|
May 2003 Proof of ConceptAre today's computer viruses tests of information warfare weapons? By Simson Garfinkel
In the military, most new weapons systems go through an evaluation, or proof-of-concept, phase. These are not full-power tests, but baby steps to show that key technology should work as advertised. This sort of testing takes place not only with missiles and bombs but also with the cybernetic implements of information warfare. Indeed, any group that is developing tools to disrupt an adversary's information systems would be downright irresponsible if it did not conduct proof-of-concept demonstrations as part of its R&D process. These tests would not cause great harm: instead, they would be designed to whet the appetite of officials higher up the command chain.And what would a proof-of-concept demonstration for an information warfare weapon look like? Possibly a lot like the computer virus attacks the Internet has experienced in recent years. I suspect that some of these electronic attacks were actually the results of deliberate tests for a future attack that could have truly dire consequences. To understand my alarm, you need to understand the anatomy of computer viruses and their cousins, worms. Most of these hostile programs have three parts. The first, the "exploit," is the technique the virus or worm uses to break into systems. Most exploits take advantage of a known security flaw-for example, the classic "buffer overflow," in which an excess of incoming data corrupts the information already stored in memory. The second part, the "propagation engine," is the code that targets computers for attack. And the third, the "payload," does the actual damage. Viewed through this morphology, the major worms that have disabled computers on the Internet-Code Red, Nimda, Klez, and, most recently, Slammer-share a disturbing similarity. Each one employed a novel-and extremely effective-propagation engine. But for exploits, all these worms have used security vulnerabilities that had been previously identified. And as for the payload: all were duds. Even though each gained so-called administrative privileges to alter the systems they infected, none used its privileges to cause mayhem. Sure, they did some harm. But in nearly every case, the damage was caused by the propagation itself-as if a burglar systematically were to break windows, enter every house on the block, and steal nothing. An actual payload could scramble financial data, erase operating systems, and ruin motherboards by wiping out the contents of their programmable chips. |
 |
|
|||||||||||||||||||||
| ||||||||||||||||||||||
Share »
Digg this
Add to del.icio.us
Add to Reddit
Add to Facebook
Slashdot It!
Stumble It!
Add to Newsvine
Add to Connotea
Add to CiteUlike
Add to Furl
Googlize this
Add to Rojo
Add to MyWeb
Favorite
Print
E-mail
Comments