Feds Working to Stop Worms 250
mbenzi writes "This article from GovExec describes how the feds worked to prevent a worm that could have been orders of magnitude worse than Code Red. Short on details, but an interesting timeline."
This discussion has been archived.
No new comments can be posted.
Feds Working to Stop Worms
Related Links Top of the: day, week, month.
Scientists will study your brain to learn more about your distant cousin, Man.
I saw this and thought of dune/star wars (Score:4, Funny)
thanks government!
Re:I saw this and thought of dune/star wars (Score:5, Funny)
With the upcoming Desert War II, President Bush wants to make sure that the Iraqis riding on sandworms won't be able to get behind our lines and cause horrofic dammage like they did before.
There are also unconfirmed reports of a new spiritual leader who has been supplying them with rocket launchers and teaching them how to ambush the spi--, er, oil smugglers. Let's just hope there isn't a sand storm when Bush visits....
Re:I saw this and thought of dune/star wars (Score:3, Funny)
The FBI realized they are powerless if it comes down to fighting crime and terrorism and now decided to change their core business - make money from copyrights on crappy stories.
Re:I saw this and thought of dune/star wars (Score:2)
Walk without rythm and you won't attract the worm.
Re:I saw this and thought of dune/star wars (Score:2)
The crackers broke into the wrong &#%@$! Rec Room?
Pointless (Score:2, Insightful)
Re:Pointless (Score:3, Insightful)
Your comparison to **AA is somehow off since **AA is more about a few big organisations wanting to control everybody while worms are something everybody except for a few individuals want to get rid of.
Re:Pointless (Score:2, Troll)
there's enough ingenuity in people that want to do wrong that they'll never be shut down completely.
Who said anything about "completely"? The point is that they tracked down someone who thought they were anonymous, and there's a message there for every other script kiddie (as a sidenote: I found this story overstated the capabilities of this worm which is something that security people usually do basically as a roundabout way of patting themselves on the back). Personally I think that the Internet should become a UN-style governed entity and any country that doesn't actively pursue computer criminals should be barred from the global internet.
Re:Pointless (Score:2)
Apparently he observed that the current approach to fighting "cybercrime" is (instead of building safe networks) to sic the FBI on them, and that this won't work if the attacker is outside of our jurisdiction.
Therefore he hopes that really soon now, our jurisdiction can expand to swallow the entire planet.
Pax Americana at last!
Who the heck wrote this? (Score:5, Interesting)
With a gang of zombies at his command, the creator of a superworm could mob a Web site or computer system, flooding it with bogus electronic transmissions until it drowned in the data torrent.
Tens of thousands of computers containing now-dormant Leaves worms await instructions from their master. Should they ever again awaken, a posse will be waiting.
With writing like this it sounds like someone trying to scare up funds to keep this department up and running.
Re:Who the heck wrote this? (Score:3, Funny)
Re:Who the heck wrote this? (Score:5, Insightful)
One of the largest IRC networks was recently humbled by attacks from worm-infected computers. Every other large IRC network deals with several new infections each week. It is only because the script kiddies (mostly) restrain their attacks to IRC, and because IRC admins go to great lengths to fight the worms, that more damage is not done by infected computers.
IRC networks are particularly easy targets, since each server is usually run by separate person or company, and the FBI is not interested in investigating cases unless $5,000 of damages can be claimed by one group -- never mind if there are one or two thousand infected computers that could be wiped out by a malicious kiddie. If the criminals get better at hiding their tracks or their commands, they may become more brazen and attack bigger targets.
Personally, I am glad that somebody in law enforcement is taking active steps to investigate and shut down these worms. They can actually punish the criminals behind the attacks. Private parties can, at most, disperse the botnet or terminate the attacker's account.
I have no problems with the govt enforcing laws, (Score:2, Insightful)
Re:Who the heck wrote this? (Score:4, Insightful)
Personally, I wish they'd spend a little bit of the money on public education. Start giving basic "Home Internet Security: 101" type courses in high schools so that the new crop of wIdiots have atleast a little backing in knowledge to take home with them. Maybe they can secure their parents machines and have an immediate effect on the state of things.
When you consider the sheer number of broadband subscribers in North America, and factor the number of them potentially vulnerable to any number of infiltration tactics, we can easily find ourselves facing 20k 1.5MBit connections. By my count, that makes for a LOT of aggregate bandwidth. DDoSs, information/identity theft are all infinitely possible.
This story only goes to foster the need for knowledge; all it takes is one, or a small group of concerted individuals who plan their attacks carefully, and the Internet can be crippled to a degree that we haven't seen thus far.
Corporations are another story. I believe firmly that they should be held fiscally responsible for the damage done at the behest of their bandwidth and servers. It's their responsibility to hire competent security personell to prevent attacks from using their larger-than-normal resources to aid in an attack. Maybe then competent IT people would suddenly find themselves facing thousands of job openings again, because it would be too expensive a risk for big companies not to have them on staff.
Every connection with an educated person at the helm who keeps track of security updates and is mindful of what they install/run is one less connection that can be used to attack those of us who do take this care.
</RANT>
Ugh, I hate morons on the 'net... (Score:2)
What's really annoying - I've been getting Yaha sent to me constantly for MONTHS from one person who just doesn't seem to "get" it. What really pisses me off is that when sending them an email asking them to please clean their machine, they ignored me. (Note: I'm not using the from: address. They're an AOL user, and AOL appends an X-Apparently-From: header to all emails that go through their mail servers which Yaha is not known to forge. While the from: addresses are from many different people, the X-Apparently-From: field has the same AOL user, every single time.)
yaha (Score:2)
So i keep telling people they are infected, and to use either not Outlook, not MS, or just keep patched. "Will do!" several have said. I'm still getting yaha and krez. *sigh*...I tried to help.
Re:Who the heck wrote this? (Score:3, Interesting)
I worked for a Police Dept. in California for a few years, and one of the things we did was something like this. While it was targeted at parents and more directed towards stopping cyber-molesters, we did cover basic computer security. Looking back, perhaps it would have been a good idea to spend more time on that...
Re:Holy War (Score:3, Interesting)
Since most of these large-scale DDoS attacks have been local in origin, the Bush administration's fear-mongering about Jihad's in cyberspace are little more than propaganda.
We should probably be more worried about socially stunted 15 year-old prodigies.
