The Grey Chronicles

2008.July.2

The Confessions of a Paranoid User


After the “self-proclaimed” Information Security Officer of GSPI, sent out the “Invitation email”

Do not open any message with an attached filed called “Invitation” regardless of who sent it, It is a virus that opens an Olympic Torch which “burns” the whole hard disc C of your computer.

This virus will be received from someone who has your e-mail address in his/her contact list, that is why you should send this e-mail to all your contacts. It is better to receive this message 25 times than to receive the virus and open it.

If you receive a mail called “invitation”, though sent by a friend, do not open it and shut down your computer immediately.

This is the worst virus announced by CNN, it has been classified by Microsoft as the most destructive virus ever.

This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus. This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept.

SEND THIS E-MAIL TO EVERYONE YOU KNOW, COPY THIS E-MAIL AND SEND! IT TO YOUR FRIENDS AND REMEMBER: IF YOU SEND IT TO THEM, YOU WILL BENEFIT ALL OF US.


I replied with this email, entitled: “Invitation” is a Hoax

Don’t perpetuate this type of emails. It’s a waste of time and email bandwidth.

Next time Junvi, do a simple research before emailing all the GSPI Users of imminent (though non-existent) danger.

According to Sophos <http://www.sophos.com/security/hoaxes/olympic.html>

“Many virus hoaxes:

  • falsely claim to describe an extremely dangerous virus
  • use pseudo-technical language to make impressive-sounding (but impossible) claims
  • falsely claim that the report was issued or confirmed by a well-known company
  • ask you to forward it to all your friends and colleagues

As usual, you are urged not to pass on warnings of this kind, as the continued re-forwarding of these hoaxes simply wastes time and email bandwidth. It is possible that you may receive a hoax via email with a file attached. Obviously, such file attachments should be treated with caution as they may be virus infected. Sophos recommends deleting virus hoax emails, whether they contain file attachments or not.”

Even Wikipedia, <http://en.wikipedia.org/wiki/Olympic_Torch_(virus_hoax)> states:

“Olympic Torch is a computer virus hoax sent out by e-mail first appeared in February 2006. The “virus” referred to by the e-mail does not actually exist. The hoax e-mail warns recipients of a recent outbreak of “Olympic Torch” viruses, contained in e-mails titled “Invitation”, which erase the hard disk of the user’s computer when opened. The hoax email further purports the virus to be acknowledged by such reputable sources as CNN, McAfee and Microsoft as one of the most dangerous viruses yet reported. In reality, the “Olympic Torch” virus is non-existent, and generally has not been reported by the organisations quoted.”

Being the supposedly Information Security Officer, be wary of things like these: prior to alerting us research first what the issue is (what are the experts saying?), verify the source (is it reliable, or is the information believable?), check your fact thrice ( Don’t succumb to hear-say but rather back your email with facts!).

Other articles on Olympic Torch virus as a hoax, are as follows:

http://www.symantec.com/security_response/writeup.jsp?docid=2006-022115-0852-99
http://www.cybertopcops.com/olympic-torch-virus-hoax.php
http://www.hoax-slayer.com/olympic-torch-virus-hoax.html
http://www.breakthechain.org/exclusives/olympicvirus.html
http://www.snopes.com/computer/virus/invitation.asp

BreaktheChain.org concludes:

“Since most e-mailed virus warnings today, like this one, are bogus, relying on these through-the-grapevine defenses is both unnecessary and unadvisable. Yet, in the ‘real world,’ relying on e-mailed virus warnings to ensure the safety of your computer and the data it contains is foolhardy at best and suicidal – technologically speaking – at worst. The so-called advisories are almost always false.”

Else, you would only be an agent provocateur or, worst, sowing seeds of terror yourself!


The “Information Security Officer” replied:

I have removed this email from all users. My mistake on forwarding it since i misread the report under NAI.



The “Information Security Officer” wrote again after two hours of the above email:

Next time you react, please verify it first on the originator. Right now I am not the one wasting bandwidth, I think that you are the one wasting it with your message sent to all users. Again all messages was removed at 2AM February 11 2007. You are just too paranoid with the issue.


