Saint Petersburg, Home of Ali Baba, Floppy and the Rest of the Koobface Gang

St. Petersburg, Russia, is one of the world’s most exquisite cities, a spectacular treasure trove of palaces, parks, monuments and churches and, above all, the incomparable Hermitage museum.  If you’re visiting and have a bit of time drop by to say hello to the Koobface Gang, the quintet of computer criminals who live like pashas in plain sight, making St. Petersburg their haven under the gracious indifference of the nation that hosts them.

Riva Richmond, writing in the New York Times, reports that “Five men believed to be responsible for spreading a notorious computer worm on Facebook and other social networks — and pocketing several million dollars from online schemes — are hiding in plain sight in St. Petersburg, Russia, according to investigators at Facebook and several independent computer security researchers. The men live comfortable lives in St. Petersburg — and have frolicked on luxury vacations in places like Monte Carlo, Bali and, earlier this month, Turkey, according to photographs posted on social network sites — even though their identities have been known for years to Facebook, computer security investigators and law enforcement officials.” They post pictures of themselves on the Foursquare network and tweet to the world about it, simultaneously thumbing their noses and rubbing their knuckles in our eyes.

For years the conspirators have seduced suckers into clicking on tempting videos, initiating a malware transfer that eventuates in the purchase of phony antivirus software. It is estimated that their poison packages occupy as many as 800,000 computers and their racket pockets at least $2 million a year.

Yet, despite the fact that their names are publicly known, “None of the men have been charged with a crime and no law enforcement agencies have confirmed they are under investigation,” says Richmond, who lists them by their real names and their cutesy nicknames.

How do they get away with it, and can anything be done to put a halt to their predations?  Read Web Gang Operating in the Open

Richard Curtis

For a complete archive of articles about piracy, check out Pirate Central on the E-Reads website.

Unless a security notice pops up on your computer screen warning you of an attempted hack or viral invasion, you’re seldom aware of the vicious guerrilla war in progress beneath your fingertips. But it’s constant, and with every escalation by the attackers, the measures taken to throw the enemy back escalates as well. As in every guerrilla war the offense has the advantage of knowing when and how it will strike, and it employs weapons of mass destruction in the form of bots to probe vulnerabilities, neutralize defenses, and overwhelm its victims.

Though your computer’s defensive team uses powerful programs of its own to thwart attacks, a surprisingly simple weapon has proven effective in holding the line against invaders. It’s called a captcha. New York Times reporter Anne Eisenberg, in New Puzzles That Tell Humans From Machines, describes them as “a set of distorted, squiggly letters and numbers that people can decipher and type correctly for admission, but that machines still can’t.” You’ve undoubtedly cooperated with requests to type in the word you see on the graphic, and, I suspect, you’ve done it with a tolerant sigh, wondering why you’re being asked to play this childish game.

The answer is that captchas are one of the most effective ways to thwart many forms of abuse. In addition to the wiggle-words, captchas employ pictures that are elementary to most nursery schoolers raised on Where’s Waldo? but make no sense to a crawling stealth bot seeking to penetrate the soft underbelly of your desktop or laptop.

“Captcha” is a splendid onomatopoeia, sounding like the task it performs. But it is also a clever acronym coined by the team at Carnegie Mellon University that worked on it: Completely Automated Public Turing Test to Tell Computers and Humans Apart.

Will evil hackers eventually gain the upper hand, like a flu virus recombining after losing out to a vaccine? Eisenberg thinks the good guys will stay ahead:

“Many people worry that as machines become smarter, the days of captcha protection will be numbered, whether the puzzles take the form of distorted text, audio snippets or rotated images. But Henry Baird, a professor in the department of computer science and engineering at Lehigh University, disagrees. Dr. Baird and colleagues have proposed a system for captchas that, like Google’s, can be woven into the theme of a Web site.

“’Machines’ abilities are slowly improving,’ he said, “’but I think there is still a huge gap between human inborn perceptual abilities and machine skills.’”

My curiosity about the technology took me to the official Captcha website, where I discovered that anyone can download a free implementation and plugins including audio tests for blind users. And if you want to pit your wits against Captcha’s computer system there’s a new website, GWAP.com, containing a host of “addictive games that help computers learn to think more like humans. You play the games, computers get smarter!” After I took the gender test I was informed that there was a 97% certainty I was female. Looks like I will now either have to straighten out the GWAP program or commence an extensive course of gender reorientation.

