequently... they generally appear on the front page and are applauded by the posting community.
Although you're right, the journalist has buried the "no proof" statement deep in the article after making countless statements that do affirmatively link MyDoom to Linux (including the subtitle of the article).
I have a lot of respect for the BBC as a news source, but this is a fine example of poor, lazy journalism. Considering the fact that scores of readers don't make it past the first few paragraphs of any given article, it's also deceitful and misleading.
...Whether my Maker is prepared for the great ordeal of meeting me is another matter.
Churchill
No, you obviously don't, because if that's all you believed you'd release your code under the BSD licence, or simply into the public domain - both of which would do just as good a job at it.
The point of releasing under the GPL is to require other people using GPLed code as a base to develop and distribute their own work to also GPL *their* code. It has nothing whatsoever to do with "preserving the freedom" of *your* code.
I also replied......
Your article "Linux cyber-battle turns nasty" published on the 5th February 2004, is, in my opinion grossly misleading.
The article builds a picture that the Worm/Trojan/Virus that was unleashed was designed, implimented and unleashed by a member, or member of the Linux Open Source community.
Now while I cannot say for certain that this is wrong, the title of the article seems to say that this is indeed the case, even though it goes on to say "there is no proof".
An equally valid argument could be that SCO engineered the whole thing as a publicity stunt to gain public sympathy and to vilefy the Linux community due to the problems that it is facing in its court case against IBM, a case that has caused SCO to go from being on the verge of bankruptcy to stability based on the rise of their share prices, triggered by the instigation of the case.
Whoever modded the above comment flamebait should be ashamed. The BBC has historically been a good source of news, but has been roundly criticized in recent years for taking a more commercial (and, as some have indicated, sensationalist) slant to its coverage. The resignation of 3 BBC principals in the past few weeks are an indication what this new direction has cost the BBC.
Fact of the matter is, where is the proof? The correspondent himself says "There's no proof, of course, but it must be one of the theories at the top of any investigator's list.", referring to the thesis of his article, that "The MyDoom virus represents a new level of sophistication in attacks on company websites. It is also a new front in a war waged by those who want to preserve the open-source Linux operating system."
On one hand, he says there's no proof. On the other hand, the tagline accuses open source as the origination of the MyDoom worm, and slyly insinuates that the reason for this worm is revenge against SCO. This isn't investigative journalism. This isn't even biased reporting of somebody's opinion. This is rumor-mill gossip, and somebody ought to call the BBC on it.
Frankly, I don't think any Linux user has enough time on his/her hands to be writing a virus. They're still trying to get their soundcard to work :)
Besides, this article completely ignores the 'Sorry Andy, I'm just doing my job' quote in the virus code. What 'job' is this person talking about?
To me, it sounds like an employee of an antivirus company apologizing to some friend of his that admins some giant mail server.
If you're writing a virus, in order to detect it and destroy it for money, what does the target matter? SCO has been in the news for so long, is easy to type (three letters!), and is universally hated, I wonder that it's taken so long for it to be a target, if for no other reason then it's new. (ie. not MS)
Again - why are all of today's virues such amazing pussies? What happened to formatting the boot sector? Changing random bytes? Creating replications so your harddrive filled up?
Now all we get are stupid, "I send you this file to have your advice" and "TEST".
Frankly, I think that anti-virus corporations should be investigated. Sure, there are the 'lone gunmen', like the guy in Minnesota (w00t) who spread some virus-lovin' not too long ago, but beyond the guys who actually put their phone number in, are any authors caught? Spammers, credit card number theives and Antivirus companies are the only ones that profit from these craptacular faux screen savers.
This author of this article probably had to take a leak, and scraped this together in 3 minutes. Oh, and if he reads this post?
Please Note: Scooby and Shaggy are always in no danger, Velma or Fred always unmask the least likely 'Old Man Caruthers' at the end, and Daphne is a sexless bitch who *still* won't give it up.
Please. Get a clue, staple it to your head, and comb it over. Thanks.
Note the "Business" part. The guy has absolutley zero techno savvy and is just parroting the most juicy rumours.
Although, after the Hutton reporty, I am suprised that the BBC would let him get away with statements such as "There's no proof, of course". But I guess as Linux users aren't a particularly organised bunch the BBC feels it can get away with shoddy journalism and unsupported inuendo in this case.
----------------------------------- My Other Sig Is Hilarious -----------------------------------
I've also complained - text below
... believe that code should be free to all (open source)." They do not. "Open source" means that the source code may be viewed. It does not mean that it is free. It can be checked worldwide and modified (under license) as needed by individuals, corporations and countries.
------
Dear BBC,
Your story "Linux cyber-battle turns nasty" by Stephen Evans has caused me to write in to point out a number of issues with both the tone of the story and the "facts" portrayed by it.
Firstly, Mr Evans has stated that the virus was unleashed by Linux advocates to damage SCO. He has stated this as a fact, not an allegation. The MyDoom virus has, in fact, been traced back to Russia and is believed to be the work of organised crime. Most reputable news sources have reported this and it saddens me that the BBC, which I have always believed to be one of the best news sources, has fallen down badly in this respect, reporting an unsubstantiated allegation (which was easily checked) as fact.
He also states the virus is written specifically to take down SCO's servers. It is not. It appears designed to turn desktops into remote controlled robots that log keystrokes (such as credit card details) and act as spam relays. Thus it would be of great use to organised crime.
He further states that "internet zealots
Overall, the story appears to be slanted unquestioningly against the Open Source community, accepting allegations as facts and ignoring available contradictory evidence. Could you explain why this line has been taken?
It does seem to me to fall well short of the BBC's standards of reporting. It also fails to highlight the largest concern that may affect your readers - the fact that the virus turns their machines into remote controlled traitors, logging their keystrokes (and jeopardising their privacy and any banking details) and relaying illegal spam. A reference to the story of the Dorset father who lost custody of his daughter after a similar trojan deposited child pornography on his computer, acting as a safe remote storage site from a technologically skilled pervert, would not have gone amiss here , to highlight the severity of the case and remind your readers to take care online.
For information on SCO's IP claims against Linux, please see www.groklaw.net.
And all the blacks are criminals and media is owned by the Jews. ... Oh, sorry, I guess I wasn't being too politically correct, but that is exactly what BBC was doing by putting the Open Source advocates in the criminal category. If they are all trying to be politically correct towards the races/religions/gender/etc./etc. in this day and age, shouldn't they have the same attitude towards the Linux users "minority".
I could see how affirmative action would be useful to getting a job or get scholarships. "We would hire you sir, but you see, you just happen to be using Windows and we want to make our company more diverse and all-inclusive"
I am writing concerning the article written by Stephen Evans entitled 'Linux cyber-battle turns nasty.'
While I agree with the author that the MyDoom virus is a sophisticated way of attacking companies, I find that his links to any 'preservation [of] the open-source Linux operating system' to be rather lacking (if not downright non-existant.
Let's get facts straight first:
Sco is not seeking at least 1 Billion dollars. Initially this was true, but it has increased its litigation to 3 Billion dollars.
There is no court case between linux users and SCO. The court case is between SCO and IBM. The actual litigation is to decide whether IBM breached their contract with SCO and allowed SCO code into the Linux Source Tree.
Now let's look at his theory that should be 'at the top of any investigator's list'.
A grudged Linux user writes a virus to attack a company that is attacking the very foundation of his/her own business...Linux.
I concur that this is a possible reasoning, especially in the mindset of SCO and any other corporate software (especially Operating Systems) makers. To enforce this idea, let's look at SCO claiming that the GPL (General Public License) is unconstituional:
http://www.technewsworld.com/perl/story/31975.html
Bear in mind that we know that SCO refuses to allow us access (albeit under a re-inforced Non-disclosure agreement that prevents us from working on linux afterwards) to the code that they are complaining about. Also remember that SCO wasn't always SCO. In fact it was Caldera (a linux distributor) and that original SCO is now Tarantula (spelling???).
Now, how about this for a theory:
SCO knows that they're attacking Linux users. They know that their site is currently redundant. They realise they can black the name of all Linux users quite easily by attacking themselves. After which, they can claim, possibly, that Linux users are terrorists against the proper functioning or corporate America and therefore should be prevented from distribution and/or continuation. Considering Miscrosoft is the biggest contributor to SCO currently this would not be too far from reality, especially considering that Microsoft have already been found guilty of law in California. If they can abuse their monopoly in one way it is only natural that they could do it in another. They also have the perfect access to their code that allows them to exploit their opertating systems.
Now, this is also a theory based on 'non-facts' but just as valid a one. Print it, if you so wish because it is just as valid as the above mentioned article.
So my complaint is that while it is all well and good to print articles based on non-facts, please look at the whole range of possibilities rather than just the one that, unsurprisingly, supports the corporations.
Yours sincerely,
When all is said and done, nothing changes...
Wow, what an article, it brings journalistic research and factual accuracy to new lows with some baseless assertions thrown in for good measure. I thought the BBC just got spanked over poor journalism.
Factual Errors:-
1. "bringing down its website with a barrage of emails"
The MyDoom virus used a barrage of HTTP requests to bring the www.sco.com website down. Websites and mail systems are different, they use different protocols, ports and servers. The virus spread by email, it *did not* use email to perform a DDOS on www.sco.com.
2. "Two years ago, SCO claimed that it owned more than 800,000 lines of the system which had always been available for free and to anyone since its invention in 1991."
This is actually a few errors in one, bravo!
"Two years ago" - This is incorrect, SCO first claimed that Linux contained improperly contributed Unix code in early 2003, this is not two years ago! At that time it did not claim "more than 800,000 lines" that came later.
"...claimed 800,000" - SCO expanded its PR claims in mid 2003 to include the "more than 800,000 lines" quote. This is only 6-7 months ago, not two years ago.
