on September 27, 2011
One of the greatest things about airport bookstores - they often ignore sale dates. I purchased Worm a few days ago without realizing it wasn't supposed to be released yet. Which is good, because it made that flight from Denver to Baltimore tolerable.
First things first. If you are a network newbie, you will be coddled by this book. You don't need to have your MCSE or CISSP to read "Worm". Bowden does a good job of breaking down salient data - what is TCPIP, what is RPC - and creating explanations that make sense. Don't know why Port 445 is so special? Wonder why Windows is so often the target of malware around the world? (the technical explanation, not the political answer) You will after reading this book. It won't win you any medals at the next Cisco shareholders meeting or net you a job in IT, but at least you'll know why Patch Tuesday is important and why malware isn't just a problem with code - it's a social engineering problem, too.
The next best thing about this book is how much it stresses that the Internet is still in it's adolescence. It's a hodgepodge of ancient protocols and new-fangled protocols shoehorned into communicating with one another, and that's a fragile animal. you'll wonder why it doesn't go down more often.
"Worm" is entertaining and informative. Personally, I think it's too short. You'll get a quick bio about a particular researcher, follow them through some problem solving and then, inexplicably, drop them entirely while picking up with another researcher. I think the personalities involved are as important as the science. But those quibbles are trivial.
on October 5, 2011
It's out there. Waiting. Chances are, you've never heard of it. Nobody knows who controls it, or why. No one knows what it will do. But its destructive capacity is terrifying.
Welcome to the world of cyberwar! And, no, this is NOT science fiction.
"It" is the Conficker Worm, an arcane name (an insider's joke) for the most powerful "malware" -- malicious software -- yet encountered on the Internet. First detected in November 2008, Conficker is a devilishly clever bit of programming that took advantage of a vulnerability in the Windows operating system. Microsoft immediately moved to "patch" the vulnerability, but therein lay the problem: Windows is the most-pirated software of all, so hundreds of milliions of computers were running versions of Windows without the patch -- all of them vulnerable to Conficker (and to hundreds of other malicious programs whose authors now knew how to embed their work in Windows).
Mark Bowden, the very capable author of Blackhawk Down, tells the story in Worm of a group that included many of the world's top computer security experts who privately came together early in 2009 to combat Conficker. At first, they were confined exclusively to the private sector, and their work was informal. Eventually, they managed to gain the attention of senior government officials and -- slowly, reluctantly -- obtain limited official support from the U.S. and Chinese governments. The group, known among themselves as the Conficker Cabal, even managed to get onto the White House agenda late in the game, as Conficker was upgraded once and then again - because the worm represented nothing less than an existential threat to the Internet itself.
I did say the potential was terrifying, didn't I?
Bowden is a superb journalist and a capable writer, as Blackhawk Down made clear. However, Delta Force soldiers pinned down in a firefight in Mogadishu make for great copy. Geeks exchanging emails about technical material don't. Bowden does an excellent job explaining in plain English the nature of Conficker and how it operates, and he does his best to sketch the members of the Cabal in three diimensions, but the result is hardly a page-turner. Still, Worm is a very important book, because it brings to light just how vulnerable is the infrastructure of the world we live in.
And, oh yes, the Cabal managed to fight Conficker to something of a standstill. But they couldn't destroy it, and to date they've never found the hackers who created it. Conficker is still out there.
Author Bowden does a great job of summarizing malware in general, and the Conficker worm in particular. He begins by explaining that there are three types of malware - Trojans, viruses, and worms. A Trojan is a piece of software that masquerades as one thing to get inside a computer, then attacking. A virus attacks its host computer after entering its operating system - it depends on the operator opening an e-mail attachment or clicking on a lilnk. A worm works like a virus, but doesn't attack once it enters - it's primarily designed to spread, then wait for instructions delivered later.
Some computer malware is intended to damage or destroy one's computer, and victims quickly realize the problem. A computer worm, by contrast, is a packet of computer code designed to infiltrate a computer without attracting attention and then scans for others to invade, spreading exponentially. The Conficker computer worm emerged in November, 2008 and infiltrated 1.5 million of the world's computers in the first month. By January, 2009 it had spread to at least 8 million computers, exploiting flaws in Microsoft Windows that it closed after entering. They constantly check with its unknown creaters at their unknown location for directions. Frustrated cyber-security experts at Microsoft, Symantec, SRI International, etc. have merged forces to try and defeat it - so far they've been unsuccessful. Bowden's 'Worm' tells how hackers, entrepreneurs, and computer security experts are trying to defend the Internet from Conficker - what the author calls 'the first digital world war.'
In the 'good old days,' infected computers slowed down because user commands had to compete with viral invaders for processing power. Computers would slow down, and programs would freeze. Worm-linked computers ('botnets') can be used to steal information, assist fraudulent schemes, or launch denial-of-service attacks. So far, Conficker (35 kilobytes of code - less than a 2,000-word document) has done none of those things, and been activated only once to perform a short, simple spamming operation that sold a fake anti-spyware program for two weeks, then stopped.
