Monday, July 12, 2010

Conficker, Cyber Emergency, and the Internet Kill Switch

by Kai Tischen

July 11, 2010

Conficker is a computer worm which has been infecting PC's on the Internet since November 2008. Worryingly, nothing is publicly known of its mission, because it has yet to do anything of great note. Conficker is building and maintaining a powerful network of enslaved computers, and machines infected with the worm can be made obey the whims of Conficker's unknown commanders. Its advanced peer-to-peer networking design makes the program's control network difficult for Internet providers to shut down. Today this strange worm constitutes a powerful overlay of control across an unknown vastness of Internet-connected computers. With the exception of distributing some small-time malware, however, it has been essentially dormant. Conficker is like an army, recruiting and training for two and a half years, with no history save for robbing the corner store.

Conficker's obfuscated code, stealthy peer-to-peer mechanisms, evasion of network filtering, and sophisticated updates are exemplary in the world of worms. If Conficker has any equal in its combination of technical inscrutability, pervasiveness, bulletproof networking, and steady innovation, it's another application called Skype. Like Conficker, Skype obscures its operation from debuggers and disassemblers, can't be effectively blocked on the network layer, stumps experts with its formidable peer-to-peer system, and is backed by a team dedicated to preserving these advantages. Skype works this way to gain specific commercial advantages. Conficker works similarly. But why does Conficker even exist?

The public doesn't yet know why such cutting-edge work has been poured into developing and spreading the Conficker worm. But one worrisome possibility is that Conficker's army of zombie PC's could present the "Internet emergency" that authorities (the U.S. government in particular) have long warned about — a sustained attack of such scale and resilience that the network is brought to its knees. The sleeping giant Conficker may be designed specifically to launch just that conflict.

History has taught us that most large-scale "cyber attacks" on the Internet are manageable. A newly discovered vulnerability is targeted to spread malicious code, or an avalanche of bogus traffic is directed at a web site to shut it down. If the Conficker network were to launch one of these typical attacks, effective defenses would probably be mounted. Software would be updated, Internet providers would set up filters, and so on as usual. However so long as Conficker's remarkable peer-to-peer control systems remained online, its army would remain standing. Its attacks could be changed and adapted at the tempo of combat. As one offensive was foiled, another could be launched. What began as a one-time confrontation would become a protracted battle.

With the Internet labeled a "strategic national asset" by the President of the United States, how would the network be "saved" in such a scenario? The pervasiveness of Conficker on personal computers, and the durability of its command-and-control systems, are seemingly facts of life on the present-day Internet. Apparently no simple filtering can stop Conficker from receiving its marching orders, or the network would already be beaten today. It's quite arguable that quelling Conficker would require nothing less than blockading the Internet itself. Nothing unidentifiable — nothing that didn't fall neatly under some definition of "legitimate" Internet behavior — could be allowed through. Such drastic action, undertaken by Internet providers at the behest of government, would be a surefire path to eliminating Conficker.

Enter the so-called PCNAA or "Internet kill switch" concept advancing through the legislature of the United States of America. If this power comes into law, it will give the President the exact power needed to clamp down on Internet communications in a "War on Conficker." Heavy network restrictions would be instituted under the pretense of cyber-security, shattering Conficker into millions of isolated soldiers, waiting forever, listening for their new orders with deaf ears. It would be a decisive victory, with celebrations for the nameless warriors of the National Computer Security Center.

But what would Internet look like after it had been "saved" by a network blockade? It would surely continue to please the masses of social networkers, searchers and consumers. But once Conficker had been vanquished by switching the Internet to a default-deny stance, gone would be the flexible information-commons we know today. The new Internet might look a lot like Apple's famous App Store, seemingly offering everything — so long as it's approved by central authority. What would become of the Internet that supports anonymity and privacy? What of Wikileaks? What of encrypted file sharing? As potential Confickers from the standpoint of the network — decentralized, indecipherable, and therefore possibly dangerous — they would be called collateral damage. The Internet would be transformed overnight, with seemingly little alternative but to give up the Internet completely.

It's inevitable: Conficker (or something like it) will eventually stoke a cyber-war that can only be addressed by actions with serious side-effects for the Internet. Unapprehendable malfeasants will be blamed, perhaps painted as those bent on destroying our freedoms. But ultimately our own government authorities, raptured by Conficker's perfect storm, will be the ones to bury Internet liberty. And so long as the core cyber-addictions of our age are allowed to persist online, there will be no backlash, no uprising. Simply stated, Conficker exists to facilitate the authoritarian suppression of personal autonomy in the same of security, a perfect cyber-mirroring of the "anti-terror" policymaking of the last decade.

The creators of Conficker will soon be revealed. They are the authoritarian idealogues who will benefit from the convoluted process of Conficker's destruction.


No comments:

Post a Comment