Slashdot Mirror
Feds Working to Stop Worms
mbenzi writes "This article from GovExec describes how the feds worked to prevent a worm that could have been orders of magnitude worse than Code Red. Short on details, but an interesting timeline."
← Back to Stories (view on slashdot.org)
With a gang of zombies at his command, the creator of a superworm could mob a Web site or computer system, flooding it with bogus electronic transmissions until it drowned in the data torrent.
Tens of thousands of computers containing now-dormant Leaves worms await instructions from their master. Should they ever again awaken, a posse will be waiting.
With writing like this it sounds like someone trying to scare up funds to keep this department up and running.
In all seriousness I don't understand how they can tell if a worm was "more serious" than code red. The best thing about most worms is that most of them are "so wonderful" that they leave out a few details and never make it anywhere but the authors test system.
It's not worms I'm afraid of, it's next gen virii. With problem solving and logic bots that use AI it's just a matter of time before you train a program to do malicious things and give it multiple ways of accomplishing one goal of infection with a prime directive of selfpreservation, that would be the 'ultimate' worm.
We've all seen the AI programs ability to play chess, and that is impressive all in itself, can you imagine the same type of system loaded with every exploit ever documented, and then the ability to gain access via that list? Or imagine if somehow the program were able to recieve the notices of bugs (Cert, bugtraq, errata, and MS) and then learn of new potentially unpatched systems.
The problem would be not implementing the worm, nor stopping, but finding a reason for it's existence. Would it be used as a proof-of-concept only to be more horribly enacted in version 2? Would it be used for a massive DDoS attack on key internet systems thus disabling the net for a small amount of time? Or would the system dump all valueable information on a centralized server and then essentially commit suicide?
The only problem is how could this bug be 'harmful' to a host system if the prime directive was self perseverance? It's a little bit too deep of thinking for a friday morning, but we have yet to see what virii are actually capable of.
Ignore the "p2p is theft" trolls, they're just uninformed
So the best government executives in the USA act like secret agents in cheap pulp detective novels?
Perhaps they should try:
a) alterting businesses and organisations that have vulnerable systems.
c) naming and shaming software manufacturers with poor security processes.
But I guess fighting faceless villans with wicked plots to destroy the world is a lot more fun.
It's not quite as exciting when you realise that most of the villans are actually just naughty children.
In the article, they make it sound as if the feds figured out everything about the worm. If they knew how it was supposed to recieve instructions, why not "upgrade" it to give them information about its creator. And after the arrest, command it to delete itself. It sounds like it's still out there at the end of the article. Or perhaps they do know how to control it and they like it that way :-)
Wow, this article's one juicy bunch of overwrought scare-mongering! It makes "Mr. Leaves" out to be some sort of James Bond super-villain, and then goes on to say "leaves" still took a back-seat to Code Red.
Once you peel back all the hyperbolistic prose, "leaves" seems to be just another run-of-the-IRC zombie that exploits PC already infected with Sub7. Numbers from the article itself show that it had nowhere near the infection rate or virulence of Code Red. The strange bit is at the end they imply, once the guy was caught, they just left the zombies out there rather than alert the owners of the infected PCs!? Odd that, wonder what the gov wants with all those waiting worms...
Since most of these large-scale DDoS attacks have been local in origin, the Bush administration's fear-mongering about Jihad's in cyberspace are little more than propaganda.
We should probably be more worried about socially stunted 15 year-old prodigies.
BD Phone Home!
Shameless plug. Like you weren't expecting it.
Hang on - surely this should be mod'd at "+5 Funny?". Gibson is an uneducated, non technical, hype obsessed idiot. Check out grcsucks.com for more.
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
MicroSoft has acquired monopoly status in many aspects of IT, include net servers and OS.
Microsoft has monopoly status in the area of desktop OS's and certain enduser applications. It has no such status in the realm of servers, where it's market share is about 42%.
Here'e how the story looks to me:
Some Brit hacker (classican definition; one posession more intellectual curiosity than propriety) decides to write the best worm he can. He doesn't actually want to do anything bad, it's just an interesting challenge. He didn't attack anything, and the Brits didn't actually punish him or anything. Good thing he wasn't in the U.S., where he would undoubtedly be tossed in jail for a few years.
Anyhoo, meanwhile some less talented cracker releases Code Red. What do the Feds do? They keep whitehouse.gov up and running. Whee. In a real attack, the feds can't do anything. Anyone who seriously wants to do damage is not going to spend months prepping a live worm, they're going to test it privately then unleash a horde of destruction. In that case, the investigators are only going to be able to do anything after the damage has been done.
This story is a bit of propoganda fluff that tries to cover up the ineffectuality of law enforcement in this domain.