Wes Bausmith / Los Angeles Times (Wes Bausmith, Los Angeles…)
Earlier this month, researchers discovered a cunning strain of malware, dubbed the Lurid Downloader, that has been systematically and silently stealing data from carefully targeted government computers in 61 countries.
The discovery was made by Trend Micro, a Tokyo-based computer security company, which identified the invader as a version of a well-known strain of malware that exploits vulnerabilities in the popular programs Adobe Reader and Microsoft Office. It inserts itself into a computer's core, and then phones home to a remote operator who moves continually from domain to domain on the Internet to avoid detection.
The Lurid Downloader had been at work for more than a year inside sensitive government networks (diplomatic offices, space agencies, research institutions), mostly in Russia and countries that were formerly part of the Soviet Union. Once in place, the virus can easily hop around inside a network and, under the control of a remote operator, observe users' keystrokes, peruse files and upload any data it wants to keep.
It is just the most recent example of the newest trend in cyberattacks, something those in the field have dubbed "advanced persistent threats," or APTs. They forgo the more familiar blunderbuss methods of mass infection in favor of sniper-like precision, and they have begun bedeviling cyberspace like a cloud of stinging insects. All take advantage of the anarchic nature of the Internet itself, which emerged 30 years ago free of any central governance or oversight. Because of the essential fluidity of Internet Protocol addresses, which locate a computer in cyberspace, such attacks can be launched with little fear that authorities will be able to pinpoint their origin.
As modern society leans ever more heavily on the Internet for commerce, communications and the management of its vital infrastructures, its fragility becomes an ever greater concern. It was built to share data and to enable connection, with scarcely a thought given to the potential for malice. The only answer to the persistent problem of malware may be to rebuild the Internet from scratch, an undertaking in the planning stages by the Internet Engineering Task Force, an association of volunteer Internet experts supported by the computer industry. A redesigned Internet might "fingerprint" every bit and byte of data so that each packet launched can be traced to its source.
"The Internet has enabled any Mickey Mouse single player to launch something that could be catastrophic," said Rodney Joffe, head of security for Neustar Inc., a company that provides directory services for the Web. "In the real world, you have to have access to plutonium or fleets of fighter jets to wreak widespread havoc. Because of the Internet, any one person can wreak havoc if they have knowledge and a computer."
Sophisticated attacks
Malware has come a long way from the standard Hollywood portrayal of the hacker as an unwashed rebel surviving on junk food in his parents' basement and showing off his skills online. "Botnets" capable of wreaking the kind of havoc Rodney Joffe was referring to, like the one assembled by the Conficker worm starting in 2008, pull computing power from millions of illicitly linked computers. Advanced persistent threats are designed for theft, espionage and sabotage and are the work of nation states or rich criminal gangs. They show a programming sophistication that rivals the best computer security experts in the world.
Here's how Matt Olney, a Maryland-based security expert, defines those behind APTs: "There are people smarter than you, they have more resources than you, and they are coming for you. Good luck with that."
A well-known strain called Poison Ivy has successfully penetrated the networks of the Defense and State departments. Another is the Stuxnet worm, thought to have been designed by Israel or the United States, or both, which set back Iran's illicit nuclear weapons program. Perhaps the most surprising recent victim was RSA, the security arm of EMC Corp., which provides top-level encryption for the public transfer of sensitive data. Earlier this year, hackers stole privileged information and used it to craft fake RSA SecurID tokens, meant to be a key to supposedly secure information anywhere.
Whether posing a giant or a narrowly sculpted threat, malware relies on the ease of operating anonymously on the Internet. The mysterious creators and controllers of the Conficker worm, which infected an estimated 10 million to 12 million computers worldwide in 2008 and 2009, move daily among 50,000 randomly generated Internet domains. Volunteer security experts — known as the Cabal — labored mightily to shut down the botnet, which is no longer growing but remains very much alive.
