In 1971, Bob Thomas, an engineer working for Bolt, Beranek and Newman, the Boston company that had the contract to build the Arpanet, the precursor of the Internet, released a virus called the “creeper” on to the network. It was an experimental, self-replicating program that infected DEC PDP-10 minicomputers. It did no actual harm and merely displayed a cheeky message: “I’m the creeper, catch me if you can!” Someone else wrote a program to detect and delete it, called — inevitably — the “reaper.”
Although nobody could have known it 40 years ago, it was the start of something big, something that would one day threaten to undermine, if not overwhelm, the networked world. For as we became more and more dependent on information and communications technology, we were also subjected to a plague of what came to be called “malware.”
It’s an ugly term, as befits something that covers a multitude of sins, all involving computer code designed with destructive or malevolent intent. It includes not only viruses, which are programs that replicate by copying themselves into other programs, but also worms (self-replicating programs that use a network to send copies of themselves to other machines on the network, with or without human assistance) and Trojans (similar to viruses but instead of replicating they infiltrate a computer and perform some illicit activity, possibly under remote control). Malware also refers to other evils: the junk mail we call spam; “phishing,” or trying to hoodwink Internet users into revealing bank account passwords etc; page-jacking, which makes it difficult or impossible for a victim to get rid of a Web page; and other scams.
photo: Taipeitimes file photo
The malware plague has gone through several phases. It began in a harmless and experimental way with the creeper and a worm released on to the Internet in 1988 by Robert Morris, a student from New York State’s Cornell University. Morris wanted to find out how many computers were connected to the Internet so he wrote a small program that would install itself on every machine it found and send back a “present and correct” message.
But there was a flaw in his code that meant the worm replicated. On Nov. 2, 1988, network administrators realized something was up because their machines — and the network itself — had slowed to a crawl. In the end, the culprit was identified and carpeted, though it doesn’t seem to have done him any lasting harm: Morris is now a professor at the Massachusetts Institute of Technology.
Malware began on the Internet, but its next phase involved the stand-alone machines we now call personal computers. In 1982, a Pennsylvanian teenager named Rich Skrenta created the “elk cloner” virus that infected the Apple II, then the most popular personal computer in upmarket US households. Skrenta’s virus covertly altered the floppy disk needed to boot up the computer, displaying some doggerel on the screen on start up. It was annoying but harmless.
Early PC malware tended to be like that — irritating but not terribly destructive. And malware spread slowly, because most of these PCs were not networked; infections spread by “sneakernet” — i.e., users sharing floppy disks. The real trouble began when domestic Internet use exploded in 1993. From then on, an infected PC was a potential menace not just to its owner, but to other machines with which it communicated.
For many people, early malware was a baffling phenomenon. It was seen as something akin to physical vandalism in the real world — hooligans despoiling an environment for no obvious reason. What motivated them? Nobody knew, though several psychologists had a go at explaining it. The notion that malware was motiveless destructiveness was fuelled by the fact that much of it was imitative, carried out by “script kiddies” — non-programmers who downloaded DIY virus-construction kits.
GROWING THREAT
In the 1990s, malware development accelerated. When Microsoft released Windows 95, it rapidly became the de facto standard for the PC industry and the world’s IT systems came to exhibit the characteristics of a monoculture: millions and millions of PCs across the globe, all running the same software, all sharing the same security vulnerabilities. At the same time, domestic broadband connections became common. Suddenly, there were millions of machines, operated by people with little understanding of computer security, with shared vulnerabilities and fast connections to the network.
Most importantly, malware found a business model in the late 1990s. The fragility of the monoculture could be exploited for profit. Spamming — junk e-mailing — could now be done on a truly gigantic scale. Hitherto, it had required identifiable servers with broadband access to the net. But the new broadband environment offered a better infrastructure. All you had to do was find machines with fast connections, unpatched security vulnerabilities and non-savvy owners and infect them with a Trojan that would turn them into relay stations for spam (and which could be turned off just as easily, to avoid detection).
Spamming works because it can be very profitable. It costs very little more to send 10 million e-mails than it does to send 100. If you’re selling a packet of Viagra for US$20 and you have a response rate of 0.1 percent, you’ll make US$20 from 1,000 e-mails. But if you send out 10 million and have the same response rate you’ll be earning $200,000 a day. This is the kind of serious money that makes organized criminal gangs sit up.
The idea of covertly suborning networked PCs was a critical breakthrough for malware because it enabled malefactors to set up “botnets” — networks of compromised machines that could be remotely controlled. Nobody knows how many of these botnets exist, but there are probably thousands of them worldwide and some are very large. A list of the 10 largest in the US in 2009, for example, estimated that they ranged in size from 210,000 to 3.6 million compromised machines.
In addition to spamming, botnets can be used for a wide variety of purposes. They can, for example, launch “distributed denial of service” (DDOS) attacks on e-commerce or other Web sites. Each machine in the botnet bombards the targeted site with simultaneous requests, repeated incessantly, to the point where the site’s servers buckle under the load or the site becomes unusable by legitimate customers. More sinisterly, botnets can be used for black-mail, effectively extracting protection money from retail sites to ward off the threat of a DDOS attack. Nobody talks about this in public, but it goes on.
Domestic PCs that have been compromised by Trojans can be put to other uses too. For example, they can covertly monitor their user’s keystrokes when logging into banking and other sites, thereby stealing passwords and credit card details. At a recent presentation by officers from the UK’s Serious Organised Crime Agency, I was struck by a slide that showed how highly developed the online market in stolen credit card data had become. It showed a marketplace for “USA 100% APPROVED TRACK2 DUMPS” in which Visa debit card details were going for US$8 and American Express details were $10. On another such marketplace, American MasterCard details cost US$15 while European credit card details were going for US$40 a pop. “Buying large quantities,” it said, “prices are negotiable for every customers.” (Grammar and spelling are not a specialty in this particular netherworld.)
