I initially thought this was a fictional work. After getting into it a bit, I discovered that it was in fact non-fiction. But, it was still a good book. It details the ragtag bunch of security professionals that faught to prevent the Conficker worm from causing mass destruction. Microsoft had released a patch to fix a known vulnerability. This patch opened the door for Conficker to utilize that vulnerability to propagate in unpatched computer. It gradually accumulated a bot-net of millions of computers. Those computers used an ever-increasing list of random domains to "phone home" to get instructions. The "cabal" that was fighting the worm would buy up these domains in advance in an attempt to prevent the instructions from getting out (and to measure the worm's penetration.) The worm later outsmarted them and used peer-to-peer communications. In the end, they never discovered who created the worm. The botnet assembled was also not used for any major destructive action, being only used for a minor spamming operation. Through the process, the "cabal" members were mostly working on their own time, while the government was fairly oblivious.The will sometimes get a little flaky on the technical details. However, it does a great job of bringing out the personalities and producing a riveting narrative on what is mostly a bunch of people sitting around computer screens. It also helps to make clear how our internet and computer systems are at the same time both extremely fragile and robust.
No comments:
Post a Comment