Terrorist in Malaysia forces U.S. elections to be postponed

Microsoft to be nationalized under Dept. of Homeland Security

Tom Ridge, who heads the Department of Homeland Security, spoke briefly to reporters on Monday after the attack came to light. "The Internet has become indispensable to our national security and economic well-being," he said. "Terrorists can sit at one computer connected to one network and can create worldwide havoc. They don't necessarily need a bomb or explosives to cripple a sector of the economy, or shut down a power grid," he said.

"Real havoc has been unleashed today in the form of a computer worm," Ridge said. "Under the provisions of the USA-PATRIOT Act, as amended, and in accordance with Articles 1 and 2 of the U.S. Constitution, I have ordered all federal, state, and local elections to be postponed. All incumbent elected officials at all levels of government will remain in office until further notice," Ridge said.

He did not give a timetable for when elections might resume.

"Scezda is a catastrophe for national television networks that use computer modeling to predict the winners of an election," Ridge added. The worm, similar to a virus, could also cause widespread spam slowdowns and sporadic porn site outages.

The Department of Homeland Security raised its terror threat advisory to "severe" (red) from "elevated" (yellow). Ridge ordered the shutdown of all non-essential public and government computer systems "in order to mitigate this heinous threat to the United States of America and all she stands for."

A computer virus writer in Malaysia who is sympathetic to the cause of the Al Qaeda terrorist group is believed to have written the "3-in-1 megaworm." The virus writer, who goes by the handle Melhacker and is believed to have the real name of Vladimor Chamlkovic, is also thought to have written or been involved in the development of the VBS.OsamaLaden@mm, Melhack, Kamil, BleBla.J and Nedal worms.

In an exclusive interview with Computerworld reporter Dan Verton, Melhacker confirmed earlier reports by Chantilly, Va.-based iDefense Inc. that he had deployed version 2.1 of his "three-in-one" megaworm, code-named Scezda, that combines features from the well-known SirCam, Klez and Nimda worms.

"This is a next-generation Internet computer worm," Melhacker said in the exclusive interview. "It exploits a flaw in all JPEG image processing software." JPEG is a format used to store photographic quality images. Electronic voting booths rely heavily on pictures to help voters choose the best looking candidates for their precincts and congressional districts. Melhacker claimed his new worm can infect any computer that displays a JPEG image.

Melhacker also confirmed earlier intelligence reports that he has ties to both Russian hackers and Pakistani virus writers.

National Guard units in all 50 states have been mobilized to combat the worm, Ridge revealed. "They are being armed with antivirus software and will be dispatched to voting booths scattered throughout their respective states." The use of national guardsmen in times of crisis is nothing new, Ridge said. "The only difference is that they're protecting us from a digital enemy."

Speaking at a news conference, Senator Charles Schumer (D-NY) and Representative Zoe Lofgren (D-CA) announced they had convinced their states' governors to impose martial law until the Scezda worm can be contained. California and New York are the two biggest states in terms of computer usage.

Schumer made it clear that he fears "we could be on the verge of a digital armageddon." He called on other members of congress to "take the courageous actions that I and Congresswoman Lofgren have taken." He said that doing so would ultimately save lives, because "this [Scezda worm] is possibly the principle form of 21st century warfare."

Speaking at a news conference, Defense Secretary Donald Rumsfeld confirmed he asked military leaders for "response options" to deal with whoever unleashed the Scezda worm. Possible military actions include anything from covert special operations to an invasion by ground & air forces. Even a tactical nuclear strike may be considered.

"I'm leaning toward a couple of JDAM missiles to 'neutralize' this cyber-terrorist," Rumsfeld said. "But any decision to use force will be up to the president. Which is still George Bush," he clarified.

Malaysia ambassador H.E. Dato' Ghazzali bin Sheikh Abdul Khalid expressed deep sorrow over the cyber-terror attack, but warned "our country will not allow" any violation of their sovereign territory. He insisted "we will deal with this Melhacker person in a Malaysian court of law." Ghazzali encouraged U.S. officials to provide "any and all compelling evidence to our prosecutors so that justice may be served."

Officials from the U.S. government and private industries on Monday implored worldwide organizations to protect themselves from the Scezda worm. Representatives from the White House, FBI, Microsoft, and others decided to take the step in the face of one of the largest ever dangers to the Internet.

Along with posting various warnings on their web sites, government officials and representatives from Microsoft were preparing a news conference for Monday afternoon to publicize their efforts. The government routinely works with private companies to issue warnings about new hack attacks and viruses, but only once before have they made such a high-profile stand.

