...and how to do it, too. :wtf2:

http://internetweek.com/security02/showArticle.jhtml?articleID=21401723 links to a Berkeley study.

High points
- $50 billion dollars in damage, not including some of the softer impacts such as long-term loss of trust in the ability to do business.
- expected vector is to exploit windows file sharing components
- wonderful terrorism vector - a state-sponsored attack could test the hell out of systems before unleashing the virus, and ensure it exploited multiple versions of windows
- possible replacements of motherboards to be necessary due to unrecoverable errors

Pretty scary stuff for me, particularly because I work in an information technology company.

-- Retro

Pretty scary stuff for us, all our data is stored on computers.

We should just use Skynet to find the worm and destroy it. I'm sure it won't take over every computer in the world and tell all the machines to kill everybody, causing the entire human race to die via nuclear holocast.

Wrong thread for this I suppose..

Terrible. Just terrible.

$50 Billion? Good, just about the amount of cash monay Microsoft has on hand.

See I told them to stay wth punched 80 column cards, but would they listen to me?

Imagine the load time for a current gen FPS using 80 byte per card cards and a high speed card reader.

Or a joquard loom. You'd have to make a new sheet of textile for every frame.

:rofl: @carrier&squiddna

50billion$ isn't that much really...well, considering that it's over 60billion €, yes that is quite a bit...:p

Rofl. There is a solution: Store all data on PAPER! The days of convensional espionage are long over.
:lol:

What a great scientific paper ! Thanks for the link :)
At least it is reassuring that someone has actually described such a scenario and alarmed us against what could follow Sasser and Blaster type worms.
Know thine enemy is the first step...

P.S.: I especially like the heavy use of internet references something I would like to see in more sciences but which of course would have a sort of permanency as a prerequisite.

Whatever country that decides to launch such an attack would be either leveled or invaded within a month.

But how would we find it without mapquest?

What's with all this talk about reverting to paper and punch cards? Just unplug your network cables, ffs.

:rofl:

Squid, that's easy! Google for it! Uh... no wait... national-geographic.com? uh...

-- Retro

Yes General, I'm sure only a country could do such a thing. And they would of course be stupid enough to let everyone know about it.

You know paper is coming back as computer storage? Paper DVDs (http://www.newscientist.com/news/news.jsp?id=ns99994894)

Well there we go, we will be storing information on paper :D

Yes General, I'm sure only a country could do such a thing. And they would of course be stupid enough to let everyone know about it.

The article repeats several times that it would take the resources of a state to develop a worm capable of causing that much damage. And I'd imagine a whole lot of effort would go into finding out who caused such a devastating attack. Are hostile states willing to risk it?

There are other organizations that are at least as powerfull as a state, do not have an easily invadable geographic location and some even wholly operate outside the law.
When Shell and ITT can incite and fight whole friggin' wars then it is really possible that organisations resort to electronical warfare to extort or truly attack so they can further their quest for ever more wealth and power.

Possible but not likely, why? Well because despite the rush to objectify those corporations as big evil mean 'things', they are actually usually lead by people and people tend to have hearts...

Besides its doubtfull that the amount of expenditure ot the amount of gain could be remotley porportional.

Asklepios, what organizations are as powerful as nations and would launch a devastating electronic attack on the United States? I don't think even the largest terror networks have the resources and knowhow to pull off an attack as described in the article.

And I'm going to assume that you're not implying a mega corporation would launch such an attack. It would be suicidal and wholly pointless.

Actually:
The reason it's likely such a superworm would be developed with support from a nation state, said the duo, is that it would require the additional resources that smaller, less well-funded groups lack.

I still think something like Al-Qaeda would have the resources to do somthing like that. Or a very wealthy person.

And if I was, say, Iran, and wanted to release such a worm (which would by the way infect my own country as well), I'd make sure everything points to Iraq as the prime suspect.

The model on which the conclusions are based assumed a state-sponsored attack. Change the model and it probably will have an affect on the research predictions. Al Qaeda has been battered physically and financially since 9/11 and they certainly don't have nation-scale resources at their disposal. Even Iran has a $450 billion GDP.

It would also be very tough to pass off this attack on Iraq, since even after transition of sovereignty there will be intense scrutiny on its government. I think we'd notice if they suddenly started funneling resources into developing massively damaging internet worms. Personally I don't know how hard or easy it is to make it look like someone else did it. But again, is it worth the risk of American reprisal in the wake of Afghanistan and Iraq?