"since 1991" - SCO has claimed that contributions to the Linux kernel post v2.4 impinge on its rights - this is not the code from 1991. It has not yet claimed rights to any of the 1991 code!
3. "On top of that, SCO has sued IBM, accusing it of using SCO property because it too uses Linux."
SCO has sued IBM over a contract dispute, it has not sued IBM because it uses Linux! SCO has claimed that IBM has used Unix methods and trade secrets improperly in its contributions to Linux (SCO claims it is a succesor in interest to Unix copyrights, methods and trade secrets which Novell sold to Tarantella - this is also in dispute).
4. "Despite the law-suits against users by SCO,"
SCO has not sued any Linux users. It has sued IBM, it has been counter sued by IBM, Red Hat has sued SCO, SCO has sued Novell. At no time has SCO sued a Linux user.
5. "Meanwhile the court dispute between SCO and Linux users (rather than the cyberspace war between SCO and the hackers) is scheduled for next year in a court in Utah."
There is no court dispute between SCO and Linux users (see above).
So most of the article is factually incorrect, and then he casts baseless assertions with a follow up disclaimer.
"There seems little doubt that SCO was targeted - illegally and unacceptably, lest anyone be in any doubt - because it has enraged many people devoted to the Linux operating system"
"There's no proof, of course, but it must be one of the theories at the top of any investigator's list."
What sort of journalism is this? This should be in a crappy tabloid not a government owned and respected news service.
This article is by the business correspondent about the MyDoom virus, claiming that it was written by a Linux user and then going off on a tangent about internet blackmail and malice.
The article appears to be a sensationalist tabloidesqe bit of nonsense that was written with no research in order to meet a looming deadline, or to increase the story count of the reporter in question (assuming he's paid per story).
It appears to pick up on the 9/11 vibe of "there are malicious people out there who are willing to make an attack out of hatred".
Also, internet blackmail tends to be centered more around cracker groups getting into a bank's database, and then emailing the bank asking for $10000 or something. Losing one's front page for a day or two is nothing in comparison, and if MyDoom is the scale required to launch an effective attack against a big site then it's not going to be a frequent problem.
I would hope that any reader who is reading BBC news instead of a tabloid is smart enough to see right through this article.
I wrote to them as follows:
;o)
"""
I find Stephen Evans' "Linux cyber-battle turns nasty" story rather unfortunate. He accuses the Linux community over the recent 'MyDoom' virus but seems to ignore several pertinent points.
The malicious virus in question doesn't merely launch a denial of service attack on www.sco.com, it turns infected Windows machines into email relays to distribute spam. Just as it uses social engineering techniques to trick people into infecting their machines, it uses the attack on www.sco.com to distract us from MyDoom's real purpose -- which has got nothing to do with the SCO/IBM lawsuit.
Linux users dislike spam just as much as users of Microsoft Windows or other computer operating systems. Indeed, parts of the open source community have been very successful at defeating spammers; without open source tools like SpamAssassin (used by many Internet Service Providers) far more spam would be reaching our inboxes. I'm sure the spammers are delighted with the bad press Stephen Evans is giving the open source movement.
The author of MyDoom clearly knows more about the internals of Microsoft Windows than most open source programmers, who are far more interested in the internals of open source software.
Finally, I note the BBC are big users of Linux and open source -- indeed, at the time of writing your news.bbc.co.uk site is running Linux on the open source Apache web server. Perhaps Stephen Evans will be accussing the BBC's webmasters of being involved next?
"""
I certainly don't pay my licence fee for the beeb to label me as a criminal (hey, I use linux so I must be a criminal!)... I've sent a strongly worded complaint to them, I urge others to do the same:
----
This story is completely inaccurate, and I would go so far as to say that it
is libelous against almost the entire opensource community.
"It is also a new front in a war waged by those who want to preserve the
open-source Linux operating system."
This is a completely unfounded accusation - practically the whole open-source
community has condemned the actions of the MyDoom author. This attack is
either:
1. A single extremist with a screw loose. Every group of people has these -
religious extremists often walk into busy shopping centres and blow themselves
up. If the media held their whole religion responsible for the actions of a
few extremists there would be hell to pay.
2. A publicity stunt by SCO - there is documented evidence that shows that SCO
have faked attacks on their own website in recent months for the publicity
value and to give the open source community a bad name.
3. A publicity stunt by spammers - there are proven links between spammers and
viruses - many of the recent viruses have been used by spammers to both
perform denial of service attacks on leading anti-spam services and to perform
spamming services for these people. The opensource antispam software is at
the forefront of antispam technology and it is in the spammers' interest to
discredit the opensource community.
By publishing this article that makes wild accusations, you are only helping
the people responsible. Almost noone wants security problems on the internet
- it's almost as much of a problem for linux users as it is for windows users.
Yes, these viruses won't infect a system that's not running Windows, but
that doesn't stop them flooding out email inboxes and using precious
bandwidth across the internet.
