Finally, the truth comes out. The Linux Community had nothing to do with the MyDoom attack on SCO. If you want to know who did it, read Business Week's account about "Hacker Hunters" and their roundup of criminal gangs:
Devilish trickery keeps the criminals one step ahead. In January, 2004, a new virus called MyDoom attacked the Web site of the SCO Group Inc. (SCOX ), a software company that claimed the open-source Linux program violated its copyrights. Most security experts suspected the virus writer was a Linux fan seeking revenge. They were wrong. While the SCO angle created confusion, MyDoom acted like a Trojan horse, infecting millions of computers and then opening a secret backdoor for its author. Eight days after the outbreak, the author used that backdoor to download personal data from computer owners. F-Secure's Hypp÷nen figured this out in time to warn his clients. It was too late, however, for many others. MyDoom caused $4.8 billion in damage, the second-most-expensive software attack ever. "The enemy we have been fighting is changing," says Hypponen.
Indeed, today's cybercrooks are becoming ever more tightly organized. Like the Mafia, hacker groups have virtual godfathers to map strategy, capos to issue orders, and soldiers to do the dirty work. Their omertÓ, or vow of silence, is made easier by the anonymity of the Web. And like legit businesses, they're going global. The ShadowCrew allegedly had 4,000 members operating worldwide -- including Americans, Brazilians, Britons, Russians, and Spaniards. "Organized crime has realized what it can do on the street, it can do in cyberspace," says Peter G. Allor, a former Green Beret who heads the intelligence team at Internet Security Systems Inc. (ISSX ) in Atlanta.
So, now that it's official, I'm sure SCO will issue a public apology for its false accusations. Oh, and there is that SEC filing too. I'm sure they don't want any false information in a SEC filing.
Groklaw stood alone on this story when it first broke, finding and reporting all the facts that challenged the SCO account. The next time someone comes to us with such a tale about Linux "extremists", let's learn from this. Until someone is arrested and convicted, we don't know who is responsible for criminal behavior, not even when we think we know who it simply *has* to be.
And I hope the mainstream media, which spread the malicious SCO innuendo about Linux "extremists" attacking SCO will now give equal space and time to the correct information. At a minimum, they should add an addendum correcting stories that remain on the Internet that attributed the MyDoom attack on SCO to the Linux community. I'm sure responsible publishers will do that. Because it is now known for sure: it was not the Linux community.