Internet Anthropologist Think Tank: Hacker Hunters cira 2001

  • Search our BLOG

  • HOME
    Terrorist Names SEARCH:

    Saturday, September 22, 2007

    Hacker Hunters cira 2001


    Tens of thousands of computers containing now-dormant Leaves worms await instructions from their master. Should they ever again awaken, a posse will be waiting.

    Wednesday, June 20, 2001
    6:30 a.m.
    FBI Headquarters,

    After 23 years as a CIA analyst, having briefed the president and his team on every conceivable threat to national security, Bob Gerber was scared. More scared than he'd been in a long time.

    Holed up in his cramped, 11th floor office on a stark, colorless hallway at FBI headquarters in Washington, Gerber's stomach turned as he took his first look at a new enemy.

    Gerber was a hunter, one of the government's best. These days, he was hunting worms, malicious computer programs let loose into the wild of the Internet by some of computerdom's most brilliant hackers. Two months earlier Gerber, 56, had left his job at the CIA, where he helped write the president's daily intelligence briefing, to head the analysis and warning division at the FBI's National Infrastructure Protection Center. There, he and his crew of more than 60 tracked worms, viruses and other computer evils, as well as the hackers who create them. Both threatened daily to shut down the engines of modern life - electrical power grids, the banking system, water treatment facilities, the World Wide Web.

    Worms were the most vicious new beasts to stalk the Internet. But Gerber had never seen a worm quite like the one he confronted that sweltering Wednesday morning in June.

    It was named Leaves after "w32.leave. worm," the poisonous file it implanted in unsuspecting computers. Like all worms, Leaves bored through cyberspace, probing Internet connections for holes in personal computers or Web servers. It slithered inside the machines and spewed venomous strings of data that threw its victims into electronic shock.

    Leaves was hardly the first worm to infest the Internet. In fact, the pests became so common in 2001, that security cognoscenti dubbed it the "Year of the Worm." Worms wrought all sorts of damage. They forced computers to delete critical files or erase entire programs. They also allowed hackers to steal personal information from computers' memories. Once they infested their victims, worms made clones, then used their hosts as launching pads for more worms, whose numbers grew exponentially.

    In 2000, Gerber and his team began battling a new species of even more virulent super worms. Rather than devour computers' innards, these worms hijacked their victims' controls, rendering them powerless zombies. With a gang of zombies at his command, the creator of a superworm could mob a Web site or computer system, flooding it with bogus electronic transmissions until it drowned in the data torrent.

    In the spring of 2000, Gerber's colleagues took on a 15-year-old hacker who called himself Mafiaboy. The teenager turned his zombies loose on World Wide Web giants, eBay and Yahoo!, launching what is called a distributed denial of service attack that shut down business at the sites for five hours. It cost shareholders and the companies billions and shocked the Web world.

    But compared with the Leaves worm, Mafiaboy's creation was a larva. Gerber's best analysts had worked late into the night trying to make sense of a sample of Leaves captured by worm watchers at the SANS Institute, a computer research center in Bethesda, Md. They let Leaves infect a computer, and then they watched how it behaved. What Gerber saw fascinated and appalled him.

    Leaves was a zombie maker on steroids. It searched out computers already wounded by another Internet scourge called a Trojan, which installs back doors in the machines. Leaves used a Trojan called SubSeven as its entrance. Once transformed, the zombies awaited orders. To communicate with them, Leaves' creator ordered his zombies to rendezvous online through Internet Relay Chat channels. He also told them to visit certain Web sites and download encrypted information to receive instructions on what to do next. No one knew who was controlling the zombies, from where or why.


    Labels: , , , ,


    Post a Comment

    Subscribe to Post Comments [Atom]

    << Home