The Storm ‘worm’

Posted on by

Bruce Schneier has a sobering briefing on what he calls “the future of malware”.

Although it’s most commonly called a worm, Storm is really more: a worm, a Trojan horse and a bot all rolled into one. It’s also the most successful example we have of a new breed of worm, and I’ve seen estimates that between 1 million and 50 million computers have been infected worldwide.

Old-style worms — Sasser, Slammer, Nimda — were written by hackers looking for fame. They spread as quickly as possible (Slammer infected 75,000 computers in 10 minutes) and garnered a lot of notice in the process. The onslaught made it easier for security experts to detect the attack, but required a quick response by antivirus companies, sysadmins, and users hoping to contain it. Think of this type of worm as an infectious disease that shows immediate symptoms.

Worms like Storm are written by hackers looking for profit, and they’re different. These worms spread more subtly, without making noise. Symptoms don’t appear immediately, and an infected computer can sit dormant for a long time. If it were a disease, it would be more like syphilis, whose symptoms may be mild or disappear altogether, but which will eventually come back years later and eat your brain.

Storm represents the future of malware. Let’s look at its behavior:

1. Storm is patient. A worm that attacks all the time is much easier to detect; a worm that attacks and then shuts off for a while hides much more easily.

2. Storm is designed like an ant colony, with separation of duties. Only a small fraction of infected hosts spread the worm. A much smaller fraction are C2: command-and-control servers. The rest stand by to receive orders. By only allowing a small number of hosts to propagate the virus and act as command-and-control servers, Storm is resilient against attack. Even if those hosts shut down, the network remains largely intact, and other hosts can take over those duties.

3. Storm doesn’t cause any damage, or noticeable performance impact, to the hosts. Like a parasite, it needs its host to be intact and healthy for its own survival. This makes it harder to detect, because users and network administrators won’t notice any abnormal behavior most of the time.

4. Rather than having all hosts communicate to a central server or set of servers, Storm uses a peer-to-peer network for C2. This makes the Storm botnet much harder to disable. The most common way to disable a botnet is to shut down the centralized control point. Storm doesn’t have a centralized control point, and thus can’t be shut down that way…

There’s more, and none of it is pretty.

Not that we really have any idea how to mess with Storm. Storm has been around for almost a year, and the antivirus companies are pretty much powerless to do anything about it. Inoculating infected machines individually is simply not going to work, and I can’t imagine forcing ISPs to quarantine infected hosts. A quarantine wouldn’t work in any case: Storm’s creators could easily design another worm — and we know that users can’t keep themselves from clicking on enticing attachments and links.

Redesigning the Microsoft Windows operating system would work, but that’s ridiculous to even suggest. Creating a counterworm would make a great piece of fiction, but it’s a really bad idea in real life. We simply don’t know how to stop Storm, except to find the people controlling it and arrest them.

This is the other side of the end-to-end coin.

The looming Google threat

Posted on by

Microsoft used to be the big threat, but it’s fading as the importance of the platform erodes. I’ve been saying for years that Google will be an even bigger public-policy problem than Microsoft ever was. Jeff Jarvis seems to agree and explains why:

Consumers, as we used to be called, won’t support media and journalism with their money. Advertising will. We will become entirely dependent on advertising. And what happens when Google controls the majority of online ad revenue in this country? They’re headed there, for as a TechCrunch commenter points out, Google’s online ad revenue and share of revenue are growing faster than online advertising as a whole.

On the one hand, we should be grateful to Google for enabling the support of much new media. On the other hand, we should fear teh the vice in which Google holds our privates. That’s where media power is consolidating — not in old conglomerates (some of which now depend for a good bit of revenue on who? — on Google.)

I’m not blaming Google for getting to this point. Big, old media handed them this opportunity on a platter. Google was the one company that truly understood the economics of the open network. It understood that it could grow much bigger enabling than controlling. We in media should have followed that model. We should have asked WWGD. What would Google do?

