The conspiracy theory returns and its 2007…..

November 24th, 2007 Drazen Drazic Posted in Bad Stuff, Dumb Security, Research, To cool, WTF, cyber crime |

Let me start by saying that many “experts” in our industry that I have spoken to also have a very strong opinion on this - many inline with what I am about to throw out there.

None have spoken out to my knowledge, given they feel they will be branded as conspiracy theorists and their reputations will be questioned and tarnished.

Are some “good guy” vendors doing “bad” things?

It’s the old story from the 90s that we all know!
Okay….lets start with this…. http://www.securityfocus.com/brief/632…but lets not use this as the number 1, sole basis of the argument. The writers here are not the first!……They are saying what I am about to say without the deeper potential accusations! I’m not going to mention names obviously.

I was not a conspiracy theorist until I met the CEO of one of the major players a couple of years ago……….back to that soon.

The vulns in antivirus/anti-badware software and what the implications have been are well documented in the public domain……Well are they really?…..Check all the vulns in the last few years in your favourite vuln sites for antivirus software vendors…..There is a lot!….but has it made mainstream press in terms of questioning risks to business and individuals?….No?! Why?… why is no one asking questions?

Now I have had an opinion for a couple of years that the old conspiracy theory may have some truth to it as I said! It is interesting to talk to the industry specialists who will “quietly” tell you that in their opinion, it is all very suspect and the same names pop up……

When I put my “conspiracy” theory to one of the specialists recently…his response was; “Oh f**k yeah….we think the same thing and yes, with company X….no question, we reckon it’s fact!” Gees….take that like I did…..think about it!

Now, back to my story of meeting the CEO of a major player a couple of years ago. Without giving too much away, this guy had no idea of his own business and what they were doing, but he was still presenting about what they were doing……things did not add up…..either he had balls bigger than a basketball or there was something else happening.

Was there evidence to suggest that that antivirus dudes in the 90’s kept themselves in business? Nothing you could pin them on. ….BUT ….. badware in 2007??

Shoot me down…..flame me….prove me wrong…….I would love that to be the case but sadly and based upon what I am hearing from some dudes who should know, I think I could be right!

Never accuse Beast or Buddha of being scared to put it out there.

2 Responses to “The conspiracy theory returns and its 2007…..”

  1. Big Galoot Says:
    November 26th, 2007 at 7:29 pm

    Off with the pixies…

    You’ll get no argument from Big Galoot on this topic.

    I’ve been rabbiting-on for eons like a mad automaton about the threat posed by black hats posing as white hats, as well as state-sponsored e-crime.

    Its just that this time, we’re talking corporation-sized fraud, instead of an individual or state. Its simply a matter of scale.

    So is it really ‘conspiracy theory’ to state the obvious - that a large corporation is capable of fraud ? Or more specifically, that it’s senior executives are capable and willing to defraud the general public ?

    Enron, HIH & AWB all spring to mind for some reason. Don’t ask me why. ;-)

    Harping back to Law Enforcement 101, I recall two important requirements needed for the commission of most crimes;
    1. Motive, and
    2. Opportunity.

    Looking at these 2 basic requirements from the perspective of an anti virus company, the motives and the opportunities are present in truckloads.

    So to those nay-sayers who honestly believe that an anti-virus company is incapable of fraud, for whatever reason, you’re obviously living in la-la land or are off with the pixies somewhere.

    Like DD, I also look forward to hearing from *anyone* who believes otherwise.

    Big Galoot.

  2. Drazen Drazic Says:
    November 26th, 2007 at 9:11 pm

    One thing I always go back to is the lessons I learn from the old heads pre-cybercrime - the cops who dealt with this shit before it hit computers…the basics are the same. I rely on a lot on info and base a lot of research from approaches recommended to me from old police mates. Most readers here don’t know that the BG is one of those old/ex detective mates. Well they do now if they’re reading this.

    Yeah…you’re to far out there mate with your opinions here and probably too far out there for many of the young security dudes….hey…to be honest, also for most Security Managers who have come up through the ranks.

    How does someone get that experience coming up from an IT Admin perspective?

    The lip service of bringing good cops together with IT in Australia is just crap but that’s another story!

    DD

Leave a Reply