In 1971, Bob Thomas, an engineer working for Bolt, Beranek and Newman, the Boston company that had the contract to build the Arpanet, the precursor of the Internet, released a virus called the “creeper” on to the network. It was an experimental, self-replicating program that infected DEC PDP-10 minicomputers. It did no actual harm and merely displayed a cheeky message: “I’m the creeper, catch me if you can!” Someone else wrote a program to detect and delete it, called — inevitably — the “reaper.”
Although nobody could have known it 40 years ago, it was the start of something big, something that would one day threaten to undermine, if not overwhelm, the networked world. For as we became more and more dependent on information and communications technology, we were also subjected to a plague of what came to be called “malware.”
It’s an ugly term, as befits something that covers a multitude of sins, all involving computer code designed with destructive or malevolent intent. It includes not only viruses, which are programs that replicate by copying themselves into other programs, but also worms (self-replicating programs that use a network to send copies of themselves to other machines on the network, with or without human assistance) and Trojans (similar to viruses but instead of replicating they infiltrate a computer and perform some illicit activity, possibly under remote control). Malware also refers to other evils: the junk mail we call spam; “phishing,” or trying to hoodwink Internet users into revealing bank account passwords etc; page-jacking, which makes it difficult or impossible for a victim to get rid of a Web page; and other scams.
photo: Taipeitimes file photo
The malware plague has gone through several phases. It began in a harmless and experimental way with the creeper and a worm released on to the Internet in 1988 by Robert Morris, a student from New York State’s Cornell University. Morris wanted to find out how many computers were connected to the Internet so he wrote a small program that would install itself on every machine it found and send back a “present and correct” message.
But there was a flaw in his code that meant the worm replicated. On Nov. 2, 1988, network administrators realized something was up because their machines — and the network itself — had slowed to a crawl. In the end, the culprit was identified and carpeted, though it doesn’t seem to have done him any lasting harm: Morris is now a professor at the Massachusetts Institute of Technology.
Malware began on the Internet, but its next phase involved the stand-alone machines we now call personal computers. In 1982, a Pennsylvanian teenager named Rich Skrenta created the “elk cloner” virus that infected the Apple II, then the most popular personal computer in upmarket US households. Skrenta’s virus covertly altered the floppy disk needed to boot up the computer, displaying some doggerel on the screen on start up. It was annoying but harmless.
Early PC malware tended to be like that — irritating but not terribly destructive. And malware spread slowly, because most of these PCs were not networked; infections spread by “sneakernet” — i.e., users sharing floppy disks. The real trouble began when domestic Internet use exploded in 1993. From then on, an infected PC was a potential menace not just to its owner, but to other machines with which it communicated.
For many people, early malware was a baffling phenomenon. It was seen as something akin to physical vandalism in the real world — hooligans despoiling an environment for no obvious reason. What motivated them? Nobody knew, though several psychologists had a go at explaining it. The notion that malware was motiveless destructiveness was fuelled by the fact that much of it was imitative, carried out by “script kiddies” — non-programmers who downloaded DIY virus-construction kits.
GROWING THREAT
In the 1990s, malware development accelerated. When Microsoft released Windows 95, it rapidly became the de facto standard for the PC industry and the world’s IT systems came to exhibit the characteristics of a monoculture: millions and millions of PCs across the globe, all running the same software, all sharing the same security vulnerabilities. At the same time, domestic broadband connections became common. Suddenly, there were millions of machines, operated by people with little understanding of computer security, with shared vulnerabilities and fast connections to the network.
Most importantly, malware found a business model in the late 1990s. The fragility of the monoculture could be exploited for profit. Spamming — junk e-mailing — could now be done on a truly gigantic scale. Hitherto, it had required identifiable servers with broadband access to the net. But the new broadband environment offered a better infrastructure. All you had to do was find machines with fast connections, unpatched security vulnerabilities and non-savvy owners and infect them with a Trojan that would turn them into relay stations for spam (and which could be turned off just as easily, to avoid detection).
Spamming works because it can be very profitable. It costs very little more to send 10 million e-mails than it does to send 100. If you’re selling a packet of Viagra for US$20 and you have a response rate of 0.1 percent, you’ll make US$20 from 1,000 e-mails. But if you send out 10 million and have the same response rate you’ll be earning $200,000 a day. This is the kind of serious money that makes organized criminal gangs sit up.
The idea of covertly suborning networked PCs was a critical breakthrough for malware because it enabled malefactors to set up “botnets” — networks of compromised machines that could be remotely controlled. Nobody knows how many of these botnets exist, but there are probably thousands of them worldwide and some are very large. A list of the 10 largest in the US in 2009, for example, estimated that they ranged in size from 210,000 to 3.6 million compromised machines.
In addition to spamming, botnets can be used for a wide variety of purposes. They can, for example, launch “distributed denial of service” (DDOS) attacks on e-commerce or other Web sites. Each machine in the botnet bombards the targeted site with simultaneous requests, repeated incessantly, to the point where the site’s servers buckle under the load or the site becomes unusable by legitimate customers. More sinisterly, botnets can be used for black-mail, effectively extracting protection money from retail sites to ward off the threat of a DDOS attack. Nobody talks about this in public, but it goes on.
Domestic PCs that have been compromised by Trojans can be put to other uses too. For example, they can covertly monitor their user’s keystrokes when logging into banking and other sites, thereby stealing passwords and credit card details. At a recent presentation by officers from the UK’s Serious Organised Crime Agency, I was struck by a slide that showed how highly developed the online market in stolen credit card data had become. It showed a marketplace for “USA 100% APPROVED TRACK2 DUMPS” in which Visa debit card details were going for US$8 and American Express details were $10. On another such marketplace, American MasterCard details cost US$15 while European credit card details were going for US$40 a pop. “Buying large quantities,” it said, “prices are negotiable for every customers.” (Grammar and spelling are not a specialty in this particular netherworld.)