We’ve come a long way from the creeper and elk cloner. The driving forces behind contemporary malware are financial gain and organized crime, much of it with its headquarters in Russia and other parts of eastern Europe. One of the most blatant examples of an online marketplace in stolen credit card data was CarderPlanet.com, a Web site ostensibly based in Vietnam, but operated by people based in Russia and Ukraine, and now shut down. A senior US secret service official described CarderPlanet as “one of the most sophisticated organizations of online financial criminals in the world” which had been “repeatedly linked to nearly every major intrusion of financial information reported to the international law enforcement community.”
Some of the principals behind CarderPlanet were arrested after an intensive campaign by the US authorities. But one of them, Dmitry Ivanovich Golubov, was subsequently released by the Ukrainian authorities and has allegedly started a political organization called “the Internet Party of the Ukraine.”
INCREASING SOPHISTICATION
The latest round in the malware saga came in June last year when the Stuxnet worm finally broke cover. Stuxnet infects Windows computers and spreads mainly via infected USB sticks, so it doesn’t require the Internet for dissemination.
Once a USB stick infects a machine, it uses a variety of tricks to infect other machines on the local network and to take control of them, but with an added twist. It looks for a special kind of programmable logic controller (PLC) made by the German company Siemens. If a PLC is found, the worm infects it using a vulnerability in the controller’s software and changes its code and thus its behavior. This is scary because these Siemens controllers play a critical role in virtually every industrialized plant in the world, including water treatment plants, electricity grids and oil refineries, and nuclear reprocessing facilities.
One target of Stuxnet was Iran’s controversial nuclear weapons program, specifically the gas centrifuges it uses to enrich uranium. It is claimed that the worm reprogrammed the Siemens PLCs to cause over 900 centrifuges to spin uncontrollably while at the same time feeding back “normal” data to the plant’s operators, thereby concealing the problem until it was too late.
The fact that this has set back Iran’s nuclear program by several years has led to speculation that the worm was the creation not of criminal hackers, but of a state agency (possibly Israeli or the US). This hunch was supported by the fact that Stuxnet seems a pretty sophisticated piece of malware. Bruce Schneier, a leading security expert, estimates that it would have taken eight to 10 accomplished programmers six months to design, implement and test it under laboratory conditions. It’s difficult to imagine the criminal hacking fraternity having the resources to do that.
Why has malware become so pervasive and so difficult to combat? The main reason is that malevolent innovation is the downside of the open architecture of the PC and the Internet. The combination of an open, programmable PC and a network that is open to anyone created a “generative system” which was uniquely hospitable to what has come to be called “permissionless innovation.” This had some amazing benefits — it gave us the world wide web, for example, Wikipedia, the Linux operating system and the Apache web-server software that powers a majority of the world’s web sites. But it has also given us the malware plague.
There is another, deeper, fear — that the mysterious botnets that have been assembled by the merchants of malware may one day be used in some co-ordinated way to engineer a massive global event — cyberspace’s equivalent of Sept. 11, 2001, if you will. If something like that were to happen, then the response of governments everywhere would be draconian. Just as civil liberties in western democracies were massively eroded by the aftermath of Sept. 11, 2001, and the ensuing “war on terror,” so the freedoms we have hitherto taken for granted in cyberspace would be correspondingly curtailed. The day might come when you’ll need a government license to connect to the Internet. Bob Thomas’s creeper could have a creepy inheritance.
While global attention is finally being focused on the People’s Republic of China (PRC) gray zone aggression against Philippine territory in the South China Sea, at the other end of the PRC’s infamous 9 dash line map, PRC vessels are conducting an identical campaign against Indonesia, most importantly in the Natuna Islands. The Natunas fall into a gray area: do the dashes at the end of the PRC “cow’s tongue” map include the islands? It’s not clear. Less well known is that they also fall into another gray area. Indonesia’s Exclusive Economic Zone (EEZ) claim and continental shelf claim are not
Since their leader Ko Wen-je (柯文哲) and others were jailed as part of several ongoing bribery investigations, the Taiwan People’s Party (TPP) has risen in the polls. Additionally, despite all the many and varied allegations against Ko and most of the top people in the party, it has held together with only a tiny number of minor figures exiting. The TPP has taken some damage, but vastly less than the New Power Party (NPP) did after it was caught up in a bribery scandal in 2020. The TPP has for years registered favorability in the thirties, and a Formosa poll
Nov. 4 to Nov. 10 Apollo magazine (文星) vowed that it wouldn’t play by the rules in its first issue — a bold statement to make in 1957, when anyone could be jailed for saying the wrong thing. However, the introduction to the inaugural Nov. 5 issue also defined the magazine as a “lifestyle, literature and art” publication, and the contents were relatively tame for the first four years, writes Tao Heng-sheng (陶恒生) in “The Apollo magazine that wouldn’t play by the rules” (不按牌理出牌的文星雜誌). In 1961, the magazine changed its mission to “thought, lifestyle and art” and adopted a more critical tone with
Chiayi County is blessed with several worthwhile upland trails, not all of which I’ve hiked. A few weeks ago, I finally got around to tackling Tanghu Historic Trail (塘湖古道), a short but unusually steep route in Jhuci Township (竹崎). According to the Web site of the Alishan National Scenic Area (阿里山國家風景區), the path climbs from 308m above sea level to an elevation of 770m in just 1.58km, an average gradient of 29 percent. And unless you arrange for someone to bring you to the starting point and collect you at the other end, there’s no way to avoid a significant amount
RSS