Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

The Next Worm Could Disable U.S. Communications and Computers
Yahoo Business News ^ | Aug. 22, 2003 | John Mariotti

Posted on 08/22/2003 9:37:05 AM PDT by FairOpinion

OAK RIDGE, Tenn., Aug. 21 /PRNewswire/ -- "If you think the recent blackout in the Northeastern US wreaked havoc, watch out for the attack of the 'Worms,'" says executive and author John Mariotti. "The Sobig F and Blaster worms are just warm-ups for the real attack," states Mariotti a noted corporate executive, business writer and novelist. "Nobody paid attention to the warnings before 9/11, and nobody is listening to the warnings now."

"When I wrote 'THE SILENCE,' I knew the technology existed to plant 'back doors and Trojan Horses' in millions of computers. When an evil force takes control of all those computers, the US's entire communications and computer infrastructure is vulnerable," warns Mariotti. "The gaps in Microsoft's widely used software worsen the risk, but the real tragedy is the total inability of Homeland Security to deal with cyber-security. It is bogged down in a morass of indecision and confusion."

When asked why warnings like "THE SILENCE" are being ignored, Mariotti said, "There is no central authority in communications and information technology, therefore a sort of technological anarchy exists. With no central organizing body, there is no coordination. The US government agencies, the FBI, CIA, et. al. have difficulty just coordinating their own systems and are ill-equipped to solve a crisis of massive proportions in this field."

The government is fighting wars on too many fronts to worry about a hypothetical cyber-attack. But no one believed the gruesome ending Tom Clancy's novel "Debt of Honor" could be a prophecy of future terrorist attacks -- but sadly, it was. Mariotti's reaction to this, "I hope this is 'much ado about nothing,' but I fear it isn't. A cyber-terrorist attack in the near future is a virtual certainty. All that's uncertain is when and whether it will end like 'THE SILENCE.'"

Well-known technology writers have written about the risks recently, including George Hulme in Information Week, Simson Garfinkel in MIT Technology Review and Dan Verton of ComputerWorld, in his book entitled "Black Ice." Garfinkel called the recent plethora of worm attacks "proofs of concept" for a cyber-attack. Verton's novel draws on prior crisis simulations that are chillingly close to reality.

"THE SILENCE." Writers Showcase Press. www.thesilence.info.


TOPICS: Business/Economy; Crime/Corruption; Culture/Society; Extended News; Foreign Affairs; Government; News/Current Events; Technical; War on Terror
KEYWORDS: attack; communications; cyber; internet; lowqualitycrap; microsoft; terror; windows; worm
Navigation: use the links below to view more comments.
first 1-2021-4041-44 next last
In case you missed it, there is a very good aricle about Al Qaeda cyber attacks, including specific evidence found, in a June 2002 article in the Washington Post:

http://www.washingtonpost.com/ac2/wp-dyn/A50765-2002Jun26

1 posted on 08/22/2003 9:37:07 AM PDT by FairOpinion
[ Post Reply | Private Reply | View Replies]

To: FairOpinion
I don't know if the worms are the work of AQ (I doubt it) or the creation of some little punk in a basement with a computer and too much time on his hands, but these worms and the variants caused havoc around here.

No data loss, but several sites blocked incoming traffic. If fact, certain protocols are still blocked.

MAJOR pain in the rear. But that's about it.
2 posted on 08/22/2003 9:47:29 AM PDT by appalachian_dweller (If we accept responsibility for our own actions, we are indeed worthy of our freedom. Bill Whittle)
[ Post Reply | Private Reply | To 1 | View Replies]

To: FairOpinion

3 posted on 08/22/2003 9:50:26 AM PDT by jimkress (Go away Pat Go away!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: jimkress
Slammer worm crashed Ohio nuke plant network (Still Think The Blackout Wasn't A Cyber Attack???)
http://www.freerepublic.com/focus/f-news/968478/posts



Report warned power vulnerable to terror
http://www.freerepublic.com/focus/f-news/968487/posts
4 posted on 08/22/2003 9:53:54 AM PDT by FairOpinion
[ Post Reply | Private Reply | To 3 | View Replies]

To: appalachian_dweller
MICROSOFT WORKING WITH THE FEDS, VIRUS ATTACKS MAY BE TERRORISM
http://www.freerepublic.com/focus/f-news/968431/posts

Evidence gathered by Microsoft, the FBI, and the Secret Service on the worldwide attacks made against the computers running the Windows operating system fits the profile of 'terrorist activity.'

