G oog le BadWeB | Login/out | Topics | Search | Custodians | Register | Edit Profile


Buell Motorcycle Forum » Quick Board Archives » Archive through March 06, 2004 » CYBER-TERRORISM (Report from The Guardian ) « Previous Next »

Author Message
Top of pagePrevious messageNext messageBottom of page Link to this message

Rocketman
Posted on Wednesday, March 03, 2004 - 05:57 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

The enemy within
He's 21, he's got dreadlocks, likes punk bands... and his hobby could wreck your
computer in seconds. Clive Thompson infiltrates the secret world of the virus
writers who see their work as art - while others fear that it is cyber-terrorism
Clive Thompson
Saturday February 21 2004
The Guardian


Mario stubs out his cigarette and sits down at the desk in his bedroom. He pops
into his laptop the CD of Iron Maiden's Number of the Beast, his latest
favourite album. 'I really like it,' he says. 'My girlfriend bought it for me.'
He gestures to the 15-year-old girl with straight dark hair lounging on his bed
and she throws back a shy smile. Mario, 16, is a secondary-school student in a
small town in the foothills of southern Austria. (He didn't want me to use his
last name.) His shiny shoulder-length hair covers half his face and his sleepy
green eyes, making him look like a very young, languid Mick Jagger. On his wall,
he has an enormous poster of Anna Kournikova which, he admits sheepishly, his
girlfriend is not thrilled about. Downstairs, his mother is cleaning up after
dinner. She isn't thrilled these days, either. But what bothers her isn't
Mario's poster. It's his hobby.

When Mario is bored, he likes to sit at his laptop and create computer viruses
and worms. Online, he goes by the name Second Part to Hell, and he has written
more than 150 examples of what computer experts call 'malware': tiny programs
that exist solely to self-replicate, infecting computers hooked up to the
internet. Sometimes, these programs cause damage and sometimes they don't. Mario
says he prefers to create viruses that don't intentionally wreck data, because
simple destruction is too easy. 'Anyone can rewrite a hard drive with one or two
lines of code,' he says. 'It makes no sense. It's really lame.' Besides which,
it's mean, he says, and he likes to be friendly.

But still - just to see if he could do it - a year ago he created a rather
dangerous tool: a program that autogenerates viruses. It's called a Batch Trojan
Generator and anyone can download it freely from Mario's website. With a few
simple mouse clicks, you can use the tool to create your own malicious 'Trojan
horse'. Like its ancient namesake, a Trojan virus arrives in someone's e-mail
looking like a gift, a jpeg picture or a video, for example, but actually
bearing dangerous cargo.

Mario starts up the tool to show me how it works. A little box appears on his
laptop screen, politely asking me to name my Trojan. I call it the 'Clive'
virus. Then it asks me what I'd like the virus to do. Shall the Trojan horse
format drive C: ? Yes, I click. Shall the Trojan horse overwrite every file? Yes.
It asks me if I'd like to have the virus activate the next time the computer is
restarted and I say yes again.

Then it's done. The generator spits out the virus on to Mario's hard drive, a
tiny 3k file. Mario's generator also displays a stern notice warning that
spreading your creation is illegal. The generator, he says, is just for
educational purposes, a way to help curious programmers learn how Trojans work.

But, I could ignore that advice. I could give this virus an enticing name, like
'britney-spears-wedding-clip. mpeg' to fool people into thinking it's a video.
If I were to email it to a victim and if he clicked on it and didn't have
up-to-date anti-virus software, then disaster would strike his computer. The
virus would activate. It would quietly reach into the victim's Microsoft Windows
operating system and insert new commands telling the computer to erase its own
hard drive.

The next time the victim started up his computer, the machine would find those
new commands, assume they were part of the normal Windows operating system and
guilelessly follow them. Everything on his hard drive would vanish - emails,
pictures, documents, games. Mario drags the virus over to the trash bin on his
computer's desktop and discards it. 'I don't think we should touch that,' he
says hastily.

