Gazing into the techno-future can be fun. We all dream of utopias involving benign robots, food for all and fusion power that is free, safe and unlimited, but then there are the cacotopias too – nightmare visions of malevolent machines that turn on mankind. It has been usual to suppose that the two-pronged threat to our liberty and our privacy would emanate from big business and government, from untrammelled corporate and bureaucratic greed, stupidity and wickedness. But let me paint another scenario…
I expect all of you have heard of the risks posed by the various forms of attack code that go under names like virus, Trojan horse, worm, malware and so on. These are little bits of clandestine code that your computer picks up, usually through email attachments, designed to infect the host (your PC), raid its address books, send out copies of themselves to all your friends and contacts and then either spitefully screw with your operating system, rendering it inoperative or, more likely these days, record your keyboard input and send back to the malicious code’s originator a log of such keystrokes which can be used to determine your passwords, credit card numbers and other sensitive data. Well, such attacks have been well enough publicised, and companies like Symantec, Norton and McAfee have grown up, offering self-updating protection against these horrors; Microsoft, whose Windows operating system has been the victim of 99.9% of all such attacks, stuffs newer and newer wads of digital kitchen towel into the holes in its leaky old system and has now brought out a new one, Vista, which is so front-ended with dialogue boxes and “are you sures?” that it’s safer, but maddening to use. A nuisance, but many of us live in burglar –alarmed houses and work in swipe-card protected offices: we cope with it. Panic over. Virus scare stories are a thing of the past.
But, and here I finally come to my nightmare scenario, imagine malicious code written by cunning, ruthless criminals from … oh, Russia let’s say, that could turn your computer into a kind of slave machine, a zombie PC which can connect with other zombie PCs to create a whole network of robot computers which would grow almost exponentially in power and bandwidth. Such a robot network, or ‘botnet’, would soon overtake all the supercomputers on earth in might and reach. Let us further imagine that this botnet learned to defend itself against the security forces by moving the location of its command and control centres so fast and so randomly that the head could never be cut off. Let us even further imagine that the criminal masterminds in charge of this colossal entity divided it up into sections which could be sold, leased or rented to other criminals (along with instructions for use) who could use it for spamming, share scamming, phishing, identity theft, fraud, DDoS and any other kind of lucrative enterprise they chose. The fiendish nature of the code would mean infected PC’s wouldn’t freeze or slow down noticeably, so individual computer users like you and me would have no idea that we were enslaved players in this vast criminal conspiracy, the transmission routes would change literally daily from porn sites to cheerful links or witty birthday cards and friendly pointers to interesting blog pages – anything. Those profiting would be almost impossible to catch and the entity itself, the botnet, would grow and refine itself until it became the very stuff of science fiction: the neural nets of William Gibson, Skynet in The Terminator films, the Borg collective in Star Trek, you know the genre.
We must do something surely, to stop this hellish vision from turning into a hellish reality before it’s too late? Well, my (not very surprising) kick in the teeth is this. It is already too late. Such botnets exist and one of them, the Storm botnet, has grown so fast, so terrifyingly and so cunningly, that in the last eight months it has overtaken all the others. Storm is an amalgam of millions (no one knows quite how many) of slave PCs. It sends out billions of spam messages, stock market scam mails and appears to be behind many examples of what are known as Distributed Denial of Service attacks, which for reasons of malice, politics or criminal extortion close down or threaten to close down legitimate servers by flooding them with more data traffic than they can handle. Using sci-fi sounding techniques like Fast Flux, Storm evades capture and surveillance and recent evidence leads those who know about these things to conclude that parts of it have indeed been leased or sold as ‘botkits’ to less technically savvy criminals. And yes, all the evidence points to clever young Russians coding away for big money: one nerdski will write the backdoor code in isolation from others who will be writing code for the keylogging software and the address book lifter and so on.