Worm: The First Digital World War (23 page)

BOOK: Worm: The First Digital World War
3.71Mb size Format: txt, pdf, ePub

A few hours later, out in San Francisco, the ever-dour Paul Vixie took up the challenge, beginning with an answer to Rodney’s dare, and proceeding to a broad, measured reflection on the fragility of our emerging digital world:

I won’t. But I will provide some personal context, much of which is probably shared by others in this community.

These problems have been here so long that the only way I’ve been able to function at all is by learning to ignore them. Else I would be in a constant state of panic, unable to think or act constructively. We have been one command away from catastrophe for a long time now. . . . In a thousand small ways that I’m aware of, and an expected million other ways I’m not aware of, the world has gotten dangerous and fragile and interdependent. And that’s without us even talking about power grids or the food stocks available in high population areas if rail and truck stops working for a week. AND, in a hundred large ways that I’m aware of and an expected thousand I don’t know of, ethically incompatible people out in the world have acquired and will acquire assets that are lethal to the industrial world’s way of life—criminals and terrorists using the Internet for asymmetric warfare is the great fear of our age, or at least it’s my great fear. But I’ve lived with it so long that I have lost the ability to panic about it. One day at a time, I do what I can.

I do NOT want this to be interpreted by ANYONE as me disagreeing with rjoffe’s basic observations and predictions. I’m saying the problem is far worse than he made it out to be. Because I am not the only one who has had to learn how to tune out the constant state of danger and get on with my life. All of us have. A full accounting of the problems we are collectively deliberately not thinking about in order to stay sane would be quite a SHOCK to any of us who saw it.

Now if people in DC have been telling other people in DC that there’s no emergency here in Internet-land, and that they’ve got it all under control, then they are certainly wrong, but as to whether they’re ignorant and confused, or self-serving liars, I could not say from what little I know.

But if people in DC are telling other people in DC that this is not the same threat level as 9/11, then they’ve probably got a point. Tomorrow the Internet MAY die for several days, if some botherder gets jilted by a boyfriend or whatever. There WOULD be loss of life and whole lot of money as a result. But there’d be no way to politicize it the way that 9/11 was politicized, because not all the fire trucks and ambulances would be in the same place or shown on the same nightly news program. So from a DC denizen’s point of view, the Internet’s not in trouble, by the odd definition of “trouble” that most DC denizens have to use. And we all ought to be worried about a world that’s as broken as all that.

I don’t advocate that we learn to live with this new class of threat, but I also don’t know what choices we have. In a free world it will be possible for this kind of thing to happen. We need more vigilance and more objective measurements; we need to change some fundamentals so that LE [law enforcement] can track these guys down in any country they operate from and kick in their doors and haul them away in chains and haul their computers away in trucks. We need a LOT of help from government, and we CANNOT be telling people in government that we’ve got it under control because we absolutely DO NOT HAVE IT UNDER CONTROL. At best we have it under light surveillance in-between the times one of us goes out on a donut break.

It was a dark vision of where things were heading, but a legitimate one. C-Day was just eight days away.

10
Cybarmageddon

 

AND IS IT ANY
LESS
MAD TO BELIEVE A

HANDFUL OF
MUTANTS
MIGHT SAVE THE

ENTIRE WORLD?

—The Amazing X-Men

 

John Crain had been minding his own business, literally, that evening at the Holiday Inn in Atlanta in early February at the Georgia Tech DNS symposium when his boss volunteered him to save the Internet from Conficker.

His official title at ICANN was so complex that he would just tell people, “It’s very long and it has something to do with security,” and then hand them his card. Since the Georgia Tech conference had been convened to compare notes and discuss all the ways the Internet was at risk, it made sense for him to attend. Security issues had not been paramount when ICANN was established in 1998, taking over the role of assigning and keeping track of domain names and numbers worldwide. But as the malware problem grew in intensity and sophistication, its position as the only international body with any slight authority over the Internet had turned John’s security job into a pivotal one. The Georgia Tech conference was an effort to draw together the disparate players concerned about the threat, and John had helped set it up. He had been roped into attending the Cabal’s rump session that night by ICANN’s president, Paul Twomey.

And when his boss turned to him to be ICANN’s point man with the Cabal, John said the only thing a man who loves his job can say in such circumstances:
Yes, sir . . . now . . . what exactly are we talking about here?

The specific task that night was to get China on board, since the newly released B strain included that country’s TLD (
.cn
), and because most of the infected computers were there, and because nobody else in the room had a clue as to how to go about enlisting the help of the Middle Kingdom—Rick Wesson having not yet informed the group about his own outreach to China. Perhaps because of Rick’s unauthorized outreach, the task happily proved to be a lot easier than anyone, including John, imagined. A few phone calls and a couple of emails.

Still, John had earned a reputation for working wonders, so when Conficker C upped the ante from 250 to fifty thousand domains, and the list of eight targeted TLDs to 116, all eyes again turned his way. He made a terrific ambassador, easy to talk to, fun, the kind of guy who loves to sip good whiskey and talk music. John projects no hint of his profound—really, one-of-a-kind—level of international expertise. The Internet is so new that even those capable of doing John’s job could not have accumulated his contacts and experience.