Industry sources citing Mirosoft officials told World Tribune.com that the recent attacks from the 'Blaster' worm and its variants, coupled with an email virus called 'SoBig-F' show signs of a coordinated attack by an entity wanting to disrupt world commerce.

Microsoft is cooperating with both the FBI and the Secret Service and will report their findings in the next few days.

5 posted on 08/22/2003 9:56:07 AM PDT by FairOpinion
[ Post Reply | Private Reply | To 2 | View Replies]

To: JustPiper
ping
6 posted on 08/22/2003 9:56:37 AM PDT by FairOpinion
[ Post Reply | Private Reply | To 5 | View Replies]

To: appalachian_dweller
I don't know if the worms are the work of AQ (I doubt it) or the creation of some little punk in a basement with a computer and too much time on his hands, but these worms and the variants caused havoc around here.

My site's server is stopping about 22 a day. My wife's has stopped about a thousand.

Perhaps an alternate internet with no access for .cn,.kr,.sp,.hk,.tw would be a good start..kins of like a US only WAN?

7 posted on 08/22/2003 10:01:36 AM PDT by Gorzaloon (Contents may have settled during shipping, but this tagline contains the stated product weight.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: FairOpinion
I know Slammer is an exception, but almost every major Windows virus has exploited a hole for which the vulnerability was known and a patch was available, in many cases, for months before the attack.

Administrators of critical systems nned to be doing better jobs of keeping their systems patched in a timely manner. Of course, truly critical systems should have a backup that runs a different OS than the primary system.

8 posted on 08/22/2003 10:02:37 AM PDT by kevkrom (This tag line for rent)
[ Post Reply | Private Reply | To 1 | View Replies]

Comment #9 Removed by Moderator

To: FairOpinion
Al Qaeda doesn't have the skill. This is more likely of chinese influence.
10 posted on 08/22/2003 10:07:54 AM PDT by Bikers4Bush
[ Post Reply | Private Reply | To 1 | View Replies]

To: FairOpinion
Question: Since last night, I've been deluged with email from addresses I've never heard of with the subject line starting" Worm SOBIG . . . I'm deleting these suckers as fast as I can. Has anyone else experienced this?
11 posted on 08/22/2003 10:11:05 AM PDT by lilylangtree
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bikers4Bush
"Al Qaeda doesn't have the skill. This is more likely of chinese influence"

It could be either.

Al Qaeda can hire people too.


http://www.washingtonpost.com/ac2/wp-dyn/A50765-2002Jun26

Officials said Osama bin Laden's operatives have nothing like the proficiency in information war of the most sophisticated nations. But al Qaeda is now judged to be considerably more capable than analysts believed a year ago. And its intentions are unrelentingly aimed at inflicting catastrophic harm.

One al Qaeda laptop found in Afghanistan, sources said, had made multiple visits to a French site run by the Societé Anonyme, or Anonymous Society. The site offers a two-volume online "Sabotage Handbook" with sections on tools of the trade, planning a hit, switch gear and instrumentation, anti-surveillance methods and advanced techniques. In Islamic chat rooms, other computers linked to al Qaeda had access to "cracking" tools used to search out networked computers, scan for security flaws and exploit them to gain entry -- or full command.

Most significantly, perhaps, U.S. investigators have found evidence in the logs that mark a browser's path through the Internet that al Qaeda operators spent time on sites that offer software and programming instructions for the digital switches that run power, water, transport and communications grids. In some interrogations, the most recent of which was reported to policymakers last week, al Qaeda prisoners have described intentions, in general terms, to use those tools.




12 posted on 08/22/2003 10:12:53 AM PDT by FairOpinion
[ Post Reply | Private Reply | To 10 | View Replies]

To: jimkress
http://www.globetechnology.com/servlet/story/RTGAM.20030822.gtsobigaug22/BNStory/Technology/

Sobig's second attack due at 3 p.m. today


By JACK KAPICA
Globe and Mail Update

Another surprise is in store for computers infected with the Sobig virus, security experts are warning.

The virus, the world's most widespread worm which has caused extensive damage to e-mail systems, is set to enter a second phase today (Friday, Aug. 22) at 1900 UTC or 3:00 p.m. EDT.