Computer experts called 2003 'the Year of the Worm'. For 12 months, digital
infections swarmed across the internet with the intensity of a biblical plague.
It began in January, when the Slammer worm infected nearly 75,000 servers in 10
minutes, clogging cashpoint networks and causing sporadic flight delays. In the
summer, the Blaster worm struck, spreading by exploiting a flaw in Windows; it
carried taunting messages directed at Bill Gates, infected hundreds of
thousands of computers and tried to use them to bombard a Microsoft website with
data.

Then in August, a worm called Sobig.F exploded with even more force, spreading
via email that it generated by stealing addresses from victims' computers. It
propagated so rapidly that at one point, one out of every 17 email messages
travelling through the internet was a copy of Sobig.F. The computer security
firm mi2g estimated that the worldwide cost of these attacks in 2003, including
clean-up and lost productivity, was at least $82 billion (though such estimates
have been criticised for being inflated).

The pace of contagion seems to be escalating. When the Mydoom.A email virus
struck in late January, it spread even faster than Sobig.F; at its peak, experts
estimated, one out of every five email messages was a copy of Mydoom.A. It also
carried a nasty payload: it reprogrammed victim computers to attack the website
of SCO, a software firm vilified by geeks in the 'open source' software
community.

You might assume that the blame - and the legal repercussions - for the
destruction would land directly at the feet of people like Mario. But as the
police around the globe have cracked down on cybercrime in the past few years,
virus writers have become more cautious, or at least more crafty. These days,
many elite writers do not spread their works at all. Instead, they 'publish'
them, posting their code on web sites, often with detailed descriptions of how
the program works. Essentially, they leave their viruses lying around for anyone
to use.

Invariably, someone does. The people who release the viruses are often anonymous
mischief-makers, or 'script kiddies'. That's a derisive term for aspiring young
hackers, usually teenagers or students, who don't yet have the skill to program
computers but like to pretend they do. They download the viruses, claim to have
written them themselves and then set them free in an attempt to assume the role
of a fearsome digital menace. Script kiddies often have only a dim idea of how
the code works and little concern for how a digital plague can rage out of
control. Our modern virus epidemic is thus born of a symbiotic relationship
between the people smart enough to write a virus and the people dumb enough - or
malicious enough - to spread it.

This development worries security experts, because it means that virus writing
is no longer exclusively a high-skill profession. By so freely sharing their
work, the elite virus writers have made it easy for almost anyone to wreak havoc
online. When the damage occurs, as it inevitably does, the original authors just
shrug. We may have created the monster, they'll say, but we didn't set it loose.
This dodge infuriates security professionals and the police, who say it is
legally precise but morally corrupt. Like a collection of young Dr.
Frankensteins, the virus writers are increasingly creating forces they cannot
control and for which they explicitly refuse to take responsibility.

'Where's the beer?' Philet0ast3r wondered. An hour earlier, he had dispatched
three friends to pick up another case, but they were nowhere in sight. He looked
out over the controlled chaos of his one-bedroom apartment in small-town
Bavaria. (Most of the virus writers I visited live in Europe; there have been
very few active in the United States since 9/11, because of fears of
prosecution.) Philet0ast3r's party was crammed with 20 friends who were blasting
out punk band Deftones, playing cards, smoking furiously and arguing about
politics. It was a Saturday night. Philet0ast3r, a 21-year-old with a small
silver hoop piercing his lower lip, wears his brown hair in thick dreads.
(Philet0ast3r is an online handle; he didn't want me to use his name.)

His friends finally arrived with a fresh case of beer and his blue eyes lit up.
He flicked open a bottle using the edge of his cigarette lighter and toasted the
others. A tall blond friend in a jacket festooned with anti-Nike logos put his
arm around Philet0ast3r and beamed.

'This guy,' he proclaimed, 'is the best at Visual Basic.'

