CyberWatch Column

Urban Myths

M. E. Kabay, PhD, CISSP-ISSMP

Professor of Computer Information Systems

Norwich University, Northfield, VT

This is another in a continuing series devoted to how ordinary people can protect themselves when using the Internet.

Pranksters have been using e-mail to fool gullible people for years using a particular sort of incorrect information:  deliberate hoaxes.  A hoax is a mischievous trick, especially one based on a made-up story.  There are two major kinds of hoaxes circulating on the Internet:  urban myths and false information about viruses.  The archives in the Urban Myths Web site are full of hilarious hoaxes, some of which have been circulating for years.  Before we get into the details, let's think about the reasons that hoaxes can last so long on the 'Net?  Why don't they die out?

The problem is the distributed nature of the Internet.  Information is not distributed solely from a centrally-controlled site; on the contrary, anyone can broadcast any kind of data any time.  There are neither reliable creation dates nor obligatory expiry dates on files, so if someone receives a five-year-old document, they may have no obvious way of recognizing its age and they almost certainly have no instant way of knowing that its information is obsolete or flatly wrong. All they see is that the document has been sent to them recently, usually by someone they know personally.

Here are some notorious examples of the bizarre and sometimes disturbing urban myths that are thoroughly debunked on the http://www.urbanmyths.com Web site:

• Expensive cookies:  someone claims that a Nieman-Marcus employee charged $250 to a credit card for the recipe to some good chocolate chip cookies (this story has been traced to a false claim dating back to 1948 in which a store was accused of charging $25 for the recipe to a fudge cake.
• Don't flash your car lights: in a gang-initiation ritual, hoodlums drive down a highway with their car lights off.  Flash your lights at them and die!
• Watch out for poisoned needles: insane, vengeful druggies leave needles tipped with HIV+ blood in movie theater seats / gas pump handles / telephone change-return slots.
• Lose your kidneys:  visit a foreign city, go drinking with strangers, and wake up in the morning in a bathtub of ice with two neat incisions where both your kidneys have been removed.
• Poor little guy wants postcards:  Craig Shergold is just one of the many real or imaginary children about whom well-meaning people circulate chain letters asking for postcards / business cards / prayers and even money.  Shergold was born in 1980; when he was nine, he was diagnosed with brain cancer and friends started a project to cheer him up – they circulated messages asking people to send him postcards so he could be listed in the Guiness Book of World Records.  By 1991, he had received 30M cards and an American philanthropist arranged for brain surgery, which worked:  Shergold went into remission.  The postcard deluge didn’t.  By 1997, the local post office had received over 250M postcards for him and he was long since sick of the whole project.
• Wish you would stop Making a Wish:  Around the mid 1990s, some prankster inserted false information about the Make-A-Wish Foundation into the outdated chain letters concerning Shergold.  The unfortunate organization was promptly inundated with e-mail and postal mail, none of which is in any way useful or relevant to their work.

No corporation or charity will pay you for forwarding an e-mail message.

• Key indicators that a message is a hoax:
• use of exclamation marks (no official warning uses them);
• use of lots of UPPERCASE text (typical of youngsters);
• misspellings and bad grammar;
• no date of origination or expiration;
• inclusion of words like “yesterday” when there is no date on the message;
• references to official-sounding sources (e.g., Microsoft, CIAC, CERT) but no specific document URLs for details (URLs for the general site don't count);
• no valid digital signature from a known security organization;
• requests to circulate widely (no such request is made in official documents);
• claims that someone is counting the number of e-mail messages containing copies of the hoax;
• threats about dire consequences if someone “breaks the chain” by refusing to forward the message;
• claims of monetary rewards that, upon reflection, make no sense (e.g., the Disney organization will send you $5,000 – for forwarding an e-mail message);
• use of complicated technical language such as “n-th dimensional complexity infinite control loops” that doesn’t make sense;
• claims of damage to computer hardware from viruses or other computer software.
• Before alerting anyone to apprehended threats, check the anti-hoax pages on the Web, as suggested in the Resources listing below.

Alt.folklore.urban and Urban Legends Archive < http://www.urbanlegends.com  >