Worm: The First Digital World War (9 page)

BOOK: Worm: The First Digital World War
11.55Mb size Format: txt, pdf, ePub

He finally determined that it recorded the number of machines the worm had infected from that bot. He saw immediately why that would be useful. The worm was randomly infecting any machine it could infect, but some computers were more interconnected than others. Most of us live and work within a relatively small circle of people, so our computers interact with only a small number of others. But some people, and hence some computers, are what social network theorists call “nodes.” They are widely connected. They tend to be on the Internet full-time. They exchange information with an extraordinarily large number of others. The mystery number on the
http
line informed the botmaster which computers on its net were the most widely connected, and the most valuable. This meant that if the white hats succeeded in shutting the botnet down, its creators would not have to start over with random infections; they could begin by targeting the nodes, which would propagate the worm much more efficiently and quickly. That, thought Hassen, was “really, really clever.” These guys were creating this botnet
to last
.

The new worm was to do something else on November 26. It was programmed to contact a notorious malware distributor called
TrafficConverter.biz
. This site offered “affiliates” cash for steering suckers its way. Each unsuspecting computer owner conned into linking with the site began receiving bogus warnings of infection on his screen that directed him to download antivirus software, which sold for anywhere from $50 to $75. The real infection, of course, was
TrafficConverter
’s program, which blocked the computer user from contacting legitimate antivirus companies and would continually pester the user until he paid the fee. The site’s operators offered prizes for affiliates who brought in the most business, including a Lexus sports sedan. Huge amounts of money were made this way, both by the owners of
TrafficConverter.biz
and by its affiliates, who were raking in as much as $3.9 million a year, according to a report by cybersecurity reporter Brian Krebs.

But two days before the new worm was scheduled to steer its botnet to the scam,
TrafficConverter.biz
was taken down. Major credit card companies had suspended payment operations for the site, effectively putting it out of business. This turned out to be best for all concerned, including
TrafficConverter.biz
, because when the worm kicked in, it steered
83 million inquiries
to the site from 179,000 unique IP addresses. This would have crashed the site if it had been open for business.

At first glance, the connection with
TrafficConverter.biz
suggested a lead to the worm’s authors. About a month before the worm appeared, another notorious malware distributor, Baka Software, had sponsored a contest. It offered a new car to whoever could infect the most computers. Baka was responsible for a scam called “Antivirus XP,” and, as it happens, this was likely to have been the product downloaded by computers that contacted
TrafficConverter.biz
. The company also has a registered office in Kiev.

The connection suggested that the new worm’s designers might have been trying to win the contest. If the website had not been taken down, the worm would have steered an unprecedented flood of business its way—too much, as it happened. But there were other possibilities. Since the traffic generated by the new worm would have crashed the site, might it have been designed by
TrafficConverter.biz
’s competition? Or were the new worm’s creators toying with the white hats, creating a false trail, much as they had done with the packaging of the worm itself? Why not cover their tracks further by drawing everyone’s attention to a known malware distributor who was, in this case, innocent?

Whatever its purpose, the link to
TrafficConverter.biz
gave the worm a name. Some labs had been calling it “Downadup” or “Kido,” but Microsoft security programmers shuffled the letters of
trafficconverter
and came up with “Conficker.”
Ficken
is the German word for “fuck.” Blend that with English syntax and you get
ficker
, which this worm was, without a doubt.

The name stuck.

By December 1, Conficker had burrowed into an estimated 500,000 computers worldwide and was knocking out 250 new domains every day looking for instructions.

It was just getting started.

4
An Ocean of Suckers

 

HAVING MUTANT POWERS DOESN’T GIVE US

THE RIGHT TO
DOMINATE
OTHERS.

—The X-Men Chronicles

 

The idea of an infectious computer “worm” is lifted from the pages of science fiction. More than a decade before the Internet was born, the British sci-fi writer John Brunner invented the idea of a viral code that could invade and sabotage it in his 1975 novel
The Shockwave Rider
.

With startling foresight, at a time when Bill Gates was taking a leave of absence from Harvard to cofound “Micro-soft,” Brunner imagined a dystopian twenty-first-century world wired into a global “data-net,” controlled by a malicious state. His hero, a gifted hacker named Nick Haflinger, creates a program he calls a “tapeworm” that can infiltrate the data-net, spread on its own, and ultimately subvert the government. “My newest—my masterpiece—breeds by itself,” he boasts. In Haflinger’s case, much as with the creators of Wikileaks, the data-net is directed to break into government files and spill state secrets. Brunner chose to call his techno-weapon a “tapeworm” because the code, like the creature, consisted of a head attached to a string of segments that were each capable of regenerating the whole.

“What I turned loose in the net yesterday was the father and mother of all tapeworms . . . it can’t be killed,” he says. “It’s indefinitely self-perpetuating so long as the net exists. . . . Incidentally, though, it won’t expand to indefinite size and clog the net for other use. It has built-in limits. . . . Though I say so myself, it’s a neat bit of work.”

Brunner’s ideas about the coming digital world were clever, but as a prophet he was strictly derivative. His vision was of a piece with those of George Orwell, Aldous Huxley, Philip K. Dick, and others who foresaw the totalitarian movements of the twentieth century as portents of a dark future, where all power would be concentrated in the hands of an oppressive state. Each of these writers predicted that technology would be an important tool of state oppression—for Orwell it was TV, for Huxley it was psychotropic drugs, for Dick it was both of the above combined with bioengineering. For Brunner it was the computer, or, more correctly, computer networks. The ideas in
The Shockwave Rider
, particularly those about the coming age of digital interconnection, were largely based on futurist Alvin Toffler’s book
Future Shock
. They were so prescient that computer programmers recalled the “tapeworm” a few years later when they began devising the first real worms in research labs.