So what do we do now? We need new networks that identify and create new marketplaces for new value — greater value than the coincidence of words on a page, which Google sells. We need to create our own high-value networks (e.g., hyperlocal news). We need open networks that compete with the closed aspects of Google; openness is water to the witch of an opaque network like Google’s.

That “iPod moment” meme

Posted on by

Jeff Jarvis has a forceful disquisition on “the iPod moment for newspapers”. He makes the point that the newspaper industry has for a long time assumed that its salvation lay in ‘e-paper’ — a flexible, foldable, high-res electronic display technology which would allow newspapers to continue as they were but with added e-power. Jeff’s view is that it ain’t gonna be like that, and I’m sure that he’s right. The new iPhone and iPod Touch devices are already pretty impressive as networked readers, and they will doubtless get better in the next couple of years.

I had an interesting discussion yesterday with Brian about the use of the term ‘iPod moment’. It’s slightly misleading because it implies that the appearance of a gizmo is the crucial event. Not so. The genius of the iPod was that it was paired from the outset with iTunes software — and that that software had a beautiful, intuitive interface. It was the combination of the two that made it simple for the average non-techie to manage compressed music files. There were lots of portable MP3 players before the iPod, but syncing them to a PC involved geekery to some degree and so was not for ordinary mortals.

So what really constitutes an ‘iPod moment’ is the instant when it becomes possible for the average consumer to engage in a practice that is terminally disruptive for an established industry.

Wikiwars visualised

Posted on by

This is a graphical visualisation of the 20 most hotly-revised articles in Wikipedia. The diagram comes from a fascinating article on how it was constructed. In essence, the authors used network theory:

We began this piece by representing the data as a network. In this case the nodes in the network are wikipedia articles and the edges are the links between articles. We then (with some help from our friends at Sandia) used an algorithm to lay out all 650,000 nodes (wikipedia articles) that had at least one link in such a way that similar articles are near one another. These are the yellow dots, which when viewed at low res give a yellow tint to the whole picture.

The sizes of the nodes (circles, dots, whatever you want to call them), are based on a model of revision activity. So large circles indicate that an article might be controversial, or the subject of lots of vandalism, or just a topic whose content frequently changes. We labeled only the largest nodes, to keep it readable. There is an interactive version of this in the works based on the google maps platform which will change the labels and pictures used as the user ‘zooms’ in or out. Stay tuned for that.

The image used for each tile was selected automatically, simply by using the first image in the most linked to article among all the articles in that tile. We were pleasantly surprised by the quality of the images that appeared.

Our hope for this visualization approach, which we continue to improve on, is that it could be updated in real time to give a macro sense of what is happening in Wikipedia. I personally hope that some variation of it will end up in high schools as a teaching tool and for generating discussions…

Vicious beasts and melting butter

Posted on by

This morning’s Observer column

It is said that savage beasts are most dangerous when cornered. Cue the record industry, lashing out with increasing viciousness in its death throes. It’s been pursuing a policy of suing file-sharers, most of whom have settled out of court. But a court in Minnesota has been hearing the first of these cases that has actually come to court….

Why Did Google Buy Jaiku?

Posted on by

According to Technology Review, it’s all about mobile phones.

The terms of the deal haven’t been announced, but regardless of Jaiku’s price tag, the purchase could be a significant one. Google has long been rumored to be working on a mobile phone, or “gPhone”; Jaiku was originally developed as software for cell phones, and one of the company’s cofounders, Jyri Engeström, was a product manager at Nokia.

While Google has refused to comment directly on whether it’s developing mobile-phone products, its activities over the past few months indicate that it is. Google has announced its intention to bid on a large swath of spectrum in early 2008; it has acquired a mobile-phone software startup, Android, based in Palo Alto, CA; and in a handful of public statements, representatives of the company have alluded to trying to make the mobile experience better. When asked for comment, Google referred to its public statement about the purchase: “Although we don’t have definite plans to announce at this time, we’re excited about helping to drive the next round of developments in Web and mobile technology.”

