Viruses, Malware and Hacking… Oh My!!
Some months ago I read Countdown to Zero Day by Kim Zetter. This book and how much I enjoyed reading it shows just how much of a computer geek I am. I have used and programmed computers since I was eight years old. When I was a teenager I started to become interested in viruses and hacking. I toyed with the work a little bit and in my final year of undergrad completed some research on exploiting the Internet’s BGP protocol that lead to a published conference paper. I always found myself occupied with other endeavors and never fully focused my attentions to computer security. However, to this day, I still enjoy reading about virus deconstruction and the latest hack. So, I was very happy when the local library got a copy of Countdown to Zero Day.
The book is about the Stuxnet worm and its effects on Iran’s nuclear aspirations. Kim Zetter wrote many of the news articles about Stuxnet for Wired magazine, so she had very good knowledge of the developments that brought it to world’s attention. The book also went beyond the technical details of Stuxnet spending time discussing Iran’s nuclear weapons development program, the history of viruses and worms, zero-day exploits and the marketplaces for these exploits to both governments and the hacker underground, as well as the history of cyber-warfare.
Stuxnet had an early reveal by a small Eastern European computer security consulting company. From there it gained the attention of Russia’s Kaspersky Labs and the United States’ Symantec Corporation. In my opinion, Kaspersky took some undeserved flack for its work in disclosing details of the worm. Those making that argument often have to throw in the fact that its founder, Kaspersky, was a former member of the KGB. I think if roles were reversed, and Symantec was analyzing viruses from Russia or, more likely, China, I imagine nationalists from those companies would argue about Symantec’s impartiality as well.
Putting that aside, the analysis from both companies strongly shows that the Stuxnet came from intelligence agencies from the US and Israel. It went through numerous revisions and modifications in attempt to evade detection and more effectively work against the systems it was targeting. Kaspersky’s analysis was published in a white paper and really shows the skill and effort that went into crafting this piece of malware. So, if you are into technological porn, this book is a very good read.
Add new comment