Captchas, the site informs us, “have several applications for practical security.” Among them are:

• Preventing Comment Spam in Blogs
• Protecting Website Registration
• Protecting Email Addresses From Scrapers
• Preventing Ballot stuffing for Online Polls
• Preventing “Dictionary” Password Attacks
• Thwarting Search Engine Bots
• Plausible solution against email worms and spam

Thanks to Captcha technology the playing field has tilted back to humanity after the humiliating defeat of the human race, represented by chess master Gary Kasparov, by the Deep Blue computer in 1997.

Richard Curtis

While World Health Organization experts alert the world to a potential swine flu epidemic, a viral threat of another kind, a software worm, “is slowly being activated, weeks after being dismissed as a false alarm,” say computer security experts. Jim Finkle, reporting for Reuters, writes that the malevolent Conficker program ” is quietly turning thousands of personal computers into servers of e-mail spam and installing spyware.”

We first wrote about this late last March, when alerts went out over the Internet that an attack would be unleashed on April Fool’s Day. Though it failed (to our knowledge) to materialize, authorities were by no means satisfied that the threat was a prank or the software was a dud. The ultimate game plan of Conficker’s programmers – criminal, political, vandalism, hoax – is unknown, but we do know that it is designed to surreptitiously install a botnet virus on a PC (it hasn’t yet developed a taste for Macs) that enslaves the computer, directing it to send out email spam. The computer’s owner has no clue that this is going on under his nose.

“This is probably one of the most sophisticated botnets on the planet,” Reuter’s Finkle quotes Trend Micro’s Paul Ferguson. “The guys behind this are very professional. They absolutely know what they are doing.”

Stay alert: the worm’s creators are by no means finished with us.

RC

If we keep crying Worm! will people stop listening to us?

Who could blame them? We sounded the alarm the last week in March but nothing happened. So we’re safe in assuming that nothing will happen, right?

Tell it to the people who stopped listening to that other alarmist. You know, the one who cried wolf.

It seems the programmers who created the Conficker worm have updated their weapon of doom and made it harder than ever to stop. We have this on the authority of John Markoff, who covers the Silicon Valley beat for the New York Times.

“Several of the groups monitoring the program,” Markoff reports, “said the most recent version, which began to appear Tuesday [April 7 2009], appeared to be targeted at improving a peer-to-peer communications system between computers that are infected and hardening the system by making infected machines more resistant to anti-virus software.”

RC

Conficker, presumably scheduled to awaken millions of infected zombie computers to perform some diabolical deed like launching missiles against Paraguay or stealing the $1.79 left in America’s treasury, failed to launch as hysteria mongers such as myself predicted.That could mean only one thing: we have no idea what it means. It may indeed have been an April Fools joke created by the same vast cabal of scientists that have brought us such patently false theories as evolution and global warming. Or it may be completely correct except for the date. Or the programmers entered a 1 when they meant to enter a 0 and the launch is postponed to April 2nd.

Or it could mean that I’m posting this blog too early in the day.

CAESAR [To the Soothsayer] The ides of March are come.
SOOTHSAYER Ay, Caesar; but not gone.

We are on far more certain ground with a report that somewhere in China, a den of genius geeks is plundering vital information from 1,295 government and business computers in the United States and 102 other countries, deploying a worm that has until now eluded the smartest – make that the second smartest – engineers in the known computerized world. This on the authority of Paul Harris writing in The Observer. In a recent story, Massive Chinese computer espionage network uncovered, Harris writes, “The network, dubbed GhostNet, appears to target embassies, media groups, NGOs, international organisations, government foreign ministries and the offices of the Dalai Lama, leader of the Tibetan exile movement. The researchers, based at Toronto University’s Munk Centre for International Studies, said their discovery had profound implications.”

Despite an arsenal of smoking guns pointing to China, its government has denied any official involvement. Nevertheless, Cambridge University researchers have tagged their report on GhostNet “Snooping Dragon.”

“This report serves as a wake-up call,” say researchers Ron Deibert and Rafal Rohozinski. “These are major disruptive capabilities that the professional information security community, as well as policymakers, need to come to terms with rapidly.” said researchers Ron Deibert and Rafal Rohozinski.

Indeed, China’s invasion of vital computers is far more ominous than a bucket of mischievous worms. That’s why analysts abandoned the term “phishing” as inadequate to describe the operation. Instead, they’ve dubbed it “whaling.”
RC

It’s a good idea to read every word of CNET editor Dong Ngo’s update on Conficker, the computer worm that professional worm-watchers speculate will be triggered on April 1. As that happens to be April Fools Day, some readers will not take these Doomsday prophesies seriously. Others have been downloading vermifuge patches like crazy. Sometime between midnight of March 31 and midnight of April 1 we will know. But we don’t know what we will know. It could be nothing, something, or Doomsday called on account of rain. After all, one possibility is that the virus’s designers got spooked and changed the day to, say, April 2. Or Memorial Day. Your guess is as good as Ngo’s.