In the virus underground, that's love. Visual Basic is a computer language
popular among malware authors for its simplicity; Philet0ast3r has used it to
create several of the two dozen viruses he's written. From this tiny tourist
town, he works as an assistant in a home for the mentally disabled and in his
spare time runs an international virus-writers' group called the 'Ready Rangers
Liberation Front'. I met him, like everyone profiled in this article, online,
first emailing him, then chatting in an internet relay chat channel where virus
writers meet and trade tips and war stories.

Philet0ast3r got interested in malware the same way most virus authors do: his
own computer was hit by a virus. He wanted to know how it worked and began
hunting down virus-writers' websites. He discovered years' worth of viruses
online, all easily downloadable, as well as primers full of coding tricks. He
spent long evenings hanging out in online chat rooms, asking questions, and soon
began writing his own worms.

One might assume Philet0ast3r would favour destructive viruses, given the fact
that his apartment is decorated top to bottom with anti-corporate stickers. But
his viruses, like those of many malware writers, are often surprisingly mild
things carrying goofy payloads. One he is developing will install two artificial
intelligence chat-agents on your computer; they appear in a pop-up window,
talking to each other nervously about whether your antivirus software is going
to catch and delete them. Philet0ast3r said he was also working on something
sneakier - a 'keylogger'. It's a Trojan virus that monitors every keystroke its
victim types, including passwords and confidential email messages, then secretly
mails out copies to whoever planted the virus. Anyone who spreads this Trojan
would be able to quickly harvest huge amounts of sensitive personal information.

Technically, 'viruses' and 'worms' are slightly different things. When a virus
arrives on your computer, it disguises itself. It might look like an OutKast
song ('hey_ya.mp3'), but if you look more closely, you'll see it has an unusual
suffix, like 'hey_ya.mp3.exe'. That's because it isn't an MP3 file at all. It's
a tiny program and when you click on it, it will reprogram parts of your
computer to do something new, like display a message. A virus cannot kick-start
itself; a human needs to be fooled into clicking on it. This turns virus writers
into armchair psychologists, hunting for new tricks to dupe someone into
activating a virus. ('All virus-spreading,' one virus writer said caustically,
'is based on the idiotic behaviour of the users.')

Worms, in contrast, usually do not require any human intervention to spread.
That means they can travel at the breakneck pace of computers themselves. A
worm's danger lies in its speed: when it multiplies, it often generates enough
traffic to crash internet servers. The most popular worms today are 'mass
mailers' which attack a victim's computer, swipe the addresses out of Microsoft
Outlook (the world's most common email program) and send a copy of the worm to
everyone in the victim's address book. These days, the distinction between worm
and virus is breaking down. A worm will carry a virus with it, dropping it on to
the victim's hard drive to do its work, then emailing itself off to a new
target.

The most ferocious threats today are 'network worms', which exploit a particular
flaw in a software product (often one by Microsoft). The author of Slammer, for
example, noticed a flaw in Microsoft's SQL Server, an online database commonly
used by businesses and governments. The Slammer worm would find an unprotected
SQL server, then would fire bursts of information at it, flooding the server's
data 'buffer', like a cup filled to the brim with water.

Once its buffer was full, the server could be tricked into sending out thousands
of new copies of the worm to other servers. Normally, a server should not allow
an outside agent to control it that way, but Microsoft had neglected to defend
against such an attack. Using that flaw, Slammer flooded the net with 55 million
blasts of data per second and in only 10 minutes colonised almost all vulnerable
machines.

Computer-science experts have a phrase for this type of fast-spreading epidemic,
'a Warhol worm' in honour of Andy Warhol's prediction that everyone would be
famous for 15 minutes. 'In computer terms, 15 minutes is a really long time,'
says Nicholas Weaver, a researcher at the International Computer Science
Institute in Berkeley, who coined the Warhol term. 'The worm moves faster than
humans can respond.' He suspects that even more damaging worms are on the way.
All a worm writer needs to do is find a significant new flaw in a Microsoft
product, then write some code that exploits it. Even Microsoft admits that there
are flaws the company doesn't yet know about.