Hmmm… Pure speculation, of course.

Is the oil, then?

Posted on by

Writing in the LRB, Jim Holt thinks it is

Iraq is ‘unwinnable’, a ‘quagmire’, a ‘fiasco’: so goes the received opinion. But there is good reason to think that, from the Bush-Cheney perspective, it is none of these things. Indeed, the US may be ‘stuck’ precisely where Bush et al want it to be, which is why there is no ‘exit strategy’.

Iraq has 115 billion barrels of known oil reserves. That is more than five times the total in the United States. And, because of its long isolation, it is the least explored of the world’s oil-rich nations. A mere two thousand wells have been drilled across the entire country; in Texas alone there are a million. It has been estimated, by the Council on Foreign Relations, that Iraq may have a further 220 billion barrels of undiscovered oil; another study puts the figure at 300 billion. If these estimates are anywhere close to the mark, US forces are now sitting on one quarter of the world’s oil resources. The value of Iraqi oil, largely light crude with low production costs, would be of the order of $30 trillion at today’s prices. For purposes of comparison, the projected total cost of the US invasion/occupation is around $1 trillion.

Who will get Iraq’s oil? One of the Bush administration’s ‘benchmarks’ for the Iraqi government is the passage of a law to distribute oil revenues. The draft law that the US has written for the Iraqi congress would cede nearly all the oil to Western companies. The Iraq National Oil Company would retain control of 17 of Iraq’s 80 existing oilfields, leaving the rest – including all yet to be discovered oil – under foreign corporate control for 30 years. ‘The foreign companies would not have to invest their earnings in the Iraqi economy,’ the analyst Antonia Juhasz wrote in the New York Times in March, after the draft law was leaked. ‘They could even ride out Iraq’s current “instability” by signing contracts now, while the Iraqi government is at its weakest, and then wait at least two years before even setting foot in the country.’ As negotiations over the oil law stalled in September, the provincial government in Kurdistan simply signed a separate deal with the Dallas-based Hunt Oil Company, headed by a close political ally of President Bush.

How will the US maintain hegemony over Iraqi oil? By establishing permanent military bases in Iraq. Five self-sufficient ‘super-bases’ are in various stages of completion. All are well away from the urban areas where most casualties have occurred. There has been precious little reporting on these bases in the American press, whose dwindling corps of correspondents in Iraq cannot move around freely because of the dangerous conditions. (It takes a brave reporter to leave the Green Zone without a military escort.) In February last year, the Washington Post reporter Thomas Ricks described one such facility, the Balad Air Base, forty miles north of Baghdad. A piece of (well-fortified) American suburbia in the middle of the Iraqi desert, Balad has fast-food joints, a miniature golf course, a football field, a cinema and distinct neighbourhoods – among them, ‘KBR-land’, named after the Halliburton subsidiary that has done most of the construction work at the base. Although few of the 20,000 American troops stationed there have ever had any contact with an Iraqi, the runway at the base is one of the world’s busiest. ‘We are behind only Heathrow right now,’ an air force commander told Ricks…

James Michaels RIP

Posted on by

The man who turned Forbes into a great read, is dead. Nice obit in the Economist, which refers to his greatest scoop: he witnessed the assassination of Mahatma Gandhi. Here’s his report:

‘Bapu (father) is finished’

New Delhi, January 30, 1948: Mohandas K. Gandhi was assassinated today by a Hindu extremist whose act plunged India into sorrow and fear.

Rioting broke out immediately in Bombay.

The seventy-eight-year-old leader whose people had christened him the Great Soul of India died at 5:45 p.m. (7:15 a.m. EST) with his head cradled in the lap of his sixteen-year-old granddaughter, Mani.

Just half an hour before, a Hindu fanatic, Ram Naturam, had pumped three bullets from a revolver into Gandhi’s frail body, emaciated by years of fasting and asceticism.

