Cyberdouchery of Kasperskian Proportions

So… I’m minding my own business this morning, reading Teh Titters… and I come across a retweet from my friend and all around mensch @jessehirsch. He’d retweeted someone pointing to the Scientific American article from yesterday in which the otherwise acceptable Evgeny Kaspersky of Kaspersky Labs was quoted from an interview in Spiegel

SPIEGEL: What kind of damage can a super virus like this inflict?

Kaspersky: Do you remember the total power outage in large parts of North America in August 2003? Today, I’m pretty sure that a virus triggered that catastrophe. And that was eight years ago.

Think about these points:

1. What the heck is Scientific American doing here? I can tell that they are pushing the article by David Nicol but this is more than just a little sensationalism.
2. Mr. Kaspersky – where is your brain? You don’t know, you weren’t there, you have effectively ZERO understanding of large scale grid operations in North America. Heck, I’d challenge you to find me a virus that runs on TruCluster and when there are thousands of pages of facts available, your opinion, however well formed, doesn’t mean shit.
3. The power of the re-tweet Jesse is one of the few journalists working today – and in a private conversation after I went all snotty on him on twitter, he pointed out that he cannot fact-check everything he tweets. This is a damn good point. And I apologized. The difference between “forwarding-ism” and “journal-ism” is fine, delicate, and completely frakked up in today’s press-wires are news world.

For the record – since Mr. Kaspersky can’t seem to find it – here’s the real information, with real links.

• The Official NERC documentation of the August 2003 Blackout
• The Ontario IESO (Independent Electricity System Operator) documentation of the August 2003 Blackout
• The technical blackout presentation which walks through exactly what happened and when (ppt)
• The technical blackout report (pdf)
• And the ACTUAL REPORT that tells you what ACTUALLY HAPPENED (pdf)

Of course, you could also have a look at my presention from Blackhat and DEF CON last year… SCADA and ICS for Security Experts: Avoiding Cyberdouchery …it’ll help you not look like Mr. Kaspersky looks right now.

So – how about instead of publishing some marketing screed – you drop the cyberdouchery and join the rest of us as we attempt to make our industry into something other than a bunch of tin-foil-hat wearing alarmists and get to the real work – which in your case would be an anti-virus product that detects viruses – you know, reliably, like all the time.

PS: It was the trees.