Virus writers are especially hostile toward Microsoft, the perennial whipping
boy of the geek world. From their (somewhat self-serving) point of view,
Microsoft is to blame for the worm epidemic, because the company frequently
leaves flaws in its products that allow malware to spread. Microsoft markets its
products to less expert computer users, cultivating the sort of gullible victims
who click on disguised virus attachments.

But it is Microsoft's success that really makes it such an attractive target:
since more than 90 per cent of desktop computers run Windows, worm writers
target Microsoft in order to hit the largest possible number of victims. (By
relying so exclusively on Microsoft products, virus authors say, we have created
a digital monoculture, a dangerous thinning of the internet's gene pool.)
Microsoft is now so angry that it has launched a counterattack. Last autumn, it
set up a $5 million fund to pay for information leading to the capture of
writers who target Windows machines. So far, it has announced $250,000 bounties
for the creators of Blaster, Sobig.F and Mydoom.B.

The motivations of the top virus writers can often seem paradoxical. They spend
hours dreaming up new strategies to infect computers, then hours more bringing
them to reality. Yet when they're done, most of them say they have little
interest in turning their creations free. Though Philet0ast3r is proud of his
keylogger, he said he does not intend to release it into the wild. His reason is
partly one of self-protection; he wouldn't want the police to trace it back to
him. But he also said he does not ethically believe in damaging someone else's
computer.

So why write a worm, if you're not going to spread it?

For the sheer challenge, Philet0ast3r replied, the fun of producing something
'really cool'. For the top worm writers, the goal is to make something that's
brand new. A truly innovative worm, Philet0ast3r said, 'is like art'. To allow
his malware to travel swiftly online, the virus writer must keep its code short
and efficient. 'One condition of art,' he noted, 'is doing good things with
less.'


Top of pagePrevious messageNext messageBottom of page Link to this message

M1combat
Posted on Wednesday, March 03, 2004 - 06:14 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Nice.

Anyone here familiar with the Hacker's Manifesto?
Top of pagePrevious messageNext messageBottom of page Link to this message

Seanp
Posted on Wednesday, March 03, 2004 - 10:28 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

I am a signal officer in the Army, and I tell you what, I would like to get my hands on some of these people... They've caused me more stress than the freaking mortars and RPG's have around here.

If I were Bill Gates I'd hire hitmen to start taking these guys out - not permanently, but just enough to send them a message. If they get on their internet chat boards and start talking about how hacker#1 just got the crap beat out of him, and so did hacker#2, 3, and 4... Then they might start thinking.

But hey, I'm not Bill Gates. And I only have about 120 computers to worry about. So hey, no big deal.

But sometime...
Top of pagePrevious messageNext messageBottom of page Link to this message

M1combat
Posted on Wednesday, March 03, 2004 - 10:49 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Any idea what region targets you?
Top of pagePrevious messageNext messageBottom of page Link to this message

Blake
Posted on Thursday, March 04, 2004 - 12:17 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

A virus cannot kick-start itself; a human needs to be fooled into clicking on it.... If I were to email (a virus) to a victim and if he clicked on it and didn't have up-to-date anti-virus software...

Run current anti-virus software, don't open executable attachments; in short, don't be a fool.
Top of pagePrevious messageNext messageBottom of page Link to this message

Seanp
Posted on Thursday, March 04, 2004 - 12:43 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

No, we get hit by the same general stuff as everyone that's connected to the internet. We haven't had any problems with targeted attacks, which is good. But even the random worms, like SoBig and the latest NetSky, force us to do wonderful things to peoples' computers like reformat their hard drives. It's hard telling the old man that I have to erase everything on his computer. Lucky I'm wicked anal about having backups...

I'd love to get into information security stuff a lot more than I get into it now. I can definitely picture a time in the future when much of a "war" is done virtually, months before the actual ground combat starts. But then again, as I mentioned, I'm a signal officer. So maybe I'm just hoping that sometime in the future I'll have good job security...

