Discuss WORM, the first digital war by Mark Bowden in vBCms Comments on The Army Rumour Service; How much do you think about the Internet? Do you realise how much we have come to depend on it for education, news, commerce, transport, logistics, entertainment, banking, shopping, or how it has become all ...
How much do you think about the Internet? Do you realise how much we have come to depend on it for education, news, commerce, transport, logistics, entertainment, banking, shopping, or how it has become all pervasive, interlinked with pretty much every facet of our everyday modern existence and now recent advances in chip technology will spawn a new generation of connected appliances (a projected 50 million worldwide) which means our domestic usage of the internet will extend even further. This growing dependence has some pretty interesting connotations, I wonder how many people realise that we've adopted the internet to such an extent, aside from the commercial and entertainment dependence, that huge elements of our critical national infrastructure are connected to the internet for monitoring, maintenance and operational purposes. We are vast approaching (if not past) the point at which we depend on the internet in a way I doubt we ever considered we could. So what happens if the internet ceased to exist? Many suggest it would quickly lead to chaos and panic, but is it possible that the Internet could be taken down?
The phrase 'cyber warfare' has increasingly been bandied about in the last 2 years and worms/viruses/trojans have all made the news headlines but how many people really understand what they are and how they could affect them and how likely is it that these could destroy the internet? Through "Worm" Mark Bowden explains the story of what was (probably) the first time that this became a real possibility; The story revolves around the discovery in 2008 of Conficker, a strain of malign software of unverified origin (but may have emanated from Ukraine) that suddenly appeared with no warning then began to replicate across the internet with hitherto unseen speed and agility. Being a worm it followed a set behaviour pattern, it attempted to move undetected from computer to computer, silently infecting as many as it could, in each case doing no obvious harm to the host it infects, just like an organic parasite. Ingeniously as it infects each computer it even repairs the security flaws that allowed it access in the first instance, then it stops the computer downloading security patches, finally satisfied it has made an undetected ingress it sets out to infect more computers and quietly awaits instructions from a master computer.
So the purpose of a worm is to create legions of infected computers forming a sleeping army called a 'botnet"; Bowden explains that this isn't a new phenomena, worms have previously been used to create botnets that have been used to send SPAM or inflict Denial of Service attacks - a way of knocking out computers by having so many computers simultaneously and repeatedly send them requests they simply fall over from the effort of trying to respond - a favourite tactic of hacktivists. Where conficker was different was the speed by which it propagated and the size of the botnet it created. Indeed confickers botnet was so large it was feared that the volume of data it could create wouldn't just take down companies it could take down the entire core infrastructure of the internet! But despite initial fears conficker didn't appear to actually do anything (echoes of Y2K set in - cry wolf and be laughed at) the experts wondered if perhaps it was a researchers experiment gone awry and hence, initially, the challenge to understand and defeat conficker was largely one of personal and academic pride.
What is really interesting is Bowdens account of how conficker was discovered and challenged by what was a pretty disorganised and eclectic group of IT experts from industry and academia who soon came to realise they had met with an adversary as worthy as their collective intellect. When they made their first breakthrough discovering that the worm would generate a random list of 250 internet domains to contact (in which the worms master computer could be hiding) they ingeniously fast forwarded the worm in the lab and set out to takedown those web domains in advance, a genius move which prevented the worms controller from issuing a command and the worm revealing its true purpose but then the unexpected - conficker changed, it appeared in a new form, not just featuring better self protection but cutting edge encryption and making good an error found in its original incarnation. Its designer sent a message to the collective of good guys by not just looking at 250 web domains but by increasing that to 250,000 per day. I see you and raise you - this was poker with incredibly high stakes and the good guys soon realised that the speed of response and the technical subtleties that conficker displayed suggested the author was no bored teenager sitting in his bedroom, this was more likely to be a funded team of people with an exceptionally high level of technical competence (researchers, hacktivists, a nation-state, thatís still completely unknown?). One thing is clear, the developers understood that their worm had the capability to swamp the core routing infrastructure of the internet and avoided doing so. Their deployment of conficker was clearly intelligently managed.
Bowden tells this story with some technical detail but not enough to bring on "the glaze" (the amusing effect he describes that his collective heroes have as they try to explain technical issues to non technical people). He follows the good guys as they realise they have a problem of epic proportions on their hands one which they really didn't have any responsibility, authority or funding to handle and documents their subsequent efforts to make more people aware of what was happening and its implications. What Bowden unearths and what is truly scary is the complete lack of Government support they received -indeed the one good thing that conficker may have brought about was a wider awareness of the cyber threat and the recognition that Governments needed to have a response to events like these given our increasingly reliance upon the internet. After conficker changed and the collective redoubled their efforts to counter the revitalised worm it simply stopped - no new variations were noted, its infection rate dropped, in effect it died. But did it? No, this enormous bonnet is still in place and granted as computers get old and are replaced it gets smaller but in essence an enormous malignant viable bontnet is still there and what occurs to me is that this is just one we know about. If the creators of conficker were so quick and skilful to learn from what was being done to their pride and joy in 2008, what have they developed in the intervening 4 years, how advanced have their worms become are we just one command away from the internet being brought to its knees and should we start to move our key systems away from integration with the internet?
A very relevant and technical tale told in a very easy to read and enjoyable manner. A very quick read and one which will appeal even if youíre not into IT or security, this book will give you an idea of whatís behind the increasing press reports of cyber attacks and hackers, youíll even understand why Microsoftís announcements of patches for flaws can in themselves be hugely counterproductive (The big leak: Microsoft's epic security fail | Cringely - InfoWorld).