What do you think?
Rate this book
Worm: The First Digital World War
From the bestselling author of Black Hawk Down, the gripping story of the Conficker worm—the cyberattack that nearly toppled the world. The Conficker worm infected its first computer in November 2008, and within a month had infiltrated 1.5 million computers in 195 countries. Banks, telecommunications companies, and critical government networks—including British Parliament and the French and German military—became infected almost instantaneously. No one had ever seen anything like it. By January 2009, the worm lay hidden in at least eight million computers, and the botnet of linked computers it had created was big enough that an attack might crash the world. In this “masterpiece” (The Philadelphia Inquirer), Mark Bowden expertly lays out a spellbinding tale of how hackers, researchers, millionaire Internet entrepreneurs, and computer security experts found themselves drawn into a battle between those determined to exploit the Internet and those committed to protecting it.
265 pages, Kindle Edition
First published January 1, 2011
223 people are currently reading
2519 people want to read
About the author
Mark Bowden
65 books1,797 followersMark Bowden is an American journalist and writer. He is a former national correspondent and longtime contributor to The Atlantic. Bowden is best known for his book Black Hawk Down: A Story of Modern War (1999) about the 1993 U.S. military raid in Mogadishu, which was later adapted into a motion picture of the same name that received two Academy Awards.
Bowden is also known for the books Killing Pablo: The Hunt for the World's Greatest Outlaw (2001), about the efforts to take down Colombian drug lord Pablo Escobar, and Hue 1968, an account of the Battle of Huế.
Bowden is also known for the books Killing Pablo: The Hunt for the World's Greatest Outlaw (2001), about the efforts to take down Colombian drug lord Pablo Escobar, and Hue 1968, an account of the Battle of Huế.
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 30 of 297 reviews
January 5, 2023
There is a war being waged in the world today. Not one of the many you read about in newspapers (or newsfeeds) or the ones you see on your televisions and computer screens. This war is going on while we sleep, eat our breakfasts and go about our business, in our cities and suburbs, in the homes of our major industries, in our home computers. Forget the annoying daily viruses that attack, primarily, Windows systems, spewing unwanted spam; forget the unwanted pop-ups that emanate from the same source; forget the Blue Screen of Death and similar results from other fun system-stoppers that flood the lines connecting our machines to the world. This is an ongoing cyberwar, complete with black hats and white hats. There are folks out there who have devised a truly weaponized form of the evil sheiss we have to cope with every day. This new invader is capable of taking down the entire system. It is robust, almost impervious to correction even once detected, and it has spread itself, functioning like millions of sleeper cells throughout our electronic world, and it waits for instructions. It might be told to send out the usual sort of sexual spam we have all seen. No biggie. But then it might take down the entire internet by flooding certain sites with millions of hits. It might be instructed to disable the electrical grid, or occupy Wall Street’s computer systems. (Yes, I know some might cheer, but the damage would extend well beyond the street) And just because we do not yet have a body count that does not mean that this war does not have casualties. Businesses that have had to shut down because of such attacks, hundreds of millions of dollars, maybe billions, that might have been spent on more productive uses, but which have been allocated to cyber defense. Most recently, [when this was originally written] Sony has enjoyed the pleasure of high end digital trouble-making, thanks to our friendly neighbors in North Korea. Thank god there are some heroes out there who are making our lives a bit, a lot safer, by indulging their need to do the right thing.
Mark Bowden - image from his Twitter pages
Each chapter is introduced by a quote from the X-Men comic book series. It is entirely appropriate, as Bowden sees his core characters as people with special powers. They are truly superheroes, operating on their own, outside government, for the most part, to fight off an invasion that most of us did not notice at all. The X-Men of Bowden’s tale are the ones who first caught on to this invasion, the ones with the technical savvy to actually appreciate how powerful, how dangerous, how sinister and how clever this invader is. It is thanks to them that our electronic world has not returned to pencil-and-paper accounting, and our trains have not been dashing into each other head on. I bet you will not recognize a single name among this group. No Steve Jobs or Bill Gates here, although many of the team members have done quite nicely for themselves. These Jean Grays, Logans, Kitty Prides and Professor Xaviers (although all male) combined their brainpower and did what needed to be done, even though it meant having to open their own checkbooks, and strain their home lives, to cover some of the considerable costs entailed. Ironically, they call themselves “The Cabal.”
Bowden, author of Blackhawk Down and Killing Pablo knows adventure, and there is plenty to be had here. Not a car chase in sight, but if your heart does not race while reading this, you might want to get it checked.
What is most amazing is how uninvolved our government has been in protecting the nation from assaults, real and potential, on our infrastructure, our financial system, and our defense systems, by not only bored, gifted teens, but by high level criminal enterprises and nation states. Actually not so surprising, given that the administration in question is the one that ignored repeated warnings of impending terrorist attacks in 2001. The current administration has taken the challenge more seriously, but I have not yet read any book-length materials that report on that.
I have only one caveat for readers of this exciting book. Although it has clearly been written with a general audience in mind, there is enough geekish detail here to cause more than a bit of befuddlement. Bowden does a pretty good job of de-teching the material, and I scooted past it easily enough, but I am not a typical reader for this, having spent a few decades fiddling with bits and bytes. So take with a grain of salt my sense that the tech will not get in the way. For any who find that absolutely needing to grasp all the technical details impairs their reading experience, I suggest blowing past it. It is not critical for you to get the minutiae. The gist is plenty, and it is substantial. Worm is a page-turner. Be an early bird and catch it.
There are more than a couple of books on the subject out there. I have read only a few. Neil Stephenson offers a fictionalized version of how clever techies might make mayhem in the world in Reamde. Richard Clarke has real world expertise in this area. He has a clear notion of what is going on, what is possible and what we should be afraid of. He writes both non-fiction Cyberwar and fiction, Breakpoint.
Update December 23, 2016 - The book came out and I wrote the above review in 2011. It has only gotten worse since then. Hackery of different sorts has resulted in the USA facing the prospect of actual fascism taking over our government institutions. This includes both the Russians hacking our government departments and political parties, then using their crimes to tilt the USA election to favor their patsy, and the political hackery of traitors to the republic like FBI director Comey, who blatantly misused his office for political reasons, have caused us all immeasurable harm. Evil assholes we will always have with us, whether Putin, Trump, or their many ethics-free, power-hungry, money grubbing minions. But we as a nation should have the technical capability to keep one step ahead, at least on the technical side of things. Bowden points to some good actors here. given that the instruments of government will be in small, hostile hands, they, and their like, should be recruited by those who care about our country and who have the means to finance their activities to plug up as many holes in the dike as can be identified, and to try to keep ahead of the emerging threats.
QUOTES - I read this on a Nook, so the page numbers might not track with the hardcover
P84 – Networks connected to the internet are vulnerable even if protected with hardware and software firewalls and other security mechanisms. The government, military, business and economic institutions, key infrastructure elements, and the population at large of the United States are completely dependent on the Internet. Internet-connected networks operate the national electric grid and distribution systems for fuel. Municipal water treatment and waste treatment are controlled through such systems. Other critical networks include the air traffic control system, the system linking the nation’s financial institutions, and the payment systems for Social Security and other government assistance on which many individuals and the overall economy depend. A successful attack on these internet-connected networks could paralyze the united States.” – [This is from a U.S. China Economic and Security Review Commission report to Congress.]
P 170 – in Modern warfare there is no such thing as unqualified victory, or unconditional defeat…Casualties mount. The public gets surly. The treasury coffers bottom out. The ruling party gets dumped. One no longer wins; one claims victory. Often both sides do. And sometimes both are right…in their own way.
=============================EXTRA STUFF
NY Times Sunday Review - June 29, 2019 - The Worm That Nearly Ate the Internet by Mark Bowden
Mark Bowden - image from his Twitter pages
Each chapter is introduced by a quote from the X-Men comic book series. It is entirely appropriate, as Bowden sees his core characters as people with special powers. They are truly superheroes, operating on their own, outside government, for the most part, to fight off an invasion that most of us did not notice at all. The X-Men of Bowden’s tale are the ones who first caught on to this invasion, the ones with the technical savvy to actually appreciate how powerful, how dangerous, how sinister and how clever this invader is. It is thanks to them that our electronic world has not returned to pencil-and-paper accounting, and our trains have not been dashing into each other head on. I bet you will not recognize a single name among this group. No Steve Jobs or Bill Gates here, although many of the team members have done quite nicely for themselves. These Jean Grays, Logans, Kitty Prides and Professor Xaviers (although all male) combined their brainpower and did what needed to be done, even though it meant having to open their own checkbooks, and strain their home lives, to cover some of the considerable costs entailed. Ironically, they call themselves “The Cabal.”
Bowden, author of Blackhawk Down and Killing Pablo knows adventure, and there is plenty to be had here. Not a car chase in sight, but if your heart does not race while reading this, you might want to get it checked.
What is most amazing is how uninvolved our government has been in protecting the nation from assaults, real and potential, on our infrastructure, our financial system, and our defense systems, by not only bored, gifted teens, but by high level criminal enterprises and nation states. Actually not so surprising, given that the administration in question is the one that ignored repeated warnings of impending terrorist attacks in 2001. The current administration has taken the challenge more seriously, but I have not yet read any book-length materials that report on that.
I have only one caveat for readers of this exciting book. Although it has clearly been written with a general audience in mind, there is enough geekish detail here to cause more than a bit of befuddlement. Bowden does a pretty good job of de-teching the material, and I scooted past it easily enough, but I am not a typical reader for this, having spent a few decades fiddling with bits and bytes. So take with a grain of salt my sense that the tech will not get in the way. For any who find that absolutely needing to grasp all the technical details impairs their reading experience, I suggest blowing past it. It is not critical for you to get the minutiae. The gist is plenty, and it is substantial. Worm is a page-turner. Be an early bird and catch it.
There are more than a couple of books on the subject out there. I have read only a few. Neil Stephenson offers a fictionalized version of how clever techies might make mayhem in the world in Reamde. Richard Clarke has real world expertise in this area. He has a clear notion of what is going on, what is possible and what we should be afraid of. He writes both non-fiction Cyberwar and fiction, Breakpoint.
