It uses an encryption code so sophisticated that only a very few people could have deployed it.
I have a hard time believing that. Sophisticated and effective encryption techniques are well-documented. There are thousands of bored teenagers who could write malware that uses sophisticated encryption. Successfully spreading over the whole Internet while being unobtrusive enough to not be noticed by most victims is, perhaps more impressive.
It's layman writing. The worm uses RSA and RC4. SHA1 or MD6 as a hash. Designing these would obviously take a very skilled cryptographer (actually many, many cryptographers). Implementing it just requires a smart programmer who knows a decent amount about cryptography.
Eh, not really. If you were talking about a fully defined cryptographic protocol like SSL I would say you were right, but if you're talking about actual cryptographic implementation I would say that it requires a little more knowledge.
See tptacek's post about "Typing the letter's A-E-S'" into your code and cperciva's many post about improper use of secure cryptography.
A yield to no man in the gravity and intensity of my fanboyish appreciation for Mark Bowden's writing, but this article is so. bad. Not just in the details, which, come on it's a lay piece in The Atlantic, but in its warped conclusions.
If the right order were given, and all these computers worked together in one concerted effort, a botnet with that much computing power could crack many codes, break into and plunder just about any protected database in the world [...]
"Just about any protected database". Ow, my brain!
It pits the cleverest attackers in the world, the bad guys, against the cleverest defenders in the world, the good guys (who have been dubbed the “Conficker Cabal”).
The best in the world! On both sides! My precious brain!
It exploited a specific hole, Port 445, in the Microsoft operating systems, a vulnerability that the manufacturer had tried to repair just weeks earlier. Ports are designated “listening” points in a system, designed to transmit and receive particular kinds of data. There are many of them, more than 65,000, because an operating system consists of layer upon layer of functions.
So that's how it got in! There are too many ports!
If everyone applied the new patches promptly, Windows would be nigh impregnable.
%y b$&tifu111 br4in ow it burns.
Conficker had an answer for that. Instead of using the infected computer’s clock, the worm set its schedule by the time on popular corporate home pages, like Yahoo, Google, or Microsoft’s own msn.com.
“That was interesting,” Ligh said. “There was no way we could turn the clock forward on Google’s home page.
MAKE IT STOP.
"All of this was impressive—but something else stopped researchers cold..."
No, Mark. Please. Don't go here...
So when the new version of Conficker appeared, and its new method of encrypting its communication employed MD-6, Rivest’s proposal* for SHA-3, the cabal’s collective mind was blown.*
Needless to say, this is a very arcane game. The entries are comprehensible to very few people. According to Rodney Joffe, “Unless you’re a subject-matter expert actively involved in crypto-algorithms, you didn’t even know that MD-6 existed. It wasn’t like it was put in The New York Times.”
WHY, MARK, WHY! I BUY ALL YOUR BOOKS. MY BUGS! My Bugs! My bugs! my bugs! my b&gz! m&4nc bugs...
The only thing that is good about this piece is the clear-eyed description of how worms infect computers and how hard it is to detect and clean them out. Unfortunately, Bowden wrote those grafs using a Star Trek metaphor, which in a technology piece is the stylistic equivalent of serving mashed potatoes topped with risotto.
The rest is horrible. What's special about Conficker? Probably not that it's especially clever; no, what seems to have thrown everyone for a loop is the fact that while it spreads aggressively, it does little afterwards to piss people off and provoke an immediate response. That's its contribution to the state of the art.
MD-6 is so important that it deserves a subhed? What? The first piece of crypto every hacker comes into contact with is MD5. The trials and tribulations of MD5 are legendary. The MD6 sample code was right there on the Internet. Just like the people who used "reverse-engineered" RC4 in their sniffers in 1995, this is nothing but a vanity feather in the worm author's cap.
What could you do with crypto to impress an analyst skilled in the art?
* You could have taken a well-known strong algorithm and jumbled the constants slightly to create an unpredictable but strong variant.
* You could have implemented an algorithm that was published only in papers and only in diagrams and equations.
* You could invent your own algorithm and have it at least come close to holding its own against the state of the art.
The notion that Conficker is one of the most important things happening in security is very likely not going to stand up to hindsight years from now. The "best and brightest" are not killing themselves figuring out the Conficker problem. That may be a mistake, but the conventional wisdom as I perceive it is that Conficker will eventually blow up to be someone else's very painful operations problem that we read about in The Register and promptly forget about.
Should we assume this is a question of venality? What if it is being controlled by a foreign superpower with no qualms about conducting cyber-intelligence gathering or disruption?
If we want to think very bad of the bad guys, it scares me to think to the Joker in "The Dark Knight" and a quote from Alfred: some people just want to see the whole world burn.
It's quite extreme and it is questionable that people so smart are looking for something like this, but it often surprise and scares me to what extent humans are able to go.
I surely hope that ultimate disruption is not the plan behind Conficker.
I have a hard time believing that. Sophisticated and effective encryption techniques are well-documented. There are thousands of bored teenagers who could write malware that uses sophisticated encryption. Successfully spreading over the whole Internet while being unobtrusive enough to not be noticed by most victims is, perhaps more impressive.