Mark Bowden’s ‘Worm,’ About Conficker

Mr. Bowden, the author of such muscular nonfiction narratives as “Black Hawk Down” and “Guests of the Ayatollah,” writes about technology issues as a semi-civilian. He sounds more like a generalist who has armed himself with research than a natural cybergeek. (He cites science-fiction classics, fascinatingly obscure data and one actual techie poem in which “poor little Conficker” is a character.) In any case, he begins his book with an effort to explain the basics of worm warfare, acknowledging that this is an uphill battle. “The Glaze,” the blank look encountered by technology experts trying to explain themselves to amateurs (translation: “Look, dude, spare me the details, just fix it!”), captures the general Web user’s command of Internet problems.

The Glaze notwithstanding, “Worm” runs through the basics of computer viruses and worms. It explains the computer-code “robots,” or “bots,” that can be made to infiltrate and link large networks of unsuspecting computers. And it illustrates why strategically well-placed bots can be used as weapons. But “those who specialize in cybersecurity face a wall of incomprehension and disbelief when they sound an alarm,” Mr. Bowden writes. “It is as if this dangerous weapon pointed at the vitals of the digital world is something only they can see.”

Conficker had an Internet protocol address from Argentina, but could have originated anywhere. It reflected close familiarity with encryption codes developed at M.I.T. It started small in 2008, attacking 250 new computers a day, only to connect from one to another at rapid speed. It was quickly able to expand 179,000 unique addresses into 83 million possible contacts. Its long-range purpose remained unknown. “Worm” also ticks off a kind of Golden Oldies list of Conficker’s antecedents — Gimmiv, Creeper, Bagle and Melissa, which was named for a hacker’s favorite lap dancer — to set the stage for its evil wizardry. Conficker invaded computers in a particularly sneaky way and appeared to use very little bandwidth, making it even harder to detect. “When Conficker debuted on Nov. 20, 2008, it stood on the shoulders of two decades of research and development, trial and error,” Mr. Bowden writes. “It was as much a product of evolution as anything in nature.”

This is about as far as “Worm” gets into the engineering of Conficker. Instead of digging deeper, Mr. Bowden switches gears and turns it into a much broader book. He introduces a group of experts who, despite the unstructured nature of the Internet and the absence of a strong federal government effort to regulate it, banded together ad hoc to fight a potential terrorist threat. (A note on copy-editing: spelling the first name of the president of the United States “Barrack” does not increase the credibility of anti-government complaints.)

“Worm” also takes a flying leap into the world of Marvel Comics. “The white hats in this struggle were locked in the old and eternal battle of good versus evil, Satan versus God,” Mr. Bowden writes, apparently in all seriousness. “Game on.”

The participants in the anti-Conficker effort may or may not have seen themselves as caped superheroes. But Mr. Bowden had access to them, which is one of the book’s selling points. And they had him to supply the theatrics. “They went about their day jobs as unassuming techies, men whose conversation was guaranteed to produce the Glaze,” he writes, “but out here in the cyberworld they were nothing less than the Anointed, the Guardians, the Special Ones …. ” And on and on.

Readers may sympathize with Mr. Bowden’s writerly predicament. Among the real-world events he was describing was a meeting at a Holiday Inn where members of what came to be known as the Conficker Cabal sat at tables arranged in a horseshoe, “covered with starched white linen, with bowls of hard candy set at intervals.” The fantasy realm looks good by comparison. And some important steps toward thwarting Conficker were relatively pedestrian. The worm hit a vast number of domain names; did the security experts need to purchase all those names to protect them? One man’s birthday was almost ruined by the news that Conficker had expanded its reach and become something even worse.

But the biggest problem that “Worm” faces is that Conficker did not (or has not yet) fulfilled the worm-fighters’ most creative doomsday fantasies. They still aren’t sure what it has accomplished or what precedents it has secretly established. So the book’s main drama takes the form of intramural e-mail squabbling among cabal members.

Some of it is reprinted here. “Rick’s a very bright guy, smarter than me, but also perhaps a little more prone to getting into fights in bars than I am,” one wrote. And another: “Dude, do you know what your boy is doing?” And, even more relevantly to the disappointing slightness of “Worm”: “Be clear, post some statistics or shut up.”

Article source: http://www.nytimes.com/2011/10/04/books/mark-bowdens-worm-about-conficker-review.html

View full post on National Cyber Security » Virus/Malware/Worms

Leave a Reply