Slashdot Mirror
BBC Links Linux To MyDoom
minus_273 writes "It seems the BBC has a story on their front page titled 'Linux cyber-battle turns nasty', very specifically linking Linux users to the MyDoom virus. Some lines to note: 'If anyone's anger has no measure, it is the wrath of internet zealots who believe that code should be free to all (open source). So, it seems likely that the perpetrators of the MyDoom virus and its variants are internet vandals with a specific grudge.'"
That the BBC is being criticized worldwide for making unfounded claims.
who believe that code should be free to all
We just believe that GPL code should STAY free for all like it was when it was published under the GPL. I know such an idea could come only from a zealot... but hey....
It has attacked a company based in Utah called SCO, bringing down its website with a barrage of emails sent from countless computers into which the worm had been insinuated, unbeknownst to the users.
It was HTTP GET requests. Problem is most PHB listen to people like him but they can't even get the freaking details right on small shit like that. Yes they were probably hit bad with MyDoom email viruses but so my 6 user server. HTTP GET DDOS was targeted at them but that has been zero proof of a Linux Zealot targeting them. Let me know when you get evidence not just some speculation.
If the virus were written by Linux coders it woulndn't have failed so badly when it triggered. The poorly written code has to have been written by someone with intimite knowledge of poor coding skills and Microsoft vulnerabilities... Humm... Do I smell a disgruntled MS employee?
Here's what immediately follows that last quote...
So, it seems likely that the perpetrators of the MyDoom virus and its variants are internet vandals with a specific grudge. SCO is the big, bad company that violates one of their sacred principles, as they would see it.
There's no proof, of course, but it must be one of the theories at the top of any investigator's list.
And this is from a organization which allegedly deals in "news" ?
<grrr>
A new version of MyDoom has been found that is targetting bbc.co.uk
Screw that! Someone write a mydoom variant which targets the BBC. That'll teach them to bad mouth linux zealots.
If I seem short sighted, it is because I stand on the shoulders of midgets
I would argue that this violent reactionism is one sign that OSS is on the verge of mainstream acceptance. Throughout history, as new ideas have supplanted older, closely held ones, the group that holds fast to those practices and principles becomes more and more marginalized and reacts by lashing out viciously. Could this be the case here? I think it is. Hopefully these opposing voices will continue to get smaller and more violent, alienating even more people from their cause. Besides, who can argue with free publicity?
Also, I, being a 'run-of-the-mill geek', am quite flattered that I now have the ability to gleefully (and apparently psychotically) 'wreak damage' on people's computers. Guess I picked that up and didn't even realize...
[BBC: "Deep in the darkness of the psyche, vandals and arsonists no doubt have their reasons - and so, presumably, do the run-of-the-mill geeks who wreak damage on the unsuspecting computer user."]
So, the BBC aren't actually saying that Linux users are behind it. They're saying that it is a theory that many people give weight to!
I have linked MyDoom to SCO and Microsoft as well.
I have also linked Saddam Hussein to Iraq and the BBC to Great Britain.
I am very good at linking.
I wrote some feedback:
0 4/ 28worm.htmls news/detail/d efault.asp?contentItemId=733®ion=america
>>>>>>>>>>
There are several points completele missed in this article. Evidence for my claims is given by the links mentioned below.
1) The main function of the worm is not to attack SCO Servers but to turn the infected desctop into a remote controlled robot with a keylogger.
2) The worm is _very_ likely not written by a private person in his freetime but by the russian Spam mafia wich needs those remotely controlled desktops as mail-relays to send spam.
3) The big majority of the Linux-Community does not think at all that all Software (or even all Operating Systems) have to remain free. They just expect that a license applied to a software is to be honored. This claim should be valid for any license, even the GPL.
http://www.ajc.com/business/content/business/01
http://www.messagelabs.com/news/viru
For more evidence about the complete voidness of SCOs IP-Claims information is gahtered at
http://www.groklaw.net
All information there is elaborated and with information where the source of the information is.
regards
PS: I'm a progammer earning my money with closed source. That does not hinder me to be a fan of Open Source products and to publish something once in a while.
