In 1971, Bob Thomas, an engineer working for Bolt, Beranek and Newman, the Boston company that had the contract to build the Arpanet, the precursor of the Internet, released a virus called the “creeper” on to the network. It was an experimental, self-replicating program that infected DEC PDP-10 minicomputers. It did no actual harm and merely displayed a cheeky message: “I’m the creeper, catch me if you can!” Someone else wrote a program to detect and delete it, called — inevitably — the “reaper.”
Although nobody could have known it 40 years ago, it was the start of something big, something that would one day threaten to undermine, if not overwhelm, the networked world. For as we became more and more dependent on information and communications technology, we were also subjected to a plague of what came to be called “malware.”
It’s an ugly term, as befits something that covers a multitude of sins, all involving computer code designed with destructive or malevolent intent. It includes not only viruses, which are programs that replicate by copying themselves into other programs, but also worms (self-replicating programs that use a network to send copies of themselves to other machines on the network, with or without human assistance) and Trojans (similar to viruses but instead of replicating they infiltrate a computer and perform some illicit activity, possibly under remote control). Malware also refers to other evils: the junk mail we call spam; “phishing,” or trying to hoodwink Internet users into revealing bank account passwords etc; page-jacking, which makes it difficult or impossible for a victim to get rid of a Web page; and other scams.
photo: Taipeitimes file photo
The malware plague has gone through several phases. It began in a harmless and experimental way with the creeper and a worm released on to the Internet in 1988 by Robert Morris, a student from New York State’s Cornell University. Morris wanted to find out how many computers were connected to the Internet so he wrote a small program that would install itself on every machine it found and send back a “present and correct” message.
But there was a flaw in his code that meant the worm replicated. On Nov. 2, 1988, network administrators realized something was up because their machines — and the network itself — had slowed to a crawl. In the end, the culprit was identified and carpeted, though it doesn’t seem to have done him any lasting harm: Morris is now a professor at the Massachusetts Institute of Technology.
Malware began on the Internet, but its next phase involved the stand-alone machines we now call personal computers. In 1982, a Pennsylvanian teenager named Rich Skrenta created the “elk cloner” virus that infected the Apple II, then the most popular personal computer in upmarket US households. Skrenta’s virus covertly altered the floppy disk needed to boot up the computer, displaying some doggerel on the screen on start up. It was annoying but harmless.
Early PC malware tended to be like that — irritating but not terribly destructive. And malware spread slowly, because most of these PCs were not networked; infections spread by “sneakernet” — i.e., users sharing floppy disks. The real trouble began when domestic Internet use exploded in 1993. From then on, an infected PC was a potential menace not just to its owner, but to other machines with which it communicated.
For many people, early malware was a baffling phenomenon. It was seen as something akin to physical vandalism in the real world — hooligans despoiling an environment for no obvious reason. What motivated them? Nobody knew, though several psychologists had a go at explaining it. The notion that malware was motiveless destructiveness was fuelled by the fact that much of it was imitative, carried out by “script kiddies” — non-programmers who downloaded DIY virus-construction kits.
GROWING THREAT
In the 1990s, malware development accelerated. When Microsoft released Windows 95, it rapidly became the de facto standard for the PC industry and the world’s IT systems came to exhibit the characteristics of a monoculture: millions and millions of PCs across the globe, all running the same software, all sharing the same security vulnerabilities. At the same time, domestic broadband connections became common. Suddenly, there were millions of machines, operated by people with little understanding of computer security, with shared vulnerabilities and fast connections to the network.
Most importantly, malware found a business model in the late 1990s. The fragility of the monoculture could be exploited for profit. Spamming — junk e-mailing — could now be done on a truly gigantic scale. Hitherto, it had required identifiable servers with broadband access to the net. But the new broadband environment offered a better infrastructure. All you had to do was find machines with fast connections, unpatched security vulnerabilities and non-savvy owners and infect them with a Trojan that would turn them into relay stations for spam (and which could be turned off just as easily, to avoid detection).
Spamming works because it can be very profitable. It costs very little more to send 10 million e-mails than it does to send 100. If you’re selling a packet of Viagra for US$20 and you have a response rate of 0.1 percent, you’ll make US$20 from 1,000 e-mails. But if you send out 10 million and have the same response rate you’ll be earning $200,000 a day. This is the kind of serious money that makes organized criminal gangs sit up.
The idea of covertly suborning networked PCs was a critical breakthrough for malware because it enabled malefactors to set up “botnets” — networks of compromised machines that could be remotely controlled. Nobody knows how many of these botnets exist, but there are probably thousands of them worldwide and some are very large. A list of the 10 largest in the US in 2009, for example, estimated that they ranged in size from 210,000 to 3.6 million compromised machines.
In addition to spamming, botnets can be used for a wide variety of purposes. They can, for example, launch “distributed denial of service” (DDOS) attacks on e-commerce or other Web sites. Each machine in the botnet bombards the targeted site with simultaneous requests, repeated incessantly, to the point where the site’s servers buckle under the load or the site becomes unusable by legitimate customers. More sinisterly, botnets can be used for black-mail, effectively extracting protection money from retail sites to ward off the threat of a DDOS attack. Nobody talks about this in public, but it goes on.
Domestic PCs that have been compromised by Trojans can be put to other uses too. For example, they can covertly monitor their user’s keystrokes when logging into banking and other sites, thereby stealing passwords and credit card details. At a recent presentation by officers from the UK’s Serious Organised Crime Agency, I was struck by a slide that showed how highly developed the online market in stolen credit card data had become. It showed a marketplace for “USA 100% APPROVED TRACK2 DUMPS” in which Visa debit card details were going for US$8 and American Express details were $10. On another such marketplace, American MasterCard details cost US$15 while European credit card details were going for US$40 a pop. “Buying large quantities,” it said, “prices are negotiable for every customers.” (Grammar and spelling are not a specialty in this particular netherworld.)
