The author of "Black Hawk Down" recently published a book about internet security and the Conficker worm, the most successful malware program known to date. I am not an IT guy, but from the interview, it seems that Conficker was written by expert hackers in Ukraine (who still remain anonymous) to tunnel into millions of Windows PCs and subtly control some of their processing resources, and then answer to a mother computer. Their aim seems to be the creation of a massive "botnet" of 10-12M slave computers worldwide that basically aggregate their processors to become the most powerful supercomputer in the world (even better than our best, expensive NSA comps). It's like those movies with the little nano-machines piling up to become a huge scary monster.
With this asset, the masters of Conficker may be able to brute-force crack computer encryption, presumably to guess passwords to steal money and/or secrets. 128-bit encryption technology can maybe produce gazillions of possible passwords (>10^38), which would take too long for even modern supercomputers to plow through. But the Conficker botnet can do this much quicker, and it's masters are now "leasing" the botnet resources to other criminals seeking to steal something. In theory, the penetration of Conficker is so great that its masters would be able to shut down the global internet if they wanted, but they seem more inclined to use it to steal, so it's left unharmed.
How the heck does Conficker infect PCs? Good ol' Microsoft did not make Windows XP very secure, and their engineers eventually discovered a vulnerability for remote access. So they issued a typical software update/patch to close the hole, and anyone who regularly updates their Windows OS should be safe. But the problem is that most PCs running Windows worldwide are using pirated versions that are not eligible for updating (another consequence of OS piracy: exposing the whole internet and trillions of wealth to crime; thanks a lot, China). So those users are totally exposed unless they download antivirus software or a free anti-Conficker program written pro bono by the "Conficker working group" near Stanford (calling themselves "the cabal," a team of volunteer cyber-security experts who recognized the danger of Conficker and are trying to stop it on their own time and own dime, because gov'ts are way behind the curve and doing nothing).
The irony is that Conficker started infecting PCs after this Windows patch. It's possible that the hackers analyzed the patch to reverse-engineer and discover what the Windows vulnerability was, so MS gave the bad guys a free how-to guide to hack Windows! By trying to fix their product, MS brought about the Conficker infection (in addition to many other similar malwares that have been since identified, and lord knows what we haven't found yet). Another consequence of monopoly: concentrated risk. And even though Conficker doesn't affect Mac or Linux, that's not to say that those OS's are any more secure. The Conficker masters just see less value in infecting the much smaller global population of Macs and Linuxes, which would create a much wimpier botnet. So take that, Apple snobs (and FYI, iOS has been hacked repeatedly so far).
Why can't we identify and shut down Conficker? Infected PCs show virtually no symptoms of infection, and are blocked from receiving any new updates, so it is a very clever parasite (and as I said, most of the infected PCs are not in the West). It just uses the processor selectively without slowing down your normal apps. But all the slave comps must answer to the mother comp for instructions, right? Why not just use that communication to locate the criminals and shut it down? Well, Conficker is elusive and doesn't just route all slave communications to one IP address. Then it would be easy to track, like a phone trace. But each day Conficker commandeers 250 IP domains, so it requires more effort to track down, and recent Conficker strains now use 2,500 domains and even 5 "high level" domains that are very secure. The hackers know that the poorly-funded cabal is the only group trying to stop them, so they just needed to make Conficker communications too costly to trace and block.
So where the hell is the gov't in all this? Isn't our security and economy at risk? Conficker seems a lot more of a concern than a couple of Taliban fighters with AKs. Obama just started a US Cyber Command within the NSA, a whole year after Conficker was discovered, but I surmise that they are grossly unprepared for the challenges ahead. Russia crashed Georgia's e-infrastructure with a worm/virus prior to its military invasion. McAfee pretty much implicated China in hacking some major US websites too, so the writing is on the wall. Hasn't anyone seen "Live Free or Die Hard?" We need McClane to rescue us.
The cabal approached the Pentagon and NSA to ask for help to fight Conficker, and maybe even sequester their computing resources. But they were summarily turned down, possibly over territorial or state secrets issues. I am sure that the NSA has a couple interns working on this (what else could be a higher priority for them, Mugabe's cell calls?), but clearly they are not winning (like Charlie Sheen). Here's another hilarious side-story. Remember how the US and Israel crashed Iran's computers controlling their uranium enrichment program? It set them back like a year. It's quite possible that our spooks hired the Conficker botnet to do that, or at least created our own similar worm inspired by Conficker.
Corporate and gov't cyber security is not up to task, but in this climate of austerity, it may be a hard sell to demand more investment in this area. No one cares to protect themselves until after the first disaster strikes (even though a few have already struck, but we just didn't care). I am sure the Ukrainian gang is a super-talented bunch of hackers, but they should be nothing compared to the resources that China or Facebook (no connection suggested) can devote to cyber-security, or cyber-warfare. Modern states already know that the best way to bring each other down (besides nukes) is to crash our e-infrastructure that we so depend on and take for granted. And even so, a cyber attack could disable our nukes and military. The internet was developed by idealistic engineers who wanted a free flow of information, so unfortunately it's structure is inherently vulnerable. We take the good with the bad, but ignoring the problem to this degree is just unacceptable. Fortunately, the likelihood of worms directly stealing our passwords and meager e-weath is still quite low. But what's the value of our little savings account if our national financial system gets wiped out?
No comments:
Post a Comment