"Unleash your creativity and unlock your potential with MsgBrains.Com - the innovative platform for nurturing your intellect." » » ,,Underground: Hacking, Madness, and Obsession on the Electronic Frontier'' by Suelette Dreyfus🌏🗺️

Add to favorite ,,Underground: Hacking, Madness, and Obsession on the Electronic Frontier'' by Suelette Dreyfus🌏🗺️

Select the language in which you want the text you are reading to be translated, then select the words you don't know with the cursor to get the translation above the selected word!




Go to page:
Text Size:

13. If a priv. account is found, the program is copied to that account and started. If no priv. account was found, it is copied to other accounts found on the random system.

14. As soon as it finishes with a system, it picks another random system and repeats (forever).

Response:

1. The following program will block the worm. Extract the following code and execute it. It will use minimal resources. It creates a process named NETW_BLOCK which will prevent the worm from running.

Editors note: This fix will work only with this version of the worm.

Mutated worms will require modification of this code; however, this program should prevent the worm from running long enough to secure your system from the worms attacks.13

—-

McMahon's version of an anti-WANK program was also ready to go by late Monday, but he would face delays getting it out to NASA. Working inside NASA was a balancing act, a delicate ballet demanding exquisite choreography between getting the job done, following official procedures and avoiding steps which might tread on senior bureaucrats' toes. It was several days before NASA's anti-WANK program was officially released.

DOE was not without its share of problems in launching the anti-WANK program and advisory across HEPNET. At 5.04 p.m. Pacific Coast Time on 17 October, as Oberman put the final touches on the last paragraph of his final report on the worm, the floor beneath his feet began to shake. The building was trembling. Kevin Oberman was in the middle of the 1989 San Francisco earthquake.

Measuring 7.1 on the Richter scale, the Loma Prieta earthquake ripped through the greater San Francisco area with savage speed. Inside the computer lab, Oberman braced himself for the worst. Once the shaking stopped and he ascertained the computer centre was still standing, he sat back down at his terminal. With the PA blaring warnings for all non-essential personnel to leave the building immediately, Oberman rushed off the last sentence of the report. He paused and then added a postscript saying that if the paragraph didn't make sense, it was because he was a little rattled by the large earthquake which had just hit Lawrence Livermore Labs. He pressed the key, sent out his final anti-WANK report and fled the building.

Back on the east coast, the SPAN office continued to help people calling from NASA sites which had been hit. The list of sites which had reported worm-related problems grew steadily during the week. Official estimates on the scope of the WANK worm attack were vague, but trade journals such as Network World and Computerworld quoted the space agency as suffering only a small number of successful worm invasions, perhaps 60 VMS-based computers. SPAN security manager Ron Tencati estimated only 20 successful worm penetrations in the NASA part of SPAN's network, but another internal estimate put the figure much higher: 250 to 300 machines. Each of those computers might have had 100 or more users. Figures were sketchy, but virtually everyone on the network—all 270000 computer accounts—had been affected by the worm, either because their part of the network had been pulled off-line or because their machines had been harassed by the WANK worm as it tried again and again to login from an infected machine. By the end of the worm attack, the SPAN office had accumulated a list of affected sites which ran over two columns on several computer screens. Each of them had lodged some form of complaint about the worm.

Also by the end of the crisis, NASA and DOE computer network managers had their choice of vaccines, antidotes and blood tests for the WANK worm. McMahon had released ANTIWANK.COM, a program which killed the worm and vaccinated a system against further attacks, and WORM-INFO.TEXT, which provided a list of worm-infestation symptoms. Oberman's program, called [.SECURITY]CHECK_SYSTEM.COM, checked for all the security flaws used by the worm to sneak into a computer system. DEC also had a patch to cover the security hole in the DECNET account.

Whatever the real number of infected machines, the worm had certainly

circumnavigated the globe. It had reach into European sites, such as

CERN—formerly known as the European Centre for Nuclear Research—in

Switzerland, through to Goddard's computers in Maryland, on to

Fermilab in Chicago and propelled itself across the Pacific into the

Riken Accelerator Facility in Japan.14

NASA officials told the media they believed the worm had been launched about 4.30 a.m. on Monday, 16 October.15 They also believed it had originated in Europe, possibly in France.

Wednesday, 18 October 1989

Kennedy Space Center, Florida

The five-member Atlantis had some bad news on Wednesday morning. The weather forecasters gave the launch site a 40 per cent chance of launch guideline-violating rain and cloud. And then there was the earthquake in California.

The Kennedy Space Center wasn't the only place which had to be in tip-top working order for a launch to go ahead. The launch depended on many sites far away from Florida. These included Edwards Air Force Base in California, where the shuttle was due to land on Monday. They also included other sites, often military bases, which were essential for shuttle tracking and other mission support. One of these sites was a tracking station at Onizuka Air Force Base at Sunnyvale, California. The earthquake which ripped through the Bay area had damaged the tracking station and senior NASA decision-makers planned to meet on Wednesday morning to consider the Sunnyvale situation. Still, the space agency maintained a calm, cool exterior. Regardless of the technical problems, the court challenges and the protesters, the whimsical weather, the natural disasters, and the WANK worm, NASA was still in control of the situation.

`There's been some damage, but we don't know how much. The sense I get is it's fairly positive,' a NASA spokesman told UPI. `But there are some problems.'16 In Washington, Pentagon spokesman Rick Oborn reassured the public again, `They are going to be able to handle shuttle tracking and support for the mission … They will be able to do their job'.17

Atlantis waited, ready to go, at launchpad 39B. The technicians had filled the shuttle up with rocket fuel and it looked as if the weather might hold. It was partly cloudy, but conditions at Kennedy passed muster.

