Storm Warning — the Future of Malware, Part 1

As if we don’t have enough spam, viruses, phishing attacks, and other forms of network-mediated malware assailing us, now we have Storm. Storm is a kind of compound malware, not so clever in and of itself, since it infects like so much other malware, via a user getting suckered into clicking a link. What is especially insidious about it is that it enslaves vulnerable machines, like a regular bot does, but then rather than going on the attack, it tends to lie there for a time, waiting for instructions. And the instructions come not from a central command center, but on a distributed 2-C (Command and Control) pathway from a smaller group of command systems. In effect, the bot-herder can jack into the botnet at many points and from anywhere, making it exceptionally difficult to intercept and contain. The bot software is also reputed to self-modify when installed, so that it can further hide itself from anti-virus cleaners.

Probably the best and readable technical overview of the Storm worm is here in Bruce Schneier’s blog.

Several pundits are predicting nothing short of the end of the world over this thing, and I grant that it’s going to be a bear to deal with, but I’m quite confident that it will be dealt with successfully. OK, so the Storm developers are very clever, but the good guys aren’t dunces, either. No, it’s much more likely to become part of the Internet background noise, just more gunk we have to filter out.

I mean, right now in my current work environment, only 3% – 5% of the emails we get in a given day are actual valid communications to someone here, the rest are spam or worse (this is by my actual count). We just filter them out, some get through, we individually delete them, and we go back to work. It’s a large problem, but it’s more of a nuisance than a threat to the business. And we all just keep emailing.

Of course, it might be placed in the hands of any of the various political terrorists around the world that are continually assailing us, they they have very little to lose if the Internet itself is rendered unusable. This I do worry about, but it still seems unlikely.

The more important issues revolve around what we might have to do to harden our defenses, and what this will lead to in terms of a “revised” Internet. We currently enjoy the Internet as an extremely free and borderless ecosystem, where data races back and forth with few restrictions, and people dream up and implement new services — and new kinds of services — that no one could have dreamed of a few years ago. Harden all this down too much, and suddenly everything turns into molasses. Not good!

So something very bad happens. Will we have to license servers or individual PCs? Will there be qualifications to connect to the Internet? Will sysadmins need to be licensed? What about our ability to publish or participate in discussions anonymously?

I’ll address these and other related issues in a future post. But I encourage you to think about it now, because if the Internet takes a big hit from criminal or terrorist elements, the legislature won’t be far behind, and we all know what kind of technicians the lawyers are.

Read Full Post »

Homeland Security Can’t Manage their Email

Yet another indication of the general lack of capability of the Department of Homeland Secutiry surfaced this week, when the recipient of a relatively routine DHS counter-terrorism email newsletter attempted to have his delivery email address changed. His request, which he apparently thought was going to the mailing list administrator, in fact executed a “reply all” and shot off the request to all 7,500 subscribers. The humor of his simple request blasting the whole list resulted in an increasing number of recipients joining in with various sage and less than sage comments, and the initial wave of activity resulted in over 2.2 million emails being generatd during the day.

Now so far, this is just a lighthearted little bungle, it does happen inside businesses or agencies, with no particular harm done except to the administrators of the email system. Once when I was at US Bank, some hapless low-level employee in the Proof and Transit department managed to “reply all” to a monthly-fluff-from-the-president email thinking he was asking his supervisor if the vacation schedule was done yet. So everybody got this email too, and some of the recipient’s email “I’m not here” notifications were sent to “reply all” list, as were 2 or 300 emails back to him telling him what he had done, all these copied everybody and ricocheted around the bank until by 11 AM the whole system croaked with overload.

So, as it turns out, it’s possible to flag certain emails as “nonforwardable” and/or “nonreplyable” so this doesn’t happen. That was new stuff, about 5 or 6 years ago. And it was internal email in a bank.

But this is the organization in charge of protecting our critical infrastructure and us from terrorists! And, it’s 5 or 6 years later! The Times’ article points out,

The accident raised questions among cybersecurity experts about how well prepared the Homeland Security Department is to defend against a cyberattack because it had trouble dealing with this computer problem.

“It is a very simple fix,” said Marcus H. Sachs, a volunteer computer security expert at the SANS Internet Storm Center. “Do they not have anybody there that understands how to fix it?”

Actually, the worse problem is, don’t they have anybody who knows how to set it up in the first place? After all, this is not something that’s never happened before. Now they may argue, we’re so busy on the really big stuff, like setting standards for shampoo bottles when you fly, that we didn’t have time to do this right. To anyone who makes that argument with a straight face, I direct you to the parable of the talents in the Bible (Matthew 25:14 – 30). In the end, the master said, “Well done, good and faithful servant! You have been faithful with a few things; I will put you in charge of many things.”

I’d like to see DHS, and especially it’s cyber-terrorism unit, so some small things right, so we had a better feeling about their being able to do complex and critical things right, and right the first time.

Read Full Post »

35W Bridge Rebuilding Goes Nowhere, or Worse

In Washington, the Democratic Congress’ drive to get us out of the disastrous war in Iraq has utterly run out of gas, not even the smallest criticism of the President’s private war could be passed. The Democrats run the danger of their mascot being changed from the donkey to the possum — roll over and play dead. Exactly what did they think they got elected to do?

Here in the Northland, we have a similar problem with paying attention beyond the news headlines — only a few short months since the 35W bridge collapsed and we seem to have lost all the intensity and focus that a disaster like this should have brought forth. No one in MnDOT is going to be held accountable, it seems, the highest bidder has been selected with no actual design in sight, and even at the Federal level a billion dollars was appropriated for infrastructure repair and maintenance, but at the same time chucked into the bill 2 1/2 billion dollars for other, non-infrastructure projects. Wow! Such dedication! Such commitment to right a tragedy! The governor states that he will provide $X million to get to work with the rebuilding, but sotto voce says that since he won’t raise taxes “unwisely,” the money will come out of school funding and some other helpless constituencies.

So the litany of monstrous incompetence continues: the Transportation Department’s emergency manager Sonia Morphew Pitt, it turns out, couldn’t be bothered to cut short a trip to the east coast to come home and, well, manage an emergency, undoubtedly the biggest one MnDOT has faced in the last decade or so; no, she stayed out there and came home when she felt like it. Heckofa job, Brownie! Granted, the governor has voiced his “displeasure” at her behavior, but so far that’s all.

But the lack of attention to maintenance issues manifests itself in a bizarre way right at Highway Headquarters in St. Paul — the MnDOT building itself is falling down while we watch. Due to 20 years of neglect and an unwillingness to actually spend money, the facade of the MnDOT building is falling off. The huge stone slabs are peeling off and to get in the building you have to pass through a reinforced tunnel, kind of like going into a bomb shelter. But this outrageous situation is apparently not an issue for the Governor and his Lieutenant-Governor / MnDOT Commissioner Carol Molnau. But spend money to fix the building? Not on their watch!

And finally, talk about taking a solid, aggressive stand at dealing with our rapidly-eroding civil infrastructure: various highway officials around the country are standing up and bravely proposing that — yes — the evaluation terminology should be changed because “the public is getting alarmed” at all these terms like “fracture-critical” and “structurally deficient.” So, presumably if we change these alarming terms, the forces of gravity will be held at bay. How simple! Star-Tribune columnist Nick Coleman, one of the few who refuses to let all this die and be swept under the rug, proposes that we should call it “faith-based bridges: close your eyes and pray you get across.”

I’m tempted, but afraid, to say “just when you think you’ve seen it all . . .”

Read Full Post »