home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam    

Practical UNIX & Internet Security

Practical UNIX & Internet SecuritySearch this book
Previous: 11.2 Damage Chapter 11
Protecting Against Programmed Threats
Next: 11.4 Entry

11.3 Authors

Not much is known about the people who write and install programmed threats, largely because so few have been identified. Based on those authors who are known to authorities, they can probably be grouped into a few major categories.

  • Employees. One of the largest categories of individuals who cause security problems includes disgruntled employees or ex-employees who feel that they have been treated poorly or who bear some grudge against their employer. These individuals know the potential weaknesses in an organization's computer security. Sometimes they may install logic bombs or back doors in the software in case of future difficulty. They may trigger the code themselves, or have it be triggered by a bug or another employee.

  • Thieves. A second category includes thieves and embezzlers. These individuals may attempt to disrupt the system to take advantage of the situation, or to mask evidence of their criminal activity.

  • Spies. Industrial or political espionage or sabotage is another reason people might write malicious software. Programmed threats are a powerful and potentially untraceable means of obtaining classified or proprietary information, or of delaying the competition (sabotage), although not very common in practice.

  • Extortionists. Extortion may also be a motive, with the authors threatening to unleash destructive software unless paid a ransom. Many companies have been victims of a form of extortion in which they have agreed not to prosecute (and then sometimes go on to hire) individuals who have broken into or damaged their systems. In return, the criminals agree to disclose the security flaws that allowed them to crack the system. An implied threat is that of negative publicity about the security of the company if the perpetrator is brought to trial, and that of additional damage if the flaws are not revealed and corrected.

  • Experimenters. Undoubtedly, some programmed threats are written by experimenters and the curious. Other damaging software may be the result of poor judgment and unanticipated bugs.[3] Of course, many accidents can be viewed as criminal, too, especially if they're conducted with reckless disregard for the potential consequences.

    [3] This is particularly true of rabbit/bacteria problems.

  • Publicity hounds. Another motivation for writing a virus or worm might be to profit, gain fame, or simply derive some ego gratification from the pursuit. In this scenario, someone might write a virus and release it, and then either try to gain publicity as its discoverer, be the first to market software that deactivates it, or simply brag about it on a bulletin board. We do not know if this has happened yet, but the threat is real as more media coverage of computer crime occurs, and as the market for antiviral and security software grows.

  • Political activists. One ongoing element in PC virus writing seems to be an underlying political motivation. These viruses make some form of politically oriented statement when run or detected, either as the primary purpose or as a form of smokescreen. This element raises the specter of virus-writing as a tool of political extremists seeking a forum, or worse, the disruption or destruction of established government, social, or business institutions. Obviously, targeting the larger machines and networks of these institutions would serve a larger political goal.

No matter what their numbers or motives, authors of code that intentionally destroys other people's data are vandals. Their intent may not be criminal, but their acts certainly are. Portraying these people as heroes or simply as harmless "nerds" masks the dangers involved and may help protect authors who attack with more malicious intent.