23.3 Authors
Little is known about
the people who write programmed threats, largely because few of the
authors have been identified. Based on those authors who are known to
authorities, they can probably be grouped into a few major
categories:
- Students
-
The first Internet worm was written by a graduate student, apparently
to demonstrate a class of security problems. The ILOVEYOU computer
worm was written by computer science undergraduate students as a
class project, again as a demonstration. Following both incidents,
the individuals admitted that they had exercised poor judgment and
had not anticipated how far these programs would spread. Poor
judgment or not, courts have ruled that writing and releasing such
programs is criminal behavior.
- Publicity hounds
-
Another motivation for writing a virus or worm might be to profit,
gain fame, or simply derive some ego gratification from the pursuit.
For example, the Melissa computer worm was written by a computer
programmer who wanted to impress an exotic dancer of the same name.
The Back Orifice Trojan horse was written by the Cult of the Dead Cow
as an apparent publicity stunt.
In the future, someone might write a virus and release it, and then
try to gain publicity as its discoverer, be the first to market
software that deactivates it, or simply brag about it on a bulletin
board. This notion is similar to a firefighter setting fire to a
building so that he can take the credit for putting the fire out.
- Experimenters and hobbyists
-
Some of the most potent PC viruses have been written by a small group
of Eastern European programmers who compete with each other to see
who can create the most effective virus.
- Common criminals
-
A few viruses have been written to commit acts of extortion or wipe
out evidence of another crime. In several cases, viruses have been
written as acts of revenge against a company or government agency,
and have spread to a worldwide audience.
- Activists
-
There is a history of some viruses being written to make political
statements. For instance, there have been viruses with messages
against political figures (e.g., Ronald Reagan, Margaret Thatcher),
against various government policies (e.g., marijuana laws), and
against commercial interests (e.g., anti-fur and anti-logging).
- Information warfare researchers
-
Since (at least) the 1990s, governments and government contractors
have been developing computer viruses, Trojan horses, and other
information warfare tools. Some of this research has been for the
purpose of developing defensive technologies against these threats,
while other research has been geared towards developing an offensive
capability that could be targeted against an enemy. Such work is
similar in spirit to work on biological weapons undertaken by the
U.S. and Soviet Union during and after the Second World War.
Some recent worms and viruses appear to have been targeted at the
U.S. by Chinese authors as a result of the bombing of the Chinese
embassy in Belgrade in 1999, and again after the mid-air collision
between an F-8 fighter and a U.S. Navy EP-3E surveillance aircraft in
2001. Because of the tight control exercised over Internet access in
China, some authorities suspect that these were state-sponsored
attacks.
Once programs are written, they can be planted or distributed by many
more kinds of individuals, including:
- Program authors
-
Many viruses and worms are distributed by their authors. Such
distribution can be either intentional or unintentional.
- Employees
-
One of the largest categories of individuals who cause security
problems includes disgruntled employees or ex-employees who feel that
they have been treated poorly or who bear some grudge against their
employer. These individuals know the potential weaknesses in an
organization's computer security. Sometimes they may
install logic bombs or back doors in the software in case of future
difficulty. They may trigger the code themselves, or have it
triggered by a bug or another employee.
- Thieves
-
Another category includes thieves and embezzlers. These individuals
may attempt to disrupt the system to take advantage of the situation
or to mask evidence of their criminal activity.
- Spies
-
Industrial or political espionage or sabotage is another reason
people might write malicious software. Programmed threats are a
powerful and potentially untraceable means of obtaining classified or
proprietary information, or of delaying the competition (sabotage),
although they are not very common in practice.
- Extortionists
-
Extortion may also be a
motive, with the authors threatening to unleash destructive software
unless they are paid a ransom. Many companies have been victims of a
form of extortion in which they have agreed not to prosecute (and
sometimes go on to hire) individuals who have broken into or damaged
their systems. In return, the criminals agree to disclose the
security flaws that allowed them to crack the system. An implied
threat is that of negative publicity about the security of the
company if the perpetrator is brought to trial, and of additional
damage if the flaws are not revealed and corrected.
- Political activists
-
One ongoing element in the writing and distribution of programmed
threats seems to be an underlying political motivation. These viruses
or worms make some form of politically oriented statement when run or
detected, either as their primary purpose or as a form of
smokescreen.
No matter what their numbers or motives, authors of code that
intentionally destroys other people's data are
vandals. Their intent may not be criminal, but their acts certainly
are. Portraying these people as heroes, as clever or simply as
harmless "nerds" masks the dangers
involved and may help protect authors who attack with more malicious
intent.
|
