Approaching Zero, Paul Mungo [good summer reads TXT] 📗
- Author: Paul Mungo
- Performer: -
Book online «Approaching Zero, Paul Mungo [good summer reads TXT] 📗». Author Paul Mungo
Internet’s rogue program became a media event. The New York Times called the
incident “the largest assault ever on the nation’s systems.” The program itself
became known as the Internet Virus or, more accurately, the Internet Worm. At
a press conference at MIT the day after the worm was released onto ARPANET, the
university’s normally reticent computer boffins found themselves facing ten
camera crews and twenty-five reporters. The press, the MIT researchers felt,
was principally concerned with confirming details of either the collapse of
the entire U.S. computer system or the beginning of a new world war, preferably
both. One participant had nightmarish visions of a tabloid headline: COMPUTER
VIRUS ESCAPES TO HUMANS, 96 KILLED.
The incident received worldwide press coverage, and the extent of the damage
was magnified along the way. One of the first estimates—from John McAfee, the
personable chairman of CVIA—was that cleaning up the networks and fixing the
system’s flaws would cost $96 million. Other estimates ran as high as $186
million. These figures were widely repeated, and it wasn’t until later that
cooler heads began to assess the damage realistically. The initial estimate
that about 6,200 machines, some 10 percent of the computers on Internet, had
been infected was revised to roughly 2,000, and the cleanup cost has now been
calculated at about $1 million, a figure that is based on the assumed value of
“downtime,” the estimated loss of income while a computer is idle. The actual
restitutional cost has been assessed as $150,000; McAfee’s exaggerated estimate
of $96 million was dismissed.
By the time the real assessments had been made, the identity of the author of
the worm had been discovered. He was Robert Morris, Jr., a
twenty-three-yearold graduate of Harvard University and, at the time of the
incident, a postgraduate student at Cornell. Far from being an embittered
hacker or an outsider, he
was very much the product of an “insider” family. His father Robert Morris,
Sr., was the chief scientist at the National Computer Security Center, a
nationally recognized expert on computer crime, and a veteran of Bell
Laboratories. He was, coincidentally, also one of the three designers of a
high-tech game called Core Wars, in which two programs engage in battle in a
specially reserved area of the computer’s memory. The game, which was written
in the early 1960S at Bell, used “killer” programs that were designed to wipe
out the defenses of the opponent. The curious similarities between Core Wars
and the Internet Worm were often cited in press reports.
Morris received an enormous amount of publicity after his identity became
known. His motives have been endlessly reviewed and analysed, especially in a
recent book, Cyberpunk, that was partly devoted to the Internet Worm. The
consensus was that Morris wrote a program that fulfilled a number of criteria,
including the ability to propagate widely, but that he vastly underestimated
the speed at which it would spread and infect and then reinfect other machines.
He himself called the worm “a dismal failure” and claimed that it was never
intended to slow computers down or cause any of them to crash. His intention,
he said, was for the program to make a single copy on each machine and then
hide within the network. When he realized, on the night of November 2nd, that
his program was crashing computers on the linked networks, he asked a friend,
Andrew Sudduth, to post an electronic message with an apology and instructions
for killing the program. That was the message sent out at 3:34 A.M., the one
overlooked in the general confusion.
Morris was indicted for “intentionally and without authorization” accessing
“federal-interest computers,” preventing their use and causing a loss of at
least $1,000 (that figure being the minimum loss for an indictment). The
charge, under a section of the 1986 Computer Fraud and Abuse Act, potentially
carries a fine of $250,000 and up to five years in prison.
Morris was tried in January 1990. His defense lawyers said that be had been
attempting to “help security” on Internet and that his program had simply
gotten out of control. The prosecution argued that “the worm was not merely a
mistake; it was a crime against the government of the United States.”
On January 22nd a federal jury found Morris guilty, the first conviction under
that particular section of the 1986 act. Despite the verdict the judge stated
that he believed the sentencing requirements did not apply in Morris’s case,
saying the circumstances did not exhibit “fraud and deceit.” The sentence given
was three years’ probation, a fine of $10,000, and four hundred hours’
community service.
The type of program that Morris had released onto ARPANET, a worm, has been
defined as a program that takes up residence in a computer’s memory, similar to
the way a real worm takes up residence in an apple. Like the biological worm,
the electronic one reproduces itself; unlike the real-life worm, however, the
offspring of a computer worm will live in another machine and generally remain
in communication with its progenitor. Its function is to use up space on the
computer system and cause the machine to slow down or crash.
To researchers there is a clear distinction between worms and viruses, which
are a separate sort of malicious program that require a “host,” a program or
file on a disk or diskette that they can attach themselves to. Viruses almost
always have a payload as well, which is designed to change, modify, or even
attack the system they take residence on. Worms can also usually be destroyed
by closing down the network.
The fact that worms can travel independently from one linked machine to another
has always intrigued programmers, and there have been many attempts to harness
this ability for beneficial purposes. Ironically, one of the first experiments
was made on ARPANET. A demonstration program called Creeper was designed to
find and print a file on one computer, then move to a second and repeat the
task. A later version not only moved
through computers performing chores, but could also reproduce, creating perfect
clones of itself that would undertake the same chores and replicate again. The
problem became obvious: the number of worms would increase exponentially as
each generation replicated, creating a seemingly endless number of clones.