In future, please put some thought into your articles before publishing such
defamatory material.
http://blog.nexusuk.org
My feedback is below, I also sent a copy, via e-mail, to the author of the article.
/severely/ mis-represented the facts as they stand.
/mechanism/ of code should be 'sticky' if the author wishes; i.e. if an author wishes their code to be publically visible, no-one may take that code, modify it and distribute it without everyone being able to see the changes. Also, on one fine point of grammer, 'Internet' is a proper-noun and hence should be capitalised accordingly.
/specifically designed/ to give this impression. By launching a DDoS attack against SCO, the real purpose of the virus was shielded. It allows the creators of the virus to utilise the power of the machines remotely for the purposes of sending Spam. 'Internet zealots' are normally even more concerned about their mailboxes filling with Junk than frivolous lawsuits. The payload also has a number of other nasty features, the existence of each points to the likely purpetrator being a professional Spammer.
/many/ experts from anti-virus companies clearly stating their views that this is an entirely unlikely scenario.
BEGIN FEEDBACK
I was most surprised to see the huge catalogue of factual errors in the story referenced below. I do not class myself particularly as an 'Internet zealot' but I feel the article
http://news.bbc.co.uk/2/hi/business/3457823.stm
I'll proceed by listing the errors as they occurred in the article:
"If anyone's anger has no measure, it is the wrath of internet zealots who believe that code should be free to all (open source)."
The author has confused the term 'Open Source' with 'Free/Libre Software'. The Open Source movement merely claims that showing people the contents of your program gives them a clearer insight into how it works, its suitability for their needs and the possibility for them to fix/detect bugs as they ocurr. It essentially markets a particular form of software development. The 'Free Software' movement (headed by the 'Free Software Foundation') believes that an author's right to allow free distribution of the
"So, it seems likely that the perpetrators of the MyDoom virus and its variants are internet vandals with a specific grudge."
In fact the payload of MyDoom was
"There's no proof, of course, but it must be one of the theories at the top of any investigator's list."
A brief Google-search will show
"It represents a new degree of viciousness in internet warfare: a wickedly ingenious programme persuades thousands of computers to bombard a single website on a particular date."
The DDoS payload of viruses, worms and trojans is nothing new. They are nowadays routinely incorporated into viruses to distract the media just as they have done.
Rich
Sir,
I'm writing in regard to the recent article on your website:
Linux cyber-battle turns nasty (http://news.bbc.co.uk/2/hi/business/3457823.stm)
The article seems remarkably poorly written, both with respect to the facts (and more importantly, the unknowns, which the author takes it upon himself to stab at regardless), and also in light of the inflammatory language he uses throughout the piece. It seems to be what is known as "trolling" on the internet: a deliberate attempt to raise the ire of an audience. Perhaps a commercial news organization might relish this approach, because for them, more readers equate to more revenue; but for the BBC, it's a thorough disappointment.
I won't detail the inaccuracies, as I'm sure you already have countless letters along those lines, but please don't let another such embarassingly low quality piece slip into your otherwise excellent reporting.
Yours faithfully,
Here is a piece that comes from Lessig and was found in Free Sklyarov mailing list.
Fact of the matter is, where is the proof? The correspondent himself says "There's no proof, of course, but it must be one of the theories at the top of any investigator's list.", referring to the thesis of his article, that "The MyDoom virus represents a new level of sophistication in attacks on company websites. It is also a new front in a war waged by those who want to preserve the open-source Linux operating system."
At present, the opening line of the article reads "... It also looks like a new front in a war..." Assuming you're quoting accurately, someone at the BBC must have decided to tone the statement down a bit. It's still irresponsible journalism, though.
TheFrood
If you say "I'll probably get modded down for this..." then I will mod you down.
I'm surprised that no-one has picked up the other gems
- the lawsuit from SCO against IBM for "using linux"... [not that it's even related to copyright...]
- the lawsuit from SCO against the linux community that occurs this year. [anyone got a date/place for that???]
- that 'open source' means that code must be 'free' [wasn't the term "open source" designed to remove this misinterpretation?]
- 'zealots', articles are always good when you have zealots, it's a sign of balanced journalism!
- these 'new attacks'... I'm glad this is the first DDoS...
- "The attack also raises the possibility of internet blackmail" really? I thought the BBC has reported on many occaisions that this has already happened.
----
This is basically crap editorial standards. The journalist [basically someone that covers general trends in the US], has no technical expertise at all. This article SHOULD have been sent to the technology editor to check prior to publication and this would never happened.
Scary to see that Hutton was so right about the editorial system being deficient/'not present'. The beeb is free-for-all, any story gets published and then backed to the hilt by a board of idiots.
Of course we all take pleasure out of SCO's misery. Why should we hide it? They're a bunch of rotten cock-smokers (the litigious bastards campaign was a success, it's time to expand it), and we all hate the bastards. I think it's time the English-speaking world get a concept of what Germans call Schadenfreude, because you, like everyone else, are perfectly capable of having this emotion.