The Microsoft operating system has over 65,000 ports designed to transmit and receive certain kinds of data. Conficker exploited Port 445, which Microsoft had tried to repair 10/23/2008. Firewalls are security programs that guard these ports, but Port 445 was vulnerable even when protected by a firewall if both print-sharing and file-sharing were enabled. However, many fail to apply new patches promptly, and others run pirated Windows systems which Microsoft doesn't update. Thus, reverse-engineering patches allows attackers to create targeted worms.
Experts trying to disable Conficker have learned that it tries to prevent communication with security providers, it avoided Ukrainian IP addresses, and disabled system restore points that allowed users to reset infected machines to a date prior to infection. To prevent IT-defenders from predicting how the infected computer would try to communicate home by setting the computer's clock ahead and then watching what happened (it generates 250 random-codes/day for each of 8 domains - eg. .com, .edu, .uk, etc.). Conficker-infected computers use system clocks (eg. Google, Yahoo) that can't be set ahead. The 'bad guys' only have to pay $10 to register one address, and wait for botnetted computers to make contact. Unfortunately for computer defenders, that communication used coding techniques employed in the latest standard, MD-6, revised.
Defenders, however, were flooded by 50,000 domain names/day needing investigation. Each requires checking to ensure it belongs to a good guy, and their spread out all over the world. Worse yet, a newer version introduced peer-to-peer communication, meaning that all infected computers no longer needed to call home for instructions, and defenders no longer have any way of telling how many computers are infected.
Another insidious Conficker attribute is that it could also be spread by USB drives - thus, systems not connected to the Internet were also vulnerable.
Most of the world's 'best' malware comes from Eastern Europe, drawing on high levels of technical expertise and organized criminal gangs. That's a very big area within which to search.
on October 10, 2011
We have been one command away from catastrophe for a long time now ~ Paul Vixie as quoted in the book.
A worm is a small packet of information, rather like a virus in a human although not like a virus as we use that term in computers, that borrows deep inside your Windows operating system and waits for instructions from somewhere outside of your computer. It isn't there in particular to take out your computer, although it can, but to unite with others to act together to do something like take down the electric grid in the USA or even the internet if that is the intention. You don't have to open an email or go to some website to get it. If you are on the internet, and use Windows, it can find you. Oh yes, it can come through your USB port. It is a bit more complicated than that but that's the basics.
Worm tells the story of the Conficker Worm From the time it first showed its face in what is known as a honeynet through its updating and where it stands today. A honeynet looks like a bunch of computers on the internet but is really just one computer that is watching what is picked up. If you have lots of computers, you are more likely to pick up a virus, worm or trojan. There are people out there who are monitering the internet, some of whom are even being paid to do it. (I have to admit that my cynicism took a bit of a blow learning that there are people out there protecting the internet for free)
What makes this interesting to me, is that it introduces us to the "good" guys in this war. The old idea of a young male hacking into computers for fun? Well, some of those guys grew up to be the White Hats as they refer to themselves. And they do all seem to be men. They find some of the same challenge that had them breaking into computers in pitting their intelligence against the Black Hats who are every bit as intelligent as themselves.
Someone in a review complained that the ending is anticlimatic. Well yes, the worm is still out there. It hasn't done anything except send out spam for a very short time for a fake antivirus program, perhaps to show what it could do if it wanted to. But I think it is a glimpse into the near future. Maybe this worm is so well watched that it will never really do anything but what about other worms? Recently a worm disrupted uranium production in Iran. There are countries that would prefer that Iran not have the bomb. Using the word 'war' in the title probably doesn't help either. Sadly, a war without bombs and dust and places that can be watched on TV doesn't hold many people's attention.
Another reviewer complained about the extensive explainations. I'm a woman in her 60s, about as far away from what people think of when they hear geek. I understood this book. (disclosure: I read Martin Gardner so there is some geek in me)
I found the book interesting. I recommend it.
on January 1, 2012
Woohoo!! Mark Bowden takes his readers on a crazy adventure with danger lurking everywhere, only this time there aren't any bullets flying, helicopters crashing or hostages being taken. Here we have elite nerds (he calls them the Tribe) and their Mountain Dew doing what they do, pulling all-nighters on their computers. The book starts off with all sorts of potential, but starts to dwindle into repetitive statements about how big the threat of Conficker is/was, and long passages of internet forum (the List) drama. Anybody who is a Redditor, goes to forums, or reads comments on news websites/blogs knows what I mean by internet drama, fueled by not being face to face with others. Also, as other reviewers have mentioned Bowden seems to mix some timelines up. In one case referencing an internet attack in 2002 and saying " This event was important. It was a sobering demonstration for those paying attention, which is to say the Tribe...The vast majority of Internet users remained oblivious. So long as Google and YouTube and Facebook kept humming along..." In 2002 YouTube and Facebook weren't even around, and Google was nowhere near what it is today.