The fears Orwell, Huxley, Dick, and Brunner vividly articulated in their fiction still have adherents, and have inspired some striking and successful Hollywood films, but so far they have not panned out, certainly not in the case of computer networks. The structure of the Internet—or
lack
of structure—has worked against centralized state control. The thing has a billion heads. It is defiantly ground-up. Since it has become a factor in world events, governments everywhere have found it harder to keep secrets and to escape the public’s gaze. The “data-net” has proved so far to be a tool less of oppression than of liberation. And the architects of worms and viruses aren’t the heroic rebels battling state tyranny imagined by Brunner, but nihilists and common criminals.

In the mid-1970s, the only large computer networks that existed were at university, business, or government centers. Many of the young computer geeks who would create the Internet age, and in some cases amass great fortunes, first stumbled into the larger potential for such networks by borrowing processing time (with or without permission) to play games or show off their hacking skills. Gates and Allen used the computer provided to privileged students at Lakeside Prep, and when they outgrew it they persuaded the school to lease time for them on an outside one. There were few barriers to access, because computing power and connectivity were seen as entirely beneficial. Openness was essential to the movement’s appeal.

The first sour notes in this techno-Eden were simple devilry. The early computer networks were plagued by savvy outlaws, “cyberpunks,” who used their knowledge of operating systems to play pranks, to write juvenile slogans across the monitors of compromised computers the way graffiti artists scrawl their initials on urban walls. There was a playful quality to such efforts, undertaken often just to show off the hacker’s skill. The term was not entirely derogatory. Hackers took some pride in the designation, and had fans. Most of what they did was harmless. To this day the grungy long-haired geek living in his parents’ basement, fueled by pizza, soda, and junk food—the picture first painted by Weizenbaum—has become a cliché in Hollywood, bedeviling the powerful with his antisocial genius, thwarting malevolent syndicates, running rings around the “official” experts. These pioneer miscreants came to symbolize the anarchic spirit of the Internet movement, the maverick genius at war with the establishment.

But as the Inernet has rapidly evolved, so have its predators. The newness of computer networks, and their global nature, posed novel problems for law enforcement. In many jurisdictions, preying on people in cyberspace is not officially criminal, and often in places where it is, there is little urgency in prosecuting it. In his 1989 best seller,
The Cuckoo’s Egg
, Cliff Stoll told the story of his stubborn, virtually single-handed hunt for an elusive hacker in Germany who was sneaking around inside Stoll’s computer network at the Lawrence Berkeley National Laboratory and using it as a back door to U.S. Defense Department computers. The subject was hunted down but never prosecuted, in part because there were no clear laws against such behavior. For many people,
The Cuckoo’s Egg
introduced the netherworld of gamesmanship that still defines computer security. Stoll’s hacker never penetrated the most secret corners of the national-security net, and even relatively serious breaches like the one Stoll described were still more of a nuisance than a threat. A group calling itself the Legion of Doom had a good run in the 1990s, invading computer networks and showing off while not doing much damage. The group published a technical newsletter to advertise its exploits, and members gave themselves colorful comic-book-style monikers. There were other hacker groups like it, including the New York–based Masters of Deception. Some members of these clubs were hauled in and prosecuted by federal authorities in the 1990s, considerably upping the price of such stunts. Little of the old glamour still attaches itself to serious hackers; the game has evolved into something far bigger, smarter, and more menacing.

Real trouble arrived with the big DDoS (Distributed Denial of Service) attacks of the 1990s, which aimed tidal waves of service requests at certain websites. Instead of showcasing the skill of a hacker, the purpose of a DDoS attack was wholly malicious, sometimes political, often vengeful. A DDoS attack capitalizes on the openness of Internet traffic to simply overwhelm the capacity of an organization to respond. Those orchestrating such attacks employed computer networks to automatically generate request after request, multiple times per second, until they brought to a halt the servers for credit card companies, banks, the White House, government agencies, the Holocaust Historical Museum, political parties, universities, and any other vulnerable website that was deemed offensive. The worst DDoS attack came on October 21, 2002, when the Internet’s thirteen root servers were hit simultaneously. This was clearly an effort to bring down not just individual websites, but the Internet itself. The root servers survived the hourlong assault, but only barely. It forced such root servers to invest in heavily redundant stores of memory, enough to absorb massive potential attacks.

This event was important. It was a sobering demonstration for those paying attention, which is to say, the Tribe. This was a very small, select group of people. The vast majority of Internet users remained oblivious. So long as Google and YouTube and Facebook kept humming along, everyone else was happy. By the twenty-first century, the Internet was a given. It was there on your phone, in your car, on your iPad. It was everywhere, through either a WiFi or a phone connection. There were myths about its invulnerability. It could not be shut down, because it lacked any kind of central control or routing system, or so the story went . . . and there was some truth to that belief. The way the Internet routed information
was
entirely new, an advance over all previous communications systems, and one that was inherently sturdier.

Finding your way on the Internet isn’t as direct as, say, routing a telephone call. Telephone lines carry the electrical impulses of an outgoing call along wires down the shortest available path to the number being called. The big difference between the Internet and telephone networks, or the interstate highway system, for that matter, is that traffic does not flow down clearly defined, predictable pathways. There are detailed printed maps of telephone networks and highways, and the paths taken by calls and vehicles can always be clearly traced. One of the major conceptual breakthoughs that enabled the creation of the Internet was to do away with this clarity.

Other books

Sour Apples by Sheila Connolly
The Faded Sun Trilogy by C. J. Cherryh
Death of a Squire by Maureen Ash
Cluttered Attic Secrets by Jan Christensen
El Profesor by John Katzenbach
American Rebel by Marc Eliot
The Lost Dog by Michelle de Kretser