Opinion A New York Times researcher -- that's what they're calling themselves these days -- contacted me a couple of weeks ago about a story the newspaper was considering, writes SecurityFocus columnist George Smith.
"The World's Most Famous Virus-writers and Hackers!" was the general idea. The researcher was preparing memos on the subject so higher-ups could decide what development path to take. Should it be a photo-essay or written exposition? The researcher wasn't even sure it would see the light of day.
The name of Jeffrey Lee Parson came up. You may recall him as the slug arrested for spreading a spin-off of the Blaster virus. Well, it just so happened Parson's contribution to net wildlife had snarled the New York Times.
Yep, he wanted his virus to be famous, and it was, with just the right people. Fifteen thousand citations in Google-- among them, my favorite, "Evil Fiend or Sad No-lifer?"
The dull and sweaty Parson whined he was being set up as a scapegoat -- a scapegoat [!] -- by the FBI because the original author of Blaster was
still running around loose. True, but tough beans.
If the New York Times took sufficient interest in him, perhaps Parson could get an agent and pitch a book proposal: "My Country Versus Me." Maybe Rick Bragg, the famous journalist given the job of ghost-writing the Jessica Lynch story, could be hired.
Also mentioned was Kevin Mitnick. Do you think the Times ought to do more high visibility stories on him?
But the unmentioned elephant standing in the room was Adrian Lamo.
As the very definition of an Exxon Valdez-sized cybersecurity oil slick, Lamo hardly needed me to point him out to the Times -- again. Google citations: 50,000 or so.
What I couldn't make sense of was why Lamo was allegedly so interested in using the paper's Lex-Nex subscription? If true, he couldn't be quite as brilliant as portrayed. Using the Google news tab or a variety of search engines to look himself up would have worked just as well, maybe better, and kept the ridiculous claims in dollar damages out of the FBI's indictment.
"Adrian speaks!" from Security Helpnet, Croatia, for example, is in Google -- but I bet not in Lex-Nex.
Anyway, crushing vanity comes before a fall. And at some point in the distant past, the story of the wandering good-hearted young bum drawing attention to the computer security lapses of bloated sitting-duck corporations went from being quaint to an exercise in psychosis. He couldn't fix the nation's corporate security troubles, and he won't fix himself, so the FBI will attempt to fix him and everyone remotely connected.
So more spreads in the New York Times would be just the thing. Agent, publishing deal, Hollywood options. Call it "The Trial of Billy Jack, strike that, Adrian Lamo" or "My Country Versus Me (and some reporters)."
A good sidebar to our famous criminal-computer-security-expert-or-hacker-something expo could be "How To Start a Computer Security Business."
The featured player would be Brett Edward O'Keefe of ForensicTec, San Diego.
A little over a year ago O'Keefe entered the Fool's Hall of Fame when he landed on the front page of the Washington Post. The story told how his company had done unauthorized entries into Department of Defense networks and -- out of the goodness of its heart -- decided to inform the nation through the pages of its capital's newspaper of record.
A very stupid person might have believed the altruistic computer security town-crier angle if O'Keefe hadn't been pitching to the San Diego Union-Tribune at the same time. With the interest of the bigger newspaper in the pocket, he unceremoniously jilted his homeys.
Google citations of ForensicTec after appearance in Washington Post: Over one thousand, all varying flavors of bad.
O'Keefe, like everyone else here, made the tyro's mistake of confusing fame with success. Now he is considering these issues under the gun of six felony counts, which is what the FBI hit him with after a year of investigation from the day the Post made him frontpage grist. Two co-workers, it seemed, had also been persuaded to impeach their boss after being roped into the prosecution.
Brett, start working on your entertainment pitch now: "My Country and My Co-workers versus Me and My Company."
Finally, time to spike the myth that the only way to fix the nation's computer security trouble is to give cold showers to easy designated victims in the nation's leading two newspapers. Call a spade a spade over eager computer security men and hackers: you want the infame!
If you don't want to be thought of this way, stop chasing the media giants.
George Smith is a Senior Fellow at GlobalSecurity.org, a defense affairs think tank and public information group. He also edits the Crypt Newsletter and has written extensively on viruses, the genesis of techno-legends and the impact of both on society.