Overall, I enjoyed this book and don't regret spending the time to read it. At the very least, it gave me insight into the world of cyber-security, and some of the culture surrounding it. This is one of the main things I like about Mark Bowden's books, they aren't just filled with facts, they are filled with a sort of insight that gives readers (or at least me) a feeling of experience. However since it is not on par with some of Bowden's other works such as Black Hawk Down or Killing Pablo, fans may be disappointed.
on January 17, 2013
There is always a bit of conflict when a writer needs to convey the inner workings of computers. How technical to go, how to describe what is virtual and what is real, how to explain the differences between hardware, software, and the languages they all use. Some authors assume you know everything and just blast through the details - daring you to follow. Others try to explain everything to death with long boring explanations of the history and inner workings. Unfortunately, Mr. Bowden fell into the latter category.
I picked up this book thinking it was going to be a thriller about the Conficker worm and how they tracked down the writers of it; brought them to justice. Instead I got this incredibly boring rehash of the last 20 years of computer history. I really don't need another telling of the rise of Microsoft or the internet. I especially didn't want to read Mr. Bowden's attempts to draw analogies about network topology.
By the time I was halfway through the book, I felt like I was in some sort of computer history class and there was going to be a test. I could have aced the test without having read this book.
There was a lot of promise around this concept. How does the law enforcement officials find and prosecute these hackers? What tools and techniques do they use? That would have been a fascinating story. Another re-telling of the early days of ARPAnet - no thanks.
on January 17, 2012
It is amazing to me the number of people who did like this book. Fantastic research of a real world security problem went into this book. Sure, it has errors in it, but so what. An amazing amount of this book, given its technical complexity, is accurate. It is something that many people should know about, but as one of members of the Conficker working group said, people want to keep their sanity and not spend every day in fear, knowing the real story behind the Conficker botnet and how lethal it could be to the Internet and therefore our electrical grid, transportation, and food.
on October 19, 2011
Just finished reading this disappointing effort on my Kindle. Tho normally a great Bowden fan, this one fell well short of my expectations. The story drones on and on as the valient Cyber-SEALs battle the faceless Evil Genuis(es) who are behind the Conficker worm. As I hit the midway point I found myself speed clicking thru the pages in an attempt to get to the Good Part (which never came).
I agree with some others that the book is poorly edited, given a sprinkling of spelling errors, but much more annoying is the endless replication of e-mails between the various members of the "Cabal". In what seems to be an obvious attempt to pad the book, these emails run on forever, sometimes extending to as many as 4-5 Kindle screens.
I have concluded that "Worm" must itself be an unscrupulous bit of malware; a program that has infiltrated my Kindle at the behest of some unknown botmaster, having maliciously appropriated the identity of Mark Bowden.
Somebody call US-CERT!
on March 19, 2012
This is the story of a group of volunteers (mostly from industry) who gather to investigate, and ultimately fight, the Conficker worm (malware) which has made zombies (robotic servants) of several million machines (computers) connected to the Internet. The author does a competent job of translating the highly technical lingo and concepts of networking, computer security, and malware exploits, into language most readers should be able to understand. He does not give step-by-step instructions on how to build your very own NetBot.
In rendering the cyberspace mystery of Conficker, the author takes pains to show the human side of the story, in which competing agendas, egos, and worldviews threaten the success of the Cabal, which help rein in the wayward Conficker worm. He also makes a point of describing just how seriously this particular worm is. In the wrong hands, such as a desperate dictatorship or totalitarian government, the Conficker infestation COULD cause a near-global shutdown of not only the Internet, but of the societies and countries which depend upon it. In the case of America, it might simply disrupt the power grid, causing widespread suffering, and potentially collapsing the food distribution network upon which the whole nation relies. Having that much power in the hands of malicious or irresponsible parties is fertile ground for nightmares. And while the book claims to report on the first digital world war, the term "Cybarmaggedon" seems much more appropriate.
on August 3, 2014
Mark Bowden wrote my all time favorite military book "Black Hawk Down". I don't believe he has a military background but he perfectly nailed the warrior ethos and the various hierarchies present in the military. He told a gripping story in an edge of the seat manner. Unfortunately those gifts were not present in this book.
Cyberwarfare is an important topic and presents many challenges to our nation. Bowen again did extensive research and assuming his knowledge of how the internet works is like most people's, he does a great job in understanding what is going on behind the screen. He does a good job in explaining how the internet works and how it can be exploited. I now have a better understanding. The book is a good size- appx 250 pages and I'm sure if I went back and re-read it I would understand the technical details even better.
However to me there just wasn't that compelling of a story narrated in the book. First off I thought the book would take a broader look at cyber threats, instead it mostly focuses on the "conficker" virus which infected appx 30 million computers worldwide and was perceived to be capable of being quite threatening. He focuses on a group of security experts from private industry who worked on containing the virus with very little help or concern from the government.
He could have gone another way with this work. It could have been an overarching look at how the internet works, why it is vulnerable and what policies should be in place to prevent it's weaponization. He could have included case studies like this conflicker virus but it should have been more of an overview.
Instead he wrote this like it was an exciting story along the lines of killing Pablo Escobar (Killing Pablo), Killing Bin Laden (the finish) or a raid gone bad (Black Hawk Down) or the take over of a US embassy (Guests of the Ayatollah). However a bunch of geeks tracking down 1s and 0s does not make for an exciting story telling.
I still love the guy's work and look forward to his next project.