Isn't that what the current virii are? (Score:2)
Re:Who the heck wrote this? (Score:2)
Some of those private parties are software developers, who can do a little more- they can fix insecurities, and prevent them from happening in the first place. The only longterm solutions to vulnerabilities.
So far, though, it seems that developers (meaning primarily Microsoft) still don't pay enough attention to security.
Why not? Because the marketplace doesn't value secure software, so they aren't punished for not providing it.
Why doesn't the market value security? Because they think government departments like the one described will protect them, instead of relying on their software vendor or themselves.
By providing these hardworking "cybercrime" specialists, the government accomplishes 3 things:
I'm not saying that no crime committed on a computer should be punished- but that both the level of effort put into hunting, and the amount of punishment allocated should be reduced.
Re:Who the heck wrote this? (Score:4, Funny)
With a gang of zombies at his command, the creator of a superworm could mob a Web site or computer system, flooding it with bogus electronic transmissions until it drowned in the data torrent.
A smart worm could just post a link to the website it wants to bring down to Slashdot in an article made of carefuly crafted phrases built of buzzwords.
So who needs a gang of zombies? Oh, wait.... nevermind.
Re:Who the heck wrote this? (Score:2, Funny)
Re:Who the heck wrote this? (Score:2)
Re:Who the heck wrote this? (Score:2)
btw the author was Shane Harris.
AUGHH! buzzword compliant! (Score:5, Insightful)
SInce when are Skript Kiddeez brilliant hackers?
This article is stupefyingly filled with crap.. the whole alliterative narrative to make a "worm" into something more than a program is scary. "Clones" rather than "copies" "larva" rather than "small". "zombies" "Slither" "poisonous venom".
Ye ghods.. is this a tech article, or color text for a M:TG card?
maeryk
Re:AUGHH! buzzword compliant! (Score:2)
This is written as a fairy tale, and something I'll tell my children (if I ever do have some) when I want to keep them awake all night.
Re:AUGHH! buzzword compliant! (Score:4, Funny)
So now that you know the targeted audience, does the normal-text:crap ratio make more sense now??
Re:AUGHH! buzzword compliant! (Score:2, Insightful)
Re:AUGHH! buzzword compliant! (Score:2)
Unfortunately, these people "matter a lot" because they're the ones signing the check$
Re:AUGHH! buzzword compliant! (Score:2)
It took Marcus Sachs, a cyber soldier from a Pentagon unit trained to attack foreign networks, to bridge the suspicion gap. Sachs dazzled the room with his observations and theories about Leaves. With casual command of hacker lingo and the history of worms and their attacks, he demonstrated both the expertise of the government corps and the urgency of defeating this unique and dangerous foe.
And...
Assigned to the infrastructure protection center, Jupina, 36, was well-versed in cyber jargon.
So, basically, all the equipment you really need to be a government computer crime fighter is an education in 'cyber jargon' and l33+ 5p34|.
Pentagon Cyber-Soldier (Score:2)
Col> Quick, lock-down the instalation
Cyber-Soldier> too late one of the MP's computer has AOL instant messanger and it's out on the internet now
Col > How could has this happened?
Cyber-Soldier> our 4 character password with no numbers or special characters just to weak as outlined in my memo dated yesterday.
Col> Do we have plausable denighablitiy?
Cyber-Soldier> Sure we'll blame some British guy.
Col> I guess we'll never crack Sadam Hussain's e-mail password now will we?
Cyber-Soldier> Sir maybe I should go undercover, get a bunch of security experts to battle this thing.
Col> Good Idea, now excuse me, I going inside my office to get drunk and am going to shoot my self
Feel free to use this--- (Score:2)
A teensy bit over-dramatic. (Score:4, Insightful)
I had all sorts of witty comments to make on this, but I just deleted them because it's all too pathetic.
I guess the point is to impress on people that cyberspace, too, is just like a big ol' Hollywood movie with good ol' Uncle Sam well in control. Or something.
Re:A teensy bit over-dramatic. (Score:2)
I definitely had at leats one flippant remark per paragraph. Who has the idea to write Shane Harris [mailto] an email explaining that this article just made him, and everyone (with possibly the exception of Jupina, who actually did something productive) look like a complete incompotent ass.
I'm sorry, but how hard is it to track a worm that goes into an IRC channel. The part that really cracked me up is this:
Apparently the FBI needs to learn what a compiled binary is, it must have been really hard for them to understand what all those funny characters were.
That's one shot I can't resist making.
Re:A teensy bit over-dramatic. (Score:2)
So you have a P2P worm, that communicates DCC.. that's fine, you still will know the listener port and can reverse engineer the communication protocol with the amount of packets you'd receive.
If the ports mutate to a schedule, you can definitely figure out what the schedule is. The DCC route would make it harder to trace, but still I wouldn't think it's anything that would be such a daunting task for the FBI... if so I think I may go into a career as a black hat because they would be incompotent retards.
Is this the first draft of the new ... (Score:5, Funny)
Is this the first draft of the new Michael Crichton novel?
I found the plot rather thin, the characters unbelievably one-dimensional, and the ending was far to pat and convenient to believe.
Actually, it reads like most of his novels.
Feds Working To Stop Worms (Score:5, Interesting)
In all seriousness I don't understand how they can tell if a worm was "more serious" than code red. The best thing about most worms is that most of them are "so wonderful" that they leave out a few details and never make it anywhere but the authors test system.
It's not worms I'm afraid of, it's next gen virii. With problem solving and logic bots that use AI it's just a matter of time before you train a program to do malicious things and give it multiple ways of accomplishing one goal of infection with a prime directive of selfpreservation, that would be the 'ultimate' worm.
We've all seen the AI programs ability to play chess, and that is impressive all in itself, can you imagine the same type of system loaded with every exploit ever documented, and then the ability to gain access via that list? Or imagine if somehow the program were able to recieve the notices of bugs (Cert, bugtraq, errata, and MS) and then learn of new potentially unpatched systems.
The problem would be not implementing the worm, nor stopping, but finding a reason for it's existence. Would it be used as a proof-of-concept only to be more horribly enacted in version 2? Would it be used for a massive DDoS attack on key internet systems thus disabling the net for a small amount of time? Or would the system dump all valueable information on a centralized server and then essentially commit suicide?
The only problem is how could this bug be 'harmful' to a host system if the prime directive was self perseverance? It's a little bit too deep of thinking for a friday morning, but we have yet to see what virii are actually capable of.