Gandhi was shot in the luxurious gardens of Birla House in the presence of one thousand of his followers, whom he was leading to the little summer pagoda where it was his habit to make his evening devotions.

Dressed as always in his homespun sacklike dhoti, and leaning heavily on a staff of stout wood, Gandhi was only a few feet from the pagoda when the shots were fired.

Gandhi crumpled instantly, putting his hand to his forehead in the Hindu gesture of forgiveness to his assassin. Three bullets penetrated his body at close range, one in the upper right thigh, one in the abdomen, and one in the chest.

He spoke no word before he died. A moment before he was shot he said–some witnesses believed he was speaking to the assassin–”You are late.”

The assassin had been standing beside the garden path, his hands folded, palms together, before him in the Hindu gesture of greeting. But between his palms he had concealed a small-caliber revolver. After pumping three bullets into Gandhi at a range of a few feet, he fired a fourth shot in an attempt at suicide, but the bullet merely creased his scalp.

From A treasury of great reporting: literature under pressure from the sixteenth century to our own time, edited by Louis L. Snyder, Simon & Schuster, 1949.

Speak, memory

Posted on by

It’s funny how some books linger in the mind, long after you’ve turned the last page. W.G. Sebald’s The Rings of Saturn has had that effect on me. I wrote about it the other day, when I was just over half-way through, and I had a nice email from my friend and colleague, Martin Weller, who had seen my post and had been looking for something unconnected with work to bring with him on holiday. He’d been moved by what I’d written to get the Sebald book.

It was an unfamiliar literary form for me – a meditative travelogue. But Andrew Motion argued in a recent review of The Wild Places by Robert Macfarlane that actually this is a relatively venerable form with its roots “in late 19th-and early 20th-century travelogues of the kind written by Edward Thomas”.

I felt slightly ashamed that I hadn’t known more about Sebald, who died in 2001 aged 57 when his car veered off a foggy road in East Anglia. A friend dug out two newspaper pieces, one an interview by Maya Jaggi published in December 2001, the other the Guardian obituary by his friend and fellow Norfolk resident, Michael Homberger (who features in The Rings of Saturn).

Sebald was born in a small Bavarian village in May 1944, the child of a “working-class, small-peasant” family. His father prospered modestly under the Nazis and rose to the rank of captain in the Wehrmacht. Like many (most?) German children of his generation, Sebald initially knew nothing about what had gone on during the Third Reich. “Until I was 16 or 17”, he told Jaggi, “I had heard practically nothing about the history that preceded 1945. Only when we were 17 were we confronted with a documentary film of the opening of the Belsen camp. There it was, and we somehow had to get our minds around it – which of course we didn’t. It was in the afternoon, with a football match afterwards. So it took years to find out what had happened. In the mid-1960s, I could not conceive that these events had happened only a few years back”.

Perhaps this is why his writing is suffused with a preoccupation with memory. And why he always approaches things obliquely. The thing that struck me about The Rings of Saturn was that he always seemed to be coming from left field. Homberger says in his obit that Sebald believed that “attempts to look directly at the horror would turn a writer into stone, or sentimentality”.

The other interesting thing I discovered is that Sebald was a devoted photographer. (The Rings of Saturn is richly illustrated by low-grade reproductions of the kind of pictures taken by someone who uses – as I do — a camera as a kind of visual notebook.) “I’ve always been interested in photographs”, he told Jaggi, “collecting them not systematically but randomly. They get lost, then turn up again. Two years ago in a junk shop in the east End of London, I found a photograph of the yodelling group from my home town. That is a pretty staggering experience. These old photographs always seem to have this appeal written into them, that you should tell a story behind them. In The Emigrants [another of his books] there is a group photograph of a large Jewish family, all wearing Bavarian costume. That one image tells you more about the history of German-Jewish aspiration than a whole monograph would do.”

He’s right. I hope Martin enjoys The Rings of Saturn as much as I did.