Many, many moons ago I had this brilliant series "Nobody Is That Dumb ... Oh, Wait" (the last one was back in March) where I made fun of people making dumb security claims with apparent - and often scary! - seriousness. Somehow I neglected this series, but a few days ago I was shown a super-shining example of sheer stupidity of immense proportions.
It all started in a remote country of Norway where one particular journalist discovered a horrible evil (mmm… Evil!) that threatens all life in the Universe (mmmm… Multiverse!): honeypots. Specifically, the English translation of the printed original from their “Aftenposten” newspaper starts like this:
“Unethical and unacceptable, says computer experts.”
Reeeeally? OMFG, thanks for enlightening me that an idiot in Norwegian is spelled “c-o-m-p-u-t-e-r e-x-p-e-r-t” :-)
“We have to trick the hacker to visit our home, without the him knowing. This sounds like a difficult task, but this is some of what honeynets are about. Tricking a hacker into our systems, allowing us to monitor him without his knowledge.”
Exactly: we “trick” them by using the secret honeypot “teknik” called “existence.” If a honeypot exists, somebody will hack into it. Deep, eh?
More fun quotes, hopefully with the correct translation:
“This is the same as if the cops would do private stakeouts in their spare time. No police department would have accepted that, says Professor of Law, Jon Bing.”
and
“This is far more serious than to set up a surveillance camera. It is more like building a new street and seting up surveillance cameras in the whole area, without the visitors knowing that the information is stored and analyzed, says Professor of Law Jon Bing.”
No comment; it is already pretty funny and pretty dumb. But it gets better:
“There is no doubt that the majority of data users who are monitored in honeypots, have not necessarily done anything criminal.”
Oh, so everything this guy learned about honeypots just went out of some hole in his head, interesting…
At this point a shadow figure emerges, which is behind all this: some Lance Spitzner, supreme commander of cybertank troops :-)
“The international organization was started by former US Army tank driver Lance Spitzner, in 1999, to take on the battle against attackers on the internet.
Bush advisor. Spitzner has been a computer security advisor for the American defence and former president George W. Bush.”
Apart from being 100% false in regards to Bush, it is also pretty darn funny. Please, dear journalist, promote me to the Cyber-Apocalypses Supreme Commander for the Priory of Zion :-)
Overall, let’s use this scale to put his article in proper proportion:
<---awareness ------ ignorance ----- stupidity ----- idiocy ------------------------------------- a particular piece of Norwegian journalistic excellence-|
In any case, if you are looking for a serious response to this from the Project, look here (“Comments on the Aftenposten article”) and here from Lance.