1/22
Let's talk about how the 2,000pp "House 2.0 antivirus experiment" was in fact an intelligence report (aka "INTSUM") on the global #antivirus industry.
It began in 1999 after I'd revealed the existence of "EIS," later renamed "ADVEIS." It was an #antivirus rootkit...
Let's talk about how the 2,000pp "House 2.0 antivirus experiment" was in fact an intelligence report (aka "INTSUM") on the global #antivirus industry.
It began in 1999 after I'd revealed the existence of "EIS," later renamed "ADVEIS." It was an #antivirus rootkit...
https://twitter.com/vmyths/status/1376924020432633863
2/22
ADVEIS stood for "Antivirus-Dependent Vulnerabilities in Email Infrastructure Security." I developed it in the late 1990s while working at A.G. Edwards & Sons building the U.S. brokerage industry's first SOC.
I gave a public lecture on ADVEIS, then dusted my hands of it.
ADVEIS stood for "Antivirus-Dependent Vulnerabilities in Email Infrastructure Security." I developed it in the late 1990s while working at A.G. Edwards & Sons building the U.S. brokerage industry's first SOC.
I gave a public lecture on ADVEIS, then dusted my hands of it.
3/22
But ADVEIS had rankled the #antivirus industry.
This led IBM bigwig David Chess to call my office.
I admit it: Chess is the one man I never beat in a philosophical match.
"So, Rob: you got root access from every AV company's products. What are you going to do *next*?"
But ADVEIS had rankled the #antivirus industry.
This led IBM bigwig David Chess to call my office.
I admit it: Chess is the one man I never beat in a philosophical match.
"So, Rob: you got root access from every AV company's products. What are you going to do *next*?"
4/22
Chess's question stuck in my craw for months.
Then I recalled my disdain for #antivirus firms that couldn't write an INTSUM (intelligence summary) on any virus writer. They'd write anecdotes at best, love letters at worst.
Hey, I'll show AV firms what a real INTSUM is!
Chess's question stuck in my craw for months.
Then I recalled my disdain for #antivirus firms that couldn't write an INTSUM (intelligence summary) on any virus writer. They'd write anecdotes at best, love letters at worst.
Hey, I'll show AV firms what a real INTSUM is!
5/22
Denise & I stood on the verge of building "House 2.0," a rather high-tech two-story with CAT6 wiring and a computer lab that could be fully isolated during, say, an "aggressive" virus study.
I approached Denise with the upgrades I'd need...
Denise & I stood on the verge of building "House 2.0," a rather high-tech two-story with CAT6 wiring and a computer lab that could be fully isolated during, say, an "aggressive" virus study.
I approached Denise with the upgrades I'd need...
6/22
"You know my server room in 'House 2.0'?"
"Sure."
"I, uh, need a second 6' data rack."
"Really."
"Yes, really. Each needs its own UPS."
"Really."
"Yes, really. And I'm going to need servers."
"Well, of course."
"Yeah-- no. I need more."
"You know my server room in 'House 2.0'?"
"Sure."
"I, uh, need a second 6' data rack."
"Really."
"Yes, really. Each needs its own UPS."
"Really."
"Yes, really. And I'm going to need servers."
"Well, of course."
"Yeah-- no. I need more."
https://twitter.com/vmyths/status/904239969425920000
7/22
"How many more servers is 'more'?"
"I, uh, ... I need something like a dozen now."
"A DOZEN?!?" shouted Denise. "What do you plan to *do* with them?!?"
And I said "they're not going to be used ... for ... their intended purpose..."
(I had 15 servers when Denise died.)
"How many more servers is 'more'?"
"I, uh, ... I need something like a dozen now."
"A DOZEN?!?" shouted Denise. "What do you plan to *do* with them?!?"
And I said "they're not going to be used ... for ... their intended purpose..."
(I had 15 servers when Denise died.)