Update December 23, 2016 - The book came out and I wrote the above review in 2011. It has only gotten worse since then. Hackery of different sorts has resulted in the USA facing the prospect of actual fascism taking over our government institutions. This includes both the Russians hacking our government departments and political parties, then using their crimes to tilt the USA election to favor their patsy, and the political hackery of traitors to the republic like FBI director Comey, who blatantly misused his office for political reasons, have caused us all immeasurable harm. Evil assholes we will always have with us, whether Putin, Trump, or their many ethics-free, power-hungry, money grubbing minions. But we as a nation should have the technical capability to keep one step ahead, at least on the technical side of things. Bowden points to some good actors here. given that the instruments of government will be in small, hostile hands, they, and their like, should be recruited by those who care about our country and who have the means to finance their activities to plug up as many holes in the dike as can be identified, and to try to keep ahead of the emerging threats.
QUOTES - I read this on a Nook, so the page numbers might not track with the hardcover
P84 – Networks connected to the internet are vulnerable even if protected with hardware and software firewalls and other security mechanisms. The government, military, business and economic institutions, key infrastructure elements, and the population at large of the United States are completely dependent on the Internet. Internet-connected networks operate the national electric grid and distribution systems for fuel. Municipal water treatment and waste treatment are controlled through such systems. Other critical networks include the air traffic control system, the system linking the nation’s financial institutions, and the payment systems for Social Security and other government assistance on which many individuals and the overall economy depend. A successful attack on these internet-connected networks could paralyze the united States.” – [This is from a U.S. China Economic and Security Review Commission report to Congress.]
P 170 – in Modern warfare there is no such thing as unqualified victory, or unconditional defeat…Casualties mount. The public gets surly. The treasury coffers bottom out. The ruling party gets dumped. One no longer wins; one claims victory. Often both sides do. And sometimes both are right…in their own way.
=============================EXTRA STUFF
NY Times Sunday Review - June 29, 2019 - The Worm That Nearly Ate the Internet by Mark Bowden
August 10, 2015
Conficker is the "first Digital World War?!" Get the f*** out of here. Ugh, I knew I remembered Mark Bowden from somewhere. He wrote Black Hawk Down. Not a bad book but you can't shoehorn every damn phenomenon into the category of "war"! As the saying goes, when you have a hammer, everything looks like a nail.
This book is an utter waste of time. If you're interested in the subject you already know everything in it. Do we really need yet another recounting of the internet's origins, ARPANET etc? There's like 3 actual facts in this book, the rest is all boilerplate. It's frustrating, because the evolution of malware, botnets, the cybercrime ecosystem (specialization, time-sharing on botnets, extortion via DDoS attacks, rootkit/rootkit detector arms race, SCADA exploits, state-sponsored espionage, RSA compromise, etc, etc) is really a fascinating subject. Someday someone will write a book worthy of the topic. Worm ain't it.
The book completely dumbs down everything, eschewing hard information in favor of hoary cliches and dull metaphors. I hate when pop science/engineering writers do this. At a certain point, if your readers aren't willing to tolerate any level of technical detail, they're just not going to understand the topic. It reminds me of all the pop math books I've seen that promise to explain things without resorting to scary equations. Math requires symbolic notation! Accept it or GTFO! I'm not saying you need to have pages upon pages of complex formulas, but not everything can be explained via brightly colored balls.
Since Worm sucked so bad, I felt compelled to assemble a list of what I consider GOOD security writing, just to remind myself that such a thing exists. Read any of these instead. Authors of these: please write the definitive book about Stuxnet/Flame/botnets/malware/rootkits!!
1. How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History | Wired
2. The Shadow Internet | Wired
3. Attack of the Bots | Wired
4. Flame: Questions and Answers | Karpersky Labs
5. Sony, Rootkits and Digital Rights Management Gone Too Far
6. Fravia's anonymity lab (tricks and tips to survive a little longer on the web)
7. Fravia's page of reverse engineering: Packers and Unpackers
8. Your Botnet is My Botnet: Analysis of a Botnet Takeover
9. samy is my hero (how to make 1 million friends on myspace)
10. Revisiting the Black Sunday Hack | Coding Horror
11. Stealing the Network: How to Own the Box by Ryan Russell | Goodreads
12. HACKING TEAM: A ZERO-DAY MARKET CASE STUDY
13. Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees) | Forbes
14. The Hacker Crackdown | Goodreads
15. The Zombie Hunters | New Yorker
16. Machine Politics: The Man Who Started The Hacker Wars | New Yorker
17. How a Bookmaker and a Whiz Kid Took On a DDOS-based Online Extortion Attack | CSO Online
18. Enter the Cyber-dragon
This book is an utter waste of time. If you're interested in the subject you already know everything in it. Do we really need yet another recounting of the internet's origins, ARPANET etc? There's like 3 actual facts in this book, the rest is all boilerplate. It's frustrating, because the evolution of malware, botnets, the cybercrime ecosystem (specialization, time-sharing on botnets, extortion via DDoS attacks, rootkit/rootkit detector arms race, SCADA exploits, state-sponsored espionage, RSA compromise, etc, etc) is really a fascinating subject. Someday someone will write a book worthy of the topic. Worm ain't it.
The book completely dumbs down everything, eschewing hard information in favor of hoary cliches and dull metaphors. I hate when pop science/engineering writers do this. At a certain point, if your readers aren't willing to tolerate any level of technical detail, they're just not going to understand the topic. It reminds me of all the pop math books I've seen that promise to explain things without resorting to scary equations. Math requires symbolic notation! Accept it or GTFO! I'm not saying you need to have pages upon pages of complex formulas, but not everything can be explained via brightly colored balls.
Since Worm sucked so bad, I felt compelled to assemble a list of what I consider GOOD security writing, just to remind myself that such a thing exists. Read any of these instead. Authors of these: please write the definitive book about Stuxnet/Flame/botnets/malware/rootkits!!
1. How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History | Wired
2. The Shadow Internet | Wired
3. Attack of the Bots | Wired
4. Flame: Questions and Answers | Karpersky Labs
5. Sony, Rootkits and Digital Rights Management Gone Too Far
6. Fravia's anonymity lab (tricks and tips to survive a little longer on the web)
7. Fravia's page of reverse engineering: Packers and Unpackers
8. Your Botnet is My Botnet: Analysis of a Botnet Takeover
9. samy is my hero (how to make 1 million friends on myspace)
10. Revisiting the Black Sunday Hack | Coding Horror
11. Stealing the Network: How to Own the Box by Ryan Russell | Goodreads
12. HACKING TEAM: A ZERO-DAY MARKET CASE STUDY
13. Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees) | Forbes
14. The Hacker Crackdown | Goodreads
15. The Zombie Hunters | New Yorker
16. Machine Politics: The Man Who Started The Hacker Wars | New Yorker
17. How a Bookmaker and a Whiz Kid Took On a DDOS-based Online Extortion Attack | CSO Online
18. Enter the Cyber-dragon
May 2, 2017
I have learned some very basic, geeks how could you know it, information. Definitely written for those of us who have little clue on how a computer works.
By adulthood most of us know that if you cannot imagine the end result, don'the start. Well, the Internet began before those doing the connecting thought about security. Considering that the early connectors were the government and large universities,the lack of security shows a lack of maturity. So now we are playing catch-up with barely effective tools, not always effective tools.
Update, update, update.
By adulthood most of us know that if you cannot imagine the end result, don'the start. Well, the Internet began before those doing the connecting thought about security. Considering that the early connectors were the government and large universities,the lack of security shows a lack of maturity. So now we are playing catch-up with barely effective tools, not always effective tools.
Update, update, update.
June 1, 2015
This book was simultaneously pandering and condescending, plus one of the more melodramatic books I've read in a long time. It's aimed squarely (and I think cynically) at "geeks" and "nerds" who apparently know nothing about computers. Despite almost every single example of an "uber nerd" in the book being basically the opposite of a stereotypical basement-dweller, Bowden treats it as if that's a massive surprise as every new character is introduced. He constantly refers to "the glaze" and "the wink" as if those are somehow accepted terms. Maybe if this were the the early 90s people would "glaze over" when you talk about the workings of a computer, but this is 2012 and everyone uses computers, not just socially inept nerds (though, frankly, I'm not sure that stereotype was ever true). Constantly referencing "the X-men" and calling security experts "mutants" does not help his case. He reminds me of the old comic trope of an out-of-touch dad trying to keep pace with the new fads, "Hey jive turkeys, I'm hip to what's coolio, daddi-o!" It's not pretty.
As for the content, the story made me wish that this were a better book, and it's the reason I even bothered finishing it (that and the fact that it's quite short and I could finish it just a in a few hours). There's some interesting information in here about how worms and viruses work and the history behind them - though it is scant and I'm not even 100% sure accurate, having read no secondary sources to check on it. Unfortunately, the interesting stuff is at most 50% of the book's content, as a good 30% of it is devoted to weird, momentary internet quarrels and differences of opinion within the Conficker Working Group (stupidly called the "cabal" in the book). This is as interesting as reading a message board or IRC flame war, and about as consequential (read: not at all on both counts).
The remainder of the book is dedicated to what I would consider to be terrible policies with regards to "cyber-warfare" (though this hardly qualifies): that this should either be done by the government or it should be done exclusively by volunteers - almost all the profit-seeking entities here are marginalized or demonized by proxy. As to the concept of government taking over world-wide cybersecurity, I'm skeptical of the idea that a lumbering, massive bureaucracy could possibly respond quickly and effectively with limited scope to the kinds of challenges posed by worms and the like - they should certainly be protecting their critical infrastructure as well as possible, but it seems like they'd make heavy-handed moves as or more likely to damage the internet than save it. And the demonization of profit-motive in the book is simply criminal - fighting viruses has significant positive externalities and if anything anti-virus companies that get paid at all are getting paid too little - if you add an additional layer of shame to the idea of getting paid for this work, you're certainly not giving skilled programmers and network security experts (who are extremely highly paid in today's markets) any kind of incentive to dedicate themselves to the task of quickly and effectively eliminate such threats.