I'd love to attack the bank accounts, electronic infrastructure, and military networks of an enemy. That would be fun. And maybe attack a hacker or two along the way, for good measure. Targets of opportunity.

And Blake, that's all well and good, and I tell my folks that all the time, but it's kind of tough for me, a CPT, to chew a LTC's ass for opening an attachment that he shouldn't have...

edited by seanp on March 04, 2004
Top of pagePrevious messageNext messageBottom of page Link to this message

Paulinoz
Posted on Thursday, March 04, 2004 - 12:46 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Run Netscape on a Mac best insurance money can buy
Top of pagePrevious messageNext messageBottom of page Link to this message

Darthane
Posted on Thursday, March 04, 2004 - 01:39 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

-=eagerly awaiting his new iBook since Microsoft's latest "Oh, we f#@%ed uup and left a massive hole in our software" announcement=-

My computer here now will not rercognize my internet connection without me opening the properties, changing nothing, closing it, and logging off/in. WTF?

I agree with SeanP, though. I'd love to get my hands on these asses, even the ones that 'don't propagate their work', and wring their pale, scrawny little necks. That whole 'just to see if I can' line is such a load. Yeah, and the Manhatten Project was 'just because' as well.

Bryan
Top of pagePrevious messageNext messageBottom of page Link to this message

Seanp
Posted on Thursday, March 04, 2004 - 03:23 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Yeah, I'm waiting for a new 12" Powerbook. I'm hoping it will run Opera, which is my current browser of choice on Windows. I haven't used Internet Exploder in a while. And I don't miss it one bit...

Now all I need to do is become a multi-billionaire so I can find those hackers. Yeah...
Top of pagePrevious messageNext messageBottom of page Link to this message

Reepicheep
Posted on Thursday, March 04, 2004 - 08:57 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

: ) People always ask me about running unsecured wireless access points in their home.

Hee Hee Hee... after the time and energy these bozo's have cost me, I would LOVE to have one of them line of sight....
Top of pagePrevious messageNext messageBottom of page Link to this message

M1combat
Posted on Thursday, March 04, 2004 - 11:38 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

"Run Netscape on a Mac best insurance money can buy"

Run Mozilla on a Linux box... Best insurance money doesn't need to buy and yes, it IS better than MACOS and Windoze. You can upgrade the Kernel w/o rebooting... how cool is that? That's akin to upgrading from WinNT to WinXP w/o a reboot. Nothing is prefectly secure, but if one were to run a cheap Linux firewall box (my county govt. organization is auctioning about 150 such PC's in a little more than a month) it does indeed make it pretty difficult to get in. The other bonus is that because these hacker/cracker types are almost always anti-coorporate they don't generally target Linux... They love Linux. Linux is mostly secure as opposed to Windoze which is almost somewhat partiall kind-of secure (relatively) on a good day after two hours (on a FAST connection) of Windows updates. The learning curve on a Linux box is a LOT flatter than most expect and it comes with all sorts of neat software (most of it you don't need) including a COMPLETE and FULLY FUNCTIONAL replacement for Microsoft's Office that's FULLY FILE COMPATIBLE with Office. Go figure. Oh, did I mention it's free?

Anyway, I digress.
Top of pagePrevious messageNext messageBottom of page Link to this message

M1combat
Posted on Thursday, March 04, 2004 - 12:57 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

LOL, Just got this from my GF and thought it was pertinent...

BUENOS DIAS!!
JOU HAVE YUST RECEIVE A MEHICAN BIRUS!!!!!
SINCE WE NOT SO TECHNOLOGICALLY ADBANCED IN
MEHICO, DIS IS A MANUAL BIRUS.
PLEASE DELETE ALL DE FILES ON JOUR HARD DRIVE
JOURSELF AND SEND DIS
E-MAIL TO EBERYONE JOU KNOW.
TAN JOU POR YELPING ME.
JULIO MANUEL JOSE RODIRGUEZ GARCIA
MEXICAN HACKER
Top of pagePrevious messageNext messageBottom of page Link to this message

Blake
Posted on Thursday, March 04, 2004 - 01:16 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Yeah, good one. I bet all the BadWebers with Mexican heritage are loving that. I've have some problem denigrating those who can speak more languages than I.