Co-ordinated by atomic clocks, consultants at CGI CIRT in Ottawa say, computers infected by Sobig will connect to 20 machines in the United States, Canada and South Korea. The list is encrypted in the virus body.

The machines, CGI CIRT says, appear to be home computers connected by broadband to the Internet.

Infected machines will then download a program from a certain Web address and run it.

Currently, that Web address doesn't go anywhere, the security people said. They speculate that the address will become active only seconds before the 20 computers start the download, which gives analysts no time to examine the program to defuse it.

As a result, no one knows what the program does or how much damage it is capable of doing.

Previous versions of Sobig (there have been six in all) have downloaded programs that erase the virus but install a password-stealing program, and install an e-mail proxy that can send spam, without the owner's knowledge.

Researchers were able to break into Sobig far enough to gather all the information except the source of the Web address.

The spamming feature, CGI CIRT said, suggests commercial interests have created the virus, and not a "typical teenage virus writer."

Meanwhile, an antivirus company is warning that a worm similar to the destructive Sobig.F virus, which was programmed to deactivate on Sept. 10, could follow on or near Sept. 11, an antivirus company has warned.

If the Sobig virus creators continue their usual pattern, then Internet users should brace themselves on that day, warned Central Command, the Medina, Ohio-based maker of antivirus software and services.

The Sobig.F worm, the sixth variant of a worm first seen in January, was discovered on

Aug. 19, and is estimated to have infected-millions of systems worldwide.

A new variant might draw on all the infected computers to create "a cyber army focusing a digital assault against major on-line services," Central Command said today.

When particular conditions are met, the company explained, Sobig.F will attempt to download additional components of the attackers' choice. The conditions include performing tests to determine if the current day is Friday or Sunday between the hours of 19:00 (7 p.m.) and 22:00 (10 p.m.) UTC time.

When these conditions are met, the worm will attempt to retrieve further instructions that may include the downloading and execution a back-door hacker program.

Called "Trojan" programs, these back-door programs turn computers into zombies doing the bidding of the virus maker, including full control of the infected computer.

"The virus authors of Sobig have developed a predictable pattern of releasing new variants soon after the current version deactivates itself," Central Command vice-president Steven Sundermeier said.

"If the past repeats itself we could be looking at a newly constructed creation shortly after Sept. 10."

Mr. Sundermeier said he feared that the massive army created by Sobig.F could be used to launch an attack on large Internet infrastructures by means of a denial-of-service attack (DoS).

Sobig.F has been declared the fastest-spreading e-mail plague of all time.

MessageLabs Inc., a company that filters e-mail for corporate clients around the world, said Wednesday it had intercepted more than a-million copies of the Sobig.F virus the previous day, the most it has ever intercepted in a single day. That was one in every 17 e-mail messages the firm scanned.

"That's just a number we've never seen before," said Brian Czarny, MessageLabs' marketing director. The most widespread virus of all time, Klez, at its peak accounted for one in 125 messages scanned.

Sobig.F continued to spread aggressively on Wednesday, though the pace eased off a bit to about one in 60 messages, he said.

The virus spreads through Windows PCs via e-mail and corporate networks. It clogs e-mail systems with messages carrying subject lines like "Re: Details" and "Re: Wicked screensaver."

"It's a seeding," Mr. Czarny said. "All they're looking to do is plant that Trojan."

With a report from Associated Press

13 posted on 08/22/2003 10:15:17 AM PDT by FairOpinion
[ Post Reply | Private Reply | To 3 | View Replies]

To: FairOpinion
I know I will probably be "flamed" for what I am about to say, but here goes anyway......

Before Y2K, we listened to the tech community cry to the nation that we had to spend massive amounts of money to protect our computers from what was about to happen. No doubt that there was a thread of concern, but the techies took advantage of this mild concern and grew it to massive porportions, which then spread to enclude panics in buying food, supplies and even had some hiding out in caves in the mountains.

Now, reminded by the fable of the "boy crying WOLF", we are now told that our computers are about to be all shut down by massive worms and viruses. Can you blame us for doubting that this threat will be all that dangerous?

