Bruce Perens, a well known technologist and open source evangelical, wrote a fascinating review and analysis of the recent attack on the city of Morgan Hill in California, via the simple but highly effective means of merely popping manhole covers, entering and cutting fibre optic lines. Read the story here: http://perens.com/works/articles/MorganHill/
I believe this story points out what I've been suggesting in my recent blogs regarding conficker: we are a society highly dependent on a live, running internet. Hugely dependent. This story is direct evidence.
So I ask again, how effectively could several million computers be, working in concert, in shutting down sections of the internet, or targeted commercial properties from operating on the internet? Because that is the power the owners of conficker have. The latest usage appears to be the more traditional usage of heisted computers: spambots and capturing keystrokes to capture credit card information or other high $ value information from the user.
If that's all they can come up with, I have to say I'm unimpressed with the meta-level creativity of the owners of this worm. Yes they've shown some create technical creativity and implementation skills in what they've done, but to what effective end? Sure they should be able to make some $'s from stealing CC#'s and from selling spam services. But that's pennies compared to leveraging what might be within their capability set at this point.
Think about it: shut down Citibank for a day. Wait a few days. Then send a private message to their president saying they will be randomly shut down again, over and over...until they pay a $50M ransom into such and such bank account. That's serious, serious criminality on a scale that's Bond film worthy, if you ask me.
I just can't figure out why they aren't executing on it. And I can't figure out why some serious brainpower isn't being applied to figure out how to stop them.
Maybe it is and we just don't know it. I can only hope so. Because the nonsense about "check and make sure your computer isn't infected and you have latest Windows patches applied" is both important...and completely irrelevant at this point. The owners of conficker already have a fascinating and potentially extraordinarily potent weapon under their control.
Does anyone really know how powerful? I'm don't know! I guess it's good so far that we haven't found out. But as the attack on Morgan Hill demonstrates, the western world at least is far, far more vulnerable to this weapon than we believe or understand.
skip to main |
skip to sidebar
Discussion on the latest application security developments and issues, including piracy, code protection, application hardening and cybersecurity.