The solution was to create another, nonreplicating worm, called the Reaper,
which would crawl through the system behind the Creeper and kill off the
proliferating clones after they had performed their tasks. The experiment was
abandoned when it became apparent that the Reaper would never be able to keep
up with the proliferating number of Creepers.
There are other sorts of malicious programs, including what are known as
trojans—after the Greek wooden horse. The first trojan incident was reported
in Germany in 1987. On the afternoon of December 9th, several students at the
University of Clausthal-Zellerfeld, just south of Hannover, logged in to their
computers and found that they had received electronic mail in the form of a
file called Christmas. On reading the file, they saw the message LET THIS EXEC
RUN AND ENJOY YOURSELF! followed by a small drawing of a Christmas tree,
crudely represented by asterisks. An “exec” is an executable file, or program,
and the suggestion was that if they ran the program, a large Christmas tree
would appear on their computer screens. By the side of the small drawing was
the greeting: A VERY MERRY CHRISTMAS AND
BEST WISHES FOR THE NEXT YEAR.
Underneath the drawing was a further message, in broken
English: BROWSING THIS FILE IS NO FUN AT ALL JUST TYPE “CHRISTMAS,” followed by
some seventy lines of computer instructions. The students could recognize that
these instructions were written in an easy-to-use programming language that was
available on their IBM mainframe, but few could comprehend what the program was
designed to do. Most of the students decided to give the program a try, typed
in “Christmas,” and were duly rewarded with a large drawing of a Christmas
tree. Typically, they then deleted the file. However the next time they logged
in to their computers, they found that they had received more copies of the
Christmas file, as had many other computer users at the university. What no
one had realized was that as well as drawing a Christmas tree, the program had
been reading the files containing
the students’ electronic address books with the details of their other regular
contacts on the IBM mainframe computer. The program then sent a copy of itself
to all the other names that it could find. It was an electronic chain letter:
each time the program was run, it could trigger fifty, or a hundred, or even
more copies of itself, depending on the size of each user’s electronic address
book.
The unidentified student who playfully introduced the Christmas file into the
electronic mail system had probably visualized a little local fun. He hadn’t
realized that some of the university’s computer users had electronic addresses
outside Clausthal-Zellerfeld linked by EARNet, the European Academic Research
Network. Or that when copies of the file started whizzing around EARNet, they
would then find their way onto BitNet, an academic computer network linking
1,300 sites in the United States, and from there onto VNet, IBM’s private
worldwide electronic mail network, which links about four thousand mainframe
computers and many more smaller computers and workstations. The electronic
chain letter reached VNet on December 15th, just six days after it was
launched.
IBM’s corporate users typically carry more names and addresses in their files
than university users. Soon thousands of copies of the file were circulating
around the world; it quickly reached Japan, which, like all the addresses, was
only seconds
away by electronic mail. Within two days the rampaging programs brought
IBM’s entire network to a standstill, simply by sending Christmas greetings
throughout the network. The company spent an unfestive Christmas season
killing all copies of the file.
The program was later dubbed the IBM Christmas Tree Virus, but because it
needed some user interaction—in this case, typing in the word Christmas—it
isn’t considered a true virus. User interaction implies inviting the intruder
in behind your defenses,
as the Trojans did with the Greek horse. But virus researchers have created a
subcategory for trojans that replicate—as the IBM Christmas Tree did called,
naturally enough, replicating trojans.
The pervasive media coverage of the Internet Worm was probably one reason for
the next major computer incident that year. On December 23, 1988, just six
weeks after Morris’s Internet Worm hit the front pages, a very different worm
hit the NASA Space Physics Astronomy Network (SPAN) and the Department of
Energy computer networks.
Like the IBM Christmas Tree Trojan, it carried a Christmas greeting, and like
the Internet Worm, it also targeted Digital Equipment’s VAX computers. What
later became known as the Father Christmas Worm waited until midnight on
December 24th before delivering its message to users on the network: HI HOW ARE
YOU? I HAD A HARD TIME PREPARING ALL THE PRESENTS. IT ISNT QUITE AN EASY JOB.
IM GETTING MORE AND MORE LETTERS…. NOW STOP COMPUTING AND HAVE A GOOD TIME AT
HOME!! MERRY CHRISTMAS AND A HAPPY NEW YEAR. YOUR FATHER CHRISTMAS.
The Father Christmas Worm was considered nothing more than a nuisance, and did
no damage. But in October 1989 the SPAN network was hit again, with a worm
delivering a protest message. The new worm was a variant of Father Christmas,
but this time when users logged in to their systems, they found that their
normal opening page had been replaced with a large graphics display woven
around the word WANK. In ordinary characters, the symbolism was explained:
WORMS AGAINST NUCLEAR KILLERS Your System Has Been Officially WANKed.
You talk of times of peace for all, and
Comments (0)