Hope, it was politely enough and the spelling ok. I'm a native German, was never very well in foreign languages.
Trolling is a art!
Bill Thompson (BBC Technology Guy) spins conspiricy stories that suit /. frequently... they generally appear on the front page and are applauded by the posting community.
Hi
This is in relation to the story "Linux cyber-battle turns nasty."
The is telling people who read the Business section that:
"run-of-the-mill geeks" are "wreak[ing] damage on the unsuspecting computer user."
There is no evidence that this has been coded by 'geeks', Linux or otherwise. Most reputable IT news sources are agreed that the main aim of the virus is to install a 'backdoor' to allow spam to be sent through the PC. This means the virus is *much* more likely to have been written by (or partly sponsered by) organized crime.
It's not mentioned once in the article that the virus opens a back door to allow the PC to be remotely controlled. Is this perhaps because it doesn't fit in with the way the article was crafted..?
"in the case of the MyDoom computer worm, the motivation seems clearer. It has attacked a company based in Utah called SCO, bringing down its website with a barrage of emails sent from countless computers" Good lord - if you're going to do a tech story, get a techie to read over the damn thing before you hit 'send'. The attack was *not* carried out using emails. How would you address an email to a website? It was a DDOS attack. Two words - Goo gle. Is is a silly point? Perhaps but when the BBC is writing about computer viruses I tend to expect them to do the tiniest bit of research.
I use Linux, and I think it's aims are noble. I am insulted that this lazy article tars Linux users with these baseless insinuations I ask that you withdraw the article and/or print a retraction.
Over at Userfriendly.org
0 5
http://ars.userfriendly.org/cartoons/?id=200402
MYDOOM found on MOON
A group of internet "Hackers" have discovered that the MyDoom Virus was, conceived, compiled and unleashed from a small crater, just five minutes walk from the Tyco Monolith!
Well, it's just as believable...
I've never shoed a horse, but I once told a donkey to piss off!
My feedback to the BBC:
4 /28worm.html and http://www.chron.com/cs/CDA/ssistory.mpl/business/ 2376200).
I'm not a Linux zealot, I don't even use Linux, but I have been following the SCO vs. Linux story for a while now. The article "Linux cyber-battle turns nasty" is far below the high journalistic standards the BBC have set in the past. It contains nothing but bad conclusions without any basis in fact. The fact of the matter is that most computer security experts think exactly the opposite of what is stated in the article: That the MyDoom virus was written by email spammers testing out virus technology to use in future spamming. It is very convenient for the virus writer that the Linux community is blamed for the virus. Simple research on the internet reveals many sources backing this (http://www.ajc.com/business/content/business/010
Please don't let the high quality of factual reporting by the BBC revert to tabloid sensationalism.
I've also complained - text below
... believe that code should be free to all (open source)." They do not. "Open source" means that the source code may be viewed. It does not mean that it is free. It can be checked worldwide and modified (under license) as needed by individuals, corporations and countries.
------
Dear BBC,
Your story "Linux cyber-battle turns nasty" by Stephen Evans has caused me to write in to point out a number of issues with both the tone of the story and the "facts" portrayed by it.
Firstly, Mr Evans has stated that the virus was unleashed by Linux advocates to damage SCO. He has stated this as a fact, not an allegation. The MyDoom virus has, in fact, been traced back to Russia and is believed to be the work of organised crime. Most reputable news sources have reported this and it saddens me that the BBC, which I have always believed to be one of the best news sources, has fallen down badly in this respect, reporting an unsubstantiated allegation (which was easily checked) as fact.
He also states the virus is written specifically to take down SCO's servers. It is not. It appears designed to turn desktops into remote controlled robots that log keystrokes (such as credit card details) and act as spam relays. Thus it would be of great use to organised crime.
He further states that "internet zealots
Overall, the story appears to be slanted unquestioningly against the Open Source community, accepting allegations as facts and ignoring available contradictory evidence. Could you explain why this line has been taken?