The astronauts boarded the shuttle. Everything was in place.

But while the weather was acceptable in Florida, it was causing some problems in Africa, the site of an emergency landing location. If it wasn't one thing, it was another. NASA ordered a four-minute delay.

Finally at 12.54 p.m., Atlantis boomed from its launchpad. Rising up from the Kennedy Center, streaking a trail of twin flames from its huge solid-fuel boosters, the shuttle reached above the atmosphere and into space.

At 7.15 p.m., exactly 6 hours and 21 minutes after lift-off, Galileo began its solo journey into space. And at 8.15 p.m., Galileo's booster ignited.

Inside shuttle mission control, NASA spokesman Brian Welch announced,

`The spacecraft Galileo … has achieved Earth escape velocity'.18

Monday, 30 October 1989

NASA's Goddard Space Flight Center, Greenbelt, Maryland

The week starting 16 October had been a long one for the SPAN team. They were keeping twelve-hour days and dealing with hysterical people all day long. Still, they managed to get copies of anti-WANK out, despite the limitations of the dated SPAN records and the paucity of good logs allowing them to retrace the worm's path. `What we learned that week was just how much data is not collected,' McMahon observed.

By Friday, 20 October, there were no new reports of worm attacks. It looked as though the crisis had passed. Things could be tidied up by the rest of the SPAN team and McMahon returned to his own work.

A week passed. All the while, though, McMahon was on edge. He doubted that someone who had gone to all that trouble of creating the WANK worm would let his baby be exterminated so quickly. The decoy-duck strategy only worked as long as the worm kept the same process name, and as long as it was programmed not to activate itself on systems which were already infected. Change the process name, or teach the worm to not to suicide, and the SPAN team would face another, larger problem. John McMahon had an instinct about the worm; it might just be back.

His instinct was right.

The following Monday, McMahon received another phone call from the

SPAN project office. When he poked his head in his boss's office,

Jerome Bennett looked up from his desk.

`The thing is back,' McMahon told him. There was no need to explain what `the thing' was. `I'm going over to the SPAN office.'

Ron Tencati and Todd Butler had a copy of the new WANK worm ready for McMahon. This version of the worm was far more virulent. It copied itself more effectively and therefore moved through the network much faster. The revised worm's penetration rate was much higher—more than four times greater than the version of WANK released in the first attack. The phone was ringing off the hook again. John took a call from one irate manager who launched into a tirade. `I ran your anti-WANK program, followed your instructions to the letter, and look what happened!'

The worm had changed its process name. It was also designed to hunt down and kill the decoy-duck program. In fact, the SPAN network was going to turn into a rather bloody battlefield. This worm didn't just kill the decoy, it also killed any other copy of the WANK worm. Even if McMahon changed the process name used by his program, the decoy-duck strategy was not going to work any longer.

There were other disturbing improvements to the new version of the WANK worm. Preliminary information suggested it changed the password on any account it got into. This was a problem. But not nearly as big a problem as if the passwords it changed were for the only privileged accounts on the system. The new worm was capable of locking a system manager out of his or her own system.

Prevented from getting into his own account, the computer manager might try borrowing the account of an average user, call him Edwin. Unfortunately, Edwin's account probably only had low-level privileges. Even in the hands of a skilful computer manager, the powers granted to Edwin's account were likely too limited to eradicate the worm from its newly elevated status as computer manager. The manager might spend his whole morning matching wits with the worm from the disadvantaged position of a normal user's account. At some point he would have to make the tough decision of last resort: turn the entire computer system off.

The manager would have to conduct a forced reboot of the machine. Take it down, then bring it back up on minimum configuration. Break back into it. Fix the password which the worm had changed. Logout. Reset some variables. Reboot the machine again. Close up any underlying security holes left behind by the worm. Change any passwords which matched users' names. A cold start of a large VMS machine took time. All the while, the astronomers, physicists and engineers who worked in this NASA office wouldn't be able to work on their computers.

At least the SPAN team was better prepared for the worm this time. They had braced themselves psychologically for a possible return attack. Contact information for the network had been updated. And the general DECNET internet community was aware of the worm and was lending a hand wherever possible.

Help came from a system manager in France, a country which seemed to be of special interest to the worm's author. The manager, Bernard Perrot of Institut de Physique Nucleaire in Orsay, had obtained a copy of the worm, inspected it and took special notice of the creature's poor error checking ability. This was the worm's true Achilles' heel.

The worm was trained to go after the RIGHTSLIST database, the list of all the people who have accounts on the computer. What if someone moved the database by renaming it and put a dummy database in its place? The worm would, in theory, go after the dummy, which could be designed with a hidden bomb. When the worm sniffed out the dummy, and latched onto it, the creature would explode and die. If it worked, the SPAN team would not have to depend on the worm killing itself, as they had during the first invasion. They would have the satisfaction of destroying the thing themselves.

Ron Tencati procured a copy of the French manager's worm-killing program and gave it to McMahon, who set up a sort of mini-laboratory experiment. He cut the worm into pieces and extracted the relevant bits. This allowed him to test the French worm-killing program with little risk of the worm escaping and doing damage. The French program worked wonderfully. Out it went. The second version of the worm was so much more virulent, getting it out of SPAN was going to take considerably longer than the first time around. Finally, almost two weeks after the second onslaught, the WANK worm had been eradicated from SPAN.

Are sens
Add a quote