All-in-all it's about what I'd expect from some science journalist dipping into a random internet subculture and thinking, "Oh man, this story is so great!" All too common in today's media environment. I would recommend avoiding this book. If I could I'd give it 1.5 stars out of 5 - I don't think it's quite bad enough to get just 1 star, but it's probably worse than 2.
As for the content, the story made me wish that this were a better book, and it's the reason I even bothered finishing it (that and the fact that it's quite short and I could finish it just a in a few hours). There's some interesting information in here about how worms and viruses work and the history behind them - though it is scant and I'm not even 100% sure accurate, having read no secondary sources to check on it. Unfortunately, the interesting stuff is at most 50% of the book's content, as a good 30% of it is devoted to weird, momentary internet quarrels and differences of opinion within the Conficker Working Group (stupidly called the "cabal" in the book). This is as interesting as reading a message board or IRC flame war, and about as consequential (read: not at all on both counts).
The remainder of the book is dedicated to what I would consider to be terrible policies with regards to "cyber-warfare" (though this hardly qualifies): that this should either be done by the government or it should be done exclusively by volunteers - almost all the profit-seeking entities here are marginalized or demonized by proxy. As to the concept of government taking over world-wide cybersecurity, I'm skeptical of the idea that a lumbering, massive bureaucracy could possibly respond quickly and effectively with limited scope to the kinds of challenges posed by worms and the like - they should certainly be protecting their critical infrastructure as well as possible, but it seems like they'd make heavy-handed moves as or more likely to damage the internet than save it. And the demonization of profit-motive in the book is simply criminal - fighting viruses has significant positive externalities and if anything anti-virus companies that get paid at all are getting paid too little - if you add an additional layer of shame to the idea of getting paid for this work, you're certainly not giving skilled programmers and network security experts (who are extremely highly paid in today's markets) any kind of incentive to dedicate themselves to the task of quickly and effectively eliminate such threats.
All-in-all it's about what I'd expect from some science journalist dipping into a random internet subculture and thinking, "Oh man, this story is so great!" All too common in today's media environment. I would recommend avoiding this book. If I could I'd give it 1.5 stars out of 5 - I don't think it's quite bad enough to get just 1 star, but it's probably worse than 2.
August 24, 2014
The subtitle for this book is: The First Digital World War. That’s overstating it, to be honest. The book focuses on the creation of the world’s largest botnet by a worm called Conficker back in 2008.
At its peak, it was estimated to have infected between 9 and 15 million machines, and even as late as 2011 was still on roughly 1.7 million. That made it the largest botnet recorded. If all of the devices were used to transmit data together, there was a real possibility it would have overwhelmed the internet’s core infrastructure, effectively stopping it for a period of time.
To combat the worm, a loose team of researchers, anti-virus companies, registrars and others formed the Conficker Working Group (internally known as The Cabal). Having pulled the worm apart, they set about trying to defeat it, largely by pre-registering all the domains the software generated each day in order to check for new instructions.
This was a vast effort covering a huge number of top-level domains, which required international cooperation the likes of which were thought impossible. All while trying to open the eyes of the various governmental departments responsible for cyber security and get them on it too.
My favourite book in this genre is Clifford Stoll’s The Cuckoo’s Egg, which is more a diary of how one man noticed, then traced, a hacker who passed through his system. This book isn’t on a par with that.
It’s short to start with (about six hours in audiobook form), and most of that is filled with unrelated material. The first two hours are basically a history of computing. Then you have the various aggrandizing descriptions of those involved (not their fault), as well as endless quoting of Cabal communications, a lot of which were bickering.
There’s very little technical detail, and it seems to come down to the only defence being the pre-registration of domains. Which proved pointless as one variant introduced its own peer-to-peer communication, so it didn’t require a domain. The only reason we didn’t see digital Armageddon was because the owner didn’t unleash it.
Much has changed since these events took place, six years is a long time in IT terms. Although I suspect the reaction by government departments is still equally slow and ineffective. It doesn’t fill you with confidence for the future of cyber defence.
Christopher Lane provides a precise, clear commentary, and seems to understand the material enough to not simple recite it in a monotone.
I was disappointed about both the layman’s language in most of the book, it read more like a long newspaper article designed for the masses than a book for those interested in cybercrime. That made it bloated, but also lacking in the technical details of how you could combat a threat like this.
I’ve yet to find a more recent tale of tracking hackers to match The Cuckoo’s Egg (released in 1989), the search continues.
At its peak, it was estimated to have infected between 9 and 15 million machines, and even as late as 2011 was still on roughly 1.7 million. That made it the largest botnet recorded. If all of the devices were used to transmit data together, there was a real possibility it would have overwhelmed the internet’s core infrastructure, effectively stopping it for a period of time.
To combat the worm, a loose team of researchers, anti-virus companies, registrars and others formed the Conficker Working Group (internally known as The Cabal). Having pulled the worm apart, they set about trying to defeat it, largely by pre-registering all the domains the software generated each day in order to check for new instructions.
This was a vast effort covering a huge number of top-level domains, which required international cooperation the likes of which were thought impossible. All while trying to open the eyes of the various governmental departments responsible for cyber security and get them on it too.
My favourite book in this genre is Clifford Stoll’s The Cuckoo’s Egg, which is more a diary of how one man noticed, then traced, a hacker who passed through his system. This book isn’t on a par with that.
It’s short to start with (about six hours in audiobook form), and most of that is filled with unrelated material. The first two hours are basically a history of computing. Then you have the various aggrandizing descriptions of those involved (not their fault), as well as endless quoting of Cabal communications, a lot of which were bickering.
There’s very little technical detail, and it seems to come down to the only defence being the pre-registration of domains. Which proved pointless as one variant introduced its own peer-to-peer communication, so it didn’t require a domain. The only reason we didn’t see digital Armageddon was because the owner didn’t unleash it.
Much has changed since these events took place, six years is a long time in IT terms. Although I suspect the reaction by government departments is still equally slow and ineffective. It doesn’t fill you with confidence for the future of cyber defence.
Christopher Lane provides a precise, clear commentary, and seems to understand the material enough to not simple recite it in a monotone.
I was disappointed about both the layman’s language in most of the book, it read more like a long newspaper article designed for the masses than a book for those interested in cybercrime. That made it bloated, but also lacking in the technical details of how you could combat a threat like this.
I’ve yet to find a more recent tale of tracking hackers to match The Cuckoo’s Egg (released in 1989), the search continues.
October 3, 2011
This book was Ok. I decided to read it after hearing him speak on Fresh Air. I felt like he did an Ok job of conveying technical information to a presumably non-technical audience. The author will be the first to admit that he's not a technical person, and unfortunately, I do think this comes across in his writing - you can tell that he spent some time coming to understand the various complicated issues involved, but I think that an author who has a more technical background would be able to use the terminology better.
Some of the technical points he delves into really could / should have been explained more simply for a non-technical audience; i.e., it almost seems like he's putting technical jargon in for its own sake. In other places, it feels to me like he's using the jargon, but using it wrong.
All of the comparisons of the Confickr working group to the X Men are a little silly.
There were also a few typos in the printing.
Overall, it was interesting enough, and a quick read, but could have been better.
Some of the technical points he delves into really could / should have been explained more simply for a non-technical audience; i.e., it almost seems like he's putting technical jargon in for its own sake. In other places, it feels to me like he's using the jargon, but using it wrong.
All of the comparisons of the Confickr working group to the X Men are a little silly.
There were also a few typos in the printing.
Overall, it was interesting enough, and a quick read, but could have been better.
August 22, 2016
An account of the Conficker worm written for everyman and a pretty excellent primer on computer viruses. I enjoyed learning this stuff from Bowden who handles the technical subject with his usual deft prose. Entertaining and quick moving for 80% of the book. If you feel like skimming through the parts where it details the personality battles between the major players, no one will mind. I found them interesting too.
March 2, 2019
overall i think the author did a reasonable job in recounting the story of conficker. i question whether he was the right person to tell the story. he also presents this strange emphasis on “us vs them” in terms of how the average person understands computers and the internet vs how experts understand them. he makes frequent use of geek stereotype to describe the look and behavior of the experts that worked to thwart the worm. at times it reads like a jock’s research report for a computer literacy class. i think the author did his research but tries too hard to cater to an imagined ignorant readership.
April 6, 2017
The True Story of How Hackers Almost Brought Down the Internet -- and Still Could
It’s out there. Waiting. Chances are, you’ve never heard of it. Nobody knows who controls it, or why. No one knows what it will do. But its destructive capacity is terrifying.
Welcome to the world of cyberwar! And, no, this is NOT science fiction.
“It” is the Conficker Worm, an arcane name (an insider’s joke) for the most powerful “malware” — malicious software — yet encountered on the Internet. First detected in November 2008, Conficker is a devilishly clever bit of programming that took advantage of a vulnerability in the Windows operating system. Microsoft immediately moved to “patch” the vulnerability, but therein lay the problem: Windows is the most-pirated software of all, so hundreds of milliions of computers were running versions of Windows without the patch — all of them vulnerable to Conficker (and to hundreds of other malicious programs whose authors now knew how to embed their work in Windows).
Mark Bowden, the very capable author of Blackhawk Down, tells the story in Worm of a group that included many of the world’s top computer security experts who privately came together early in 2009 to combat Conficker. At first, they were confined exclusively to the private sector, and their work was informal. Eventually, they managed to gain the attention of senior government officials and — slowly, reluctantly — obtain limited official support from the U.S. and Chinese governments. The group, known among themselves as the Conficker Cabal, even managed to get onto the White House agenda late in the game, as Conficker was upgraded once and then again – because the worm represented nothing less than an existential threat to the Internet itself.
I did say the potential was terrifying, didn’t I?
Bowden is a superb journalist and a capable writer, as Blackhawk Down made clear. However, Delta Force soldiers pinned down in a firefight in Mogadishu make for great copy. Geeks exchanging emails about technical material don’t. Bowden does an excellent job explaining in plain English the nature of Conficker and how it operates, and he does his best to sketch the members of the Cabal in three diimensions, but the result is hardly a page-turner. Still, Worm is a very important book, because it brings to light just how vulnerable is the infrastructure of the world we live in.