It does seem to me to fall well short of the BBC's standards of reporting. It also fails to highlight the largest concern that may affect your readers - the fact that the virus turns their machines into remote controlled traitors, logging their keystrokes (and jeopardising their privacy and any banking details) and relaying illegal spam. A reference to the story of the Dorset father who lost custody of his daughter after a similar trojan deposited child pornography on his computer, acting as a safe remote storage site from a technologically skilled pervert, would not have gone amiss here , to highlight the severity of the case and remind your readers to take care online.
For information on SCO's IP claims against Linux, please see www.groklaw.net.
Wow, what an article, it brings journalistic research and factual accuracy to new lows with some baseless assertions thrown in for good measure. I thought the BBC just got spanked over poor journalism.
Factual Errors:-
1. "bringing down its website with a barrage of emails"
The MyDoom virus used a barrage of HTTP requests to bring the www.sco.com website down. Websites and mail systems are different, they use different protocols, ports and servers. The virus spread by email, it *did not* use email to perform a DDOS on www.sco.com.
2. "Two years ago, SCO claimed that it owned more than 800,000 lines of the system which had always been available for free and to anyone since its invention in 1991."
This is actually a few errors in one, bravo!
"Two years ago" - This is incorrect, SCO first claimed that Linux contained improperly contributed Unix code in early 2003, this is not two years ago! At that time it did not claim "more than 800,000 lines" that came later.
"...claimed 800,000" - SCO expanded its PR claims in mid 2003 to include the "more than 800,000 lines" quote. This is only 6-7 months ago, not two years ago.
"since 1991" - SCO has claimed that contributions to the Linux kernel post v2.4 impinge on its rights - this is not the code from 1991. It has not yet claimed rights to any of the 1991 code!
3. "On top of that, SCO has sued IBM, accusing it of using SCO property because it too uses Linux."
SCO has sued IBM over a contract dispute, it has not sued IBM because it uses Linux! SCO has claimed that IBM has used Unix methods and trade secrets improperly in its contributions to Linux (SCO claims it is a succesor in interest to Unix copyrights, methods and trade secrets which Novell sold to Tarantella - this is also in dispute).
4. "Despite the law-suits against users by SCO,"
SCO has not sued any Linux users. It has sued IBM, it has been counter sued by IBM, Red Hat has sued SCO, SCO has sued Novell. At no time has SCO sued a Linux user.
5. "Meanwhile the court dispute between SCO and Linux users (rather than the cyberspace war between SCO and the hackers) is scheduled for next year in a court in Utah."
There is no court dispute between SCO and Linux users (see above).
So most of the article is factually incorrect, and then he casts baseless assertions with a follow up disclaimer.
"There seems little doubt that SCO was targeted - illegally and unacceptably, lest anyone be in any doubt - because it has enraged many people devoted to the Linux operating system"
"There's no proof, of course, but it must be one of the theories at the top of any investigator's list."
What sort of journalism is this? This should be in a crappy tabloid not a government owned and respected news service.
If you don't like their reporting, use the feedback form:m
http://news.bbc.co.uk/2/hi/help/3281777.st
"Linux cyber-battle turns nasty"
Is your reporter Stephen Evans aware that MyDoom is a virus that is perpetrated by MS Windows machines? Meaning the virus was written to run ON windows BY a windows programmer...
Could Mr. Evans please next time indicate where on earth he finds the factual evidence to support his amazing theory that mydoom is the "wrath of internet zealots who believe that code should be free to all", or are we now to believe the BBC supports baseless ranting against a group as diverse as those who support open source software? Couldn't it easily have been caused by disgruntled shareholders, maglignant ex employees or al quaeda for that matter?
Thank god you didn't have a luminary such as Mr. Evans sexing up Iraqi WMD stories.
Of those to whom much is given, much is required.
Sadly this will get modded to Troll.
I can't count the number of times I've wished for a "(-1, Martyr)" moderation option.
TheFrood
If you say "I'll probably get modded down for this..." then I will mod you down.
Linux cyber-battle turns nasty
By Stephen Evans
BBC North America Business Correspondent
The MyDoom virus has triggered a new wave of attacks from lazy business journalists. It is also looks like a new front [sic] in a war waged by those who want to argue from facts and those who just make up anything that comes into their heads.