The lack of a word for it seems to make some of you incapable of recognizing this. Asking everyone to hide their "malicious satisfaction of SCO's misfortunes" is about the same as asking people to pretend they didn't do it, even if they didn't do it anyway.
I say this about the SCO website situation: It serves them right, but I'm not going to take the blame for it. Hell, I haven't even had the virus sent to me yet.
I had the page loaded in the browser and blindly reloaded the page (not sure why), something changed!
I'm not sure how much changed but the line you quoted is now
The MyDoom virus has triggered a new wave of attacks on company websites.
Apparently, it was last updated 10 hours ago, which is wrong by about 9 hours.
The attack also raises the possibility of internet blackmail, with companies threatened by individuals or even an individual who might be anywhere.
Say what now?
BB
Thanks for providing a link to the form. Here is what I just sent:
gah, shouldn't expect any better on Slashdot, but the BBC didn't sex anything up - they accused the UK govt. of 'sexing up' a dossier on WMD, and were then attacked by the govt through the courts. Your joke isn't just obvious, it doesn't make any sense.
the BBC feedback form is Here!
this is my feedback to them:
Stephen Evans' story (URL below) is a disgrace, and significantly changes my impression that I can trust the BBC to provide factual reporting.
As I think you may get a few complaints, let me focus on the more blatant bits of journalistic unprofessionalism:
(1)(quote)the run-of-the-mill geeks who wreak damage on the unsuspecting computer user(end quote) Does Mr Evans have any statistical evidence of what these "run-of-the-mill geeks" are. My analysis of the source of damage on computer user is much more that professional criminals: spammers, hackers with specific purposes, PR stunt agents, are to blame.
(2)(quote)If anyone's anger has no measure, it is the wrath of internet zealots who believe that code should be free to all (open source).
(end quote)
This is a great misrepresentation of what open source is: open source software is not necessariliy free from associated payments, many companies are now basing a sound business model on the distribution, support, and services, around open source software: these are for-profit organisation. Mr Evans seems to have only a very vague idea on what open source actually is, and misrepresents it in a damaging way I think.
(3) lack of reference: the Internet is full of detailed accounts on the ins-and-out of the SCO matter. Mr Evans provides links to none.
- SCO website down - does it hurt their business? I guess not much, however, it does give them good publicity - that of a victim; Link #1 for Linux (Linuxoid SCO haters).
- Microsoft website targeted but not down -- good publicity for Microsoft; Link #2 for Linux (Linuxoid MS haters).
- Millions of losses and aggravated users - extremely bad publicity for the virus and people associated with it, of course;
So, the net effect of the virus has certainly hurt the reputation of Linux/OpSrc world, because its targets can try to link the virus to L/OS by its choice of targets.Based on the current knowledge of the virus and the above, I would say there are 3 basic motivations for the virus creator(s):
- Spammers testing their tools, as indicated in the above
/. comments. In that case SCO/MS attack would simply be a way to have publicity for checking to see how their virus is doing.
- A zealot trying to hurt SCO/MS. In that case he was very dumb -- of course it is not impossible though, so we can't rule this possibility out.
- It was a publicity stunt by Microsoft. Could be linked to first motivation too. Note that the net effect of the virus for Microsoft has been beneficial PR wise. After all, their systems withstood the attack -- never mind it was said that the attack on MS was much weaker.
Noting also that the virus creator has had considerable Windows programming skills (which is not the experience generally associated with OpenSource programmers), I believe that the 3d motivation is not entirely impossible either. Especially if it was linked with first.I have provided this comment to them in the feedback form they have provided. The BBC are good at listening to comments by the viewers/readers.
---
This particular story is factually incorrect, and details contained within could be used inappropriatly.
As it stands there is no evidence to prove that Linux users created this virus. Thats just consequential speculation.
FACT 1: In fact all the major developers of the Linux Kernal and the wider Opensource/Free Software movement have been very quick to condemn the actions of the Virus writer and have gone on record to disassociate themselves from the actions of the writer. This invalidates the implication in the report saying that Linux Developer
FACT 2: The major antivirus vendors and security have formed the conclusion the attack on SCO and Microsoft were most likely a "smokescreen". The main purpose of the virus is that of a Trojan for stealing credit card, and other security info.The attacks on SCO appears to be a topical divertion.
FACT 3: Open Source advocates to not believe all software should be "free" as in free in price. It advocates freedom in development, and access to code. It works on the belief that software will be of higher quality if the development is open allowing anyone access to the code in the help for fixing bugs and adding features. The software itself can be "charged for". It is the difference between free in price, and free in freedom.
FACT 4: Open source advocates are NOT activists on a par with terrorists, etc as your report suggests. Open source advocates act on their principles by creating software that follows their ideals, such as the Linux Kernel, the GNU system, the Apache webserver (used by the BBC), Mozilla Web Browser (used by AOL and Netscape), Sendmail (used to deliver the majority of internet email), the BIND server (used to resolve DNS names, vital for operation of the Internet).