And, oh yes, the Cabal managed to fight Conficker to something of a standstill. But they couldn’t destroy it, and to date they’ve never found the hackers who created it. Conficker is still out there.
(From www.malwarwickonbooks.com)
It’s out there. Waiting. Chances are, you’ve never heard of it. Nobody knows who controls it, or why. No one knows what it will do. But its destructive capacity is terrifying.
Welcome to the world of cyberwar! And, no, this is NOT science fiction.
“It” is the Conficker Worm, an arcane name (an insider’s joke) for the most powerful “malware” — malicious software — yet encountered on the Internet. First detected in November 2008, Conficker is a devilishly clever bit of programming that took advantage of a vulnerability in the Windows operating system. Microsoft immediately moved to “patch” the vulnerability, but therein lay the problem: Windows is the most-pirated software of all, so hundreds of milliions of computers were running versions of Windows without the patch — all of them vulnerable to Conficker (and to hundreds of other malicious programs whose authors now knew how to embed their work in Windows).
Mark Bowden, the very capable author of Blackhawk Down, tells the story in Worm of a group that included many of the world’s top computer security experts who privately came together early in 2009 to combat Conficker. At first, they were confined exclusively to the private sector, and their work was informal. Eventually, they managed to gain the attention of senior government officials and — slowly, reluctantly — obtain limited official support from the U.S. and Chinese governments. The group, known among themselves as the Conficker Cabal, even managed to get onto the White House agenda late in the game, as Conficker was upgraded once and then again – because the worm represented nothing less than an existential threat to the Internet itself.
I did say the potential was terrifying, didn’t I?
Bowden is a superb journalist and a capable writer, as Blackhawk Down made clear. However, Delta Force soldiers pinned down in a firefight in Mogadishu make for great copy. Geeks exchanging emails about technical material don’t. Bowden does an excellent job explaining in plain English the nature of Conficker and how it operates, and he does his best to sketch the members of the Cabal in three diimensions, but the result is hardly a page-turner. Still, Worm is a very important book, because it brings to light just how vulnerable is the infrastructure of the world we live in.
And, oh yes, the Cabal managed to fight Conficker to something of a standstill. But they couldn’t destroy it, and to date they’ve never found the hackers who created it. Conficker is still out there.
(From www.malwarwickonbooks.com)
May 22, 2012
I'm a pretty technical guy, having been in the IT industry for a couple decades, so I was expecting that this book would talk down to me a bit. I get it, it has to appeal to the lowest common denominator, and in this case, it is the literate-but-not-computer-expert crowd. It turns out it was written for my mom. Okay, not my actual mother, but the kind of person that is literate but has no more than a vague concept of how computers work, and that there's a difference between a computer, a network, the Internet and the World Wide Web. It felt like I was reading something written with an eight-year-old in mind.
Here's how a typical chapter is structured through the first two-thirds of the book:
1) A paragraph setting the stage - where we are in the timeline, what new developments or discoveries have happened, etc.
2) Twelve to fifteen paragraphs of extremely high-level and overly generalized background on some part of computer or Internet history
3) Twelve to fifteen paragraphs of background on one of the principals involved in the investigation
4) A paragraph following up on paragraph 1
It's slow, pedantic and almost condescending early on. It only interested me enough to read more than a few pages at a time in the final third of the book, when the focus turned entirely toward the story of how the worm was evolving and how the investigators pulled together a Herculean effort to keep it from overwhelming them.
If you're at all technically-inclined, save yourself the time and money and read the Conficker Wikipedia entry.
Here's how a typical chapter is structured through the first two-thirds of the book:
1) A paragraph setting the stage - where we are in the timeline, what new developments or discoveries have happened, etc.
2) Twelve to fifteen paragraphs of extremely high-level and overly generalized background on some part of computer or Internet history
3) Twelve to fifteen paragraphs of background on one of the principals involved in the investigation
4) A paragraph following up on paragraph 1
It's slow, pedantic and almost condescending early on. It only interested me enough to read more than a few pages at a time in the final third of the book, when the focus turned entirely toward the story of how the worm was evolving and how the investigators pulled together a Herculean effort to keep it from overwhelming them.
If you're at all technically-inclined, save yourself the time and money and read the Conficker Wikipedia entry.
November 26, 2012
The story of a hunt for a malevolent hacker is a well-worn genre. The first and best book of this sort was Clifford Stoll's "The Cuckoo's Egg" which came out in the early 1990s. Clifford Stoll was the man who discovered and tracked down one of the first cyber-espionage attacks on the US; his book was fast-paced, well-written, and incredibly well informed about the inner workings of then-novel network called the Internet.
Mark Bowden is not a computer professional and it shows. He writes fluidly and manages to tell the story in a way that keeps one's interest, but he does not really understand the technology and has to rely on passing on explanations from professionals. His descriptions of the security vulnerabilities, propagation methods, countermeasures, and quarantine strategies are by necessity superficial. As a result, the book is an entertaining way to spend an afternoon, but it won't teach the reader anything deep about the security of our computers and networks. That's a damn shame, and an opportunity lost.
I recommend that anyone interested in "Worm" pick up instead "The Cuckoo's Egg." It may not be as fresh and topical, but it stands heads and shoulders above the "Worm" in teaching the reader about how Internet works, in addition to providing an entertaining story.
Mark Bowden is not a computer professional and it shows. He writes fluidly and manages to tell the story in a way that keeps one's interest, but he does not really understand the technology and has to rely on passing on explanations from professionals. His descriptions of the security vulnerabilities, propagation methods, countermeasures, and quarantine strategies are by necessity superficial. As a result, the book is an entertaining way to spend an afternoon, but it won't teach the reader anything deep about the security of our computers and networks. That's a damn shame, and an opportunity lost.
I recommend that anyone interested in "Worm" pick up instead "The Cuckoo's Egg." It may not be as fresh and topical, but it stands heads and shoulders above the "Worm" in teaching the reader about how Internet works, in addition to providing an entertaining story.
October 26, 2018
This book started out great but then it's almost as if the author gets bored with it and it limps to the finish. While it lasted it was a good story about how computer viruses and worms are combatted and the people that do this work.
May 19, 2018
HIghly readable and fascinating account of a real cyber attack, the first of its kind. If you liked Stoll's Cuckoo's Egg, you will like this. Now I want to go to school for a new degree!
August 12, 2018
3 and half stars
I thought it was a novel and instead this book is a chronicle of the fight against the impressive Conficker worm. In any case, it is a very interesting reading for those interested in knowing how the Internet works.
I thought it was a novel and instead this book is a chronicle of the fight against the impressive Conficker worm. In any case, it is a very interesting reading for those interested in knowing how the Internet works.
January 9, 2018
A computer book I understood, my guys will be so proud! An eye opening look behind the scenes at what we take for granted.
July 28, 2021
“And remember the two signatures of modern war: (1) You never win, exactly; you claim victory. (2) Perception is paramount.”
WHAT IS THIS BOOK ABOUT?
- The Conficker worm infected its first computer in Nov 2008, and within a month had infiltrated 1.5 million computers in 195 countries. Banks, telecommunications companies, and critical government networks became infected almost instantaneously. It is a story on how hackers, researchers, millionaire Internet entrepreneurs, and computer security experts found themselves drawn into a battle between those determined to exploit the Internet and those committed to protecting it.
ORIGIN OF ‘CONFICKER’ NAME
- Whatever its purpose, the link to TrafficConverter.biz gave the worm a name. Some labs had been calling it “Downadup” or “Kido,” but Microsoft security programmers shuffled the letters of trafficconverter and came up with “Conficker.” Ficken is the German word for “fuck.” Blend that with English syntax and you get ficker, which this worm was, without a doubt.
“PHONE HOME”
- because Port 445 is buried deep in the operating system, the payoff for an intrusion there is big.
- Microsoft learned of this new exploit as soon as the Chinese hackers began selling it, and recognized that it potentially posed a major threat. It was “wormable,”
- It could execute a “remote procedure call”: in other words, the computer could be handed over to a remote operator.
CREATING FIXES OFTEN HIGHLIGHTS VULNERABILITIES
- But the patch itself was better advertising than the Chinese hackers could ever afford. It was like placing in orbit a flashing neon billboard so gaudy that it could be seen everywhere on Earth with the naked eye—Come one! Come all! A new Windows vulnerability! In fact, the patch itself most likely inspired the new worm’s creation.
AS TYPICAL, YOU CAN’T FORCE PEOPLE TO DO THE RIGHT THING
- If everyone would only take simple precautions . . . but that was never going to happen.
- In a free society, you could not reach in and update their software for them—
- How do you solve a security problem that’s caused by users refusing to update their machines?”
MALWARE OFTEN COMES PROTECTED
- Malware is packed for two reasons. First, for compression, because to disseminate widely around the Internet the data packet needs to be small. Second, for self-protection, to make it harder for antivirus software to recognize it and for someone like Hassen to take it apart and study it.
HOW DID CONFICKER WORK?
- The worm used the Chinese Exploit to enter Port 445, taking advantage of the buffer overflow to write itself in as a Dynamic-Link Library (DLL)—the device Microsoft programmers crafted to enable computers to exchange data.
- Thus hidden, it injected itself under a random file name into the Windows root directory, a file called services.exe, which runs background applications. At this point, the worm owned the computer.
- Once it established where the infected machine was, once it learned its IP address, the worm contacted the machine’s Internet Service Provider (ISP) and began scanning all machines on the same network for vulnerabilities—looking for Windows Operating Systems to infect.
- After it performed these steps, the worm rested. God took a full day. The worm rested for just thirty minutes…The worm so limited its use of the host computer’s resources and network bandwidth that it barely registered any activity.
BOTNETS
- Worms that created botnets were designed to do four basic things: to break into a computer, to secure it from further security updates, to spread, and to call home for instructions.
STABILITY
- But [Conficker] has the Holy Grail of malware, which is something called stability.
