Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

In the military, most new weapons systems go through an evaluation, or proof-of-concept, phase. These are not full-power tests, but baby steps to show that key technology should work as advertised.

This sort of testing takes place not only with missiles and bombs but also with the cybernetic implements of information warfare. Indeed, any group that is developing tools to disrupt an adversary’s information systems would be downright irresponsible if it did not conduct proof-of-concept demonstrations as part of its R&D process. These tests would not cause great harm: instead, they would be designed to whet the appetite of officials higher up the command chain.

And what would a proof-of-concept demonstration for an information warfare weapon look like? Possibly a lot like the computer virus attacks the Internet has experienced in recent years. I suspect that some of these electronic attacks were actually the results of deliberate tests for a future attack that could have truly dire consequences.

To understand my alarm, you need to understand the anatomy of computer viruses and their cousins, worms. Most of these hostile programs have three parts. The first, the “exploit,” is the technique the virus or worm uses to break into systems. Most exploits take advantage of a known security flaw-for example, the classic “buffer overflow,” in which an excess of incoming data corrupts the information already stored in memory. The second part, the “propagation engine,” is the code that targets computers for attack. And the third, the “payload,” does the actual damage.

Viewed through this morphology, the major worms that have disabled computers on the Internet-Code Red, Nimda, Klez, and, most recently, Slammer-share a disturbing similarity. Each one employed a novel-and extremely effective-propagation engine. But for exploits, all these worms have used security vulnerabilities that had been previously identified. And as for the payload: all were duds. Even though each gained so-called administrative privileges to alter the systems they infected, none used its privileges to cause mayhem.

Sure, they did some harm. But in nearly every case, the damage was caused by the propagation itself-as if a burglar systematically were to break windows, enter every house on the block, and steal nothing. An actual payload could scramble financial data, erase operating systems, and ruin motherboards by wiping out the contents of their programmable chips.

0 comments about this story. Start the discussion »

Tagged: Computing

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me