4.4. Who Writes Viruses?In the early days, most virus-like programs were written by geniuses, mainly computer scientists at major corporations and labs, who were still exploring the theoretical limits of computing. The question "What do computers do?" had not been answered. Attempts at producing independent, self-replicating program elements were a valid inquiry into the question of how computers should be used and organized. Nothing was easy about programming in these pioneering days. Assembly language, often considered today the most arcane of the programming arts, was still a bit of a dream. So, by and large, the early experimenters with viral technology, operating before the metaphor was even coined, were the giants. In today's world, you buy a computer; you plug it in, or have the kid who sold it to you come out and do so; you connect it to the Internet via a broadband connection; and you are flying. For many, it is an entertainment and communications tool, on which to write the occasional letter, using self-correcting, autoformatting, and grammar-checking office software. The computer has become as far removed from its early users as has the automobile from most of its drivers. True, most mechanics and automotive engineers drive to work, and some shade tree mechanics tinker in the innards, and a few actually make improvements. Most, however, decide on their choice of colors, and whether or not they want chrome rims or white sidewalls for their wheels. Customization has replaced engineering, and in many cases, disposal has replaced repair. It is in this environment that the new breed of virus writer has emerged. The computer is no longer an awe-inspiring oracle in a glass enclosed tabernacle, into which only the chosen may enter. Today the computer, in the United States at least, is ubiquitous. Almost as many homes have computers as subscribe to newspapers and magazines. And as the entertainment value of the Internet increases, that number may begin to approach the market penetration of the telephone and television, which in the early 1990s was already present in slightly more homes than the number having indoor plumbing. There are so many computers in use today that states such as California have adopted laws concerning their disposal, so that old PCs don't clog landfills. In this computer-saturated society, the mystique of the box is replaced by the aura of that to which it connects. The Internet is the new hang-out, and to hang there in style requires you to make your mark. Joyriding and hacking, defacing web sites and tagging walls with spray paint, setting fires in dumpsters, and unleashing viruses, all are manifestations of a similar juvenile, typically angst permeating affluent nations. The difference is that the street tough guy skins his knuckles, and the script kiddie, which is the pejorative applied to wannabes on the Internet, grows pale and soon needs glasses. The script kiddie does not usually write viruses: that would take programming skill. Instead, he (or she, though most crackers arrested are male) obtains canned code strings, called scripts, and runs them against targeted machines. In time, this attacker may develop some skill at evading network protection mechanisms, such as firewalls, and be attuned enough to stay ahead of virus protection systems. When all is said and done, however, a few really bright individuals discover flaws in common software, and write exploits against the flaws. Script kiddies hang on these deities for any scripts they may hand down to their adoring followers, who execute them. The great mass of computer users have unprotected home machines plugged into broadband outlets without any strategy or tools for protection (firewalls and virus-scanning software are discussed later in this chapter). This low hanging fruit is easily sensed and attacked by the scripts, and, before long, the script kiddie has a sufficient herd of zombies that she can launch a DoS attack against someone she doesn't like or maybe shut down a municipal web site. If he does not have access to a bright mentor, the script kiddie can download scripts from a cracker web site, likely one that is hard to read, with lots of dirty words, and sprinkled with 1337-script (pronounced "elite"with certain letters replaced by similar looking letters, 1 for l, 3 for E, 7 for t). Fortunately, something happens to most of these: they grow up and some of them actually find work in the information technology industry. Then there are the bright, criminally-minded ones who don't leave their hacking days behind and who become cyber thieves, spies, anarchists, and terrorists. Skillfully manipulated, lots of zombied computers could cause a lot of trouble. One Polish organization claims it can push spam with impunity regardless of changes in the law, simply by activating a few of its 500,000 zombies. A half-million machines throwing out millions of emails a day can be an inconvenience to a lot of people, but the real question may be "What else could they do?" Any worthwhile technique learned by phone phreakers (those who attempt to outwit the public telephone network by synthesizing its control mechanisms so as to avoid charges) is likely in the hands of various militaries, as are the best work of the crackers. Electronic countermeasures going well beyond mere listening (ELINT) are likely practiced daily, using say, cell phones or phone emulators to access PBXs, which then are used to accesswho knows? Why bother considering electronic high jinks as a form of attack? Perhaps armies do not travel on their cell phones, but economies do. Economic pressure will eventually force a convergence of the myriad of proprietary protocols controlling the devices on factory floors, the SCADA systems controlling dams and waterways, the remote well heads in petroleum exploration, and the power grids supplying the homes and industrial facilities of a nation. Already, convergence is occurring between the Internet and the telephone network, as in Voice over Internet Protocol (VoIP), and some wireless providers have gone full circle, using wireless to transmit IP, on which voice is encoded. Economic pressure will also force a centralization of control, with one center monitoring several plants rather than each installation being under local control. At that point, when one protocol dominates one network, the third class of virus maker will have their swing, either robbing from us, or extorting us, or simply turning key systems off as a cover for a bigger move. For all we know, World War III might begin with a loss of dial tone, and a string of "Error 404, site not found." That will be the day to be truly fearful of viruses. |