I received another email from a System Engineer, who wrote:

Dear Guys,

I was surprised to received messages (my name was placed in the bcc field) from both of you regarding this “hoax virus” subject but anyway I would like to comment on it:

  • I didn’t received the original forwarded message from Mr. JunVi (maybe he realized the honest mistake before everyone else were able to open their messages : – ).
  • Then I got this message from [this Blogger] (the one in red below). Good job [this Blogger] in identifying the bogus email but I find your comments to Mr. JunVi a bit too harsh. You could have just said “JunVi, this torch thing is a hoax… here’s the link…” Even with this one-liner, you still scored one to our Info Sekyu Officer and I guess he will still think about it seriously…
  • Then I received this message from Mr. JunVi (the one in blue below) talking about paranoia… : – )

I think there’s nothing more to argue here. Both of you are valuable for the maintenance to our network and I salute both of you guys in keeping our network in good condition, Mr. JunVi as the official maintainer and [this Blogger] as the watchful super user…

Just remember that the two of you are the ones who will benefit much of a fast well-maintained network… : – )

Just my “dos centavos” guys…


I replied to the ISO’s last email, with an email entitled: Persistence is not Paranoia

From my viewpoint and within GSPI’s Lotus Notes, the original forwarder was you from someone named <june@dataworld.com.ph>, sending a copy to himself, then bcc’d you then forwarded the same email to All GSPI Users last Feb 11, 2007 00:14AM. I personally find it rather unethical to reply to the first originator <june@dataworld.com.ph>, who is not my acquaintance. I’m the third party in this scenario. Thus, I addressed my hoax email to you and sent it to All Users last Feb 11 09:23AM because the latter also have the right to know about it, although bearing the contrary position.
This is not paranoia, Mr I.S.O., it wasn’t my intention to waste the bandwidth either but rather it was my simple attempt to limit the surge in GSPI’s bandwidth usage because most of GSPI’s Corporate Users would believe you being the “Internet Security Officer” thus would attempt to forward your “Invitation” email to other email users in other external domains, such as Yahoo, Gmail, etc., this time using the very limited GSPI’s Lotus Notes system. Unlike you, my account doesn’t have a feature of deleting sent emails to All Users, so I cannot undo the Hoax mail. My sentence “It’s a waste of time and email bandwidth.” was only a paraphrased version of the Sophos statements, enclosed in quotation marks. It was a plea to All Users, also, not to perpetuate such types of email, as being advocated by the BreaktheChain.org.
You replied back on Feb 12 08:40AM and stated that “I have removed this email from all users. My mistake on forwarding it since i misread the report under NAI.” This reply would have sufficed, but then again you sent me a personal note cc:’d four others within ISS and restated that “all messages was removed at 2AM Feb 11 2007”. If the all messages were removed at 2AM, why then was I able to read your forwarded email o/a 9AM the same day, then concluded that I am just too paranoid with the issue?
Calling a person paranoid, is hitting below the belt, Junvi. Qualifying it with the pronoun “You” as the subject then modifying it with the word “just” is nothing but a direct personal attack. Let’s be professionals, here. A simple research using Microsoft® Encarta® offers two definitions of Paranoia as (1) distrust: extreme and unreasonable suspicion of other people and their motives. (2) psychiatric disorder: a psychiatric disorder involving systematized delusion, usually of persecution.
Forwarding the Invitation email to other GSPI users upon your receipt from an external source without research was unreasonable suspicion per se. Maybe you might have understood my last sentence “Else, you would only be an agent provocateur or, worst, sowing seeds of terror yourself!” The latter was neither snide nor derogatory. It was a simple caution, Mr. I.S.O.
My persistence on corporate information security is not a persecution. Information Security was my particular report topic and case analysis of choice while studying, I am just applying what I know, from a semester of research and study on MIS, particularly on this topic to a live corporate scenario. If you want a background check on me, ask [name of ISSD head], whom I believe is still your direct superior, and Sir [name of a co-Supervisor] or [name of MIS professor], both my professors at MSU-IIT. Also, ask either [four names of the ISO’s colleagues at ISSD]. Persistence and attention-to-details were the skills I honed from a year ‘s stint in GSPI’s Business Strategy where I check each single fact thrice, rechecked it thrice, reviewed it thrice, prior to sending them to top management, [names deleted], and for that matter anybody asking information from our Department.
I believe we are still in a democratic country, where dissent should be welcomed and not be called paranoid?
Hope this clarifies the matter.



The “Information Security Officer” replied with this:

If you want to act as a professional then act like one. You are crossing the boundaries of our job.
If you studied and get a degree as such as what you’ve stated but then again you are not hired as an IT administrator.
Let us do our job and do yours as well. End of topic.


The Information Systems & Services Department [ISSD] head; pinched in:

I think we should now put a stop to this exchange of emails. You have both aired your points and I believe we have all learned from the situation. This is no longer a healthy exchange of opinions.