It's usually no easier to fathom the motives of virus creators than it is of any other perpetrator of damage for damage's sake. But I'm going to be clever and subtly equate their motives with normal geeks in the first paragraph just to prepare the ground for you. There - done.
In the case of the MyDoom computer worm, the motivation seems clearer. This is a good point and I'll ignore the alarm bells it rings, since I've just said how most virus writers' work is baffling to explain. Then I'll introduce SCO as the victim and assert that the perpetrator was someone devoted to the Linux operating system.
The a quick paragraph on the history of the case which gets almost all major facts wrong followed by an entire section drawn on the very shaky premise that it must have been a geek Linux internet zealot who believes that code should be free to all. A few pointed jabs at Linux users later and I'll quickly admit that there is no proof of any of this, but that my (and of course your) conclusions should be clear.
My conclusion is just as lazy. A nice section of speculation and poor research to finish off - with all the usual trigger phrases like "experts are pondering", "possibility", "might", and "internet blackmail."
By now you can guess that I am an utter moron, with no more qualifications to be a business correspondent than a piece of cheese.
--- Hot Shot City is particularly good.
I had the page loaded in the browser and blindly reloaded the page (not sure why), something changed!
I'm not sure how much changed but the line you quoted is now
The MyDoom virus has triggered a new wave of attacks on company websites.
Apparently, it was last updated 10 hours ago, which is wrong by about 9 hours.
The attack also raises the possibility of internet blackmail, with companies threatened by individuals or even an individual who might be anywhere.
Say what now?
BB
Dear Sir Or Madam
As a license payer, I have always been happy that the BBC, to the best of its ability, maintains a high quality, unbiased news service.
However, as a Linux user, I am thoroughly appalled at the comments made by Stephen Evans in his article "Linux cyber-battle turns nasty" (URL below).
Mr Evans seems to imply that anyone who chooses to maintain his right to open Internet protocols and open data standards by using the free Linux operating system is, in fact, a malicious criminal.
While I accept that there are possibly a very small percentage of "cracker" activists within the Linux community who might be extreme enough to launch DDoS (Distributed Denial Of Service) attacks against SCO and Microsoft via the MyDoom virus, Mr Evans has demonstrated how little he knows about the topic he has chosen to discuss in his article.
Firstly, writing a virus is no easy task and an irresponsible programmer that chooses to create a new virus needs to have a very deep understanding of the inherent weaknesses in the application or operating system that the virus is intended to propagate through. Since the MyDoom virus spreads via Microsoft Windows & Outlook, it is therefore safe to assume that the creator is an expert Windows programmer.
Secondly, the Linux community is made of knowledgeable computer users who have chosen to use a free operating system rather than the majority choice, Microsoft Windows. Each member of the community has his/her own reasons for making this choice but, essentially, those reasons are encompassed in the following list:
1) Microsoft and other commercial vendors have quite clearly demonstrated support for a rental license model for their software such that, in future, their userbase will be forced to make regular payments to those vendors for continued use of their operating systems and applications.
The Open Source movement, which incorporates Linux as one of its "flagship" products (others being free Unix-type operating systems of the BSD family) believes that software can be created freely and handed out to the community to use and improve freely. This movement has grown despite Microsoft and continues to do so, thus demonstrating there is no need to wage some (non-existent) "war" against commercial software vendors.
2) Some commercial hardware and software vendors (including Intel and Microsoft) are keen to implement DRM (Digital Rights Management) technologies in their existing and future platforms. The purpose of DRM is to create hardware and operating system combination platforms that "decide" whether or not a particular application or piece of data can be run or used on that platform. These vendors have chosen to do this not for any concerns of security of their users but because this allows them to license this technology, at cost, to other vendors and their userbase while, at the same time, allowing them to cover up security weaknesses in their own products. The only people that will lose out with DRM are the users who will find that they no longer have the "fair use" of music CDs, DVDs and software that they previously enjoyed to create MP3s/MPEGs of CDs/DVDs they own for portable players, personal backups, etc.