Re:Feds Working To Stop Worms (Score:2, Interesting)
Some of the smarter virii of old could change the entries in the FAT tables to make their program appear to be very small, or the same size as the file they were trying to "replace." I haven't really heard any of this going on with these worms, they don't seem sophisticated enough. Come to think of it, they really don't seem that sophisticated at all.
I guess what I'm getting at is that users are going to start noticing when a virus tacks on 1.2 MB to their file download. Or perhaps I give the average user way too much credit.
Re:Feds Working To Stop Worms (Score:2)
Re:Feds Working To Stop Worms (Score:3, Funny)
$
checking for gcc... (cached) gcc
checking whether the C compiler (gcc ) works... yes
checking whether the C compiler (gcc ) is a cross-compiler... no
checking whether we are using GNU C... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for ranlib... (cached) ranlib
checking for a BSD compatible install... (cached)
checking how to run the C preprocessor... (cached) gcc -E
checking for ANSI C header files... (cached) yes
checking for libvirus... no
checking for alternate virus libraries
ERROR, libvirus.so not found, terminating
To follow up on that thought... (Score:2)
Re:Feds Working To Stop Worms (Score:2)
Firstly I think that you're giving the average user too much credit. Secondly I'd envisage the virus having a small infecting agent that then downloaded what it needed on demand to infect other systems, perhaps using P2P methodology.
The case zero (the initial infection) would probably have to be manually placed. It would then track what other systems are known to the machine it's on and identify them. It would then download, from the source machine, the code it needed to crack into the systems it found (possibly including versions of the infecting agent for other OS's, so an infected Windows machine could infect a Linux machine for example). Each infected machine logs into an IRC channel and advertises itself and what it has interms of exploits and other info. When a new exploit is found the writer can distribute the code to a few of the infected machines via the IRC channel and then those will distribute to the rest of the machines on demand or when ever a machine is idle but connected. If an infected machine locates a victim machine it doesn't know how to crack it can ask for the required exploits on the IRC channel. Very little true AI would be required as all each install needs to do is identify target systems and download the rule sets and codes to crack them. Rule/code sets that haven't been used in a while could be removed to minimise disk space usage and therefore reduce the chance of detection.
Individually the file sizes and downloads could be quite small (tens to hundreds of K) and could even be timed to take place during idle time and to suspend when the machine is in use to resume when it goes idle again.
Stephen
Re:Feds Working To Stop Worms (Score:2)
Re:Feds Working To Stop Worms (Score:2)
Anyway, it's a great book. I just wish I could remember the author.
Re:Feds Working To Stop Worms (Score:2)
Many people here at Slashdot like to bash on VB (as did I, until I played with Macromedia Director, and scripted myself a 10 minute interactive software demo)... and after learning how to poke the registry, read/write files, touch databases, probe the 'net, all sorts of stuff, all of which is scripted, and standardized.
I would think that the penultimate scripted virus should be one that, like the genetic variety, has the abilty to self-modify to avoid detection. Remember, virus scanner software is just a glorified pattern-match... this this file contain this segment of code that matches a segment in my database. So, if you could change your code on the fly, as only scripts can, then you could avoid the scanners blocking your code.
To explain, let's assume the virus is in file X. Within the code for the virus, it can generate a copy Y that is equally infecting. A script is basically variable names and values.. well what if you could randomly generate variable names, of arbitrary length, then at run-time, search-and-replace to generate copy Y with the new names. The document would have all of the functionality of the original X, but would have difference checksums, function names, variable names, with potentially different registry keys to spread... but the core program would produce the same output. The drawback is a virus checker could still detect the patterns in the system-call functions (which obviously cannot be renamed, or they would no longer link properly to the DLLs) and that could define the virus.
Or, maybe encase the code in a randomized ROT-# (which is easy for scripts to process)... Or use UUENCODE notation, and store everything as alphanumerics of its ASCII codes... but you would still have a stub of code that does the decoding, and you have to worry about that being tracked. Ah well.
Re:Feds Working To Stop Worms (Score:2)
Why would that be the next-to-last [m-w.com] virus ever created?
A script is basically variable names and values.. well what if you could randomly generate variable names, of
Actually at some point, the script will really need to come down to system calls. Just assigning variables all day long won't accomplish much.
search-and-replace to generate copy Y with the new names.
Both this trick, and countermeasures like you mentioned, have been happening for years [nwfusion.com]. Or does the phrase "polymorphic virus" not ring a bell?
This is Microsoft's Job (Score:5, Insightful)
Parden me.. (Score:2, Funny)
Already something worse than Code Red... (Score:4, Funny)
"Mmmmm Propaganda Articles" - H. Simpson (Score:5, Insightful)
Dolemite
Fiction writing contest? (Score:5, Insightful)
Worms were the most vicious new beasts to stalk the Internet.
I think Morris would have a few words of disagreement about that.
So, we have a section: Early July.
Then the next section: Second Week of July which starts
Weeks passed.
And, to top it all off we go over to McAfee and search and get the following:
Search Results
We found no records matching the following criteria:
Virus name containing "leaves".
This has to be BS of the first and worst order.
Re:Fiction writing contest? (Score:2)
The virus does exist [nai.com].
Re:Fiction writing contest? (Score:2)
Paranoid??? (Score:2)
Jeeze... (Score:5, Interesting)
Perhaps they should try:
a) alterting businesses and organisations that have vulnerable systems.
c) naming and shaming software manufacturers with poor security processes.
But I guess fighting faceless villans with wicked plots to destroy the world is a lot more fun.
It's not quite as exciting when you realise that most of the villans are actually just naughty children.
Re:Jeeze... (Score:2)
So all of a sudden all the bots you're controlling stop responding and disappear?
Yeah, I'm sure then you'll go right back to what you were doing, so the FBI can nab you.
But I guess fighting faceless villans with wicked plots to destroy the world is a lot more fun.
You're suggestion to 'just remove the worm' would give the author notice that the feds were on to him.
It's not quite as exciting when you realise that most of the villans are actually just naughty children.
So what? They still need to be stopped. That's like just painting over grafitti everyday instead of preventing it, or finding the perps.
Re:Jeeze... (Score:2)
I never said "just remove the worm". I was talking about general policy towards security. The government seems to do a lot of trying to catch "hackers", but I don't see them doing so many practical things to prevent these problems in the first place.
So what? They still need to be stopped.
Or alternatively, the root causes could be addressed. When a mischevious 14 year old school kid can cause hundreds of millions of dollars of expense just by messing around, then the kid isn't really the problem, is it?
