About | Buy Stuff | News | Products | Rants | Search | Security
Home » Resources » Rants

The Unsung Villains

Week of July 7, 2005

Scott Adams could have a field day.

If the Chinese had a Year of the Weasel, 2005 would be it. Sven Jaschan is on trial in Germany for creating and spreading the Sasser worm. He was found out because Microsoft offered a $250,000 reward for his capture and one of Sven's good friends had a price. First weasel.

Microsoft put out (and supposedly paid) a reward because their spin doctors had no alternative. Windows sucks and even teenagers like Sven Jaschan can poke holes in it. Far better then to paint Jaschan as some kind of evil manifestation than put the blame where it really belongs - Microsoft. Add on about 25,000 more weasels.

But the biggest weasels - the unsung villains - are about to appear in court. In this trial. Some of them at least.

What usually happens in trials like this is the following.

You first have to remember that companies dependent on IT (and that's almost every company today) have a reality distortion field that is noticeable as you get near the IT department or anyone concerned with it. (If this sounds like people not really in IT but nevertheless responsible for decisions about IT deserve our unreserved scorn, you've got the picture.)

It's almost impossible to point the finger in modern corporations: everybody passes the buck. The IT department will squirm and protest, claiming they've been advising management about the dangerous situation for years; management will be out of town but you can leave a message; and so forth.

To fully appreciate the depth of hypocrisy in trials such as Jaschan's you have to be intimately acquainted with the Life of the Weasel in modern corporations when it comes to IT. These weasels have no parallel in previous civilisations. They're a hundred, yea a thousand, times more reprehensible.

Any company anno 2004 (when Sasser hit) still running Microsoft products is guilty of criminal negligence, and prosecutors in most countries, if given the go-ahead, could prove their case and put big wig management behind bars.

Stockholders, and employees, and families all suffer because IT security is not what it should be. Some people probably know about the holes and the dangers, and some of them speak up. But they're generally ignored.

Then a little kid like Sven Jaschan hits. It wasn't even a Kevin Mitnick coup. It relied neither on obtuse code nor social engineering. It followed a recipe given by Microsoft a month earlier. And Microsoft had a patch for the hole - it's just that no one wanted to apply it, seeing as Microsoft patches normally crash an operating system, not protect it.

Not that there's any excuse for using Microsoft products or a way off the hook in this case: any company anno 2004 (when Sasser hit) still running Microsoft products is guilty of criminal negligence, and prosecutors in most countries, if given the go-ahead, could prove their case and put big wig management behind bars.

But these are weasels we are talking about here, the kind of animals Scott Adams loves to hate (and exposes so well). And now that the Darth Vader of hackers is being strung up, it's time to get out the erasers and the colourful pens and write lovely stories.

All the companies inexcusably hit by Sasser will be dramatising the event - they'll be spinning it. To their employees, to their management, to their stockholders, to their families. They'll be painting Sven Jaschan as some kind of incredibly evil genius who accomplished the impossible. They will directly and deliberately swerve attention away from their own monstrous culpability in the matter.

And they'll be out to scam big bucks.

Financial records will be doctored, claims of damages will be spiked - the lying feast will have begun. And Sven Jaschan will be credited with all that evil.

And most of it didn't even take place.

Let's hope the judge sitting the case in Germany is a fan of Scott Adams and can see through it.

Postscript: Trial Ends

It took but four days; Jaschan got a suspended sentence; the unsung villains hit immediately.

'Sven Jaschan avoided a jail sentence by the skin of his teeth.'
 - Graham Cluley, Sophos (a company dependent on use of Microsoft products)

'We're pleased that the author of the Sasser worm has admitted responsibility for the damage he caused and is being held accountable.'
 - Nancy Anderson, Microsoft

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.