He has a broad face with a small, pinched mouth and prominent, dark arching eyebrows, with straight dark hair that forms a striking widow’s peak. He combs it straight back, in a style that, with the eyebrows, can give him a slightly diabolical look, which is misleading, because he is both cheerful and unfailingly straightforward. He had somehow contracted a passion while growing up in the East Midlands of England, in Leicester, for 1950’s-era American country and rockabilly music. Long before he even contemplated moving to the United States he had begun affecting cowboy boots and shirts—his friends called him “Tex.” At about the same time he had begun working with computers, playing video games like
Star Trek
with his brother and father, and tapping into the mainframe of British Gas, where his father worked. In the three decades since—he was now forty-three—he had earned a degree in mechanical engineering and had set to work on computer networks when the Internet was still in its infancy. Dressed now in somewhat fancier cowboy boots and shirts, John has become the globe-trotting
something-to-do-withsecurity
man for ICANN, working when he is not on the road from an alcove in a spare bedroom of his suburban home in Long Beach, California, where he settled in search of perfect weather—“I was working with this American fellow in Amsterdam, and it was raining, and he said, ‘Why don’t you come to California? It’s not raining there.’”

When Conficker C arrived, John had three weeks to enlist the help of nearly a third of the TLDs in the world, including every top-level country code. If a nation had its own TLD, John had to recruit it to play ball with the Cabal. This meant asking the Domain Name Server (DNS) in countries on every continent . . . well, the pitch might have gone something like this:

Kind sir, with apologies, would you mind terribly setting aside this long list of domains? (Since the servers made money for every domain name they sold, this was asking them to essentially give away hundreds or perhaps eventually thousands of revenuegenerating items.) And would you also set up a system to intercept inquiries sent to these domain names by this nasty botnet Conficker beginning on April 1, and redirect them all to a sinkhole operated by this grad student named Chris Lee at an American university in Atlanta, Georgia, called Georgia Tech—you know, “The Ramblin’ Wreck”? Everybody over here has heard of it. Really. In doing so, kind sir, you will be performing a heroic service to the health of the Internet, and, need I mention, for the reputation of your registry and country. (Just think how bad you are going to look if you don’t play along!) . . . And (forget about getting any credit for your generosity here) would you mind keeping this all secret? We’ll supply you with the lists, trust us . . . and . . . and . . . oh yes, if any of those randomly generated domains happens to be owned already, for every “collision,” we’ll be needing you to authenticate its ownership and then contact the poor sap and work out arrangements to shut him down . . . but only for a few days! . . . in order to protect him from being swamped by the evil botmaster . . . and . . . did I forget to mention? . . . just one more little thing . . . would you please do this every day for . . . ever? From now until the end of time?

Okay. It sure didn’t sound like an easy sell. Some members of the Cabal had concerns about even making the pitch. What if this country-by-country effort succeeded, and then resulted in breaking a law somewhere, or prompted some TLD, acting at the Cabal’s behest, to anger one of the website owners whose domain “collided” with Conficker’s daily list?

“I do not have to want to avoid travel to certain parts of the world because ‘XX’ years ago I tried to help the Internet, and someone felt I violated some privacy law and filed a suit which resulted in a warrant for my arrest in YY country,” wrote Dre Ludwig.

The botmaster was, of course, counting on this being an impossible sell, and John had little quarrel with that logic. He expected to fail. It was his job . . . but . . . are you serious?
Really?
Remember, ICANN has no authority whatsoever. There are no little black helicopters to swoop in and enforce the global will. There is no applicable international law. And who could even characterize this as the
global
will? This was coming from an ad hoc group of volunteers—the X-Men!—with no official role even in the United States, much less in the world community. Chris Lee was still in grad school, for Chrissake! (He did, however, already have a PhD.) Few of the people running these things—in Africa? in South America? in Asia?—had ever heard of Conficker, much less of the Cabal. ICANN had no leverage beyond an appeal to international fellowship and John Crain’s charm. And yet . . . wasn’t it in everyone’s interest to keep the Internet functioning smoothly? The global network rested upon a common commitment to good sense and goodwill. Didn’t it?

Some of the TLDs involved began asking why Microsoft wasn’t just buying up all of the Conficker-generated domains itself. After all, it was Microsoft’s leaky software that allowed the worm to flourish, and everybody had been reading for years about Bill Gates’s countless billions. This touched upon widespread resentment of the giant software company for owning such a huge share of the market worldwide, and in some cases for corporate practices considered predatory. Some of this discussion found its way to the List, where T.J. remained conspicuously silent on the subject. When one of the TLD operators complained that Microsoft should have to pay for “cleaning up its own mess,” Paul Vixie responded with frustration:

Then perhaps you should organize a class action lawsuit. But it’s not in scope for the public health crisis to wonder what company profited from creating the fragile conditions. (or else the board and CEO of McDonald’s would be in prison for the world’s diabetes problems.) We REALLY digress.

Even Paul, who shared this view of Microsoft’s responsibility, could see the folly of assigning blame while the Internet was . . .
on fire!

The Cabal set upon working out various technological solutions, some way of automating the process of blacklisting or blocking the never-ending list of potential command locations. How better to fight a computer than with a computer? But the problem was less technical than political. In order to put an automated process to work, they would still need the full cooperation of every one of those TLDs. The biggest problem was collisions. In these cases the owners of the sites had to be checked out and enlisted in the effort, and if even one balked, if even one was owned by or paid off by the botmaster, the whole effort could fail. The authors of the worm had already managed to upgrade it twice by registering several domains right under their noses.

John began shipping off the “ask” in mid-March. In those cases where there were collisions, Chris Lee would contact the unlucky website operator directly with the request to block traffic on the given date and instructions on how to direct it to his sinkhole.

Needless to say, this was a strange note to get. Unprecedented. Some noodle you never heard of in Atlanta, Georgia, U.S.A., writes to you out of the blue and asks you, for the good of humanity, to shut down your business for a day and reroute all your web traffic to him! One contractor, who managed a website that collided with the worm’s list, happened to be a Georgia Tech grad himself, so he wrote back to Chris:

Other books

Too Great a Temptation by Alexandra Benedict
Once by Anna Carey
Brownie and the Dame by C. L. Bevill
Pies and Potions by Pressey, Rose