FACT 5: the implication that Linux developers are teenage geeks working in garages is also incorrect. Sure it started as a enthusiasts Operating System, however currently developers and contributers to Linux now include major firms such as, IBM, HP, Silicon Graphics, NASA, Oracle, Samsung, and even SCO.
Please read the GrokLaw website at http://www.groklaw.net/ which assists in making clear the legal and historical contexts of Linux, as well as the hidden danger of publishing misguided articles like this.
Best Regards,
Have a nice day!
Do bear in mind this was written by the North American business correspondant - clearly he's been influenced by the american culture and is doing his bit for sensationalist reporting :)
There. I filled out the BBC News feedback form to let them know their columnist needs some adjusting:
http://news.bbc.co.uk/2/hi/help/3281777.stm
[my feedback to BBC news]
I have just finished reading the article on your website which is entitled "Linux cyber-battle turns nasty", written by Stephen Evans. I am perplexed at the biased content of this article.
The writer of the article has applied the actions of a (possibly) single individual to an entire group of people. I don't see how that is fair, or responsible reporting. As a Linux user, this article has now portrayed me as fraudulent, unprincipled, and deceitful.
I should note also that the content of this article paints the BBC News with the same fraudulent, unprincipled and deceitful brush that Stephan has attempted to paint the Linux community with. It is cheap and irresponsible reporting.
boycott slashdot February 10th - 17th check out: altSlashdot.org
These sigs are more interesting tha
That simply isn't true. A significant number of /. readers are here for useful discussion and information gathering. If someone posts crap on a technical subject, whether it's about Linux, Microsoft, or otherwise, it's a good bet that someone who knows what they're talking about will reply to set the record straight, and be modded up accordingly.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
I put in my bit as well:
I am writing concerning the piece entitled ""Linux cyber-battle turns nasty"".
I have been a IT systems engineer for the past 15 years, during that time I even freelanced as a technology journalist myself. It bothered me greatly to see a company such as the BBC (whom I as an American hold in high regard) publish such pure un-researched rubbish.
It may do well to inform Mr. Evans of a few facts, and maybe a little history.
The Virus has not, in fact, been proven to originate from "internet zealots who believe that code should be free to all". But first, a little history lesson.
Around 1200 B.C. the Greeks were seeking to gain entrance into Troy during Trojan war. Clever Odysseus (some say with the aid of Athena) ordered a large wooden horse to be built. Its insides were to be hollow so that soldiers could hide within it.
Once the artist Epeius had built the statue, a number of the Greek warriors, along with Odysseus, climbed inside. The rest of the Greek fleet sailed away, so as to deceive the Trojans. One man, Sinon, was left behind. When the Trojans came to marvel at the huge creation, Sinon pretended to be angry with the Greeks, stating that they had deserted him. He assured the Trojans that the wooden horse was safe and would bring luck to the Trojans. Only two people, Laocoon and Cassandra, spoke out against the horse, but they were ignored. The Trojans celebrated what they thought was their victory, and dragged the wooden horse into Troy.
That night, after most of Troy was asleep or in a drunken stupor, Sinon let the Greek warriors out from the horse, and they slaughtered the Trojans.
It's been widely theorized that the worm is actually using the SCO DoS as a diversion to deflect attention away from the real problem while the lone worm author, like Sinon, pretends to be angry with SCO.
Nowhere in the article does he mention what most feel is the primary payload of the worm. The worm in fact also runs a backdoor component, which it drops as the file SHIMGAPI.DLL. The backdoor component opens port 3127 to 3198 to allow remote users to access and manipulate infected systems. Note that it allows remote access even after February 12, 2004. This will allow remote control of the infected PC to be used for much more nefarious schemes such as sending unsolicited email, illegal access attempts on other computers or a wide range of activated without the user even aware of the problem.
I use a plethora of operating systems, including Linux. I do not consider myself a zealot, but simply an informed computer user. The less informed turn to people like myself, and to the press for information about things such as this latest worm attack. It does neither the consumer nor the press any good to spread such false accusations masquerading as facts. I expect such poor yellow journalism from The Enquirer or The Sun, not from the BBC. I've always respected the journalistic integrity of the BBC until now and I'm feel somewhat diminished for it. It's a shame when even British news sources publish such tripe I've come to expect from American news.
...the same BBC that helped drive a man to suicide with their ill sourced, inaccurate, ill founded, politically motivated claims?
The same BBC that has in recent years showed a steady decline of journalistic integrity?
The same BBC that has had a string of resignations at high levels because of the fallout for such things?
I never would have guessed....
Steven Evans story entitled "Linux cyber-battle turns nasty" makes blatant assumptions with a clear lack of research or intelligence regarding the topic of a recent Windows virus. There is a reasonable chance that a Linux antagonist such as a Microsoft developer (it takes high level Windows development skill to write a virus of this nature) wrote the code for the very purpose of discrediting the Linux community. While it's quite possible a Linux user/coder is the source of this attack, this is still one person or a small group of people, not Linux vs. SCO. There is a much more pertinent Linux vs. SCO battle being waged in our civil court system while our government sits idly by and allows SCO to blatantly model it's business after litigation gambling.
