The author of Worm discusses one of the most serious cyber threats launched in recent years, shares who’s behind it and explains just how close we are to someone crashing the Internet itself.
Writer Mark Bowden
Tavis: Mark Bowden is an award-winning writer and national correspondent for “The Atlantic,” whose previous books include “Black Hawk Down” and “Killing Pablo.” His latest is called “Worm: The First Digital World War.” He joins us tonight from San Francisco. Mark, good to have you back on this program.
Mark Bowden: Thank you, Tavis.
Tavis: So this first digital world war, is it a question of if or when?
Bowden: Well, really, the book details – it’s kind of a case study of one of the most serious cyber threats launched in the last few years, and trying to curb the Conficker worm really required a global effort.
You had to recruit, or the folks trying to fight it had to recruit the cooperation of every top-level country domain in the world, 110 of them, in order to try to contain this thing. So to me, what that suggests is a global struggle, and the book “Worm” really just is an opportunity to take a look at what I think is a fascinating process.
Tavis: Tell me more about “Worm.”
Bowden: Well, “Worm” tells the story of a little piece of malicious software. It’s called a worm because unlike viruses, which require you to do something stupid, like open an attachment or an email from a contaminated source, a worm doesn’t require you to do anything.
It basically, as it’s described, it worms itself inside the operating system of your computer and turns it over to a remote controller. It also connects your computer to, in this case, millions of other computers around the world, giving this remote controller access to what is in effect a supercomputer which is capable of all sorts of mischief.
Tavis: Who’s behind this?
Bowden: Well, we know that it’s probably a group of programmers. The suspicion is that they’re from the Ukraine because there was evidence when the worm first appeared, one of the first things it did was check to see if the computer it was infecting had a Ukrainian keyboard, and if it did, the worm would self-destruct. So that and other clues point to Eastern Europe.
We don’t know who they are specifically, but we do know that they are among the most sophisticated programmers in the world.
Tavis: You described the difference between worm and a virus. Tell me more about Conficker.
Bowden: Well, Conficker checks into your computer. It exploits a vulnerability that Microsoft had already patched a couple months earlier, but because most people don’t download updates and many Windows operating systems around the world are pirated, the worm managed to infiltrate millions of computers.
It had a way of hiding the controller that was more sophisticated than any seen prior to this one, and it also utilized some of the most advanced levels of encryption to prevent anyone from interfering with its communications, or hijacking it. So it was a very, very snazzy piece of software.
Tavis: I started out, Mark, by asking whether or not an all-out digital world war was a question of if or when, because I wanted to get to the question now of what lessons there were or are to learn from this first dust-up, if you will, and whether or not we’re learning those lessons.
Bowden: Well, I do think that certainly the federal government woke up after Conficker. President Obama back in 2009, shortly after taking office, specifically referred to the Conficker worm in noting how ill-prepared the federal government was to protect even its own computer networks, and I do think that over the past two or three years there have been a lot more aggressive efforts to beef up security measures.
But having said that, I think anyone in this business would tell you that we’re just one command away from somebody launching an attack that could crash the Internet itself.
Tavis: What’s the end game here? Why would you want to crash the world’s entire access to computers?
Bowden: Well, the truth is, Tavis, evidently because they haven’t done it, the folks behind Conficker have no desire to crash the Internet. They built this botnet to be a platform for computer crime, for sabotage, for spying. In other words, they lease out portions of their botnet to whoever wants to use them for whatever reason.
It just so happens that a botnet of this size has the potential to launch an attack that could take out the Internet itself, and the only reason I can imagine someone wanting to do that is if it was, say, a nation-state that was launching an attack or a war, and in fact those kinds of things have happened.
In Russia in 2008 a cyber attack took out all the Internet in the Ukraine before Russian troops invaded that country, so it’s both a weapon and a tool for criminal enterprise.
Tavis: At the moment, though, it’s really about cybercrime?
Bowden: It is. So far, the Conficker botnet has been used, we know, to launch a number of sort of criminal operations, most recently in Europe, and this group was actually caught, a group of programmers leased a portion of the Conficker botnet and drained $72 million from American bank accounts overnight and transferred the money to their own account in Europe.
