10 July 2002, 12:04 PDT - This time it is real. The great cyberwar has begun. I am sure of it. I have decided to record whatever happens here because I am certain that one of the many scenarios I have studied over the past decade is now taking place. Two days ago the following message(which is attatched in this post) was posted anonymously and with great craftiness on several commercial news sites.

Image:

This declaration appeared on the front page of the CNN site at 8:30 on Monday morning. The CNN chief webmaster issued a statement an hour later claiming that it was not an official post and that their logs showed that no one inside the company could have posted it. Within seconds of appearing on the CNN site it also appeared on other high-traffic sites, such as USA Today, The Guardian, ESPN SportsZone, Disney.com, and Africa Online.

It seems like a great hack, and it is. But from the moment I read the declaration and saw the few headers from it that were posted, I felt deep in my being that this was no joke. All day Monday the cyberpundits deconstructed the hack. No one is taking it seriously. The old gurus of online security have focused on the technical aspects of such a widespread, simultaneous, and up-front hack. The webmasters have been embarrassed and admit they have no idea how such a broad prank could have been pulled. How can you post a notice on a front page without anyone official noticing it? It even made it onto the evening news and the morning papers. But by Tuesday it was off the TV news. I began looking at what logs and data I could find - most of it posted on the instant site www.peoplefree.net/ that got going yesterday - and the more I read the more worried I became. I'm worried about the nondescript and inconsistent origins of the headers, worried about what the declaration said.

Then this morning at 10:30, the president issued a press release, which I read on MSNBC. And this is what has me worried the most. She said that the message "superimposed" on CNN and on other news Web sites is believed to be a hoax, and that it is typical hacker mischief to be deplored, and not to worry, blah, blah, blah. It's all under control. She also said "our country has the best infrastructure monitoring system and is ready to protect critical systems throughout the country should there ever be an emergency."

That worries me because I know what this means - it means they'll activate that still-born, Clinton-era disaster, the Minimum Essential Information Infrastructure (MEII). Hah! It's a load of horseshit. It couldn't protect a welded storage container. And I've told them that more than a hundred times, which is why I was dismissed. So yesterday I got two of my top Naval Postgraduate School students here in Monterey to help me process whatever we could find on the case. We decided to consider ourselves a crack cyberwar deterrent team. Ivar and Connie think it's all very educational. I think it may be the start of something very ugly. But we have no cred to do this. It doesn't help when you have to call from the Naval Postgrad School and ask someone for a sensitive path routing. "The Naval what?" they ask. "Are you calling from a boat?"

Connie has been terrific. She has turned down her Living Death CDs and amassed quite a mountain of data in the last 24 hours. Ivars has contacted the owners of as many of the hacked Web sites as he can to obtain logfiles and just anydamnthing else he can wrangle away from them. He's also discovered several newsgroups where the declaration was posted that were not mentioned before. As we expected, the "People" used several anonymous remailers to brush over their trails on Usenet, but Ivars noticed that the sequence of remailers was unusual.

more...