September 27, 2011
Atlantic Monthly Press
The Worm - The First Digital World War
The Worm offers some interesting perspectives on one of the first concerted and coordinated efforts to stop a “worm” in its tracks (though calling it the first digital war is probably pushing it). The primary subject of the book is the Conficker worm. It was first discovered back in 2008 and was predicted to grow large enough to bring down the internet if left unchecked. It’s discovery spawned massive research and counterefforts by the internet security community and eventually a global effort took place to try and reduce its strangle hold on the internet. Interestingly, and as often is the case with these things, the Conficker worm was never stopped. In fact, as of 2015, it remains out there in the wild with around 600,000 zombies to it’s name.
The Conficker worm, the main character of this book, came into the limelight in the 2008/2009 timeframe. It exploited the Microsoft Windows vulnerability MS08-067. While Microsoft patched this vulnerability almost immediately after it was discovered, people are notoriously slow at patching their systems. Some systems, especially those running embedded Windows on them, can’t actually be updated without significant cost to the owner. The problem is further exacerbated by those running pirated copies of Windows which do not receive regular security updates. As long as there are vulnerable systems connected to the internet, the Conficker worm can continue to spread and be used for malicious activities.
While I would have enjoyed it if this book made an effort to dig deeper into the technical workings of Conficker, Bowden chose instead to focus on the rag tag team of security researchers, experts and engineers who formed a group that referred to themselves as the “Cabal” to fight Conficker. They were the first to see it spread from an initial 179,000 infected hosts to an estimated 83 million potential infections and the first to report the potential fallout if a botnet of that size was used for “evil”. The team monitored the evolution of Conficker and attempted to prevent it from activating by registering all of the potential domains that the worm might use to receive instructions from once triggered.
The Cabal also attempted to coordinate across the loosely structured and poorly regulated internet backbone, a federal government notoriously slow to take action against the growing threat of cyber warfare and a media that prefers to hyperbolize the facts rather than report them. These endeavors were met with mixed results. In the end, there was no definitive winner or loser. The doomsday scenario never happened. Conficker was rented out to the highest bidder to spread malware and spam rather than take out a country. Overtime, it’s presence has slowly degraded as users have either patched their systems or moved to different operating systems entirely. So again, calling this a “digital war” is a bit of an exageration.
With books like Killing Pablo, Black Hawk Down and The Killing of Osama Bin Laden in his portfolio, its no surprise that the author, Mark Bowden, seemed to struggle a bit making computers exciting to his audience in The Worm. He compensates for the lack of action by sprinkling analogies of good vs evil, superheroes, ninjas and cowboys throughout his writing. The point, I assume, is to try to paint a more dramatic picture of the situation for the reader. Either that or he assumed his audience was full of stereotypical nerds straight out of The Big Bang Theory. Either way, it fell flat on me and I happen to love the X-men which was his favorite analogy to thread thoughout the book.
The danger of these analogies is that they portray the ability to understand how computers and the internet work as some kind of superpower only a few proper nerds can ever hope to understand. Bowden referred to the “Glaze” as the state ordinary people fall into when listening to one of these chosen few talk about technology. Mark, I hate to tell you, but I fall into the “Glaze” all the time when I listen to people discuss football stats. It’s not specific to technology at all. It’s what happens when someone whose passionate about a subject discusses it with someone who is not passionate or even slightly interested in the subject. Unfortunately, technology and the risks associated with an increasingly connected world aren’t something we can just ignore and let Professor X’s gang of undercover whitehats solve for us. If half the people who had been infected with the Conficker worm had had a little more understanding of why immediately installing security patches on their PCs is important, the ability of Conficker to spread would have been significantly limited. We as a society have a lot of ground to make up when it comes to educating people on the technology they rely on every day. Something as simple as registering domain names so someone else can’t use them shouldn’t be compared to a superpower.
All in all, I had mixed reactions to The Worm. The topic was interesting of course and spurred me into my own research on Conficker, but the author clearly was torn as to who his target audience was for this book. His efforts to dramatize these events and “connect” with a general audience failed to appeal to me and glazed over information that would have added a lot more depth to the story.
Throughout my 10 year career I have worked as a web developer, systems administrator, software engineer, security analyst and now cybersecurity engineer. I currently develop software applications to automate security vulnerability and compliance scanning and reporting for a multinational financial institution.