As Mark Bowden’s science thriller Worm: The First Digital World War opens, a computer security expert named Phil is scrolling through a long list of computer threats. There were 137 attacks on that day, not an unusual number for an unprotected computer designed to attract mutant software:
“It was near the end of the workday for most Californians, November 20, 2008, a cool evening in Menlo Park. Phil took no notice of the newcomer at first. Scores of these digital infections were recorded on his monitor every day, each a simple line on his Daily Infections Log . . .
“This was the 137th that day. It had an Internet Protocol (IP) address from Argentina. Spread out across the screen were the infection’s vitals, including one column that noted how familiar it was to the dozens of antivirus (AV) companies who ride herd on malicious software (malware).
“Most were instantly familiar. For instance, the one just above was known to all 33 of the applicable AV vendors. The one before that: 35 out of 36. This one registered a zero in the recognition column: 0 of 37. This is what caught his eye when he first noticed it on his Log.
—Worm: The First Digital World War (p. 2). Kindle Edition.
It is Day 1 of the first Digital War, and this story is not a fiction thriller—It is true.
In a scene that could be from an issue of Marvel Comics X-Men, computer security expert Phil Porras has discovered a new mutant. The malware is trying to invade his computer and take control, but SRI’s computer is special; it is designed to attract and isolate malware without loosing control.
Think of SRI’s computer as a succulent honey-pot, a petri dish where visiting malware are allowed to grow so that they can be examined, identified, and, possibly, neutralized.
“The new worm in Phil Porras’s digital petri dish was announced in the usual way: a line of small black type against a white backdrop on one of his three computer screens, displaying just the barest of descriptors—time of arrival . . . server type . . . point of origin . . . nineteen columns in all.
The readout began:
17:52:00 . . . Win2K-f . . . 220.127.116.11
(NET.AR): PRIMA S.A, BUENOS AIRES,
BUENOS AIRES, AR. (DSL) . . .”
—Worm (p. 1).
Look at that readout. Does it make your eyes glaze over? As Bowden explains it:
“The Glaze is familiar to every geek ever called upon to repair a malfunctioning machine —Look, dude, spare me the details, just fix it!
Most people, even . . . people who spend hours every day with their fingertips on keyboards, whose livelihoods and even leisure-time preferences increasingly depend on fluency with a variety of software, remain utterly clueless about how any of it works.”
—Worm (p. 7).
The malware in the petri dish became known as Conficker. On that date, it was the most complex piece of malware to be discovered by SRI. It runs in the background of an infected computer without attracting the owner’s attention. Once a day, each running copy of Conficker tries to make an internet connection with a command and control computer operated by an unknown criminal called Botmaster who can issue instructions by reply mail (so to speak).
There are more that 10 million computers infected with Conficker; sending messages at the same time, they could completely overload the Internet as we know it (stopping Facebook, email, movie downloads, Skype, everything), but, oddly enough, the Botmaster has not issued any destructive commands. Not yet, but security experts are waiting and aren’t sure if they are ready.
Bowden, who wrote the best-selling thriller Black-Hawk Down about the 1993 Battle of Mogadishu, Somalia, gives a valiant try at explaining for the average person the complex world of Internet virus, worms, Trojan horses and botnets. At times the task seems overwhelming, but, to a large extent, he succeeds.
After reading Worm, you will have a better understanding of what is meant by ‘cyberattack’ and ‘cyberweapon’. These very words were used by the NY Times in their reporting on America’s use of the malware—Stuxnet:
Obama Order Sped Up Wave of Cyberattacks Against Iran
WASHINGTON — From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.
—NY Times (June 1, 2012).
SRI International was known as Stanford Research Institute or plain old SRI when I went to work there as a young analyst in the 60s. It was an exciting place to work because technology was changing rapidly and the scientists at SRI were eminent in their fields and often the first to try new ideas and inventions:
“One of the inventions SRI pioneered was the Internet. The research center is a cornerstone of the global phenomenon; it owned one of the first two computers formally linked together in 1969, the first strand of a web that today links billions. This was more than two decades before Al Gore popularized the term ‘information superhighway.’ “
—Worm: (p. 3).
Towards the end of the 60s, SRI was also exploring the uses of the computer to communicate:
SRI researcher Douglas Engelbart in 1968 gave a preview of what would become the staples of daily working life in the 21st century – e-mail, hypertext, word processing, video conferencing, and the mouse. The demonstration required technical support staff and a mainframe time-sharing computer that were far too costly for individual business use at the time.
—Wikipedia: (Personal Computer).
Taken together, the Internet and the Personal Computer are the foundation of today’s “connected world”, but the same connections that bring you Facebook and streaming video can also bring you malware that may use your computer for Spam or may track your finances (and even steal your identity).
If you use the Internet, have cable TV, or use a smart phone you are more connected than you may realize. It is in your self-interest to be careful about keeping your operating system and anti-virus program up-to-date.
Who knows? After reading Worm, you might even install a firewall for extra protection from the unseen malware invaders.
For more on Conficker, try this link (Lessons Learned, a PDF) to the Conficker Working Group.
“Connected” by Kasey McMahon is on display at the Brewery Artist Complex in Los Angeles. The artist funds her art by working as a creative consultant to tech companies. She created a life-size model of herself made from computer network cables. You can browse more of Kasey’s work online at Atypical Art.
Week 20-2012: Worm: The First Digital World War, Mark Bowden (2011).