In other words, Mr. Stephen Evans is a poor excuse for a writer, at least about technical subjects, and should be sacked.
http://uptime.netcraft.com/up/graph?site=news.bbc. co.uk
I hope the bbc netadmins read BOFH.
First, Evan's portrayal of the MyDoom virus as a "new front" created by the "open-source Linux operating system" user is totally stereotyped. This portrays the typical Linux user as a hacking mastermind who only seeks revenge against a company that seeks to undermine their credibility. I have seen my share of diverse Linux users, from gothic-looking individuals who want to express their individuality without harming others, to fathers of mothers of respectable well-to-do families who are trying to save costs by going open-source with their home software tools. By portraying the virus writer as a "run-of-the-mill geek" intends to place a dark moniker on any Linux user, debasing them and inadvertently calling them hackers.
Second, the author portrays the background of the virus writers as "internet zealots who believe that code should be free to all." This automatically places Richard Stallman, Linus Torvalds, Eric Raymond, and the rest of the GNU, Linux, and other free software communities as automatic targets for the MyDoom virus. These individuals have begun a software movement that is known as one of the largest collaborated projects in the history of humankind, and their tangibles have lead to unparalleled credibility. Governments, corporations, and many different organizations have saved billions of dollars and have achieved stability and security of their systems using this free software. I venture to say that each of these individuals probably do not even know enough about Windows to parlay an attack, let alone have the Windows people and resources to do it for them.
Finally, Evans' characterization of the MyDoom attack as part of a front of an ongoing "cyber-battle" is totally counterfactual. This purported "war" was waged by one or a few individuals, who may or may not even be advocates of Linux. The virus software was almost certainly written in the Windows environment, because Windows executables cannot be created in the Linux environment and vice versa. It remains to be seen whether the "vandals and arsonists" are a tiny minority of "malice" that reside as a tiny, yet dark stain within the Linux community, but the MyDoom virus certainly did not prove that this was the case.
I do hope that at some point, the average Linux user may be recognized by your articles as a normal, law-abiding citizen who would not intend to break laws even though a matter of their lawfulness (the Linux kernel and SCO) is currently being questioned. I believe it debases thoughtful, ingenious consumers who seek a challenge with computing by using the Linux operating system rather than choosing the easy route and coughing up mounds of money for the latest and greatest bells and whistles in a Microsoft product.
Thanks for your time.
Please consider that this same reporter, Stephen Evan, sided with Disney etc. in a story stating that allowing copyright to lapse and the properties go into the public domain was not only wrong but tantamount to theft.
/. The only documentation for which I can find here.
Unfortunately, I can't find the article when I search the BBC News web site. I know it was from the middle of last year and was noted on
It seems that this reporter's particular view of IP which puts it in the same class as a chair or a pot of gold. He also seems to go with whatever big business says rather than the opinions of others.
Agrajag: "Oh no, not again!"
To whom it may concern,
In the article "Linux cyber-battle turns nasty" Stephen Evans seems to suggest that the MyDoom worm was perpetrated by users of the GNU/Linux operating system, commonly called "Linux."
In fact one of the article's section headings is "Wrath of the geeks." It might be more accurate for it to say "Wrath of the geek." As in the case of suicide bombers, a single person can cause a lot of damage, but that single person should not serve as an indication of the temperment of an entire group of people. The writer of the MyDoom worm might not be a Linux user at all. He or she might have used the DDOS (distributed denial-of-service) attack to cover other, real motives. Or the writer might be exactly what Mr. Evans suggests, and in that case would be disowned and condemned by other Linux users such as myself.
In either case the sentiments of one person should never be used to draw conclusions about a group. This attack on SCO is counter-productive, not to mention morally wrong. Bruce Perens, a leader in the open source community, condemns the attacks and urges others to do the same. In his press release to this effect he also explains some of the reasons this virus may exist:
http://perens.com/Articles/SCO/DOS/
And these following articles indicate that the worm probably has ties to spammers:
http://www.ajc.com/business/content/business/010 4/28worm.html/ 2376200
http://www.chron.com/cs/CDA/ssistory.mpl/business
Finally, this LinuxWorld article explains an investigation into the origins of the virus, which seem to be from an IP address in Russia, according to the Moscow Times:
http://www.linuxworld.com/story/42125.htm
The SCO suit against IBM, if successful for SCO, will not be enforceable in Russia, so why would a Linux user there care?
Before suggesting that an entire community is made up of law-ignoring zealots it might be good to remember that one rogue can cause a lot of headaches, and also that it's important to do a little research before casting stones. I hope that the BBC will follow up this story with the counterpoints I have raised above.
Regards,
Ed Holden
Medford, Massachusetts
Here's my feedback (now a 'complaint'):
Any repect I once had for this organisation is dripping away...