We’ve come a long way from the creeper and elk cloner. The driving forces behind contemporary malware are financial gain and organized crime, much of it with its headquarters in Russia and other parts of eastern Europe. One of the most blatant examples of an online marketplace in stolen credit card data was CarderPlanet.com, a Web site ostensibly based in Vietnam, but operated by people based in Russia and Ukraine, and now shut down. A senior US secret service official described CarderPlanet as “one of the most sophisticated organizations of online financial criminals in the world” which had been “repeatedly linked to nearly every major intrusion of financial information reported to the international law enforcement community.”
Some of the principals behind CarderPlanet were arrested after an intensive campaign by the US authorities. But one of them, Dmitry Ivanovich Golubov, was subsequently released by the Ukrainian authorities and has allegedly started a political organization called “the Internet Party of the Ukraine.”
INCREASING SOPHISTICATION
The latest round in the malware saga came in June last year when the Stuxnet worm finally broke cover. Stuxnet infects Windows computers and spreads mainly via infected USB sticks, so it doesn’t require the Internet for dissemination.
Once a USB stick infects a machine, it uses a variety of tricks to infect other machines on the local network and to take control of them, but with an added twist. It looks for a special kind of programmable logic controller (PLC) made by the German company Siemens. If a PLC is found, the worm infects it using a vulnerability in the controller’s software and changes its code and thus its behavior. This is scary because these Siemens controllers play a critical role in virtually every industrialized plant in the world, including water treatment plants, electricity grids and oil refineries, and nuclear reprocessing facilities.
One target of Stuxnet was Iran’s controversial nuclear weapons program, specifically the gas centrifuges it uses to enrich uranium. It is claimed that the worm reprogrammed the Siemens PLCs to cause over 900 centrifuges to spin uncontrollably while at the same time feeding back “normal” data to the plant’s operators, thereby concealing the problem until it was too late.
The fact that this has set back Iran’s nuclear program by several years has led to speculation that the worm was the creation not of criminal hackers, but of a state agency (possibly Israeli or the US). This hunch was supported by the fact that Stuxnet seems a pretty sophisticated piece of malware. Bruce Schneier, a leading security expert, estimates that it would have taken eight to 10 accomplished programmers six months to design, implement and test it under laboratory conditions. It’s difficult to imagine the criminal hacking fraternity having the resources to do that.
Why has malware become so pervasive and so difficult to combat? The main reason is that malevolent innovation is the downside of the open architecture of the PC and the Internet. The combination of an open, programmable PC and a network that is open to anyone created a “generative system” which was uniquely hospitable to what has come to be called “permissionless innovation.” This had some amazing benefits — it gave us the world wide web, for example, Wikipedia, the Linux operating system and the Apache web-server software that powers a majority of the world’s web sites. But it has also given us the malware plague.
There is another, deeper, fear — that the mysterious botnets that have been assembled by the merchants of malware may one day be used in some co-ordinated way to engineer a massive global event — cyberspace’s equivalent of Sept. 11, 2001, if you will. If something like that were to happen, then the response of governments everywhere would be draconian. Just as civil liberties in western democracies were massively eroded by the aftermath of Sept. 11, 2001, and the ensuing “war on terror,” so the freedoms we have hitherto taken for granted in cyberspace would be correspondingly curtailed. The day might come when you’ll need a government license to connect to the Internet. Bob Thomas’s creeper could have a creepy inheritance.
In late October of 1873 the government of Japan decided against sending a military expedition to Korea to force that nation to open trade relations. Across the government supporters of the expedition resigned immediately. The spectacle of revolt by disaffected samurai began to loom over Japanese politics. In January of 1874 disaffected samurai attacked a senior minister in Tokyo. A month later, a group of pro-Korea expedition and anti-foreign elements from Saga prefecture in Kyushu revolted, driven in part by high food prices stemming from poor harvests. Their leader, according to Edward Drea’s classic Japan’s Imperial Army, was a samurai
Located down a sideroad in old Wanhua District (萬華區), Waley Art (水谷藝術) has an established reputation for curating some of the more provocative indie art exhibitions in Taipei. And this month is no exception. Beyond the innocuous facade of a shophouse, the full three stories of the gallery space (including the basement) have been taken over by photographs, installation videos and abstract images courtesy of two creatives who hail from the opposite ends of the earth, Taiwan’s Hsu Yi-ting (許懿婷) and Germany’s Benjamin Janzen. “In 2019, I had an art residency in Europe,” Hsu says. “I met Benjamin in the lobby
April 22 to April 28 The true identity of the mastermind behind the Demon Gang (魔鬼黨) was undoubtedly on the minds of countless schoolchildren in late 1958. In the days leading up to the big reveal, more than 10,000 guesses were sent to Ta Hwa Publishing Co (大華文化社) for a chance to win prizes. The smash success of the comic series Great Battle Against the Demon Gang (大戰魔鬼黨) came as a surprise to author Yeh Hung-chia (葉宏甲), who had long given up on his dream after being jailed for 10 months in 1947 over political cartoons. Protagonist
A fossil jawbone found by a British girl and her father on a beach in Somerset, England belongs to a gigantic marine reptile dating to 202 million years ago that appears to have been among the largest animals ever on Earth. Researchers said on Wednesday the bone, called a surangular, was from a type of ocean-going reptile called an ichthyosaur. Based on its dimensions compared to the same bone in closely related ichthyosaurs, the researchers estimated that the Triassic Period creature, which they named Ichthyotitan severnensis, was between 22-26 meters long. That would make it perhaps the largest-known marine reptile and would