- It is the Holy Grail of a botnet. So what we have in place is a weapons platform that’s capable, and it’s going to stay capable.”
BAD GUYS DEFEND THEIR BOTS FROM GOOD GUYS…AND OTHER BAD GUYS
- The designers were also worried about competing criminals. A secure botnet was a valuable tool. If a rival botmaster could determine its command and control site and issue his own instructions, he could effectively steal it.
- The worm used three crypto algorithms.
WORMS CAUSED MICROSOFT TO DO MAJOR REVISIONS TO WINDOWS
- But the Era of the Massive Worms effectively ended when the software giant released Service Pack 2 in 2004, buttoning up the operating system as never before.
- Whereas Windows initially had been designed to have a strictly hospitable disposition, happily opening whatever packet of data came knocking, Service Pack 2 regarded anything inbound as a threat.
A SHIFT IN MOTIVATION ($$$)
- The key was the shift from malware as vandalism to malware for profit.
- the opportunity was ripe for a “new class” of malware, one that they called an “access-for-sale worm.” “An access-for-sale worm . . . [enables] an individual to control a large number of systems and sell access to each one to the highest bidder,”
- So long as the worm’s creator restricted direct communication to an occasional update, he could set himself up as a middleman, providing the actual thief with a mechanism to steal while shielding himself from risk.
EVOLUTION AND MEMES
- Today’s digital viruses borrow from a bag of tricks perfected in the previous decade, and build on that foundation. Each strain that appears has its own specific antecedents. Conficker combined elements from two evolutionary pathways: worms and botnets.
- the worm was assembled by “memes,” a word coined by British scientist and polemicist Richard Dawkins in his 1976 book, The Selfish Gene.
- Memes are original ideas. Dawkins argued that they play the same role in cultural evolution as genes play in biology, getting passed along from person to person, surviving and adapting as they move.
CONFICKER ALMOST ENTIRELY FOUGHT WITHOUT GOVERNMENT HELP
- Indeed, as we will see, the government was notably absent from the effort against Conficker.
- The real reason for the feds’ silence was . . . they had nothing to offer! They were in way over their heads. So the battle was in the hands of this odd and uniquely talented collection of volunteers.
THE VOLUNTEERS FELT DEFENDING THE INTERNET WAS THE RIGHT THING TO DO, LIKED THE CHALLENGE
- “You all are the smartest people in the security industry. . . . If not us . . . who? If not now . . . when?”
THEIR EFFORTS WERE SPIRITED, BUT DISORGANIZED
- Efforts to track and study the phenomenon were so uncoordinated that researchers started bumping into each other.
IN-FIGHTING WAS A CONSTANT CHALLENGE FOR THE GROUP OF VOLUNTEERS
- If they were going to beat this thing, they had to stop undercutting themselves.
- The problem with Conficker is not Conficker. Since the beginning of “the Cabal,” we have all been focused on the tactical issues of responding to it. Each of us in our way, and based on our own agendas.
SOME VOLUNTEERS FELT THAT THE FIGHT WAS REALLY ABOUT PREVENTING HARM TO OTHERS
- So as I said in my first heated briefing on Monday, this isn’t about Conficker. A, B, or C. Or Storm. Or Slammer. Or Torpig. Its about all of them. Those in the past, and those in the future. It’s about the one evil bastard who decides that he is going to use his botnet, or a piece of it, to punish someone else. Its about the fact that the ability to use it maliciously exists. And we have stood by and let it happen.
CONFICKER KEPT EVOLVING; GETTING A LOT BETTER EACH ITERATION
- There was a new version of the worm, which would be dubbed Conficker B. It had started crowding into honeynets within the last twenty-four hours, and it was better than the first . . . a lot better.
- The worm’s creator had been watching every move the Cabal [the volunteers] made, and was adjusting accordingly.
- Particularly troubling was the USB drive capability. It meant that even “closed” computer networks, those with no connection to the Internet, were vulnerable to the new strain,
- It turned out to be very simple, even elegant. The worm’s creator had designed an original peer-to-peer protocol.
- The worm’s creators had adopted—really, they had been the first to ever adopt—the Secure Hash Algorithm proposed by MIT professor Ron Rivest in the international contest to establish a new, higher standard for public encryption—SHA-3…Conficker B had employed the flawed proposal. Conficker C used the revised version.
CURIOUSLY, THE MASSIVE BOTNET NEVER REALLY ACTIVATED
- It looked as though the enormous botnet was about to wake up. But then . . . nothing. It did not make sense. The mystery around the worm deepened. Who was behind Conficker? What was it for?
- This enormous botnet was programmed to call home and get instructions on April 1, and nobody knew what was going to happen.
THE GOOD GUYS WERE VICTORIOUS (OR WERE THEY?)
- The results amazed the Cabal; they had done it! The botmaster had challenged them to do the impossible, and they had done so.
- The whole point of the botnet, at least so far as anyone could tell, was to build a stable, functional infrastructure, a platform, something its creators could use whenever they wished—to sling spam, to pilfer data, maybe even to launch a cyberattack.
- “At the end of the day, it’s a failure. It’s a success as a model and an organization, but we actually don’t have control over Conficker. We didn’t achieve the objective.”
THE GOOD GUYS COULD BE PROUD OF THEIR EFFORTS
- The Cabal had pulled off an impressive feat, dissecting the worm, coordinating an unprecedented global response, and setting up a dynamic, smoothly functioning system to monitor the botnet’s data traffic and to sinkhole it. All of that work, the many thousands of hours, the considerable brainpower and experience, had been volunteer. There was no budget for it, beyond Rick Wesson’s credit cards.
IN A WAY, THE GOOD GUYS WON SIMPLY BECAUSE THEY TRIED
- Meanwhile, the Conficker botnet itself waits. Most of those in the Cabal now doubt that it will ever be used. The theory here is that the Cabal’s coordinated effort, while ultimately unable to kill the botnet, made it too hot to handle. Any move the botmaster makes might help identify him (or them), pinpoint him, bring the law down on him.
- Too much attention. Too dangerous to play with anymore.
NO CLEAR VICTOR
- Wars no longer end in ways anyone can describe as satisfactory, much less triumphant.
- Modern wars peter out. Casualties mount. The public gets surly. The treasury coffers bottom out.
- Another signature feature of modern war: perception is paramount!
- Both sides of the Conficker battle took away valuable lessons.
BALANCE BETWEEN RAISING THE ALARM AND SAYING THE SKY IS FALLING
- One of the great risks in pushing the global panic button is, of course, making a fool of yourself.
- The problem was the nature of the thing. The threat was all potential.
- To the wider world, Conficker was just another doomsday moment that fizzled, and another reason to take the frantic warnings of the Tribe with a grain of salt.
LEGACY OF CONFICKER
- In Pittsburgh there is now the National Cyber-Forensics Training Alliance, a privately funded effort affiliated with Carnegie-Mellon University and modeled consciously after the Cabal, where federal agents work alongside industry researchers.
- (probably the United States or Israel, perhaps both) infected the computer networks in Iran’s uranium enrichment plants with a worm dubbed Stuxnet. The worm employed the same buffer overflow exploit at Port 445 used by Conficker,
- Even though Stuxnet infected a great many computers outside Iran, its careful design meant that it executed harmful instructions only on the Siemens AG software at the uranium processing plants. It was the first of what are likely to be many carefully sculptured cyberattacks, and clearly learned from the successful implementation of Conficker.
- Criminal attacks in recent weeks had successfully hit the International Monetary Fund, Google, Lockheed-Martin, Sony, and Citibank, among others. The difference between these and cyberthreats in the past, including Conficker, is that they do not spread indiscriminately on the Internet, and do not seek to assemble botnets, even though they may use existing botnets as a platform. They are the difference between a smart bomb and a conventional one: they zero in on specific targets and have narrowly defined goals.
*** *** *** *** ***
HAHA
- One of the worst was the Melissa virus, so dubbed because its author, David L. Smith, admired a lap dancer by that name.
FACTOIDS
- Anyone who uses Windows on their home computer is familiar with routine security updates, which Microsoft issues on the second Tuesday of each month. In the Tribe it has become known as “Patch Tuesday.”
- “object code,” the long strings of ones and zeros at the core of machine instruction. At that primary layer, a program’s intent cannot be disguised or obfuscated.
- More than a decade before the Internet was born, the British sci-fi writer John Brunner invented the idea of a viral code that could invade and sabotage it in his 1975 novel The Shockwave Rider…Brunner imagined a dystopian twenty-first-century world wired into a global “data-net,” controlled by a malicious state. His hero, a gifted hacker named Nick Haflinger, creates a program he calls a “tapeworm” that can infiltrate the data-net, spread on its own, and ultimately subvert the government.
- A back door is a way of transferring data that avoids the computer’s firewall by having the infected computer invite intrusion;
- ICANN (the global nonproft agency that assigns domain names and IP addresses),
- Layer Three consists of “applications,” the domains created by organizations or individuals to be their public face in cyberspace…Most malware attacked this upper level, Layer Three.
- VeriSign, the Dulles, Virginia, company that operates two of the root servers for the Internet.
BONUS
- Conficker worm explained: https://youtu.be/5FuQ9aRZL3E
- CBS News story on Conficker: https://youtu.be/-qdwUAvoDRI
- The Morris Worm (first major Internet attack, 1988): https://youtu.be/o2dj2gnxjtU
- What is a botnet?: https://youtu.be/EQyaaK1S7WM
- How binary code works: https://youtu.be/wgbV6DLVezo
- What is a sinkhole?: https://youtu.be/EwgQUgAzYWc
WHAT IS THIS BOOK ABOUT?
- The Conficker worm infected its first computer in Nov 2008, and within a month had infiltrated 1.5 million computers in 195 countries. Banks, telecommunications companies, and critical government networks became infected almost instantaneously. It is a story on how hackers, researchers, millionaire Internet entrepreneurs, and computer security experts found themselves drawn into a battle between those determined to exploit the Internet and those committed to protecting it.