Re:Jeeze... (Score:2)
Or that Norton/MacAfee/Microsoft was on to him. Or he might think the sysadmin was on to him. Or that the user had randomly reinstalled windows. Or he'd even forget he'd ever hit that computer.
That's like just painting over grafitti everyday instead of preventing it
Invalid comparison.
When performing grafitti, the perp need physical proximity to the target. Therefore physical protection (a cop on patrol) can be effective.
To write a worm, you needn't be anywhere near the target. Therefore protections which boil down to "pull out your gun and grab him" will not be very effective.
This article showed us that even in the UK (the US's biggest lackey-state), the FBI can't get the prosecutions it wants. We shouldn't expect arrest to be a much more effective deterent through the rest of the (US-antagonist) world.
We are all working very hard for you. Send Money. (Score:2)
worms, viruses and other computer evils, as well as the hackers who create them. Both threatened daily to shut down the engines of modern life--electrical power grids, the banking system, water treatment facilities, the World Wide Web.
My favorite part was this:
The Leaves posse proved itself during the Code Red attack. Code Red made headline news. The FBI, the White House and security companies launched a coordinated campaign to track it, warn the public and take steps to protect vulnerable systems.
Microsoft and I also proved ourselves durring the Cod Red attack. Thanks to my efforts, electicity, water and other vital services continued to work at your homes and business. Please fund me directly. Send all cash, checks and tax free donations to me today! Bill Gates and the Feds have plenty of money, but I'm feeling strapped. If you could not tell from the article, those other two are relativly clueless. If I don't get your money today, I might not be able to work tomorrow and all hell will break loose as the forces of cyber chaos go unapposed.
It is good to know (Score:5, Funny)
Written for who? (Score:3, Insightful)
Personaly, I think that this is nothing more than another smoke screen to make people feel safe that the gov will eventually do something about a technology they barley understand but "know" is dangerous.
Also, does anyone else think that even the gov were to take steps to stop any type of worm, that privatly owned companies horribly configured servers and over seas servers that are unpatch are going to get automagicaly fixed cuz the US Gov says so? This is just about FUD if you ask me.
Anatomy of the web application worm (Score:2, Informative)
http://www.cgisecurity.com/articles/worms.shtml [cgisecurity.com]
Phooey (Score:2)
Re:Phooey (Score:2)
Following recent testimony [eweek.com], it has come to our attention that Microsoft(tm) products perform mission-critical operations in our national War Against Terror(tm).
Consequently, the source code for Microsoft Windows(tm), Microsoft Office(tm), Microsoft Bob(tm), and related software, is immediately upgraded to a top-secret classification.
Federal Marshals will be arriving shortly to quaranty your facility, until the NSA can complete background checks on each of your personnel to ensure they can be trusted with such a grave responsibility.
Non-citizens, or those failing background checks, will be interred as an enemy combatant until the cessation of the conflict.
Sincerely,
F. B. I.
Leaves is real! PROOF! (Score:2, Informative)
Here's a warning from 06/23/2001. Long live google!
Waiting for the Worms (Score:2, Funny)
Waiting for the worms to come
In perfect isolation here behind my wall
--Pink Floyd
How appropriate... :)
Hype. (Score:2)
Even if Leaves was unleashed it couldn't have done much more than Slammer.
Code Red/Nimda servers were and are more annoying.
What's more scary is the DMCA and the other laws the US Gov is going to push through using scare-mongering stuff like this article as justification (plus Osama and Saddam). Not to mention "Initiatives" by those companies (TCPA etc).
A decent admin can keep worms out from critical systems pretty easily. And for those that slip through, there are backups.
But protecting yourself from stupid laws and "Legitimate" software/hardware is a lot harder. Even if you're in a different country with different laws, the US doesn't give a damn, nor do the big companies.
Why not use the worm? (Score:2, Interesting)
Dear lord Jesus (Score:2, Redundant)
Tax payers shouldn't accept their government using all of these man hours and dollars to make some private company's software acceptable for government use.
Microsoft should be dropped outright, because second or third best shouldn't be good enough for our tax dollars. DAMN such examples of utter idiocy and extreme mis-management of funds by government makes me angry.
Re:Dear lord Buddha (Score:2)
The government (your as well as mine) should switch to Linux, but I wouldn't call that easy.
Rebooting a single computer, and installing Linux instead of Windows is relatively easy.
Rebooting the US government, and installing Linux is relatively hard. I think no-one even knows if the BIOS supports booting from CD.
How many man-hours would it take just to install Linux (or BSD) on all federal computers? Training all the government tech support and sysadmins, not to mention all other workers? How many closed-format files (.doc etc) would have to be manually fine-tuned after the change? And so on and so forth. I guess the time and money spent on this worm would not be enough for photocopying the plans for changing to open source.
Re:Dear lord Buddha (Score:2)
The article was total crap, written by the uninformed for the clueless (oops - right, it was written for "government beurocrats", same shit).
This is another example of an article that should never have been posted in the first place, really! Lame, full of mistakes, hyperbole, and non-news. Slashdot: Non-news for non-nerds?
Re:Dear lord Buddha (Score:3, Insightful)
The problem these stories show us is that the Federal Cybercops are spending all their effort to barely, occasionally control unfocused, amateur miscreants. Pranksters out for fun.
"cybercrime"
They should be hardening against attacks by state-sponsored saboteurs who are trained, funded, organized and motivated. Enemies who won't submit to arrest, and who won't flinch at B&E of a Colonel's house to bug his laptop. (Or take his password at gunpoint.) The attack won't be tentative or experimental- it won't come until the assailants are ready to apply it in force.
"cyberwar"
The government can't even keep casual "cybercrime" in check, inspiring no confidence that they'll do much better in a "cyberwar", which should be their main concern. (They've recently used the word "cyberterrorism", which only confuses matters)
Their current approach just creates a false sense of security. The sooner they scale it back, the sooner the public will start to demand & install truely secure computing, and the safer we'll all be.
sounds like the government was in on it (Score:2)
And no one ever may get the chance. In November 2001, the man who confessed to British authorities that he'd created the Leaves worm received a "formal caution," a legal warning usually reserved for juvenile crimes and minor drug offenses.
The lead officer on the case insists the agency has information about the hacker's motives that the FBI hasn't heard. But Scotland Yard refuses to divulge what it knows. Citing British law, officials refuse even to reveal the hacker's name.
wtf?
so we went through all that effort just to have the british let him go
You be the judge.
