Information Technology Reference
In-Depth Information
description of the Sony rootkit on his blog in October 2005. He also discov-
ered that the software created new security loopholes and could lead to system
crashes. Sony BMG's reaction to this revelation was initially: “Most people don't
even know what a rootkit is so why should they care about it?”
3
However, the
company eventually recalled and replaced the affected CDs and abandoned its
extended copyright protection software. Mikko Hypponen, chief research offi-
cer at the Finnish-based security company F-Secure, commented:
B.12.3. Robert Morris Sr. (1932-
2011) was chief scientist of the
NSA's National Computer Security
Center at the time of Clifford Stoll's
cuckoo's egg experiences with
cyberespionage. Before he joined
the NSA in 1986, Morris had been a
researcher at Bell Labs working on
both the Multics and Unix operating
systems.
[The] Sony rootkit was one of the seminal moments in malware history. Not
only did it bring rootkits into public knowledge, it also gave a good lesson to
media companies on how not to do their DRM [digital rights management]
solutions.
4
The term
computer worm
is generally used to describe malware that is
designed to spread from computer to computer but, unlike a virus, which must
attach itself to a program or file to spread, a worm is a complete program capa-
ble of replicating all by itself. At Xerox PARC in 1978, John Shoch was experi-
menting with a program that could seek out Alto machines on the Ethernet
that were not being used, boot up the machine to do some work, and replicate
by sending copies of itself to other idle machines on the network. One of his
experiments went wrong and, after leaving his program running overnight,
Shoch was awakened by angry users complaining that he had crashed their
Altos. Eradicating the worm proved very difficult, and it was fortunate that he
had equipped his worm program with a “suicide capsule” that he was able to
activate. Shoch called his program a
worm
, after the idea of the “Tapeworm,”
software that runs by itself in John Brunner's science fiction novel
The Shockwave
Rider
.
Worms came into public prominence through the “Internet worm” attack
on the ARPANET in 1988. Clifford Stoll, then at Harvard, described this “Internet
worm” attack in graphic detail:
As fast as I'd kill one program, another would take its place. I stomped them
all out at once: not a minute later, one reappeared. Within three minutes
there were a dozen.
5
Stoll informed Bob Morris (
B.12.3
), chief scientist at the NSA, whom he knew
from his investigation of the Berkeley hacker, of the ongoing worm attack.
Stoll was not amused to be called back a few hours later by someone from
the NSA who asked if he was the person who had written the worm program!
While other ARPANET node system administrators across the United States
were decrypting the worm program, Stoll tracked down the place where the
worm had been released. By a supreme irony, the trail led back to Bob Morris Jr.
(
B.12.4
), a graduate student at Cornell University and the son of Bob Morris Sr.
of the NSA. The Morris worm was not the first worm program, but it was cer-
tainly one of the most damaging. Stoll estimated that it infected two thousand
machines within fifteen hours.
Morris's worm was a significant escalation in malware for two reasons.
First of all, the program automated all sorts of tricks that a hacker might use in
attempting to break into a computer system. Given access to one computer, the
worm would first check if it was automatically given privileges to run programs
B.12.4. Robert Morris Jr. was a grad-
uate student at Cornell when he cre-
ated the first worm on the ARPANET
in 1988. He was the first person to be
convicted under the USA Computer
Fraud and Abuse Act. He is now a
tenured professor at MIT.
Search WWH ::
Custom Search