ORIGIN OF ‘CONFICKER’ NAME
- Whatever its purpose, the link to TrafficConverter.biz gave the worm a name. Some labs had been calling it “Downadup” or “Kido,” but Microsoft security programmers shuffled the letters of trafficconverter and came up with “Conficker.” Ficken is the German word for “fuck.” Blend that with English syntax and you get ficker, which this worm was, without a doubt.
“PHONE HOME”
- because Port 445 is buried deep in the operating system, the payoff for an intrusion there is big.
- Microsoft learned of this new exploit as soon as the Chinese hackers began selling it, and recognized that it potentially posed a major threat. It was “wormable,”
- It could execute a “remote procedure call”: in other words, the computer could be handed over to a remote operator.
CREATING FIXES OFTEN HIGHLIGHTS VULNERABILITIES
- But the patch itself was better advertising than the Chinese hackers could ever afford. It was like placing in orbit a flashing neon billboard so gaudy that it could be seen everywhere on Earth with the naked eye—Come one! Come all! A new Windows vulnerability! In fact, the patch itself most likely inspired the new worm’s creation.
AS TYPICAL, YOU CAN’T FORCE PEOPLE TO DO THE RIGHT THING
- If everyone would only take simple precautions . . . but that was never going to happen.
- In a free society, you could not reach in and update their software for them—
- How do you solve a security problem that’s caused by users refusing to update their machines?”
MALWARE OFTEN COMES PROTECTED
- Malware is packed for two reasons. First, for compression, because to disseminate widely around the Internet the data packet needs to be small. Second, for self-protection, to make it harder for antivirus software to recognize it and for someone like Hassen to take it apart and study it.
HOW DID CONFICKER WORK?
- The worm used the Chinese Exploit to enter Port 445, taking advantage of the buffer overflow to write itself in as a Dynamic-Link Library (DLL)—the device Microsoft programmers crafted to enable computers to exchange data.
- Thus hidden, it injected itself under a random file name into the Windows root directory, a file called services.exe, which runs background applications. At this point, the worm owned the computer.
- Once it established where the infected machine was, once it learned its IP address, the worm contacted the machine’s Internet Service Provider (ISP) and began scanning all machines on the same network for vulnerabilities—looking for Windows Operating Systems to infect.
- After it performed these steps, the worm rested. God took a full day. The worm rested for just thirty minutes…The worm so limited its use of the host computer’s resources and network bandwidth that it barely registered any activity.
BOTNETS
- Worms that created botnets were designed to do four basic things: to break into a computer, to secure it from further security updates, to spread, and to call home for instructions.
STABILITY
- But [Conficker] has the Holy Grail of malware, which is something called stability.
- It is the Holy Grail of a botnet. So what we have in place is a weapons platform that’s capable, and it’s going to stay capable.”
BAD GUYS DEFEND THEIR BOTS FROM GOOD GUYS…AND OTHER BAD GUYS
- The designers were also worried about competing criminals. A secure botnet was a valuable tool. If a rival botmaster could determine its command and control site and issue his own instructions, he could effectively steal it.
- The worm used three crypto algorithms.
WORMS CAUSED MICROSOFT TO DO MAJOR REVISIONS TO WINDOWS
- But the Era of the Massive Worms effectively ended when the software giant released Service Pack 2 in 2004, buttoning up the operating system as never before.
- Whereas Windows initially had been designed to have a strictly hospitable disposition, happily opening whatever packet of data came knocking, Service Pack 2 regarded anything inbound as a threat.
A SHIFT IN MOTIVATION ($$$)
- The key was the shift from malware as vandalism to malware for profit.
- the opportunity was ripe for a “new class” of malware, one that they called an “access-for-sale worm.” “An access-for-sale worm . . . [enables] an individual to control a large number of systems and sell access to each one to the highest bidder,”
- So long as the worm’s creator restricted direct communication to an occasional update, he could set himself up as a middleman, providing the actual thief with a mechanism to steal while shielding himself from risk.
EVOLUTION AND MEMES
- Today’s digital viruses borrow from a bag of tricks perfected in the previous decade, and build on that foundation. Each strain that appears has its own specific antecedents. Conficker combined elements from two evolutionary pathways: worms and botnets.
- the worm was assembled by “memes,” a word coined by British scientist and polemicist Richard Dawkins in his 1976 book, The Selfish Gene.
- Memes are original ideas. Dawkins argued that they play the same role in cultural evolution as genes play in biology, getting passed along from person to person, surviving and adapting as they move.
CONFICKER ALMOST ENTIRELY FOUGHT WITHOUT GOVERNMENT HELP
- Indeed, as we will see, the government was notably absent from the effort against Conficker.
- The real reason for the feds’ silence was . . . they had nothing to offer! They were in way over their heads. So the battle was in the hands of this odd and uniquely talented collection of volunteers.
THE VOLUNTEERS FELT DEFENDING THE INTERNET WAS THE RIGHT THING TO DO, LIKED THE CHALLENGE
- “You all are the smartest people in the security industry. . . . If not us . . . who? If not now . . . when?”
THEIR EFFORTS WERE SPIRITED, BUT DISORGANIZED
- Efforts to track and study the phenomenon were so uncoordinated that researchers started bumping into each other.
IN-FIGHTING WAS A CONSTANT CHALLENGE FOR THE GROUP OF VOLUNTEERS
- If they were going to beat this thing, they had to stop undercutting themselves.
- The problem with Conficker is not Conficker. Since the beginning of “the Cabal,” we have all been focused on the tactical issues of responding to it. Each of us in our way, and based on our own agendas.
SOME VOLUNTEERS FELT THAT THE FIGHT WAS REALLY ABOUT PREVENTING HARM TO OTHERS
- So as I said in my first heated briefing on Monday, this isn’t about Conficker. A, B, or C. Or Storm. Or Slammer. Or Torpig. Its about all of them. Those in the past, and those in the future. It’s about the one evil bastard who decides that he is going to use his botnet, or a piece of it, to punish someone else. Its about the fact that the ability to use it maliciously exists. And we have stood by and let it happen.
CONFICKER KEPT EVOLVING; GETTING A LOT BETTER EACH ITERATION
- There was a new version of the worm, which would be dubbed Conficker B. It had started crowding into honeynets within the last twenty-four hours, and it was better than the first . . . a lot better.
- The worm’s creator had been watching every move the Cabal [the volunteers] made, and was adjusting accordingly.
- Particularly troubling was the USB drive capability. It meant that even “closed” computer networks, those with no connection to the Internet, were vulnerable to the new strain,
- It turned out to be very simple, even elegant. The worm’s creator had designed an original peer-to-peer protocol.
- The worm’s creators had adopted—really, they had been the first to ever adopt—the Secure Hash Algorithm proposed by MIT professor Ron Rivest in the international contest to establish a new, higher standard for public encryption—SHA-3…Conficker B had employed the flawed proposal. Conficker C used the revised version.
CURIOUSLY, THE MASSIVE BOTNET NEVER REALLY ACTIVATED
- It looked as though the enormous botnet was about to wake up. But then . . . nothing. It did not make sense. The mystery around the worm deepened. Who was behind Conficker? What was it for?
- This enormous botnet was programmed to call home and get instructions on April 1, and nobody knew what was going to happen.
THE GOOD GUYS WERE VICTORIOUS (OR WERE THEY?)
- The results amazed the Cabal; they had done it! The botmaster had challenged them to do the impossible, and they had done so.
- The whole point of the botnet, at least so far as anyone could tell, was to build a stable, functional infrastructure, a platform, something its creators could use whenever they wished—to sling spam, to pilfer data, maybe even to launch a cyberattack.
- “At the end of the day, it’s a failure. It’s a success as a model and an organization, but we actually don’t have control over Conficker. We didn’t achieve the objective.”
THE GOOD GUYS COULD BE PROUD OF THEIR EFFORTS
- The Cabal had pulled off an impressive feat, dissecting the worm, coordinating an unprecedented global response, and setting up a dynamic, smoothly functioning system to monitor the botnet’s data traffic and to sinkhole it. All of that work, the many thousands of hours, the considerable brainpower and experience, had been volunteer. There was no budget for it, beyond Rick Wesson’s credit cards.
IN A WAY, THE GOOD GUYS WON SIMPLY BECAUSE THEY TRIED
- Meanwhile, the Conficker botnet itself waits. Most of those in the Cabal now doubt that it will ever be used. The theory here is that the Cabal’s coordinated effort, while ultimately unable to kill the botnet, made it too hot to handle. Any move the botmaster makes might help identify him (or them), pinpoint him, bring the law down on him.
- Too much attention. Too dangerous to play with anymore.
NO CLEAR VICTOR
- Wars no longer end in ways anyone can describe as satisfactory, much less triumphant.
- Modern wars peter out. Casualties mount. The public gets surly. The treasury coffers bottom out.
- Another signature feature of modern war: perception is paramount!
- Both sides of the Conficker battle took away valuable lessons.
BALANCE BETWEEN RAISING THE ALARM AND SAYING THE SKY IS FALLING
- One of the great risks in pushing the global panic button is, of course, making a fool of yourself.
- The problem was the nature of the thing. The threat was all potential.
- To the wider world, Conficker was just another doomsday moment that fizzled, and another reason to take the frantic warnings of the Tribe with a grain of salt.
LEGACY OF CONFICKER
- In Pittsburgh there is now the National Cyber-Forensics Training Alliance, a privately funded effort affiliated with Carnegie-Mellon University and modeled consciously after the Cabal, where federal agents work alongside industry researchers.
- (probably the United States or Israel, perhaps both) infected the computer networks in Iran’s uranium enrichment plants with a worm dubbed Stuxnet. The worm employed the same buffer overflow exploit at Port 445 used by Conficker,
- Even though Stuxnet infected a great many computers outside Iran, its careful design meant that it executed harmful instructions only on the Siemens AG software at the uranium processing plants. It was the first of what are likely to be many carefully sculptured cyberattacks, and clearly learned from the successful implementation of Conficker.