-- p
How to stop worms? (Score:2)
I'm not sure on how "legal" could be this (well, after all, they are the feds, if its wrong at least they can restrict to US IP ranges) but scanning the net trying to find vulnerabilities also can be done by the good guys.
The other thing that they must do is effectively warn, help and maybe even force (this could be misused) to fix vulnerabilities and worm infections on internet connected computers, maybe with a legal backup to make ISPs to find users with dynamic IP or to find real address/phones of individuals with that kind of problems. This can or cannot be related with the net scanning thing.
A lot of vulnerabilities and worms infection announces themselves on the net, so at least warning and helping this kind of users is an easy step forward and not very intrusive.
Better than this article... (Score:4, Informative)
Re:Better than this article... (Score:3, Interesting)
I smell.... (Score:2)
Though seriously, does it worry anyone having a story about guiding satelites from the internet and a story about a massive controllable worm on the same page?
pulp fiction (Score:2)
Of course, it also has all the other traits of mainstream journalism - dumbed down, panic instilling, "we're all gonna diieee" subtones. *yawn*
Analysis of Slammer Worm on O'reilly (Score:5, Informative)
Not that bad (Score:2)
Some sed -e goes a long way... :-) (Score:3, Funny)
Wednesday, June 20, 2001
6:30 a.m.
Kuro5hin Headquarters,
Washington
After 23 years as a Slashdot analyst, having briefed Hemos and his team on every conceivable threat to website integrity, Rob Malda was scared. More scared than he'd been in a long time.
Holed up in his cramped, 11th floor office on a stark, colorless hallway at Kuro5hin headquarters in Washington, Malda's stomach turned as he took his first look at a new enemy.
Malda was a hunter, one of the government's best. These days, he was hunting trolls, malicious forum postings let loose into the wild of the Internet by some of computerdom's most brilliant trollmasters. Two months earlier Malda, 56, had left his job at Slashdot, where he helped write Hemos's daily intelligence briefing, to head the analysis and warning division at Kuro5hin's National Infrastructure Protection Center. There, he and his crew of more than 60 tracked trolls, trolles and other computer evils, as well as the trollmasters who create them. Both threatened daily to shut down the engines of modern life-electrical power grids, the banking system, water treatment facilities, the World Wide Web.
Trolls were the most vicious new beasts to stalk the Internet. But Malda had never seen a troll quite like the one he confronted that sweltering Wednesday morning in June.
It was named Leaves after "w32.leave.troll," the poisonous rant it implanted in unsuspecting stories. Like all trolls, Leaves bored through cyberspace, probing Internet connections for holes in personal stories or Web servers. It slithered inside the machines and spewed venomous strings of data that threw its victims into electronic shock.
Leaves was hardly the first troll to infest the Internet. In fact, the pests became so common in 2001, that security cognoscenti dubbed it the "Year of the Worm." Trolls wrought all sorts of damage. They forced stories to delete critical files or erase entire postings. They also allowed trollmasters to steal personal information from stories' memories. Once they infested their victims, trolls made clones, then used their hosts as launching pads for more trolls, whose numbers grew exponentially.
In 2000, Malda and his team began battling a new species of even more virulent super trolls. Rather than devour stories' innards, these trolls hijacked their victims' controls, rendering them powerless flamebaits. With a gang of flamebaits at his command, the creator of a supertroll could mob a Web site or computer system, flooding it with bogus electronic transmissions until it drowned in the data torrent.
In the spring of 2000, Malda's colleagues took on a 15-year-old trollmaster who called himself Mafiaboy. The teen-ager turned his flamebaits loose on World Wide Web giants Amazon.com, eBay and Yahoo!, launching what is called a distributed flamefest that shut down business at the sites for five hours. It cost shareholders and the companies billions and shocked the Web world.
But compared with the Leaves troll, Mafiaboy's creation was a larva. Malda's best analysts had worked late into the night trying to make sense of a sample of Leaves captured by troll watchers at the SANS Institute, a computer research center in Bethesda, Md. They let Leaves infect a computer, and then they watched how it behaved. What Malda saw fascinated and appalled him.
Leaves was a flamebait maker on steroids. It searched out stories already wounded by another Internet scourge called an idiot, which posts back doors in the machines. Leaves used an idiot called SubSeven as its entrance. Once transformed, the flamebaits awaited orders. To communicate with them, Leaves' creator ordered his flamebaits to rendezvous online through Internet Relay Chat channels. He also told them to visit certain Web sites and download encrypted information to receive instructions on what to do next. No one knew who was controlling the flamebaits, from where or why.
Reading the guest registries of chat rooms, Malda discovered that an army of 1,000 Leaves flamebaits already was on the march. Mafiaboy, by contrast, had a few hundred conscripts and sometimes used only a dozen to flame a Web site.
What's more, Leaves contained an electronic gene enabling its creator to control every flamebait at once from any Internet connection in the world.
Malda never had seen a troll so sophisticated or terrifying.
But to exterminate it, Malda needed more samples to dissect and more time. Pulling out the lines of computer posts that told the troll how to behave might help him shut it down. Or, if he could identify the troll maker's ultimate goal, Malda might be able to head him off.
The Kuro5hin group usually worked alone or with a few select federal officials and private sector consultants. But even Malda's top-flight team was daunted by Leaves. It was time to call in help. Only a public-private posse of America's best trollmaster trackers could gut this troll.
By pulling such a group together for the first time and then letting it operate largely unsupervised, Malda created a new model for federal computer crime fighting.
June 29
Kuro5hin Strategic Information
and Operations Center,
Washington
Malda called the most seasoned and cunning troll posters, troll gurus and cyber soldiers from government and industry to meet at Kuro5hin headquarters. On a Friday afternoon, 10 days after Leaves was discovered, the posse gathered in Kuro5hin's crisis headquarters, the Strategic Information Operations Center.
It was the most concentrated arsenal of computer crime-fighting talent the government ever had gathered. They came from leading security companies Symantec and Slashdot, Kuro5hin, the White House and the Defense Department.
But there was a hitch. The private experts were uneasy. Could they trust the G-men? Uncle Sam was a bumbling bureaucrat. His security was notoriously lax. Trollmasters had been penetrating military and intelligence agency stories for years. What could federal officials possibly know about fighting an enemy as elegant as Leaves?
