TOPICS > Science

Book Chronicles Fight to Save Web From Sophisticated Computer Worm

November 21, 2011 at 12:00 AM EDT
In "Worm: The First Digital World War," journalist Mark Bowden chronicles computer security experts' campaign to detect and defeat a sophisticated new computer worm. Margret Warner and Bowden discuss the Conficker worm, which was first detected in 2008 and ultimately invaded at least 12 million computers worldwide.

JUDY WOODRUFF: Finally tonight, the story of a potent computer worm.

Margaret Warner has our book conversation.

MARGARET WARNER: In November 2008, computer security experts began detecting a new, highly sophisticated computer worm. They called it Conficker. Ultimately, it invaded at least 12 million computers worldwide.

The story of the campaign to defeat it is chronicled in a new book, “Worm: The First Digital World War.” The author is journalist Mark Bowden. He also wrote the bestseller “Black Hawk Down” about the 1994 U.S. raid in Somalia that went awry.

And, Mark Bowden, welcome. Welcome back.

MARK BOWDEN, “Worm: The First Digital World War”: Thank you, Margaret.

MARGARET WARNER: So, every day, it seems we’re hearing about some new virus or worm.

What made Conficker so special that you wrote an entire book about it?

MARK BOWDEN: Well, it was — it demonstrated a very high level of sophistication in a number of different areas.

But I think what really intrigued me was the gamesmanship that went on. The people who were trying to defeat it would make a move to shut it down. And whoever the mysterious creators were of this botnet would then make a countermove to stay alive. And it got — you know, it really became kind of a chess mass at the cutting edge of software technology.

MARGARET WARNER: Now, you have to explain what a botnet is.

MARK BOWDEN: Well, before I started, I didn’t know what a botnet was either.

A botnet is an illicit network of computers that are all under the control of a remote operator. So, you, as the computer user, are like Captain Kirk sitting in the control tower of your Enterprise spaceship, and — the starship Enterprise — and unbeknownst to you, there is someone who actually has control of your computer.

And, in the case of a botnet, it’s a — in this case, up to 12 million computers interlinked, which is effectively owning a supercomputer.

MARGARET WARNER: And then it would have the capacity to penetrate other very important networks? Is that the danger?


I mean, there’s two ways to have a supercomputer. One is to build one the size of a house. And the other is to take millions of small personal computers and link them all together. And when you have a computer with that much power, you can crack codes. You can break into commercial data. You can steal money out of bank accounts.

You can also launch what’s called a denial-of-service attack large enough, theoretically, to crash the Internet itself.

MARGARET WARNER: Now, you said whoever the creators were. They — the people who tried to defeat this never figured out who the creators were.

MARK BOWDEN: We still don’t know.

I actually think the FBI maybe does know. But they haven’t been able to apprehend them. The Internet is a global phenomenon. And there is no such thing as a global police force. You know, there’s different laws in different places. This is sort of the Wild West period of the Internet.

So, someplace like the Ukraine is famous for having very liberal laws and — governing, you know, things like malware and…

MARGARET WARNER: Which is malicious software.

MARK BOWDEN: Malicious software.

And so someone can hole up in Kiev and launch something like this. And it’s suspected that this came from the Ukraine. And whoever was behind it is still very much in business.

MARGARET WARNER: Now, tell us about the team that decided to try to go after it. These were basically volunteers, right?

MARK BOWDEN: Right. They called themselves the Cabal after a while, but the truth is that there are very few people in the world who really understood what was going on here and the nature of the threat, so few that they began working together on their own to try and stop this thing.

One of the initial participants — his name is Rick Wesson — he lives out in San Francisco — literally was going around with his credit card buying up all of the domains that this botnet was using to contact its controller, in an effort to shut it down. So he was basically shelling out his own cash. That’s how ad hoc this effort was.

MARGARET WARNER: Now, you said it is still up and operating. Is it up and operating, but neutralized, or is it doing damage?

MARK BOWDEN: It is not neutralized.

The creator of the botnet basically effectively outmaneuvered the Cabal. But I think what the Cabal did was, it managed to attract so much attention around the world to this particular enterprise, that the creators are probably a little bit wary of use it for anything, of drawing further attention to themselves.

MARGARET WARNER: Now, you know there is quite a controversy — it came up in some of the reviews your book — that this whole threat was hyped. There are some people in the industry who think that, that it was too much the sky is falling, and then it never did. What do you say to that?


Well, I’m an old newspaper reporter myself, so, believe me, I understand how this works. But most of the folks writing about this when it happened in 2009 — 2008 and 2009 — didn’t really understand what was going on, to be honest.

And what you have a tendency to do as a reporter is, you ask the expert, what’s the worst thing that could happen here? And, of course, they said, well, theoretically, the worst thing that could happen was, is this botnet could launch an attack that could crash the Internet itself.

Well, that became the headline. And on April 1, the day this botnet became active, a lot of media outlets predicted that the Internet was going to crash and the world would end, when in fact the people involved in this would have said they didn’t think that was a likely outcome.

That doesn’t take away from the fact — and I find it kind of alarming — that someone can wake up tomorrow in Kiev and decide to crash the Internet. And, believe me, nowadays, we rest so many of our vital functions in this country, both commercial, governmental — in so many ways, if we lost the Internet, it would be catastrophic.

MARGARET WARNER: If — how would you know if your own laptop is actually part of this particular botnet?

MARK BOWDEN: Well, the only way you would know, unless you’re really good at this kind of thing, is by downloading some software from the Conficker working group to diagnose whether or not your computer is infected.

If you have been downloading your Microsoft security updates, because this affects Windows operating systems, you don’t have any worries. Your computer will not be infected. But the problem here is not worrying about what is going to happen to your computer. The Conficker worm doesn’t want to hurt your computer. It wants to use your computer.

So, it’s really more network security people who are in the driver’s seat here. They have to make sure that their networks are clean and are protected.

MARGARET WARNER: Mark Bowden, thank you very much.

MARK BOWDEN: You’re very welcome, Margaret.