The Year of the Worm
By David J. Smith
In a few days, we usher out the year of the tiger and welcome the year of the rabbit. But we could as well dub 2010—and 2011 also—the year of the worm. Stuxnet and Wikileaks are just two examples of how worms—computer and human—are crawling into our lives. The repercussions will resonate throughout 2011 and beyond on three levels—technical, human and historical.
Last summer, apparently, someone introduced the Stuxnet worm—a super-cyber-weapon—into some of Iran’s sensitive nuclear program computers. Stuxnet was targeted against a programmable logic controller—PLC—that directs precisely timed industrial processes such as those in a nuclear plant. When Stuxnet found a targeted PLC, it injected its own code into it, concealed itself and the alterations it made, and caused the computer system to misdirect the controlled process.
Stuxnet heralded a new generation of sophisticated worms. Less remarked, however, was the role played by a human worm—humans are, after all, part of any computer system. Stuxnet accessed closed networks—networks unconnected to the Internet—via a flash drive that someone plugged into a USB port.
At about the same time, Wikileaks posted 77,000 classified Pentagon documents about the Afghanistan war on its websites. In October, it dumped 400,000 documents about the Iraq war into cyber-space. All these near-half million reports were purloined from SIPRNET, a US Department of Defense closed computer network.
A closed system like SIPRNET is “air-gapped” from networks that are connected to the Internet to guard against espionage from Chinese, Russian and other cyber-spies. To get information from one network to the other, someone must actually walk from one computer to another with some electronic medium in hand—exactly what someone did for Wikileaks.
There was no sophisticated computer worm. Rather, it is alleged, a human worm carried into his government job a CD of home-recorded Lady Gaga music to help while away hours of trudging through boring Pentagon documents. Then, the allegation runs, this person erased the neo-glam-rock hits and downloaded the boring Pentagon documents that would soon become Wikileaks hits.
And the Monster Ball Tour—maintaining the Lady Gaga theme—continued in late November when Wikileaks began posting a quarter million classified US State Department reports.
With growing dependence of governments, businesses and individuals on computerization, and proprietary operating systems giving way to Internet-compatible systems, the security people were beginning to deal with cyber-threats across the Internet. Then, in the year of the worm, they were reminded of the most ancient security threat—people. Even closed systems are vulnerable to cyber-attack.
The worms who stole the US Government reports were likely activist worms—starry-eyed, transparent neo-anarchists of the sort that Wikileaks attracts. But beware; species closely related to the activist worm are the affinity worm, terrorist worm, spy worm and that oldest invertebrate creature, the paid worm. Throughout 2011 and beyond, we will be plagued by them.
On the technical plane, expect a visit from the IT guys where you work to block USB ports, CD-ROM drives and any other access points to closed network computers. The authentication procedures for people logging into networks and for monitoring their computer activities will be tightened.
Regrettably, on the human level, growing suspicion of each other will be one of the costs, particularly of the Wikileaks caper. The next human worm may not be sexy Russian spy Anna Chapman, but a colleague sitting at the next desk. Mobile telephones, personal computers and personal media devices will be banished from sensitive areas. Hand-bag and briefcase searches will become more common. In most democratic countries, security clearance procedures will be tightened and laws on information classification, unauthorized disclosure and espionage will be updated.
Meanwhile, diplomacy—not just American—has already fallen into a deep freeze.
In America, the post 9/11 drive to share information more broadly throughout the security community will be reversed. The trend will be to hold data in relatively small compartments that are easier to monitor and control. This may prevent the next human worm from downloading gigabytes or terabytes of information not directly pertinent to his or her job. But it may also prevent a security analyst from piecing together disparate pieces of information to thwart some imminent disaster.
Wikileaks, according to its website, provides “a universal way for the revealing of suppressed and censored injustices…Publishing improves transparency, and this transparency creates a better society for all people.” No doubt, many of the organization’s adherents believe in this ideal. But what Wikileaks did was not to expose an injustice—dumping hundreds of thousands of classified documents onto the Internet was wanton cyber-hooliganism. And its consequence will be less, not more transparency. Congratulations, Wikileaks!
Finally there is one salutary historical upshot to all this. Leaked reporting cables sent from the American Embassy in Tbilisi to Washington in August 2008 confirm what some of us have long known—Russia attacked Georgia! Let us see how that information is analyzed during the next year of the worm.