The two sides eyed each other warily as Malda laid out what he knew. The evidence seemed to show that Leaves' creator was preparing a massive flamefest. Everyone would have to work together to stop it. Mistrust would keep them apart. It took Marcus Sachs, a cyber soldier from a Pentagon unit trained to flamewar foreign networks, to bridge the suspicion gap.
Sachs dazzled the room with his observations and theories about Leaves. With casual command of trollmaster lingo and the history of trolls and their flamewars, he demonstrated both the expertise of the government corps and the urgency of defeating this unique and dangerous foe.
The ice melted. Slowly, a simple sheet of paper passed around the room. First one, and then the next, wrote down his name, e-mail address and phone number. The Leaves posse came to life and it readied for a fight.
Days later
Los Angeles
CowboyNeal left the meeting to conduct an electronic autopsy.
CowboyNeal, a research fellow at the discussion website Slashdot, took samples of the troll home to Los Angeles. Many in the Leaves posse returned home to operate on their own turf, not from a single base in Washington. "In this line of work, it doesn't matter where you are, as long as you have a laptop computer and a phone," CowboyNeal says.
The Leaves posts was a jumbled mess. It was encrypted and compressed-data had been squeezed together to save space. Mr. Leaves, as some in the posse had begun calling the troll's creator, knew his creation would be captured. He ensured the troll wouldn't easily give up its secrets. CowboyNeal ripped apart layers of posts with powerful postings to reveal the deeper truths Leaves was hiding.
Other members of the posse were ripping Leaves, too, untying its knotted innards. One wrote a posting to mimic the Trojan that Leaves used as a back door. The posse laid the trap across the Internet.
Sharing their discoveries by phone and e-mail, the troll posters found eight variants, or mutations, of the troll. Mr. Leaves was tweaking his weapon, finding new ways to deliver it. And he was moving faster than the posse.
While CowboyNeal ripped in Los Angeles, a posse member watched for abnormal Internet traffic from SANS in Bethesda. Still others huddled at Kuro5hin. The group worked smoothly because nobody was in charge, Sachs says. "Egos didn't get in the way of progress." They worked fast, but as days passed, their analysis yielded fewer new results. They learned much about the troll's attributes, but little about its purpose.
Mr. Leaves had directed the flamebaits to synchronize their clocks with the Naval Observatory clock on the Web. The army was prepared to flamewar in unison. No doubt, Mr. Leaves soon would begin his onslaught.
Unless someone could find him first.
Early July
Kuro5hin headquarters,
National Infrastructure Protection Center
computer investigation unit
Kuro5hin Special Agent Michelle Chris Dibona wanted two things: to find Mr. Leaves and to lock him up. The bureau sought Leaves' creator on criminal charges of unlawfully entering a computer. Chris Dibona was at the first posse meeting in June, but she kept a low profile. Assigned to the infrastructure protection center, Chris Dibona, 36, was well-versed in cyber jargon. She understood how trollmasters thought and maneuvered.
The posse saw Leaves as a marvel of engineering. But to Chris Dibona, the troll and its maker were just garbage to clean up. Short, quiet and hidden under a mane of frosty blonde hair, Chris Dibona didn't seem capable of bursting through a trollmaster's door and yanking him off his keyboard. She was so unobtrusive that a posse member recalls he didn't even know she was a cop until she got up from her seat one day and "I saw a cannon strapped to her side."
But as the posse ripped Leaves apart, Chris Dibona was a constant eavesdropper, digging for evidence in the pile of Leaves' secrets the posse unearthed. Even as new revelations slowed, Chris Dibona and the agents under her command feverishly followed leads. Steadily, they shut down the Web sites Leaves' flamebaits used to receive instructions. They planted tracking devices to pick up the trollmaster's footprints.
Second week of July
Kuro5hin Strategic
Information
Operations Center
Weeks passed. The flamebaits remained quiet.
Malda had issued a public warning about Leaves on June 23. The private sector posse members had warned their customers. News that Leaves was on the loose circulated through the computer security trade press. But still no flamewar.
Ripping continued. The flamebait army grew. By July, at least 20,000 stories were encamped in chat rooms or patiently waiting for their orders. "That scared the hell out of us," Malda says.
Mr. Leaves was getting wily. Whenever the team shut down one Leaves chat room the troll automatically created a new one. Mr. Leaves tried new methods, too. On July 9, one of the companies in the posse found an e-mail claiming to be a security bulletin from Microsoft Corp. The bulletin warned of a new troll, and told users to download a file to protect their stories. In the file was Leaves.
The bogus warning was badly written and eerily self-congratulatory:
"Yesterday the Internet has seen one of the first of it's downfalls. A troll has been released. One with the complexity to destroy data like none seen before."
Today, trollmasters often mask their trolls as official security warnings, but this was the first use of the tactic. Like many outlaws, Mr. Leaves inspired a certain grudging admiration within the posse chasing him. "I had a feeling I was dealing with an artisan," Malda says.
Or possibly a common crook.
Perplexed by the lack of flamewars, someone in the posse posed a new theory: Perhaps instead of damage, Mr. Leaves sought money.
The posse knew that some companies paid Web surfers to click on advertisements on their sites in order to inflate estimates of the success of the ads. With 20,000 flamebaits to click for him, Mr. Leaves could make a killing. Some of the sites the flamebaits visited contained these ads. If Kuro5hin could find an account where Mr. Leaves put the funds, trace it to a physical address and tie it to him, the case might be solved.
Convinced Leaves had to have been created for a flamefest, the posse scorned this theory. Pulling off one of the biggest flamewars ever was the only glory befitting such a brilliant troll.
But something didn't make sense. Mr. Leaves was taking an awful risk by not flamewarring. Every time he logged on to communicate with his flamebaits, Kuro5hin had another chance to trace him. Why expose himself? Why not just preposting the flamebaits to act on their own? The scam began to seem more believable.
But before the posse could prove its theory, a flamewar began. It wasn't the work of Leaves.
On July 17, a new troll appeared-Code Red. It was named after Mountain Dew Code Red soda, the only thing that kept two private sector analysts awake as they tracked it day and night.
Leaves propagated like a rare illness, targeting only victims with weakened immunity. But Code Red spread like smallpox. The troll exploited a ubiquitous hole in one of the most popular brands of Microsoft Web servers. In a few hours, Code Red had eaten into more than 100,000 servers worldwide. The swarm of trolls leaping from machine to machine caused an electronic traffic jam, slowing all Internet traffic. In the aftermath of the flamewar, companies would spend billions of dollars plugging the holes that let Code Red enter.
