Other features of the worm offered clues. The only way to obtain it was to visit Mr. Rivest’s lab and to the experts from the National Institute of Standards and Technology judging the contest. MD6 was just a proposal, and as such was known only to Mr. A draft version of the latest of these, MD6, had been released only weeks before Conficker appeared, as an entry in a contest to reset the United States’s official top-level encryption method. It employed three of the most sophisticated coding methods in existence, RC4, RSA and MD6, all produced by the premier cryptologist in the world, Ron Rivest, of the Massachusetts Institute of Technology. Creators of illicit botnets want to protect their investments by encrypting internal commands and controls, lest their malware be hijacked by competing criminals or shut down by security experts.Ĭonficker’s encryption was worlds ahead of most. I obtained a copy this year.īut Conficker’s most impressive feature was its cryptography. The article itself was not classified, but reached only a small readership. and distributed to a small number of experts with the appropriate security clearances. This explanation was detailed in an article published in December 2015 by The Journal of Sensitive Cyber Research and Engineering, a classified, peer-reviewed publication issued by a federal interagency cybersecurity working group including the Pentagon, Department of Homeland Security and N.S.A. Conficker’s unprecedented growth drew the alarmed attention of cybersecurity experts worldwide. The last thing a thief wants is to draw attention to himself. While some experts still disagree, most now believe that Conficker was the work of Ukrainian cybercriminals building a platform for global theft who succeeded beyond all expectation, or desire. Another was that it was a cyberweapon developed by a government, perhaps even by the United States. One was that it was the work of academic hackers who had created it as a lab experiment and then accidentally unleashed it - one could understand why they would be reluctant to claim authorship. The botnet’s reach was vast, real, but dormant. This was where things stood when I wrote about Conficker for The Atlantic in 2010, and then in the book “Worm,” published the following year. Neither joke nor disaster, the worm quietly made its adaptation, slipped the grasp of cybersecurity sleuths and accelerated its growth. That attack was surprisingly pedestrian, like taking a Formula One racecar for a slow ride around the block. And yet it was used only once, to spread a relatively minor strain of “scareware” intended to frighten unsuspecting users into downloading fake antivirus software. At its height, when it consisted of at least 10 million individual IP addresses, there were few computer networks in the world secure enough to withstand an attack from it. Botnets also enabled Russia’s meddling in the presidential election in 2016, sending millions of social media users false stories.Ĭonficker’s botnet was easily capable of launching any of the above - and far worse. Botnets were behind the WannaCry ransomware attack of 2017 which infected an estimated 200,000 computers in 150 countries and crippled computer networks at National Health Service hospitals in England and Scotland.Ī cyberweapon called EternalBlue, stolen in 2017 from the National Security Agency’s secret labs, has been used to attack the networks of entire cities - Baltimore is still struggling to free thousands of municipal computers infected just last month. A 2012 attack all but shut down online operations at major banking institutions. That much power controlled by its unknown maker posed an existential threat not just to any enterprise connected to the web, but to the internet itself.īotnets, networks of secretly linked personal computers controlled by an unseen hand, have launched some of the most notorious dedicated denial of service attacks, flooding websites with so many data requests that they crash. Known as Conficker, it was and remains the most persistent computer worm ever seen, linking computers with Microsoft operating systems globally, millions of them, to create a vast illicit botnet, in effect, a black-market supercomputer. Just over 10 years ago, a unique strain of malware blitzed the internet so rapidly that it shocked cybersecurity experts worldwide.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |