Free Underground: Tales of Hacking, Madness and Obsession from the Electronic Frontier by Suelette Dreyfus Page A
Authors: Suelette Dreyfus
doubted that someone who had gone to all that trouble of creating the WANK
worm would let his baby be exterminated so quickly. The decoy-duck strategy only worked as long as the worm kept the same process name, and as long as it was programmed not to activate itself on systems which were already infected. Change the process name, or teach the worm to not to suicide, and the SPAN team would face another, larger problem. John McMahon had an instinct about the worm; it might just be back.
His instinct was right.
The following Monday, McMahon received another phone call from the SPAN project office. When he poked his head in his boss’s office, Jerome Bennett looked up from his desk.
‘The thing is back,’ McMahon told him. There was no need to explain what ‘the thing’ was. ‘I’m going over to the SPAN office.’
Ron Tencati and Todd Butler had a copy of the new WANK worm ready for McMahon. This version of the worm was far more virulent. It copied itself more effectively and therefore moved through the network much faster. The revised worm’s penetration rate was much higher--more than four times greater than the version of WANK released in the first attack. The phone was ringing off the hook again. John took a call from one irate manager who launched into a tirade. ‘I ran your anti-WANK program, followed your instructions to the letter, and look what happened!’
The worm had changed its process name. It was also designed to hunt down and kill the decoy-duck program. In fact, the SPAN network was going to turn into a rather bloody battlefield. This worm didn’t just kill the decoy, it also killed any other copy of the WANK worm. Even if McMahon changed the process name used by his program, the decoy-duck strategy was not going to work any longer.
There were other disturbing improvements to the new version of the WANK worm. Preliminary information suggested it changed the password on any account it got into. This was a problem. But not nearly as big a problem as if the passwords it changed were for the only privileged accounts on the system. The new worm was capable of locking a system manager out of his or her own system.
Prevented from getting into his own account, the computer manager might try borrowing the account of an average user, call him Edwin.
Unfortunately, Edwin’s account probably only had low-level privileges.
Even in the hands of a skilful computer manager, the powers granted to Edwin’s account were likely too limited to eradicate the worm from its newly elevated status as computer manager. The manager might spend his whole morning matching wits with the worm from the disadvantaged position of a normal user’s account. At some point he would have to make the tough decision of last resort: turn the entire computer system off.
The manager would have to conduct a forced reboot of the machine. Take it down, then bring it back up on minimum configuration. Break back into it. Fix the password which the worm had changed. Logout. Reset some variables. Reboot the machine again. Close up any underlying security holes left behind by the worm. Change any passwords which matched users’ names. A cold start of a large VMS machine took time.
All the while, the astronomers, physicists and engineers who worked in this NASA office wouldn’t be able to work on their computers.
At least the SPAN team was better prepared for the worm this time.
They had braced themselves psychologically for a possible return attack. Contact information for the network had been updated. And the general DECNET internet community was aware of the worm and was lending a hand wherever possible.
Help came from a system manager in France, a country which seemed to be of special interest to the worm’s author. The manager, Bernard Perrot of Institut de Physique Nucleaire in Orsay, had obtained a copy of the worm, inspected it and took special notice of the creature’s poor error checking ability. This was the
worm would let his baby be exterminated so quickly. The decoy-duck strategy only worked as long as the worm kept the same process name, and as long as it was programmed not to activate itself on systems which were already infected. Change the process name, or teach the worm to not to suicide, and the SPAN team would face another, larger problem. John McMahon had an instinct about the worm; it might just be back.
His instinct was right.
The following Monday, McMahon received another phone call from the SPAN project office. When he poked his head in his boss’s office, Jerome Bennett looked up from his desk.
‘The thing is back,’ McMahon told him. There was no need to explain what ‘the thing’ was. ‘I’m going over to the SPAN office.’
Ron Tencati and Todd Butler had a copy of the new WANK worm ready for McMahon. This version of the worm was far more virulent. It copied itself more effectively and therefore moved through the network much faster. The revised worm’s penetration rate was much higher--more than four times greater than the version of WANK released in the first attack. The phone was ringing off the hook again. John took a call from one irate manager who launched into a tirade. ‘I ran your anti-WANK program, followed your instructions to the letter, and look what happened!’
The worm had changed its process name. It was also designed to hunt down and kill the decoy-duck program. In fact, the SPAN network was going to turn into a rather bloody battlefield. This worm didn’t just kill the decoy, it also killed any other copy of the WANK worm. Even if McMahon changed the process name used by his program, the decoy-duck strategy was not going to work any longer.
There were other disturbing improvements to the new version of the WANK worm. Preliminary information suggested it changed the password on any account it got into. This was a problem. But not nearly as big a problem as if the passwords it changed were for the only privileged accounts on the system. The new worm was capable of locking a system manager out of his or her own system.
Prevented from getting into his own account, the computer manager might try borrowing the account of an average user, call him Edwin.
Unfortunately, Edwin’s account probably only had low-level privileges.
Even in the hands of a skilful computer manager, the powers granted to Edwin’s account were likely too limited to eradicate the worm from its newly elevated status as computer manager. The manager might spend his whole morning matching wits with the worm from the disadvantaged position of a normal user’s account. At some point he would have to make the tough decision of last resort: turn the entire computer system off.
The manager would have to conduct a forced reboot of the machine. Take it down, then bring it back up on minimum configuration. Break back into it. Fix the password which the worm had changed. Logout. Reset some variables. Reboot the machine again. Close up any underlying security holes left behind by the worm. Change any passwords which matched users’ names. A cold start of a large VMS machine took time.
All the while, the astronomers, physicists and engineers who worked in this NASA office wouldn’t be able to work on their computers.
At least the SPAN team was better prepared for the worm this time.
They had braced themselves psychologically for a possible return attack. Contact information for the network had been updated. And the general DECNET internet community was aware of the worm and was lending a hand wherever possible.
Help came from a system manager in France, a country which seemed to be of special interest to the worm’s author. The manager, Bernard Perrot of Institut de Physique Nucleaire in Orsay, had obtained a copy of the worm, inspected it and took special notice of the creature’s poor error checking ability. This was the
Similar Books
Torchworld: Outsiders Collection
Dannielle Levan
Losing Faith
Scotty Cade
The Midnight Hour
Neil Davies
The Willard
LeAnne Burnett Morse
Green Ace
Stuart Palmer
Seven Kisses: A Beauty and the Beast Dark Romance
Giselle Renarde
Noble Destiny
Katie MacAlister
Daniel
Henning Mankell
Bringing Down the Krays
Bobby Teale