We’ve come a long way from the creeper and elk cloner. The driving forces behind contemporary malware are financial gain and organized crime, much of it with its headquarters in Russia and other parts of eastern Europe. One of the most blatant examples of an online marketplace in stolen credit card data was CarderPlanet.com, a Web site ostensibly based in Vietnam, but operated by people based in Russia and Ukraine, and now shut down. A senior US secret service official described CarderPlanet as “one of the most sophisticated organizations of online financial criminals in the world” which had been “repeatedly linked to nearly every major intrusion of financial information reported to the international law enforcement community.”
Some of the principals behind CarderPlanet were arrested after an intensive campaign by the US authorities. But one of them, Dmitry Ivanovich Golubov, was subsequently released by the Ukrainian authorities and has allegedly started a political organization called “the Internet Party of the Ukraine.”
INCREASING SOPHISTICATION
The latest round in the malware saga came in June last year when the Stuxnet worm finally broke cover. Stuxnet infects Windows computers and spreads mainly via infected USB sticks, so it doesn’t require the Internet for dissemination.
Once a USB stick infects a machine, it uses a variety of tricks to infect other machines on the local network and to take control of them, but with an added twist. It looks for a special kind of programmable logic controller (PLC) made by the German company Siemens. If a PLC is found, the worm infects it using a vulnerability in the controller’s software and changes its code and thus its behavior. This is scary because these Siemens controllers play a critical role in virtually every industrialized plant in the world, including water treatment plants, electricity grids and oil refineries, and nuclear reprocessing facilities.
One target of Stuxnet was Iran’s controversial nuclear weapons program, specifically the gas centrifuges it uses to enrich uranium. It is claimed that the worm reprogrammed the Siemens PLCs to cause over 900 centrifuges to spin uncontrollably while at the same time feeding back “normal” data to the plant’s operators, thereby concealing the problem until it was too late.
The fact that this has set back Iran’s nuclear program by several years has led to speculation that the worm was the creation not of criminal hackers, but of a state agency (possibly Israeli or the US). This hunch was supported by the fact that Stuxnet seems a pretty sophisticated piece of malware. Bruce Schneier, a leading security expert, estimates that it would have taken eight to 10 accomplished programmers six months to design, implement and test it under laboratory conditions. It’s difficult to imagine the criminal hacking fraternity having the resources to do that.
Why has malware become so pervasive and so difficult to combat? The main reason is that malevolent innovation is the downside of the open architecture of the PC and the Internet. The combination of an open, programmable PC and a network that is open to anyone created a “generative system” which was uniquely hospitable to what has come to be called “permissionless innovation.” This had some amazing benefits — it gave us the world wide web, for example, Wikipedia, the Linux operating system and the Apache web-server software that powers a majority of the world’s web sites. But it has also given us the malware plague.
There is another, deeper, fear — that the mysterious botnets that have been assembled by the merchants of malware may one day be used in some co-ordinated way to engineer a massive global event — cyberspace’s equivalent of Sept. 11, 2001, if you will. If something like that were to happen, then the response of governments everywhere would be draconian. Just as civil liberties in western democracies were massively eroded by the aftermath of Sept. 11, 2001, and the ensuing “war on terror,” so the freedoms we have hitherto taken for granted in cyberspace would be correspondingly curtailed. The day might come when you’ll need a government license to connect to the Internet. Bob Thomas’s creeper could have a creepy inheritance.
Common sense is not that common: a recent study from the University of Pennsylvania concludes the concept is “somewhat illusory.” Researchers collected statements from various sources that had been described as “common sense” and put them to test subjects. The mixed bag of results suggested there was “little evidence that more than a small fraction of beliefs is common to more than a small fraction of people.” It’s no surprise that there are few universally shared notions of what stands to reason. People took a horse worming drug to cure COVID! They think low-traffic neighborhoods are a communist plot and call
Taiwan, once relegated to the backwaters of international news media and viewed as a subset topic of “greater China,” is now a hot topic. Words associated with Taiwan include “invasion,” “contingency” and, on the more cheerful side, “semiconductors” and “tourism.” It is worth noting that while Taiwanese companies play important roles in the semiconductor industry, there is no such thing as a “Taiwan semiconductor” or a “Taiwan chip.” If crucial suppliers are included, the supply chain is in the thousands and spans the globe. Both of the variants of the so-called “silicon shield” are pure fantasy. There are four primary drivers
The sprawling port city of Kaohsiung seldom wins plaudits for its beauty or architectural history. That said, like any other metropolis of its size, it does have a number of strange or striking buildings. This article describes a few such curiosities, all but one of which I stumbled across by accident. BOMBPROOF HANGARS Just north of Kaohsiung International Airport, hidden among houses and small apartment buildings that look as though they were built between 15 and 30 years ago, are two mysterious bunker-like structures that date from the airport’s establishment as a Japanese base during World War II. Each is just about
The female body is a horror movie waiting to happen. From puberty and the grisly onset of menstruation, in pictures such as Brian De Palma’s Carrie and John Fawcett’s Ginger Snaps, to pregnancy and childbirth — Rosemary’s Baby is the obvious example — women have provided a rich seam of inspiration for genre film-makers over the past half century. But look a little closer and two trends become apparent: the vast majority of female body-based horror deals with various aspects of the reproductive system, and it has largely been made by men (Titane and The First Omen, two recent examples