On the other hand, let's for a moment say that there IS a real danger..... we do not exactly make it easy for "newbies" and non-tech sorts to protect their computers from viruses. New PC owners are told that they were given a "free" anti-virus program... only in the fine print, they can't understand, does it explain that they need to now pay $65 for that anti-virus to update regularly and be of any use at all. Then we all know that anti-virus programs are NOT cheap, even to seasoned PC users who know to buy them. Then there is much miss-information going around....when I switched to cable connection I asked the installer, "do I need do do anything different for virus protection?" He said, "no". I was testing him. I said, "what about those firewall thingys? Do I need one of those?" He said, "no need, you are safe." I pulled out some literature and showed him why PC's on cable connections need firewalls (unless they are connected to a router), but that didn't faze him a bit. He said, "well then go ahead and waste your money lady."

A vast portion of the PC-using public has no idea that they need anti-virus protection or much less how to go about getting it. Computers are sold to people and then they are "thrown to the sharks" so-to-speak.... tossed into the waters to sink or swim alone. Perhaps if protecting the Internet is so vital, anti-virus programs should be built into ALL ISP packages and the charges for them encluded in ISP fees. Better yet, hand out anti-virus programs much the same way free browsers are handed out! Somehow I doubt that will happen as those same techies that made so much money crying wolf before Y2K are now making too much money repairing computers afer they inevidably get a virus!
14 posted on 08/22/2003 10:16:56 AM PDT by Apple Pan Dowdy (... as American as Apple Pie)
[ Post Reply | Private Reply | To 1 | View Replies]

To: appalachian_dweller
MAJOR pain in the rear. But that's about it.

But it's only dumb luck that's all it was. The SoBig.F virus installed an FTP server that would have allowed access to computers it infected. Apparently nothing was done with that access.. yet... this time. It may have been a "dry run" for doing some real damage. Whoever did it has shown that in any organization of any size, there will be some dumb schmuck that will open such an email, and once past the organizational firewalls, a worm can exploit vulnerabilities in the operating system to do pretty much whatever it's author wants.

It is interesting that the worm and it's "payload" were said to go dormant on Sept. 10th. Perhaps clearing the way for the real nasty to come on September 11th? At least we don't have long to wait to find out.

15 posted on 08/22/2003 10:21:21 AM PDT by El Gato
[ Post Reply | Private Reply | To 2 | View Replies]

To: Apple Pan Dowdy
"..... we do not exactly make it easy for "newbies" and non-tech sorts to protect their computers from viruses.

A vast portion of the PC-using public has no idea that they need anti-virus protection or much less how to go about getting it. Computers are sold to people and then they are "thrown to the sharks" so-to-speak.... tossed into the waters to sink or swim alone"

---

I completely agree with you. Also, firewalls are only useful if configured properly, yet nobody is teaching people how to do that, usually the default is not good enough.

On one hand we have the problem that apparently even computer administrators, who should know better aren't applying patches, screening out viruses, etc., and probably 80-90% of the public are just sitting ducks for such attacks. Most people aren't even aware how important it it to have up to date firewall and virus programs and how to configure them.

You are right -- this problem needs to be addressed.
16 posted on 08/22/2003 10:23:38 AM PDT by FairOpinion
[ Post Reply | Private Reply | To 14 | View Replies]

To: El Gato
Read my article in my post 13 -- long, but very illuminating.
17 posted on 08/22/2003 10:25:22 AM PDT by FairOpinion
[ Post Reply | Private Reply | To 15 | View Replies]

To: FairOpinion
Question to you, since you seem to know of what you speak ..... am I right that I do not need a firewall if all computers are connected through a router? All sources seem to assure me of that, but I am always open to further information.
18 posted on 08/22/2003 10:39:27 AM PDT by Apple Pan Dowdy (... as American as Apple Pie)
[ Post Reply | Private Reply | To 16 | View Replies]

To: FairOpinion
I don't think it's coincidence that many individuals connected to terrorists are in this country teaching/taking computer science/engineering courses.
19 posted on 08/22/2003 10:44:24 AM PDT by windchime
[ Post Reply | Private Reply | To 1 | View Replies]

To: El Gato
>> It is interesting that the worm and it's "payload" were said to go dormant on Sept. 10th. Perhaps clearing the way for the real nasty to come on September 11th? At least we don't have long to wait to find out. <<

Alas, good point. There's a tread just started in breaking news about another one that's suppose to go today. Haven't hit the thread yet. Going there now.
20 posted on 08/22/2003 10:48:19 AM PDT by appalachian_dweller (If we accept responsibility for our own actions, we are indeed worthy of our freedom. Bill Whittle)
[ Post Reply | Private Reply | To 15 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-44 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson