Worm
The First Digital World War
By Mark Bowden
Atlantic Monthly. 245 pp. $25
Reviewed by Steve Weinberg
When Mark Bowden writes, smart readers pay attention. A former reporter for The Inquirer, Bowden is a deserved brand name – a superb reporter and compelling narrative writer, whether his subject is war in a forlorn land (Black Hawk Down, set in Somalia) or a variety of others in seven other books (Killing Pablo, Guests of the Ayatollah, etc.). And now we have the current masterpiece, Worm.
Worm is about attacks on computers and computer networks, the attackers, and the defenders. Bowden is no techie. That means he had to master the jargon- and acronym-filled realm of computers. He presents the technical subject matter about the fight for the soul of the Internet so that other non-techies can understand without struggle. Analogies, metaphors, and extended definitions abound, all in the service of deforesting the jungle of jargon.
Even more vital to the success of the book, Bowden builds a narrative around a dozen men (yes, all males) who labor long hours – often heroically – to retain a functioning Internet for hundreds of millions of noncriminal users.
To get the most out of the book, the reader must understand two jargon words early. In computer-speak, a worm is more threatening than a virus. Bowden explains:
To invade a computer, a virus relies on human help such as clicking unadvisedly on an unsolicited e-mail attachment, or inserting an infected floppy disk or thumb drive into a vulnerable computer. A worm, on the other hand, is state of the art. It can spread all by itself.
The worm dubbed Conficker (by those battling its spread) is the centerpiece of the narrative. It showed up on millions of computers in dozens of nations starting in late 2008. The relatively small number of computer security experts who track such threats could tell almost immediately that this was something unprecedented in both reach and sophistication.
Despite his novice status in the computer world, Bowden persuaded an informal network of those security experts to let him watch, both in person and online – to listen in on their conversations, to read their e-mail traffic, to ask questions galore. Did Conficker carry the potential to paralyze the Internet? Yes, the security experts thought. Would the inventors of Conficker actually bring down the Internet? None of the experts could answer that question at first, but increasingly they came to believe the enemy had other purposes.
It’s no spoiler to reveal that we don’t learn the identities or precise goals of the Conficker inventors. Instead, the drama is the fight to contain Conficker, sort of, so that the security experts can sleep soundly at night, sort of, at least for a brief period.
Readers will probably have their own favorites among the dozen security experts most prominent in Worm. I vote for Phil Porras, program director for SRI International in Menlo Park, Calif. In a helpful “Principal Characters” section, Bowden describes Porras as “one of the first to study Conficker and spearheaded efforts to predict its behavior and defeat it.”
It becomes obvious early that the U.S. government security experts are not part of the hero group. Nobody around from the Federal Bureau of Investigation, the Central Intelligence Agency, the National Security Agency, or the Defense Department. Why not? It is impossible to know for sure, but as Bowden learns little by little, federal agencies do not attract the brightest computer security personnel, are slow to grapple with an unprecedented yet obvious threat, worry more about turf protection than public service, and are led by executives who practice condescension instead of camaraderie.
Bowden occasionally enters the realm of quasi-fantasy, as when he writes that the absence of government agencies left the fight to “this odd and uniquely talented collection of volunteers. Given the esoteric nature of the combat, it lent itself less to the analogies of earthbound warfare than to the fantastic.”
He invokes DC Comics’ Justice League of America and Marvel’s X-Men. The fantasy references left me a bit behind at times – but they never killed the narrative drive.
By now, the Internet is a familiar entity, even though it remains as essentially mysterious to the nontechnical as the guts of a car engine are to the nonmechanical. As Bowden explains, ease of access to the Internet has meant a minimum of rules. Nobody’s in charge, as Bowden explains:
This openness and lack of any centralized control is both a strength and a weakness. If no one is ultimately responsible for the Internet, then how do you police and defend it? Unless everyone using the thing is well-intentioned, it is vulnerable to attack, and can be used as easily for harm as for good.
The Conficker creators are not well-intentioned. And therein lies Bowden’s marvelous story.
Steve Weinberg is the author
Article source: http://www.philly.com/philly/entertainment/20111002_Heroes_in_an_attack_threatening_the_Web.html
View full post on National Cyber Security » Virus/Malware/Worms