U.S. officials have been particularly concerned about a cyber-terror attack during the presidential campaign since the Madrid railway bombings in March. The bombings, while only physical in nature, killed nearly 200 people and occurred on the eve of national elections. Spain's ruling party was ousted. Dozens of professors and scientists had previously signed a letter to President Bush, warning that terrorists could use the Internet to damage "the national psyche and economy more broadly than did the September 11th attack."

While Scezda's actual infection rate is unknown, it is believed to be in the hundreds of millions of Internet-connected computers. In just the first nine seconds of its outbreak, it infected more than 173,214,919 voting booth applications.

The government-funded U.S. Computer Emergency Response Team said the worm is predicted to start spreading again Tuesday at 8:47a.m. Eastern Time. "This spread has the potential to disrupt applications running in electronic voting booths," a US-CERT advisory warns.

US-CERT officials are frustrated that even though a software inoculation was made available over two months before the worm surfaced, many voting booths are still defenseless. The patch, which will protect computers, can be found on Microsoft's web site.

The worm defaces electronic voting screens with an image that says "Hacked by Al Qaeda." While it doesn't destroy or alter data, it could be modified to do so. "This is why we must postpone elections," Ridge explained. "It's possible the author of this worm may be trying to rig the system to put someone in office who might have lost."

Ridge bristled when a reporter observed all elected officials will remain in office even though they might have lost the election. "That is because I ordered it," he snapped back. "There is a big difference between a cyber-terrorist who undermines a national election, and an unelected official who orders a sitting president to remain in office after his term expires."

Ridge ordered election officials across the nation to discard all absentee ballots. "There is reason to believe this worm has modified electronic absentee ballots," he explained. When asked if his order also applied to paper absentee ballots, Ridge said "yes, they [election officials] must shred them. Better safe than sorry."

Independent presidential candidate Ralph Nader was watching live coverage of Ridge's press conference. "He's definitely an unelected official," Nader quipped. "I think it was proper to declare a national emergency over the Scezda worm, but it's a sad day in America when the president's underling can keep him in the oval office."

Nader agreed Ridge has the power to postpone elections but said he would challenge Ridge's "supposed authority" to order the shredding of paper absentee ballots "as a precaution against a computer worm." Presidential candidates from the Libertarian and Workers World parties announced they would join Nader's lawsuit.

The Scezda worm exploits a flaw discovered in September in JPEG image processing software. It is found in most operating systems in use around the world. The White House took precautions against it by turning off all of their computers, including those that run the www.whitehouse.gov website.

Last week, the Pentagon was forced to shut down public access to all of its computers temporarily to purge and protect them from version 2.05 of the Scezda worm. This earlier version displayed pictures saying "AFRTS is pronounced A-FARTS." Military web servers will soon be configured to only display text, not graphics, a Pentagon spokeswoman said.

Ridge called on Congress to nationalize Microsoft and put it under Homeland Security. "The government relies on Microsoft and other technology companies to secure everything from defense networks to financial systems," he said. "The protection of the Internet requires a partnership with the government, private companies and the public as a whole. But this is an emergency, and we must act with emergency powers."

Ridge said the company would be known as the "Microsoft Office" within the Department of Homeland Security. He hinted he would nominate Microsoft founder Bill Gates to oversee the new federal bureaucracy.

Ridge scoffed when asked if he would also seek to nationalize the antivirus industry. "This cyber-terror attack could be the work of a nation-state," he alluded. "Antivirus vendors must be allowed to protect the computers of any nation-state we choose to retaliate against. They cannot afford to be an asset of any one nation."

Ridge became flustered when a reporter asked if the U.S. might attack the antivirus industry. "We'll burn that bridge when we come to it," he eventually responded.

Antivirus experts from Symantec, McAfee, Trend Micro, and other firms have announced that they will soon sell products to defend voting booths against cyber-terror attacks. "We'll charge a small fee per registered voter for our software," Symantec CEO John Thompson told reporters at a press conference.

Trend Micro founder Steve Chang said his firm would undercut Symantec's pricing. "We will only charge for each ballot that is cast," he said. "It's illogical to get paid to protect voters who don't vote."

On Wall Street, nearly all stocks had plummeted on the news of the election postponement, but shares in computer security firms showed a healthy increase. Symantec's stock price jumped almost 20% within minutes of Thompson's announcement. Trend Micro's stock price jumped 16% after Chang's announcement.