I hope we will not forget these rules:

  • > Thorough assessment of advisories before we send out to plant users. In this case, I received the email from June of Dataworld and sent to the Administrators for assessment as whether it is valid or not prior to broadcast. Validation was made but advisory was sent prior to the completion of the validation. Email recall was done but a 0.3% failure caused much trouble.
  • > Careful thought in determining recipients of your emails (e.g. all-users). For sensitive emails, send them to the intended recipient only and other recipients (e.g. superiors) as needed.
  • > The email system is a good means of communication but talking to the person personally is still a better option in most cases.

I believe we all have good intents and let’s work at that level.


I replied to the ISSD head’s email, Subject: Formal Complaint

I believe I have abided by these rules when I sent the Hoax email. It was the first ever and only one email I sent to All Users, ever since I was given my Lotus Notes account. In that email, I only quoted some of the websites’ contents then added technically four (4) sentences of frank cautions paraphrasing the quoted websites. I believe I appropriately addressed the Hoax email to Junvi, being the ISO, then cc’d it to you then bcc’d All Users (recipients of the Invitation email) for info with good intentions. Through my Hoax email, the “Invitation” email was recalled and deleted by ISS from All Users.

By the morning of 12 February, many (locals and expats) were asking me that there was this email in the Lotus Notes calling me too paranoid. Because I don’t have access to a PC with Lotus Notes during this time, I was on Morning Shift, I was only able to read the particular email while I was on duty for the Graveyard Shift. I’ve read that message stating: “Next time you react, please verify it first on the originator. Right now I am not the one wasting bandwidth, I think that you are the one wasting it with your message sent to all users. Again all messages was removed at 2AM February 11 2007. You are just too paranoid with the issue.

Then next I read were the messages from four other persons asking me re: the “Invitation” email, and why the I.S.O. was calling me “paranoid”, meaning the latter message was sent to All Users [?], although I could only see from the email I received that it was sent to me, then to four other persons (names deleted) in ISS. I replied to this email (Persistence is not Paranoia) to the ISO, cc’d the four others plus a copy to you and [name of co-Supervisor] (whom I mentioned in the email) stating that this name-calling was “hitting below the belt” and asking for professionalism.

Then this last Feb 13 email is personally addressed to me but still cc’d to the four others, and this time [name of co-Supervisor], for what purpose I cannot fathom. I don’t know whether this one was sent to All Users, too. He was questioning my professionalism when he stated: “If you want to act as a professional then act like one.” then that I was crossing the boundaries of ISS job. If calling a person too paranoid is professionalism at its best, I don’t know what is its equivalent to the Engineer’s Code of Ethics. Correcting a false claim, as publicly acknowledged by the Internet community, is not crossing the boundaries of any one’s job. I sincerely believe I was right about this one, if my claim was incorrect, why then did the ISO deleted all the Invitation email from All Users account, then accused me of wasting the bandwidth right after? Security is not the single domain of the Information Security Officer, but rather it is the concern of every user of information. Just because one is the ISO or hired as an IT Administrator, one doesn’t have the right to publicly call a person names upon criticism and then publish it by sending it to All Users. Being ISO or IT Administrator, doesn’t give the title holder immunity against libel or slander, either.

What’s unhealthy about this exchange of emails is that the ISO made it personal by :

(a) Publicly calling me “too paranoid” in an email sent to All Users, many have already read.
(b) Deliberately publicly accusing me of wasting bandwidth when I sent the Hoax email to All Users, where in fact the Invitation email was only deleted from the Lotus Notes system AFTER I sent the “Hoax” email.
(c) Unprofessional antics: resorting to name-calling

Both of these instances are blatantly pure and simple libelous if not slanderous, which I believe is covered by the Rules of Conduct under Table B.14, to wit: “Threatening, challenging in any manner, or using libelous, slanderous, obscene language or heated / defamatory remarks against a superior, guest or co-employee during working hours or within Company premises.” After the ISO’s email to All Users, my good name is publicly (All Users of GSPI’s Lotus Notes) humiliated, being associated with the word “paranoid” from hereon.

Thus, with this email, I want an immediate formal public apology from the ISO sent to All Users within 24hours from receipt of this email, and if possible the deletion or recall of ALL those “paranoid” email. The apology should specifically state why the “Invitation” email was deleted from the Notes before other users were able to open and read it, as triggered by the “Hoax” email, and why public name-calling is not the be-all and end-all to resolve an issue.

With that apology…. that will be the end of topic.

I have deliberately not sent a copy of this email to the opposing party, or any other as this is is officially a formal communication from me to the Head of ISS Department.