8/22
Denise ultimately signed off my business case--
--yes, I went that far with it
and I folded ~$15,000 extra into our mortgage to support "the House 2.0 antivirus experiment." You can read about it in Wired Magazine's profile story on me:
wired.com/2001/08/the-ma…
Denise ultimately signed off my business case--
--yes, I went that far with it
and I folded ~$15,000 extra into our mortgage to support "the House 2.0 antivirus experiment." You can read about it in Wired Magazine's profile story on me:
wired.com/2001/08/the-ma…
9/22
As construction finished up, I approached every #antivirus vendor EXCEPT McAfee & Symantec & Trend Micro. "Look, I'm convinced 'The Big Three' promote poor corporate AV policy. I intend to write an AV policy pack anyone can use as a template. I need your help, BUT..."
As construction finished up, I approached every #antivirus vendor EXCEPT McAfee & Symantec & Trend Micro. "Look, I'm convinced 'The Big Three' promote poor corporate AV policy. I intend to write an AV policy pack anyone can use as a template. I need your help, BUT..."
10/22
"...I will not sign an NDA with anybody. I'll totally understand if you don't want to help me for this reason."
And everybody said "oh, hey! We definitely want to help if you're not working with The Big Three!"
I got all the more backdoor access to their techno-wonks!
"...I will not sign an NDA with anybody. I'll totally understand if you don't want to help me for this reason."
And everybody said "oh, hey! We definitely want to help if you're not working with The Big Three!"
I got all the more backdoor access to their techno-wonks!
11/22
As you can see below, I couldn't #ahem just start writing an INTSUM on a global security industry when there are certain "Title 50" legal restrictions. But it's a straightforward process to avoid Title 50 if you just keep your "SSO" in the loop!
As you can see below, I couldn't #ahem just start writing an INTSUM on a global security industry when there are certain "Title 50" legal restrictions. But it's a straightforward process to avoid Title 50 if you just keep your "SSO" in the loop!
https://twitter.com/vmyths/status/823893714460405762
12/22
("Wait, Rob: 'SSO' is Ship Security Officer. That's Navy.
Weren't you Air Force Reserves?" Yeah, we Zoomies stole some terms from the Squids. Remind me to tell you about the time I flew jumpseat in a C-130 over Iraq and the pilot asked ATC to let him do a "Crazy Ivan"...)
("Wait, Rob: 'SSO' is Ship Security Officer. That's Navy.
Weren't you Air Force Reserves?" Yeah, we Zoomies stole some terms from the Squids. Remind me to tell you about the time I flew jumpseat in a C-130 over Iraq and the pilot asked ATC to let him do a "Crazy Ivan"...)
13/22
Okay, here's where it gets interesting. In 2000 one of the vendors' techno-wonks bitched that the White House was looking to host an #antivirus confab of some sort but they weren't invited.
"Hell, you know, <vendor> gets to go and they're giving viruses to the Chinese!"
Okay, here's where it gets interesting. In 2000 one of the vendors' techno-wonks bitched that the White House was looking to host an #antivirus confab of some sort but they weren't invited.
"Hell, you know, <vendor> gets to go and they're giving viruses to the Chinese!"
14/22
I'm like "wat"
"You didn't know? CARO is supplying China with viruses. It's supposed to be just the WildList each month but behind the scenes they're all feeding viruses to the Chinese to open trade doors... Why should *they* get to go to the White House?"
I'm like "wat"
"You didn't know? CARO is supplying China with viruses. It's supposed to be just the WildList each month but behind the scenes they're all feeding viruses to the Chinese to open trade doors... Why should *they* get to go to the White House?"
15/22
In one conversation after another, I'd slip in a "soooo... you guys aren't like McAfee & Symantec & Trend, giving viruses to the Chinese, are you?"
I learned another secret: WildList didn't know CARO was offering their research to the Chinese every month on the 15th.
In one conversation after another, I'd slip in a "soooo... you guys aren't like McAfee & Symantec & Trend, giving viruses to the Chinese, are you?"