It is my perception that many people who use and advocate Linux are also in favor of eliminating spam. It's perhaps one of the major reasons they prefer Linux. We know that virus/trojan horse/worm writers prefer to attack Windows-based systems because of the multitude of security holes it has.
What's happening with the MyDoom trojan sounds like spammers are trying to use the attacks against SCO and Microsoft (and maybe more targets) as a diversion for what they really want to do: send spam and discredit the groups that seek to eliminate spam. In their perception, Linux and the anti-spam movement are closely related. Discrediting one side of the pairing will eventually weaken the other.
Ask yourself this: If SCO wins and starts charging $699.00 per copy for Linux, what's the average user of Linux going to do? Probably switch to a Microsoft product and give spammers another system to use for a DDOE (Distributed Denial of E-mail) zombie.
If "disco" means "I learn" in Latin, does "discothèque" mean "I learn technology"?
This will probably get missed in the noise, but...
EE Times had a similar article come out yesterday talking about the death threats that SCO execs, and also industry analysts have been receiving from Linux extremists.
http://www.eetimes.com/story/OEG20040202S0032
I did...
Dear Sir
Thanks for your e-mail.
I have noted the points you made - as well as the vigorous debate on
Slashdot.org about this article.
Well, Stephen Evan's weekly "stateside" column is not a news story, but
an analytical look at major events and business trends in the United
States.
It is, of course, debatable whether MyDoom/Novarg/Shimgapi was written
just to bring down the SCO website, or whether the installation of
spamming tools on numerous computers was an additional - or even the
main - motive.
That was not the point of Stephen's article.
In his piece he wanted to draw the attention of BBC News Online's
audience - many of whom are unlikely to know the ins and outs of the
Open Source debate - to the rapid spread of Linux as a commercial
application, SCO's attempts to cash in on this fact, and the deep anger
that SCO has caused within the Linux community through its legal
actions.
Stephen is not the first to draw the link between MyDoom and SCO's
actions over Linux - plenty of others have done that before, including
virus experts.
Regards,
Tim Weber
Business Editor
BBC News Interactive - www.bbc.co.uk/businessnews
Correspondance with BBC regarding one of their artciles. I actually succeded in having the editor modifying the text :-)
;-)
: :
From - Tue Feb 03 22:36:38 2004
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00800000
Message-ID:
Date: Tue, 03 Feb 2004 22:36:38 +0100
From: Bjarne D Mathiesen
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.6b) Gecko/20031208 MultiZilla/1.6.0.0d
X-Accept-Language: da, en-us, en
MIME-Version: 1.0
To: NewsOnline
Subject: Re: Factual Errors
References:
In-Reply-To:
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Alfred Hermida - NewsOnline wrote:
> Hello
>
> Thank you for your e-mail. I read it with interest as I am always
> interested in feedback from readers.
>
> In 1994 Novell transferred the rights to the Unix trademark and the
> specification to The Open Group. Simultaneously, it sold the source code
> and the product implementation to SCO.
>
> To the lay reader, there may not be much in it between saying "owns the
> Unix operating system" and "owns the source code of the Unix operating
> system." But I appreciate there is a difference and have amended the
> story accordingly.
That's still not entirely correct
1) SCO might be owning the source code but in that case *ONLY* for the
original AT&T implementation of Unix - no other Unix like eg the Sun
Solaris or any of the BSD implementation (FreeBSD, NetBSD, OpenBSD)
2) as a consequense of the court case between Berkeley and USL (noted in the opensource article/url) it was established that the BSD version and the AT&T version are separate legal entities
3) *anybody* can make a Unix implementaion from the ground up based upon the specifications from The Open Group (like Sun Solaris), but in order
to use the name Unix, you'll have to certify with The Open Group. Thus, *nobody* can own the source code to Unix except for their own implementation of the specification
At present, the ownership of the AT&T version is in a legal flux, with SCO saying one thing, Novell saying another thing, both of them having registered copyrights with the the American authorities, court-cases between SCO & Novell , SCO and IBM , SCO and RedHat etc etc. http://groklaw.net/ has a lot of information about all aspects of these court cases.
>
> Thank you for taking the time to send us an e-mail.
>
> Regards
>
> Alfred Hermida | Technology editor
> www.bbcnews.com/technology
> BBC News Online
>
> -----Original Message-----
> From: bjarne-NOSPAM-@mathiesen.info [mailto:bjarne-NOSPAM-@mathiesen.info]
> Sent: 01 February 2004 20:09
> To: NewsOnline Errors
> Subject: Factual Errors
> ---------
> From: Bjarne Mathiesen
> Email address: bjarne-NOSPAM-@mathiesen.info
> Url: http://news.bbc.co.uk/2/hi/technology/3449931.stm
> ---------
> COMMENTS:
> you state that SCO owns UNIX. that's wrong.take a look here
> http://www.opensource.org/sco-vs-ibm.html and here
> http://perens.com/SCO/BigLie.html
> ---------
>