- Criminal attacks in recent weeks had successfully hit the International Monetary Fund, Google, Lockheed-Martin, Sony, and Citibank, among others. The difference between these and cyberthreats in the past, including Conficker, is that they do not spread indiscriminately on the Internet, and do not seek to assemble botnets, even though they may use existing botnets as a platform. They are the difference between a smart bomb and a conventional one: they zero in on specific targets and have narrowly defined goals.
*** *** *** *** ***
HAHA
- One of the worst was the Melissa virus, so dubbed because its author, David L. Smith, admired a lap dancer by that name.
FACTOIDS
- Anyone who uses Windows on their home computer is familiar with routine security updates, which Microsoft issues on the second Tuesday of each month. In the Tribe it has become known as “Patch Tuesday.”
- “object code,” the long strings of ones and zeros at the core of machine instruction. At that primary layer, a program’s intent cannot be disguised or obfuscated.
- More than a decade before the Internet was born, the British sci-fi writer John Brunner invented the idea of a viral code that could invade and sabotage it in his 1975 novel The Shockwave Rider…Brunner imagined a dystopian twenty-first-century world wired into a global “data-net,” controlled by a malicious state. His hero, a gifted hacker named Nick Haflinger, creates a program he calls a “tapeworm” that can infiltrate the data-net, spread on its own, and ultimately subvert the government.
- A back door is a way of transferring data that avoids the computer’s firewall by having the infected computer invite intrusion;
- ICANN (the global nonproft agency that assigns domain names and IP addresses),
- Layer Three consists of “applications,” the domains created by organizations or individuals to be their public face in cyberspace…Most malware attacked this upper level, Layer Three.
- VeriSign, the Dulles, Virginia, company that operates two of the root servers for the Internet.
BONUS
- Conficker worm explained: https://youtu.be/5FuQ9aRZL3E
- CBS News story on Conficker: https://youtu.be/-qdwUAvoDRI
- The Morris Worm (first major Internet attack, 1988): https://youtu.be/o2dj2gnxjtU
- What is a botnet?: https://youtu.be/EQyaaK1S7WM
- How binary code works: https://youtu.be/wgbV6DLVezo
- What is a sinkhole?: https://youtu.be/EwgQUgAzYWc
October 1, 2011
Bowen's latest is an extremely readable, quick history of the Conficker "worm" or malware virus and a loose-knit group of technologues who banded together to defeat it. If you're a technology-illiterate skeptic like me (who, on your worst days, borders on Kaczynski-esque delirium), reading Bowen's elucidation of the internet's inherent fragility will not surprise you.
You may be surprised, however, by how readily you catch on to the usually opaque matter of network administration and such digi-hooha. It's in this that Bowen's strength as a journalist shows through, especially in the first third or so where he sets the scene and dispatches the digital history (of course, I have no idea if he got any of it right).
Yet, when called to broaden a great piece into a book-length story, Bowen comes up short. None of the personalities central to this tale are really ever fleshed out. Bowen only manages to offer up slight variations of a single dedicated coder archetype, i.e., nearly indistinguishable "good guys" versus shadowy baddies. Many readers will find the members of the Cabal as well as other characters just blending together or, being so uninterested in them, won't invest the mental energy to remember who's who. Also, depending on taste, the pop references to comics, Star Trek, etc. may strike some as silly and not at all illustrative or useful. And I'd wager most readers would agree that, by the final stretch, the story becomes nearly all surface and somewhat aimless.
Which, I suppose, is an unfair criticism; that is, to praise Bowen for making the story digestible for a mass audience but then to chastise him for his lacking depth and being too breezy. This is still a worthwile read, more of an expository take on the question of what will be the economic, societal and even diplomatic consequences of malware. I passed my copy onto interested family members, which is probably the first good thing I've done in some time (hey, call your mother).
You may be surprised, however, by how readily you catch on to the usually opaque matter of network administration and such digi-hooha. It's in this that Bowen's strength as a journalist shows through, especially in the first third or so where he sets the scene and dispatches the digital history (of course, I have no idea if he got any of it right).
Yet, when called to broaden a great piece into a book-length story, Bowen comes up short. None of the personalities central to this tale are really ever fleshed out. Bowen only manages to offer up slight variations of a single dedicated coder archetype, i.e., nearly indistinguishable "good guys" versus shadowy baddies. Many readers will find the members of the Cabal as well as other characters just blending together or, being so uninterested in them, won't invest the mental energy to remember who's who. Also, depending on taste, the pop references to comics, Star Trek, etc. may strike some as silly and not at all illustrative or useful. And I'd wager most readers would agree that, by the final stretch, the story becomes nearly all surface and somewhat aimless.
Which, I suppose, is an unfair criticism; that is, to praise Bowen for making the story digestible for a mass audience but then to chastise him for his lacking depth and being too breezy. This is still a worthwile read, more of an expository take on the question of what will be the economic, societal and even diplomatic consequences of malware. I passed my copy onto interested family members, which is probably the first good thing I've done in some time (hey, call your mother).
October 24, 2011
Who could have imagined that the entire Internet almost went poof and no one really knew or cared about it? But it did, and the fact remains that it could still happen today, or tomorrow, or in 100 years from now. This book details the effort to stop and contain the biggest and most potentially destructive computer worm ever to hit the Internet. Dubbed Conficker the worm has infected millions of computers around the world, and it was being fought by a small group of computer programmers who could not get anyone else to take them seriously. Because the Internet is such a vague concept that only few people understand, it is hard for people to become alarmed about a threat to it. Wars and bombs we can understand, but some kind of worm that can kill the Internet doesn't really register. Yet obviously we know that Conficker did not destroy the Internet, we're all using it right now.
Ultimately I found this book very engaging. I found myself anxious to read the next page to see if on the prescribed date Conficker became something malevolent and destroyed the whole Internet! Even though rationally I knew that didn't happen, I was anxious about it anyway. The technical gargon was simplified as much as possible and made it easy to understand. And in the end I was left with a sense of dread, knowing that this worm still exists...it is still out there infecting computers, and ultimately it could still do something damaging. It just hasn't....so far.
Note: I received this book through Goodreads First Reads program.
Ultimately I found this book very engaging. I found myself anxious to read the next page to see if on the prescribed date Conficker became something malevolent and destroyed the whole Internet! Even though rationally I knew that didn't happen, I was anxious about it anyway. The technical gargon was simplified as much as possible and made it easy to understand. And in the end I was left with a sense of dread, knowing that this worm still exists...it is still out there infecting computers, and ultimately it could still do something damaging. It just hasn't....so far.
Note: I received this book through Goodreads First Reads program.
September 27, 2017
FFS, no. This book is essentially about the Conficker worm/botnet from some years ago. Conficker is reasonably interesting as a subject, but this book is painful for two reasons. First, it's basically a book about a nerdy topic, for nerds, who know nothing about anything in this area -- sort of like writing a military book with lots of military topic for people who have never read a military memoir and who know nothing about the military or related topics. It's simultaneously too detailed and too simple, as it includes a lot of stupid and irrelevant details (describing a stereotype of a hacker but then quickly noting the people in the story don't meet that stereotype), doesn't have any real unifying theory or understanding of the material, and is just painful to read. Secondarily, it makes overly ambitious claims and then doesn't even try to live up to them. Skip -- find a decent 5 page summary of Conficker instead.
July 13, 2018
So glad I got this from a library. Barely made it to end of first chapter. A howler on page 4, but not relevant to the subject so fair enough. Another much worse on p5. (Personal computers weren't on the market in 1984? Really???) Hyperbolic writing style, as if author had only discovered computers existed the year previously. Gosh! Wow! Geeks! And so condescending towards the subject matter. Quotes a technical explanation as an aside with the sneery "Got that?" Well yes, I kind of did. Fair enough, then, not aimed at me, but being part of The Tribe myself (a term never once used by geeks) it felt like a friend's grandad explaining your own culture to you.
January 21, 2017
About a computer worm that created the largest botnet in history, capable of taking down the entire internet, and the cabal of volunteers that tried to fight it. Like most modern wars, this battle doesn't have a clear ending. At its height the worm had infected 10 million computers, and today it still commands a formidable botnet of 400,000. I enjoyed reading about the in-depth investigation and the story behind it. Will be reading more "books about a single event or thing" this year since I liked this one.
October 29, 2013
I'm not tech-savvy in the slightest. I can open word and Firefox on my old laptop, but that's about as far as my knowledge extends. I also don't read non-fiction very often, so when reading a book like this one I'm not sure what I'm supposed to keep an eye out for, what to question or where to direct my criticism.
That all being said, I found this book extraordinarily interesting and engaging. It gave me a look into a world I know little to nothing about and captured my imagination.
That all being said, I found this book extraordinarily interesting and engaging. It gave me a look into a world I know little to nothing about and captured my imagination.
August 13, 2016
This is a breezy read but I didn't learn much beyond what I did from reading Bowden's Atlantic article. And unless one wants to know what members of the anti-Conficker Cabal looked like (especially, strangely, their hair), then reading the article is probably a better use of one's time. And it had fewer typos.
May 17, 2013
A solid piece of journalism. As far reaching as the event described was even the author is aware of its appearance of having come to nothing. The result is an anticlimactic story. Yet, it was a significant event which has done permanent damage and the implications are frightening. Read this if you are interested in computers and want a view of the people protecting the internet.
January 3, 2017
What a fascinating book! I know just enough to get through work and life using a computer. This book shows so much we DON'T know and, while it's scary, it's good to be enlightened. It's a book that hasn't lost its timeliness. Anything else I say wouldn't be worthwhile, except that if you use a computer at all, you need to read this book to prepare yourself.
November 18, 2024
This is an account of efforts to contain the Conficker worm in 2008-2009. I thought it would read like a thriller, but it didn’t. First of all, a significant portion of the book is filled with background material: history of the Internet, history of malware, biographical sketches of the key players in the Cabal (the group that fought Conficker). Secondly, they never stopped Conficker or really learned who was behind it. I’m not saying that it wasn’t an interesting book – just that it wasn’t a page-turner.