And besides, now all the Aggies reading it will be complaining about having to reload all their lost files. LOL
Top of pagePrevious messageNext messageBottom of page Link to this message

Bluzm2
Posted on Thursday, March 04, 2004 - 06:18 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Sean,
Be careful what you wish for. You just might get it!
I'm up to my eyeballs all day long doing the internet security thing.
It makes your head hurt after a while.
Staying current or slightly ahead of the bad guys is quite a challenge.
We have network sensors inside and out side out network, you would not believe the stuff I see.
Not only probes, attacks and the like but IM traffic with content that is unbelieveable.
You can't make some of this stuff up!
Reality TV and the like have nothing on real life folks that don't know they are being monitored.
We don't do anything with that stuff, just watch for malicious attacks and probes.
In order to do that you have to analyze ALL traffic.

Bill,
You want long range 802.11? Try building a Pringles can antenna. I can pick up stuff from over 2 blocks away with NO problems.
It's amazing how many folks install a home wireless network without encryption.
Do a war drive with your laptop and Stumbler sometime. The first time I did it I didn't even use an external antenna.
In a 5 block radius I found 10 networks, 6 were wide open.

Sounds like a good sideline job for parts money!

Brad

Top of pagePrevious messageNext messageBottom of page Link to this message

M1combat
Posted on Thursday, March 04, 2004 - 06:46 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

"Yeah, good one. I bet all the BadWebers with Mexican heritage are loving that. I've have some problem denigrating those who can speak more languages than I. "

Hey now... I didn't mean to denigrate anyone... My GF is Indonesian and her son is half Mexican. I just thought it was funny...
Top of pagePrevious messageNext messageBottom of page Link to this message

Seanp
Posted on Thursday, March 04, 2004 - 10:53 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Brad - I'd love to do something like that. I'm not allowed to do anything like that because we have a Department of Information Technology (DOIM) that is supposed to do things like that. They don't, (at least not that I know of). So instead, everything goes unmonitored, which I vehemently disagree with.

I am in a business which requires extreme operational security. And with instant messengers and the like, and no ability to see what sort of traffic is being passed, it just burns my ass. I know there's people passing dates, times, summaries of missions we've been on, and all sorts of other stuff over email, IM, and whatever else they can get their hands on...

And now with all these viruses out, and my users stupidly opening whatever damn attachment comes in their email, I don't know if the contents of their computers are going to be sent to some hacker somewhere, or erased, or posted on the internet. Hell, we even get the same viruses on the secret internet within hours of the virus appearing on the non-secure network. That means that some dumbass is moving information back and forth from the unclass to the classified side, and maybe vice versa. Joy...

Oh well, it's just national security.
Top of pagePrevious messageNext messageBottom of page Link to this message

Phillyblast
Posted on Thursday, March 04, 2004 - 11:24 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Looks like we might all be in luck - the authors of the latest 3 big worms might take each other out for us.
Of course, slavish dependence on MS products and an unwillingness to consider alternatives is one reason I'm leaving my current job. Personal desktop, sure. Internet connected server? Fuggedaboutit.
(see no inappropriate content in that one)
Top of pagePrevious messageNext messageBottom of page Link to this message

Rocketman
Posted on Thursday, March 04, 2004 - 11:51 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Philly, Blake doesn't like cinnamon rings

Rocket
« Previous Next »

Add Your Message Here
Post:
Bold text Italics Underline Create a hyperlink Insert a clipart image

Username: Posting Information:
This is a private posting area. Only registered users and custodians may post messages here.
Password:
Options: Post as "Anonymous" (Valid reason required. Abusers will be exposed. If unsure, ask.)
Enable HTML code in message
Automatically activate URLs in message
Action:

Topics | Last Day | Tree View | Search | User List | Help/Instructions | Rules | Program Credits Administration