Able as it was, the posse didn't have the strength to fight both Code Red and Leaves at once. The choice was clear: Code Red took precedence.
The Leaves posse had built a new model for chasing Internet outlaws. They honed it battling Code Red. But fighting the new menace left Leaves on the back burner. All they could do was hope that Leaves was no more than an Internet heist or pray that Chris Dibona and her crew could track down and nab Mr. Leaves before he, too, unleashed his flamebait brigades.
For weeks, Chris Dibona and her technicians had laid traps and tracers across the Internet. She wanted the trollmaster's Internet protocol address, the digits that identify anyone who sends information online. Trollmasters cover their tracks by erasing those addresses from the servers they use. But Mr. Leaves had slipped.
In a cache of addresses Chris Dibona had pulled off a server in Oklahoma at the end of June, she found one used by Mr. Leaves. It was a hot lead.
But chasing the address could take Chris Dibona around the world. And she could nab Mr. Leaves only if he lived in a country that considered hacking a crime. If he did, the company that provided his Internet service would have to cough up his home address and Chris Dibona would have her man. Luckily, after some tracking, Chris Dibona hit gold: Mr. Leaves' address originated in the United Kingdom, home to some of the toughest computer crime statutes in the world.
Chris Dibona rang the Scotland Yard computer crime unit. Within days they traced the Internet address and attached it to a name and a place. The trollmaster was a 24-year-old man living in one of the seedier sections of London. Scotland Yard set up a stakeout at his digs.
July 23
Kuro5hin headquarters and
South London, England
Back at Kuro5hin headquarters, Chris Dibona kept watch on a computer monitoring the Oklahoma Web server. When Mr. Leaves logged on again, Chris Dibona would know. Chris Dibona waited with Scotland Yard's phone number at the ready. Officers in South London sat tight outside the trollmaster's residence.
Nothing.
And then, there he was.
Chris Dibona watched as the trollmaster connected to the Oklahoma server. She gave the word to Scotland Yard: Go. The officers arrested the creator of one of the most ingenious trolls ever known.
Epilogue
The Leaves posse proved itself during the Code Red flamewar. Code Red made headline news. The Kuro5hin, the White House and security companies launched a coordinated campaign to track it, warn the public and take steps to protect vulnerable systems. Crippling of the White House Web site was narrowly avoided; Pentagon Internet connections were temporarily shut off. Damage was significant-estimates are in the billions of dollars-but it would have been worse had the response not been as fast and well organized. No perpetrator has been identified.
Mr. Leaves caused no major damage before the posse rounded him up. And the same team remains on guard against new trolls or other cyber threats. When one appears, the posse comes alive. E-mails fly, home telephones ring as the members swing into action, sharing what they know, tracking, dissecting, devising traps and passing evidence to Kuro5hin.
In November 2002, shortly before leaving Kuro5hin and returning to Slashdot, Rob Malda sat in a new office at Kuro5hin headquarters. Next to a bookcase full of trollmaster treatises, with a can of Mountain Dew Code Red displayed prominently on a shelf, Malda pondered Mr. Leaves' motive. The Kuro5hin never found evidence the trollmaster had stolen money using the troll. Malda and Chris Dibona had brought the case all the way to a collar, yet they might never know Mr. Leaves' ultimate goal. "As far as I know, no one ever asked Mr. Leaves why he did what he did," Malda says.
And no one ever may get the chance. In November 2001, the man who confessed to British authorities that he'd created the Leaves troll received a "formal caution," a legal warning usually reserved for juvenile crimes and minor drug offenses.
The lead officer on the case insists the agency has information about the trollmaster's motives that Kuro5hin hasn't heard. But Scotland Yard refuses to divulge what it knows. Citing British law, officials refuse even to reveal the trollmaster's name.
Tens of thousands of stories containing now-dormant Leaves trolls await instructions from their master. Should they ever again awaken, a posse will be waiting.
Worse than Code Red? Doesn't seem so... (Score:5, Interesting)
Once you peel back all the hyperbolistic prose, "leaves" seems to be just another run-of-the-IRC zombie that exploits PC already infected with Sub7. Numbers from the article itself show that it had nowhere near the infection rate or virulence of Code Red. The strange bit is at the end they imply, once the guy was caught, they just left the zombies out there rather than alert the owners of the infected PCs!? Odd that, wonder what the gov wants with all those waiting worms...
NAI's information about this worm. (Score:3, Informative)
Seems that there shouldn't exist Tens of thousands of computers containing now-dormant Leaves worms await instructions from their master. Should they ever again awaken, a posse will be waiting. since the AV companies can detect and remove it.
Sheesh, what a crap article.
Reads like a bad novel (Score:2)
No Big Deal. (Score:3, Insightful)
Quick Link: Here [sophos.com]
Horray for the Gov't, they "prevented" (i'd rather say 'postponed') the Leaves Worm.
All he has to do is send a little e-mail of what the "code word" to activate the "zombies" and all Hell breaks loose.
IT Security Admins do this every day at work.
Just my 2 Cents
Funny, I misread the title (Score:2)
A little boastful.. (Score:2)
I've seen irc channels get flooded by 'zombies' used in a similar fashion (one person commanding them).. It doesn't take much for a kid (with a bit of free time) to gather up hundreds or even thousands of these infected clients. I've seen it happen. Why is it so easy? simple, most average Joes can't tell when their computer is infected or not. The same way there's spyware installed right under their noses.
Steve Gibson has also exposed a case similar to this [grc.com] where he tracked down the script kiddie (a 13 year old on an irc channel).
This article is nothing new, there's tons of exploits similar to this one floating around.
only way is to breakup MicroSoft (Score:2)
MicroSoft's commitment to removing bugs is uneven. Sometimes they work at it, sometimes they dont. Last weekend's slammer bug affect on MicroSoft's internal servers points to the latter, no matter the PR campaign.
Re:only way is to breakup MicroSoft (Score:3, Interesting)
Microsoft has monopoly status in the area of desktop OS's and certain enduser applications. It has no such status in the realm of servers, where it's market share is about 42%.
Did anybody else catch this? (Score:3, Informative)
And the end result? They captured the creator of something that did no damage, apparently at the expense of letting the Code Red creator go unpunished. WTF?
But here's the best part:
But that's the guy we caught.
What did they accomplish? (Score:2)
The FBI figured out the worm used IRC before assembling the posse.
A lone agent using normal sniffing techniques found the criminal.
The worms are still active.