His blog tells us succinctly everything experts have learned, and links are included to software that may help thwart the demon bug or at least keep it at bay while its mad scientist devisers regroup and restrategize. Here’s Ngo’s summary of the threat confronting us:

Conficker is a very sophisticated worm that took advantage of a security hole mentioned in this Microsoft bulletin. The hole affected all 32-bit and 64-bit Windows operating systems, even those with the latest service packs. The hole allowed the virus to infect the computer without any user interaction via the Internet, local network, or USB thumbdrives. Once infected, it stops the computer’s security services and Windows update service, and disables tools and software designed to remove it. The worm also allows the creator to remotely install other malicious codes on the infected computer.

Consequently, the worm is programed to update itself from domains it randomly generates. By April 1, the amount of domains the worm generates and infects to find updates could grow to 50,000 a day. The owner of the virus only needs to use one of these domains to host the update. This makes it virtually impossible for authorities to track the source of the update.

Microsoft has offered $250,000 as a reward for any information leading to an arrest. If you hanker for your reward, start by booking a flight to Beijing, as speculation has focused on China as the country of origin. It’s hard to understand what benefit there is to China, since it already owns our country. But perhaps there is more mischief to be done.

Do you have the Doomsday Worm? BKIS, a Vietnamese security firm that makes antivirus software, offers a simple way to find out. Dong Ngo writes:

First, make sure your computer is connected to the Internet by going to a Web site such as Google or CNET. Then, if your computer can also successfully go to the Web sites of Microsoft and known security companies, such as Symantec, McAfee, TrendMicro, Sophos, Panda, and you can also run Windows Update successfully, then your computer is clear from Conficker.

On the other hand, if the computer fails to do any of those, it’s likely that it has already been affected. In this case, try to follow these instructions to remove it, or use BKIS’ antivirus software that can be downloaded for free. As a last resort, you can also back up your data and install Windows from scratch, then immediately run Windows Update to install the latest security patches.

Hasta mañana. Or should I say, Hasta la vista, baby? If I don’t post a blog tomorrow, you’ll find me in my office, rocking back and forth, sucking my thumb, gazing numbly at the blue screen of death.

RC

What would happen if a worldwide computer pandemic erupted? It’s not too farfetched to liken it to the breakdown of the social order when the Black Death swept the civilization in the 14th century:

One citizen avoided another, hardly any neighbor troubled about others, relatives never or hardly ever visited each other. Moreover, such terror was struck into the hearts of men and women by this calamity, that brother abandoned brother, and the uncle his nephew, and the sister her brother, and very often the wife her husband. What is even worse and nearly incredible is that fathers and mothers refused to see and tend their children, as if they had not been theirs.

Just as the social fabric of trust was rent asunder by fear of contracting the plague, terror of contracting a fatal computer virus would cause us to shun emails from even the most trustworthy friends, family and business associates. Nor would we have any way of knowing if we could rely on any website no matter how reliable it claims to be. And of course, with paranoia running rampant, your own communications would be blocked as well.

If these dark thoughts sound familiar, it’s because you heard them in the days leading up to the end of the last millennium as doomsayers predicted the collapse of the Internet when the world’s clocks advanced from the 20th century to the 21st.

Luckily, nothing happened. Life, and the Web, went on.

Let’s hope that when the second hand crosses the 12 at the passage of March 31st to April 1st, things will be just as uneventful as Y2K-Plus-One-Second.

A number of malware watchers are worried we will be plunged into the technological Dark Ages, however. They are telling us about some evil geniuses who have produced a Worm called Conficker that has already burrowed into some 12 million computers and is set to unleash a plague of unprecedented ferocity using the multiplier effect of countless zombie computer hosts created inadvertently by folks like you and me when we obliviously click on links to interesting websites. What the actual effect will be, no one quite knows, but speculation has exercised the some of the best imaginations in the security field.

“One researcher, Stefan Savage, a computer scientist at the University of California at San Diego, has suggested the idea of a ‘Dark Google.’” writes John Markoff in the New York Times. “What if Conficker is intended to give the computer underworld the ability to search for data on all the infected computers around the globe and then sell the answers?”

On the other hand, you could wake up on April 1st with a popup message that says Ha-Ha! April Fool!

Patches have been created for the Microsoft OS, the vulnerable target of Conficker. But the creators of the Doomsday Worm have already reconfigured – or reConfickered – the program to possibly render these patches and other security software useless. You can and probably should run a backup on March 31st. But if your computer bears the plague the day before, it will bear it the day after.

Any other bright ideas?

Here’s hoping that the worst thing that happens to you April 1st is a hotfoot.

RC