..Or How I Learned To Stop Blaming Hackers and Started Blaming Gamers
I recently read an article on the eWeek site, titled Cyber-Attack Wipes Data from Hard Drives at Major South Korean Firms.
In it the author briefly describes the destructive impact that a piece of malware, dubbed "Jokra" by Symantec, has had on several major businesses in South Korea.
"A destructive piece of malware, similar in function to the program used to delete data on tens of thousands of computers at a Middle Eastern oil conglomerate, caused widespread outages March 19 at major businesses in South Korea, IT security firms confirmed on March 20."
There's the usual talk about North Korea being the culprit, with the usual lack of corroboration and actual evidence of course, but then there's this somewhat odd non sequitur:
Both are terms—or suggestive of terms—from military history. Hastati are the poor or young inexperienced men who fight in the first rank of early Roman legions, while Principes were wealthier men in their prime who fought in the second rank using heavier arms and better armor, according to Wikipedia.
The term Hastati also appeared in the recent Halo movie, Forward Unto Dawn, referring to a specific squad of cadets. Considering South Korea's history of electronic gaming and game-related hacking, the use of the term could suggest an alternative theory as to the motives behind the attack.
I find a couple of things from this excerpt troubling. For instance, the attempt to imply that South Korean gamers might be responsible for the destruction based on an extremely weak claim, namely the fact that the malware contains a term, "Hastati", that is also used in a movie based on a game; especially since the previous paragraph makes a much stronger association with Roman military history.
Another issue I have is with Liam O Murchu, who is identified in the article as "manager of security response operations of Symantec's North American operations". Mr. O Murchu is quoted as saying
"A lot of gamers have these sort of more destructive tendencies, where they will boot you from a game and it's not seen as such a big deal," O Murchu said. "So it could be that someone annoyed the attackers and they are getting back at them."
I disagree with O Murchu's characterization that "a lot of gamers have these sort of more destructive tendencies..." but even if I didn't, booting someone from a game IS NOT a destructive act regardless of how much of a big deal it is inside the game.
I'm all for speculation and analysis and following the evidence where it leads but based on the information in this article the case for a "gamer" connection in this string of attacks isn't even anecdotal, it's just a logical fallacy of the first order. Which makes this sentence from the article even more ironic...
Yet, such an explanation would likely be supported by other evidence connecting the attack to the Korean gaming scene, he said.
It's irresponsible and unprofessional to speculate who the parties responsible are, based on incomplete, misinterpreted, or in this case, nonexistent evidence. Such speculation can lead to a range of outcomes, from having to offer embarrassing apologies much like how CNET had to correct themselves regarding Fyodor Lyon, author of nmap, found in this artile, to something as serious as a misguided retaliation against an innocent party or parties.
So speculate if you want to speculate and engage in flights of fancy to your heart’s content, but don't put things "in print" unless you have at least some level of corroboration.
Let me know what you think by leaving a comment for me on this page or @joeknape on Twitter.