It’s one of those things. Most of us rely on the Internet a little more than maybe we ought—not just for entertainment and news, but also for shopping, banking, and sharing personal (and potentially embarrassing) information. Many of us will acknowledge an over-reliance on the Web, but go on using it anyway—what’s the alternative?—even as we kinda, sorta, feel a little bit of anxiety about the whole affair. This anxiety fades quickly enough—after all, if there were really something to worry about, the guys in charge would be on top of it, right?
Well—no, actually. Partly this is because new threats crop up constantly, so just keeping up to date with them is a full-time job. Partly, it’s because nobody knows quite what the next threat will look like. And partly, of course, it’s because there are no “guys in charge” of the Internet. It is, famously, a self-regulating entity. What this means in practice is that in the Internet’s early days, the smooth flow of information on the Web, and the control of privately-held information like your credit card numbers and the Pentagon’s missile launch codes, was left in large measure to a de facto honor system. People being people, this didn’t work for long.
Soon enough, Web experts saw the need to stay ahead of malicious hackers who would use the Internet for any number of possible nefarious purposes, most of which—but not all—involved making money. As time went on, the brightest of these very bright Web experts, or super-geeks if you prefer, attained a certain status among those in the know. Dubbed “the cabal”, this assortment of security kingpins, code-writers, adminstrators and tech wizards took it upon themselves to safeguard the Web from malicious atacks. They chatted on message boards, exchanged information and created “sinkholes” where new strains of malware and viruses could be contained, studied, and in some cases picked apart line by line.
It was just a matter of time before one of those attacks threatened to take down everything.
Worm: The First Digital World War describes a span of two and a half years, from November 2008 to April 2011, in which the cabal found themselves faced with an Internet worm of truly alarming size and cunning. Displaying a degree of sophistication far outstripping any previous computer bug, the Conficker worm operated in stealth: it infected a computer, then erased the computer’s knowledge of its arrival. Computer users had no idea it was there, as it didn’t flash a pop-up ad offering financial services, anti-virus software or porn. It just sat there. Ultimately it would infect an estimated 100 million personal computers. It might be in yours.
And the purpose of this ingenius bit of computer nastiness? That’s just it. Nobody could figure it out.
Once safely ensconced in the target computer’s operating system, the Conficker worm sent out a regular pulse to a randomly generated set of web sites each day. (Random generation ensured a virtually infinite set of possibilities, as numbers and letters were scrambled together in meaninless strings of characters.) Sooner or later, the writers of the virus would be waiting at one of those web sites, and when that happened, they would be able (presumably) to give the program its next set of instructions.
If this were to happen to your computer and yours alone, that would be a bummer. But Conficker created a botnet—a remotely-controlled network of “robot” computers that could be vulnerable to receiving orders from a remote location. In effect, this was an Internet within the Internet, and with 100 million computers engaged to one purpose, it represented a potentially devestating threat. Just think of how many of the world’s financial institutions are reliant on the Internet, not to mention military applications, civil air traffic control, municipal power grids…
Author Mark Bowden, whose Black Hawk Down proved him a capable storyteller of nail-biting catastrophe scenarios, does a good job here, as well. In terse, no-frills writing, Bowden lays out the problem, then escalates it level by level. He draws brief but effective thumbnail sketches of the cabal’s members, as these “white hats” engage in a silent, all-but-ignored battle with the “black hats” and their unknown but presumably nefarious schemes.
Apparently, Bowden was granted access to the emails of various members of the cabal, as he presents us with lengthy extracts that reveal tensions within the group, as egos clash and mistrust rises among members, even as the overriding concern of quelling the Conficker worm remains the paramount consideration. Oh, and if you’re one of those people who’s always suspected that the government is more or less clueless about everything, there’s plenty here to support that belief.
Worm is a solid although disquieting read for anyone with a stake in the Internet’s continued smooth functioning—and these days, isn’t that just about all of us? The book illuminates a shadowy part of the cyberworld that few of us have any expertise in, and while reading it won’t make you an expert, it may at least open your eyes to how little you actually do know. Hey, that’s a start. Knowledge is power, and nowhere is that more true than in cyberspace.