I learned another secret: WildList didn't know CARO was offering their research to the Chinese every month on the 15th.
16/22
The INTSUM was now filling up with call notes, forwarded emails, and documents showing how CARO had turned into a #cartel bent on carving up the Chinese market in fairness to all #antivirus players--
--at Trend Micro's expense.
"House 2.0" was starting to lose focus.
The INTSUM was now filling up with call notes, forwarded emails, and documents showing how CARO had turned into a #cartel bent on carving up the Chinese market in fairness to all #antivirus players--
--at Trend Micro's expense.
"House 2.0" was starting to lose focus.
17/22
"House 2.0" started as a secret compilation of dossiers on the #antivirus industry so I could lecture to vendors at @virusbtn how to write a real INTSUM on virus authors.
But the revelation of McAfee, Symantec, and Trend Micro giving viruses to the Chinese gov't... "wow."
"House 2.0" started as a secret compilation of dossiers on the #antivirus industry so I could lecture to vendors at @virusbtn how to write a real INTSUM on virus authors.
But the revelation of McAfee, Symantec, and Trend Micro giving viruses to the Chinese gov't... "wow."
18/22
By early 2002 my military career had taken its toll on Vmyths[.]com and on the "House 2.0 antivirus project."
I was too busy in a military uniform to keep up the ruse.
But I had more than enough to work with. "Wait 'til Helen sees *this* Virus Bulletin CFP!"
By early 2002 my military career had taken its toll on Vmyths[.]com and on the "House 2.0 antivirus project."
I was too busy in a military uniform to keep up the ruse.
But I had more than enough to work with. "Wait 'til Helen sees *this* Virus Bulletin CFP!"
19/22
I was an Air Force Deployable Enlisted Historian (AFSC 3H0x1, see below). Natch, I wrote the "House 2.0" INTSUM in the style of an RCS:HAF-HO(A)7101 Historical Report. The forwarded emails & documents, my call notes, etc. took up 1,600+ pages.
I was an Air Force Deployable Enlisted Historian (AFSC 3H0x1, see below). Natch, I wrote the "House 2.0" INTSUM in the style of an RCS:HAF-HO(A)7101 Historical Report. The forwarded emails & documents, my call notes, etc. took up 1,600+ pages.
https://twitter.com/rsnbrgr/status/1218226038796378112
20/22
It was too late in 2002 to make that year's Virus Bulletin CFP. I forget why but I decided to flesh out a full 1hr presentation slide deck.
I was in our downstairs Great Room, "talking out" an idea for the slide deck, when Denise approached me:
It was too late in 2002 to make that year's Virus Bulletin CFP. I forget why but I decided to flesh out a full 1hr presentation slide deck.
I was in our downstairs Great Room, "talking out" an idea for the slide deck, when Denise approached me:
https://twitter.com/vmyths/status/1376908246800330754
21/22
What's STUPID here is that I'd placed a unilateral gag on Vmyths[.]com reporting any of this, to protect us from SLAPP suits...
...yet there I was, thinking "I'll show this off at Virus Bulletin so vendors finally learn how to write a damn INTSUM on virus writers!" 🤦
What's STUPID here is that I'd placed a unilateral gag on Vmyths[.]com reporting any of this, to protect us from SLAPP suits...
...yet there I was, thinking "I'll show this off at Virus Bulletin so vendors finally learn how to write a damn INTSUM on virus writers!" 🤦
22/22
And that, my friends, is how I learned the #antivirus industry supplied China with offensive virus technology right under @richardclarke's nose -- a story the Wall Street Journal broke 20 years ago this week.
(@threadreaderapp please unroll)
And that, my friends, is how I learned the #antivirus industry supplied China with offensive virus technology right under @richardclarke's nose -- a story the Wall Street Journal broke 20 years ago this week.
(@threadreaderapp please unroll)
https://twitter.com/vmyths/status/398305320495095808
@threadreaderapp please unroll
• • •
Missing some Tweet in this thread? You can try to
force a refresh