The Linux community defends the right of any commercial enterprise to combat piracy and loss of revenue but not through DRM technologies that restrict the basic rights of all users, not just the criminals, from having fair use of products they legitimately own. Linux will never support DRM technology and Linux users can therefore guarantee themselves a future whereby they maintain responsibility for their dats, not some commercial enterprise.
3) Virus attacks via Microsoft Windows are reported in the media on a weekly basis yet I do not recall a Linux virus ever gaining media attention.
Whilst I would not define Linux as totally secure, the open source model and regular peer code review of open source applications means that security bugs are detected & fixed very quickly. Added to this tha
Gentoo Linux - another day, another USE flag.
I dont know about the new york times, but the BBC has a world wide reputation for unbiased news reporting. The fact that both the Chairman and Chief Executive both resigned because of a couple of unverifiable sentances that turned out to be wrong uttered by Andrew Gilligan tends to suggest that they take this seriously. I can assure you that your jibe will be recognised as the result of small minded childishness by most readers.
Facts are history now plebs have politics for religion on social media.
I would like to make a rather strong complaint regarding Stephen Evans's article "Linux cyber battle turns nasty", as featured as a front-page article on the 5th of Feburary.
/ 28worm.html
This article is presented as a factual piece, not an opinion column, and draws patently incorrect conclusions. Whilst the MyDoom virus does indeed target SCO and (in it's -B varient) Microsoft, the main payload of this virus is a spam gateway.
As someone whos main source of income deeply involves computer security, I find it insulting that Mr. Evans has apparantly made no attempt to research the history of these forms of virii, nor has he apparantly contacted any reputable anti-virus company regarding it. Meanwhile he postulates claims such as "it [revenge] must be one of the theories at the top of any investigator's list", and "in the case of the MyDoom computer worm, the motivation seems clearer". I find it very bad reporting that these claims are made WITHOUT actually asking any of the investigators opinion of the virus. It is a widely expressed opinion (see 'references' at the end of this message) by these security professionals that the Denial of Service attack is the SECONDARY function of the virus, and not at all related to it's true purpose. A simple search on Google, let alone contacting even local London-based security firms such as mi2g, would easily prove how factually incorrect this article is. In fact, to be harsh, it is a downright lie against common knowledge and opinion.
It is current common understanding in the anti-virus community that this virus is indeed designed specifically to facilitate commercial spammers, and that the inbuilt Denial of Service attack against SCO and Microsoft are a secondary effect and not intended as part of the original design.
Current monitoring of activity through infected machines indicate that the spamming functionality appears to be used by a very organised group of individuals, indicating the virus was possibly contract-coded. Current belief holds that the Denial of Service payload was added by said contracted coder.
As such, I do not belief it fair, nor good reporting, to use a proproted factual article to attribute the secondary (and in my opinion far easily avoidable!) of the virus as it's "purpose". The secondary effects may indeed by the result of a Linux user seeking revenge, but is currently understood to be more of a diversion from the viruses demonstratable true intent. There is a long tradition of this type of 'smoke screen' in many viruses intended for commercial benefit, as Mr. Evans would no doubt have discovered if he had researched the article more instead of using it as a pure propeganda platform and drawing unconfirmed conclusions.
I request that the article either be re-labeled as an OPINION piece, removed, or an more factually correct article be posted.
References:
These other news sites, containing articles by researchers willing to do actual research, contain quotes from reputable security and virus research firms confirming the opinion above:
http://thewhir.com/marketwatch/myd012704.cfm
- Contains opinion by London-based firm mi2g
http://www.msnbc.msn.com/id/4113278/
- Contains quotes from researchers at well-known antivirus developer F-Secure and Symantec
http://www.ajc.com/business/content/business/0104
- Contains quotes from various other computer security researchers
I'm not surprised to read that this piece was written by Stephen Evans, the BBC's North America correspondent. Evans has been for some time a shill on behalf of big business - anyone in Britain who has had to endure his relentlessly pro-MPAA and RIAA pieces will be aware of this.
Take for example this piece where Mr Evans comments: "Many students seem to think, apparently, that the internet is a law free zone." Oh yeah?