I did learn a lot about cybercrime from it. In particular, I didn’t realize that worms can make infected computers call for instructions whoever sent the worm and then crash designated websites, without the computer owners’ knowledge. Or they can take control over computers belonging to a particular bank or government agency and steal money or information – or sell control over such computers to whoever is interested. I’ve heard that one can buy anything on the Internet, but I had no idea that it included control over “fifty computers belonging to the FBI.” This way the creators of the worm can make money with much less risk of exposure. Some worm-makers don’t even infect computers themselves, but just sell their malware to whoever would like to use it. I was very surprised to learn that that’s not a crime. That is, according to the author, there’s nothing illegal in creating software that, say, exploits a flaw in the Windows operating system to gain control of other people’s computers, and in selling it to somebody.
I also found out that cybercriminals can run from your garden variety bored teenage hacker who just wants to show off to very well-coordinated groups of people who are more knowledgeable and talented than the best Internet security specialists. The latter is what happened with Conficker. Whoever created that worm gave the Cabal, composed of the best and most experienced Internet professionals, a run for their money, always keeping one step ahead of them. The Cabal kept solving seemingly impossible problem, only to have their quarry upend the game once more. This begs the question as to why these people turn to crime, if they could obviously get any computer-related job in the world and make plenty of money legally, but the author never addresses this question.
Another interesting point is that the Cabal was composed of network specialists who work for some company or run their own Internet-related companies, pure Internet researchers, and a volunteer who routinely spends his evenings hunting worms and then informing infected companies, without benefiting from it in any way (I was amazed that such people even exist! Ditto the guy who ran up a debt on his personal credit card to buy domains ahead of Conficker.) Anybody missing from this list? Yes, the government. It was very hard for the Cabal to get the attention of any of the relevant agencies, and then said agencies’ combined input into the effort to combat the worm was zero. Basically, if you’ve ever thought that the men and women in Washington are individuals with huge egos and feelings of entitlement who take much more from the country in the form of high salaries, benefits and various perks than they give back, this book will serve to confirm this opinion.
Microsoft also comes in for its share of the blame. Before Conficker another worm had exploited a similar flaw in the Windows operating system. Back then Microsoft issued a “patch” for the port that worm had used to gain entry, but didn’t bother to check if a similar problem existed with any of the other ports. Had they done this and fixed that flaw too, Conficker wouldn’t have happened. And funnily, the author says elsewhere that if only everybody registered their Windows operating systems and allowed all the security updates from Microsoft to go through, Windows would have been “well near impregnable.” Yeah, right!
I don’t know if people who’re into computers would find this book informative, but for me it was interesting to look over the shoulders of the Internet defenders, as they go about their work.
I did learn a lot about cybercrime from it. In particular, I didn’t realize that worms can make infected computers call for instructions whoever sent the worm and then crash designated websites, without the computer owners’ knowledge. Or they can take control over computers belonging to a particular bank or government agency and steal money or information – or sell control over such computers to whoever is interested. I’ve heard that one can buy anything on the Internet, but I had no idea that it included control over “fifty computers belonging to the FBI.” This way the creators of the worm can make money with much less risk of exposure. Some worm-makers don’t even infect computers themselves, but just sell their malware to whoever would like to use it. I was very surprised to learn that that’s not a crime. That is, according to the author, there’s nothing illegal in creating software that, say, exploits a flaw in the Windows operating system to gain control of other people’s computers, and in selling it to somebody.
I also found out that cybercriminals can run from your garden variety bored teenage hacker who just wants to show off to very well-coordinated groups of people who are more knowledgeable and talented than the best Internet security specialists. The latter is what happened with Conficker. Whoever created that worm gave the Cabal, composed of the best and most experienced Internet professionals, a run for their money, always keeping one step ahead of them. The Cabal kept solving seemingly impossible problem, only to have their quarry upend the game once more. This begs the question as to why these people turn to crime, if they could obviously get any computer-related job in the world and make plenty of money legally, but the author never addresses this question.
Another interesting point is that the Cabal was composed of network specialists who work for some company or run their own Internet-related companies, pure Internet researchers, and a volunteer who routinely spends his evenings hunting worms and then informing infected companies, without benefiting from it in any way (I was amazed that such people even exist! Ditto the guy who ran up a debt on his personal credit card to buy domains ahead of Conficker.) Anybody missing from this list? Yes, the government. It was very hard for the Cabal to get the attention of any of the relevant agencies, and then said agencies’ combined input into the effort to combat the worm was zero. Basically, if you’ve ever thought that the men and women in Washington are individuals with huge egos and feelings of entitlement who take much more from the country in the form of high salaries, benefits and various perks than they give back, this book will serve to confirm this opinion.
Microsoft also comes in for its share of the blame. Before Conficker another worm had exploited a similar flaw in the Windows operating system. Back then Microsoft issued a “patch” for the port that worm had used to gain entry, but didn’t bother to check if a similar problem existed with any of the other ports. Had they done this and fixed that flaw too, Conficker wouldn’t have happened. And funnily, the author says elsewhere that if only everybody registered their Windows operating systems and allowed all the security updates from Microsoft to go through, Windows would have been “well near impregnable.” Yeah, right!
I don’t know if people who’re into computers would find this book informative, but for me it was interesting to look over the shoulders of the Internet defenders, as they go about their work.
January 2, 2022
This was the only book on computer security that I could find at my local library, which is a little surprising for DC. It's about the Conficker worm. It's not a great book.
I had hoped for more expertise. Even I know that TCP packets are not "packets of code" and that DDoS is not "Dedicated Denial of Service." That second error appears once, with later expansions being correct, but it is symptomatic of generally weak quality control.
A scan through the Wikipedia page for Conficker shows that Worm leaves out a number of interesting technical details: dictionary attacks are not mentioned at all, for example.
I did enjoy learning about the involvement of SRI in connection with Conficker and with the development of the internet in general.
Bowden focuses on social aspects, and these mostly ring true: Lots of computers aren't updated, and hackers take advantage of them. Coordination, especially with government, can be difficult. Mischel Kwon in particular is not portrayed glowingly, but many of the cast of characters appear infantile in their own words.
The book succeeds in making security seem pretty inane. Microsoft makes a crummy product, so people get hacked. To stop the hacked machines from doing anything, the good guys try to buy a lot of domain names, and eventually fail. All our technology is both amazing and pitiful.
I had hoped for more expertise. Even I know that TCP packets are not "packets of code" and that DDoS is not "Dedicated Denial of Service." That second error appears once, with later expansions being correct, but it is symptomatic of generally weak quality control.
A scan through the Wikipedia page for Conficker shows that Worm leaves out a number of interesting technical details: dictionary attacks are not mentioned at all, for example.
I did enjoy learning about the involvement of SRI in connection with Conficker and with the development of the internet in general.
Bowden focuses on social aspects, and these mostly ring true: Lots of computers aren't updated, and hackers take advantage of them. Coordination, especially with government, can be difficult. Mischel Kwon in particular is not portrayed glowingly, but many of the cast of characters appear infantile in their own words.
The book succeeds in making security seem pretty inane. Microsoft makes a crummy product, so people get hacked. To stop the hacked machines from doing anything, the good guys try to buy a lot of domain names, and eventually fail. All our technology is both amazing and pitiful.
June 6, 2018
I like Mark Bowden’s books. In fact all of the other books I’ve read of his are fantastic. This one is way less than impressive. The story about Conficker is not overly interesting in the first place. While it ends up being a huge botnet, it doesn’t end up doing anything nor does it get attributed to anyone. The story does show how some civilians come together to try to stop it, even when the government didn’t care but I don’t agree with the perspective the book takes. It makes the government look inept and aloof, which has some element of truth, but I think it simplifies the government’s position. There was a lot of other things going on and to worry about a worm that, although large, already was solved if people updated their computers might not have been as important as zero day exploits that were active at the time. In my opinion, given the outcome of Conflicker, it appears the government’s lack of interest was the correct choice, if only based on luck.
I take exception to the title too. It’s hardly the first digital world war. There are cyber events before this event. And this action can’t be described as a war. They couldn’t even attribute who developed the worm, let alone did it not having any actual effects.
Overall, a poor book by an otherwise exceptional author.
I take exception to the title too. It’s hardly the first digital world war. There are cyber events before this event. And this action can’t be described as a war. They couldn’t even attribute who developed the worm, let alone did it not having any actual effects.
Overall, a poor book by an otherwise exceptional author.
This entire review has been hidden because of spoilers.
September 11, 2018
I found this book to be quite interesting - I had not realized how serious the Conficker virus was, or that it had the potential to collapse the entire internet. The book centers around a loose confederation of software and IT nerds who're all involved in the internet in various roles, and how they (mainly) successfully keep the virus under control. That being said, the book also highlights the myriad vulnerabilities of the internet, not the least of which is that no one is "in-charge" (which also may be one of its main strengths). I think the author did a pretty good job of walking the tightrope between offering enough technical detail to make the book authentic, but not so much that one got lost in the details. That said, there was a point about 2/3's into the book where I felt like he did get lost in the weeds a bit, and there seemed to me to be more detail on the back-and-forth between the confederation members than was perhaps strictly necessary. Those flaws aside, I enjoyed the book and would recommend it if you have even a passing interest in the internet - and who doesn't these days!
June 6, 2019
2008-2009 Internet security faced a new threat. A sophisticated worm that created a bot army of 1.5 million computers in 195 countries. This is the story of the detection and fight against this still mysterious hacker and/or hackers.
Why I started this book: Another Professional Reading list titles.
Why I finished it: I started this book thinking that it was a novel. I confused this blurb with another title, so I was waiting for the novelization for the first third of the book. Many reviewers have questioned the audience of this book as there is little technical details... but as a policy book/case study for those making rules without computer backgrounds this book checks all the boxes. Especially the play/interaction between private, for profit and governmental responses.
Why I started this book: Another Professional Reading list titles.
Why I finished it: I started this book thinking that it was a novel. I confused this blurb with another title, so I was waiting for the novelization for the first third of the book. Many reviewers have questioned the audience of this book as there is little technical details... but as a policy book/case study for those making rules without computer backgrounds this book checks all the boxes. Especially the play/interaction between private, for profit and governmental responses.
Displaying 1 - 30 of 297 reviews