Now, they got caught. We don’t know of all of the criminal enterprise that’s going on where people haven’t been caught.
Tavis: I assume if – I always make this assumption. I could be wrong, Mark, but I always assume if people can design stuff like this for evil, then there must be some good that comes out of it as well. So let me ask you a strange question: What’s the good, if there is any, that’s come out of these developments, shall we say, scientifically?
Bowden: Well, the Internet itself is, I think, unarguably a good thing. It’s a wonderful tool that’s proved enormously beneficial to people throughout the world, and it has enabled the very sort of anonymity with which you can function on the Internet which enables criminals to work has enabled people to band together and organize in Iran and throughout the Middle East.
Tyrants throughout the world tremble with the power that the Internet gives individuals. So that piece of it is unquestionably good. Distributed networks like botnets have been used for – one use is for the SETI program, which is trying to monitor radio broadcasts from space in the search for intelligent life in the universe, and they’ve created a network of hundreds of thousands of computers that independently analyze little bits of this problem, which was much too big for most computers to handle by themselves.
So that’s an application that’s not dissimilar from a botnet, but that’s a positive use.
Tavis: You made a distinction earlier, Mark, that makes me believe, at least if I heard you right, makes me believe that there’s not a whole lot I can do to protect myself from worm. You made the distinction earlier that a virus we end up getting because we end up clicking on something we probably shouldn’t have clicked on, but we don’t have that kind of control over this particular threat. So are you saying to me that I don’t have any way to protect myself?
Bowden: No, you do. In fact, the worry isn’t so much, Tavis, your own computer. You can reasonably well protect your computer if you just download security updates.
In this case, Conficker attacks Windows operating systems, and if you had been downloading your security updates for your computer you would not have been vulnerable to being invaded by Conficker. The problem is more societal than it is individual.
If you’re vaccinated, you can protect yourself from a disease. If you fail to vaccinate yourself, you don’t just fail to protect yourself, you fail to protect society at large, and the biggest threat from something like Conficker is more societal than it is individual.
Tavis: Why should I, to your point now, why should I not believe – or disabuse me, if you can, of the notion that I now hold, which is that the genie’s out of the bottle. You can’t put her back in. That what you’re warning us about is ultimately a foregone conclusion, that what we are discussing right now one day is, in fact, going to happen, as long as there are people around who are smart enough to figure out how to do it?
Bowden: Well, I think that’s certainly true of any tool that’s ever been invented, that it could be used for harm as well as for good. But the Internet in particular, Tavis, was the creation of kind of the late 1960s, early 1970s. It was created to help academic scientists primarily share data freely, and very little thought was given to the need to protect data.
It’s certainly possible to build protections or defenses within the existing Internet, and I think what you’re going to begin to see fairly soon are parallel internets available for use that provide individual users a higher level of security than the public Internet that currently exists.
So there are solutions to this problem. They’re not here with us yet, but I think they’re just right around the corner.
Tavis: Finally, to the discussion we were having earlier about what there is to learn from what “Worm” offers us, the Pentagon recently, as you know, changed its policy to now essentially suggest that they view cyber attacks as an act of war. Your thoughts about what that means politically?
Bowden: What that means is that we increasingly lean on the Internet for vital infrastructure in this country – the electrical grid, the air traffic control system, our banking, our commerce, many other really vital systems in our country lean on the Internet, which is an increasingly fragile – which is still a very fragile tool.
So I think what we need to learn is that if we’re going to lean really heavily on this thing it has to be able to protect us as well as to enable us to share information.
Tavis: The book is called “Worm: The First Digital World War,” written by Mark Bowden, author of “Black Hawk Down.” Mark, good to have you on the program. Thanks for sharing your insights.
Bowden: Thank you, Tavis.
“Announcer:” Every community has a Martin Luther King Boulevard. It’s the cornerstone we all know. It’s not just a street or boulevard, but a place where Walmart stands together with your community to make every day better.
“Announcer:” Nationwide Insurance supports Tavis Smiley. With every question and every answer, Nationwide Insurance is proud to join Tavis in working to improve financial literacy and remove obstacles to economic empowerment one conversation at a time. Nationwide is on your side.
“Announcer:” And by contributions to your PBS station from viewers like you. Thank you.