Asklepios's point was that non-state organizations with the resources to do this exist, even if they lack the motive.

And my point is that a government planning on doing this would have a hard time making sure not to fuck up its own computers while at the same time keeping the whole thing secret. They might also want to exclude their allies, and the whole thing is becoming increasingly difficult then.

Um... all it takes is one person to find the vulnerability. From there, all he has to do is talk to a terrorist group, obtain say five or ten computers, lan them together and test out his exploitation of it. The "resources of the state" were for testing and planning purposes - you don't need a billion dollars to find a security hole in Windows XP.

What a wonderful world it would be if that were the case.

Fisher, they also mentioned something about making the worm "better", i.e. something that doesn't draw attention to itself by shutting down your computer.

And all that takes, Moe, is one programmer who knows his stuff. There's a zillion of 'em.

Plus, every single damn worm has been the result of one person finding and exploiting a vulnerability. To make a really really bad worm would just mean that that one person was more motivated to destroy than the average worm maker, and took some more time to make it more destructive. You don't need the resources of a state for that.

I know, Starfisher, I was trying to support your argument.

It is scary how many vulnerabilities are discovered, if you subscribe to a security mailing list, you'll get a "Vulnerability/possible exploit for xxxx" every other day at the very least.
Phatbot was already pretty destructive, but hardly the end of that evolution. The next generation of worms will be even scarier. The only positive side-effect is that these worms raise awareness, so maybe fewer people will click on weird attachments..

Actually, the state's resources would be for creating a testing lab full of internetted/networked systems containing various operating systems and configurations, and for ensuring a worldwide simultaneous distribution to the hotspots that you wanted to detonate the virus at, more than for the authoring of it.

A disgruntled Saudi sheikh, a couple whizbanger would-work-at-JPL-except-it's-sponsored-by-the-Great-Satan moneyhungry genius virus authors, a bunch of reasonably technologically proficient grunt labourers, and a comprehensive computer lab would be all that it would really take.

-- Retro

More than likely the only organization that would use this sort of attack would be an organization that is anti-technology in nature as there really is no way to confine it to one specific country and everybody would feel the same effects. You could immunize your own local office/agency, but thats about it. Spread the word any further than that and there's a serious leak issue. Nobody like Iran or China or even Pakistan would be dumb enough to sponsor something like this, as it would be seriously destructive to their nation and would not even touch any of our military assets (first strike scenario).

So really the only group you would have to be afraid of using this is

1. Hacker with very wealthy parents, way too much time on his hands and some serious acceptance issues

2. Al-Qaeda (it is highly unlikely that they would rely solely on seize-able bank accounts for their funds. I can garuntee that they have plenty of reserve hard currency in several places around the globe. Not to mention they still have drug/weapons trade)

3. The Almish (dont think they have secret cash reserves... but hey... you never know... they could be plotting...)

This destructive virus sponsored by Luddites-R-us.
:!: :!: :!:
*Stamping calculators into silicon shrapnel since 1972

Hehe, yeah, those guys.

Only problem is, to effectively destroy todays technology you would have to use todays technology. So the virus would have to be followed by a mass suicide by all those involved.

The Amish aren't anti-technical. They just don't like it getting in the way of the way they're used to doing things. For instance, many Amish have phones, but they still ride five or ten miles to sit down and chat with their neighbors, because that's the way they live.

If you're Amish, and you have a modern car, or stereo, or TV, or whatever, then you will be ostracized by your Amish nieghbors.

But yes, I know they're not "Anti Technology", and theyre not out to get everybody who uses technology. I was just being humorous.

A lot of Amish use cell phones to do business. They have to make concessions to compete in modern life. But Squid is correct; they adhere tightly to tradition whenever possible. A horse and buggy can replace a car, but shouting across the field can't replace a mobile phone.

And yes, I live very near the Amish and speak to Mennonites every week. If I drive more than a half hour, I have to be wary of the aforementioned buggies.

Then I guess it depends on what community you're in. Cause the ones around here go pretty far to close themselves off from the rest of the world.

Possible but not likely, why? Well because despite the rush to objectify those corporations as big evil mean 'things', they are actually usually lead by people and people tend to have hearts...


Please, let us not debate the heartlessness of world's economic(and also true puppete...eeerr, leaders) leaders that knowingly poison their brothers and employ children.

SquidDNA got what I meant.

Thank you to the others for supplying arguments to show that a state budget (which is also different depending on state) would not be required.