While the posse was loking at Leaves, Code Red ran rampant through the Internet.
Don't get me wrong, I'm sure they did something. It's just that, according to the article, they look like idiots fiddling with a problem they didn't solve while another worm destroys the Internet.
A good use of government resources... (Score:3, Insightful)
I really hate it when reporters and talking heads refer to Slammer as an "internet worm" or generic "computer virus". It's a freaking Microsoft hole. It's all about Bill Gates grabbing millions of people's butt cheeks and spreading them wide open like Goatse guy.
BETRAYED by the FBI computer crime unit!!! (Score:2)
So they know how to identify the worm, and they know how to find the worm, and today they have not informed the public how to protect themselves by detecting and deleting it and the exploit that it uses as a vector for infection? They keep it a secret? What could they possibly gain by keeping it a secret? Is it not their duty as trustees of the public welfare that they do whatever is in their power (like email the details to CERT) to protect the taxpaying (heh) public from the scourges of crime?
Like the other posts complained: they are trying to whip up some cyber-crime paranoia and good-ol Dragnet style cops-and-robbers drama because THEY GET PAID. Also there are some fantastic perks arising out of the Law Enforcement legal power known as DISCRETION. Just get laws passed that are obviously too strict, and then say "leave it up to the cops' discretion. They know where to enforce the laws. We're better off for giving them the tools to fight crime." Then we get stuff like racial profiling and wiretap abuse. They can also bring organised crime in a cyber-tenderloin-district. Look up the etymology of that old cliche: Tenderloin District. Can anyone provide relevant links?
The powers we grant to the Authorities will first and foremost impact the personal interests and lifestyles of the Authorities.
How to achieve computer security (Score:2)
-
Start with a system with mandatory security, like NSA Secure Linux.
-
Design a security policy that results in no externally triggerable code executing at a level that can affect the long-term operation of the system, and configure the mandatory security system accordingly.
-
Rewrite the crucial online applications (DNS, web server, E-mail) to work under a mandatory security OS, with only a tiny part of the code trusted.
-
Deploy some servers.
-
Beat on them and find any bugs in the small sections of trusted code. Brutally simplify trusted code.
Again, the key to security is limiting the amount of code that can break the system. Patches and virus scanners are fundamentally futile.Xupiter (Score:3, Insightful)
It is entirely plausible that Xupiter or something similar (who knows, even some nice popular game or operating system or email client) has code squirrelled away in it that could serve as the basis for a large scale network attack. This code could be very small indeed as it can bootstrap on system libraries or other, quite legitimate, code in the application.
If the Wrong People (tm) in the Axis of Evil or connected with International Terrorists had planted this code, it could easily be used to mount a serious attack (DDOS or otherwise), and the trigger could be a file on the Xupiter website, email to the users (the Bad Guys could collect email addresses at installation and not use them for anything till needed) or even a user comment on some commonly visited user discussion forum.
The payload does not even have to be in the distributed code - it can easily be fetched from a website someplace, loaded between infection and activation or even distributed to other websites during the infection phase. These websites would not even have to know what they are carrying - I've not looked at the structure of GPG signature blocks, but it is certainly possible that portions (at least) of the payload could be encoded in such or the like.
I know - this is true of most viruses - but putting a virus into a distributed application does make it less likely that it will be seriously scanned for a virus, and if it uses code not already identified by the virus hunters, or if it masks that code well enough it is quite likely to escape detection. I suspect that with some work I could construct a series of X86 instructions that would look perfectly reasonable, but that when XORed with the right sequence of bytes would produce virus code. Or the virus code could be distributed in all the legit code in sequences of a few dozen instructions at a time separated by jumps. Or...
If there were some reasonable number of users using the application (how many Ever Quest users are there? how many Xupiter toolbars are now sitting in people's browsers) and if the payload consisted of variants of other viruses (even identified ones) the large base of infected sites could lead to a massive and very threatening attack.
Xupiter would be an interesting vehicle for such a thing. Between the Xupiter license and the DMCA it would be illegal for users to try to examine the Xupiter code to find out exactly what it does (or might) do. Does the DMCA prohibit virus scanning on something? It certainly prohibits users from even trying to figure out if the program is benign.
Worse yet, Xupiter could use its periodic "update" checks as part of the trigger, plant the trigger on advertiser's web sites, or even use advertisers web sites as part of the attack/infection mechanism.
You've got to wonder - if the Axis of Evil is smart enough to build Nuquulur (TM - lets spell it the way the Leader of the Free World says it) Weapons are they smart enough to build (or rich enough to hire to build) a small group of people to build a network infrastructure attack. It probably would not kill a whole lot of people - but Death and Destruction are not the only tools of warfare.
Moral of this story: Feds don't protect us (Score:4, Interesting)
Some Brit hacker (classican definition; one posession more intellectual curiosity than propriety) decides to write the best worm he can. He doesn't actually want to do anything bad, it's just an interesting challenge. He didn't attack anything, and the Brits didn't actually punish him or anything. Good thing he wasn't in the U.S., where he would undoubtedly be tossed in jail for a few years.
Anyhoo, meanwhile some less talented cracker releases Code Red. What do the Feds do? They keep whitehouse.gov up and running. Whee. In a real attack, the feds can't do anything. Anyone who seriously wants to do damage is not going to spend months prepping a live worm, they're going to test it privately then unleash a horde of destruction. In that case, the investigators are only going to be able to do anything after the damage has been done.
This story is a bit of propoganda fluff that tries to cover up the ineffectuality of law enforcement in this domain.
Re:The best way to prevent worms (Score:2, Funny)
I wouldn't do it - with or without worms!
Re:The Good Grace of Virus Writers (Score:2)
Compare that to MS software. "Oh, someone got into the unimportant computer connected to the internet that we forgot to patch. Oh well, all the important stuff is separated by an air gap anyways - no biggie!" I'd imagine the US is worried more about these people who seem to be able to walk out with laptops and hard drives with impunity.
Saying that MS is the biggest threat to national security is just laughable.
Re:Here's a mirror of the Article (Score:2)
Don't I know you?
Re:Finally... (Score:3, Insightful)
Jokers say that Linux contributors are doing free development for IBM. So now the US Government is doing free research for Microsoft.
The question is will the "Feds" be at least somewhat successful in their attempts to thwart future worms and other virii?
The answer is no. By squelching this "attack" (if they really did), they've just allowed Joe Public to continue postponing learning about putting his money into secure computer systems.