The ISSD head; replied with this:

[My name], let me talk to Junvi. This is something that we can settle among ourselves. Let’s not further involve the other users. I consider you to be more mature as you have been a worker in this plant for years now so please let that be. Both of you may have been affected emotionally but again let this be a situation that we can all learn from and…… avoid.


The “Information Security Officer” sent a PERSONAL apology. Thus, to keep it private, I am only publishing my own rebuttal, below.


My rebuttal email to the ISSD head, Subject: Subject: Public, not Humble, Apology

Received the ISO’s humble apology yesterday (19 February), but to discern its implications to GSPI corporate scenario, I have postponed this following reply:

FACT: It was the ISO who involved the PUBLIC (All Users) on three separate instances:

(A) Issuing an “incompletely validated advisory” to All Users (PUBLIC) [“Invitation” email dated 10 Feb 2007]
(B) Pleading to save his credibility PUBLICLY by publishing libelous, slanderous statements using IT Administrator’s privileges through an official corporate communication systems. [ISO email dated 12 Feb 2007]
(C) Questioning someone’s professionalism PUBLICLY, when urged for professional etiquette, by deliberately sending the reply to the Paranoia email to some people, or approximately 50% of All GSPI Users (excluding duplicate names in GSPI Address Book’s groups).

The ISO’s credibility might have been questioned by All Notes Users by Fact (A) alone, but it was his OWN VOLITION, which further aggravated his own credibility as IT Administrator. The Hoax email may have posed concern regarding his capacity as IT Administrator, BUT his very own actions and statements made in haste without neither regard to the Department which he represents nor the responsibilities and accountabilities of being an IT administrator, made a simple to a complex issue. He only reverted to giving a copy of his own emails to his own Department Head, ISS when the formal complaint was filed.

While, credibility can be regained in a SHORT SPAN OF TIME through careful analyses of issues, diligence, perseverance and attention-to-details; in contrast, the moniker “Mr. Paranoid”, or the association of the word “paranoid” to my name WILL LINGER ON. The email regarding this issue as the ISO claimed to have recalled, with percentage unspecified, yet the DAMAGE WAS ALREADY DONE. Nobody can erase whatever Lotus Notes users might have read into or between the lines “You are just too paranoid on the issue” or “If you want to act as a professional then act like one.” Sure, this issue affected me emotionally, but not so much as it affected me professionally.

One can recall a presentation on Filipino Values and Traits, specifically: Value for Relationships ‘Amor Proprio’ which states “Filipinos learn to withstand a “loss of face” in some situations, particularly when they perceive themselves to be at fault, but it is devastating to be publicly criticized, insulted, belittled, humiliated or to lose one’s self-respect.” I believe I constructively criticized the ISO by means of criticizing the Advisory (citing Internet Security sites that can be read offline, cautioning of things to be wary about, plus suggestions for next time), but in return he insulted the manner I informed All Users of the hoax, belittled my professionalism and humiliated me personally by starting the association of my name to the word “paranoid”.

What he has done, he had already done; thus he should be liable to its just and appropriate consequences, whatever that might be. For my part, I have to regain whatever damage his public statements caused. Without this respective consequences, the only lesson that we can learn here is: Maybe in the future, anybody at GSPI could issue libelous, slanderous or obscene PUBLIC statements; PUBLICLY call a person names such as “paranoid”; then after seven days and three emails of prodding, one could offer the aggrieved party a PERSONAL, humble apology?

Thus, I regret to inform your good office that I have to reiterate my first proposal: a formal PUBLIC apology from the ISO sent to All Users specifically stating why the “Invitation” email was deleted from the Notes before other users were able to open and read it, as triggered by the “Hoax” email, and why PUBLIC name-calling is not the be-all and end-all to resolve a PUBLIC issue.

This apology and that alone will I rest my case.


Annotations:

In retrospect, after few months, although I filed a formal complaint to the Human Resource department, the case was never attended to by the latter. A month after lodging the complaint, the HRD head resigned due to personal reasons, unconnected to the above case. I never gotten my PUBLIC apology from the ISO neither from the ISSD, but the ISO and the ISSD never regained my respect.

This blog is posted for the purpose of studying the above exchange of emails as a positive proof of the truth in the following statement: “Better be paranoid about Internet/Information Security, rather than be an IGNORANT about it.” As Tcat Houser said it during the ILOVEYOU virus outbreak: “Wise Users Are Paranoid”!

On a more personal note, the ISO’s animosity to this blogger might have been triggered by a previous admonishment from this blogger regarding his comments during the Brontok worm outbreak at the same company.


Notes:

Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 LicenseDisclaimer: The posts on this site do not necessarily represent any organization’s positions, strategies or opinions; and unless otherwise expressly stated, are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: