Information Warfare: Turning Plowshares Into Swords


December 26, 2007: Computer network security personnel are encountering more and more ugly surprises when they take apart the hacker programs that are planted in PCs. These hacker "payloads" have become much more powerful over the last few years. Much like the AI (Artificial Intelligence) in computer games has become more realistic, so have the tools hackers build into their payloads. The most powerful of these new payloads still concentrate on the key objectives of their kind; don't get caught, and steal something useful. But now they do so with much more powerful tools.

The defensive abilities have multiplied to include the ability to detect the anti-virus defenses of the PC they have infected, and a wide range of tools to defeat anti-virus software. A few years back, a clever payload would simply shut off the anti-virus, but today, top-grade payloads modify the anti-virus system so that the user thinks the PC is still protected, when it isn't.

Payloads, which are usually less than 50,000 characters of code, quickly establish communication with their owner, and receive additional tools as needed. This would include additional analysis tools, to get a better idea of what the infected PC has to offer the hacker. The analysis proceeds in several stages, and if it looks like a very valuable find, human hackers will intervene to supervise the looting.

The new payloads also have a combat capability, and can literally order up an attack on PCs, usually servers, responsible for looking out for hacker attacks. The attacks are usually in the form of a DDOS (shutting down a server with a huge flood of bogus control messages) attack, but more subtle assaults are now being seen as well.

The new payloads also know when to shut down an attack against a PC that is too strongly defended. Better to get out undetected, and return later with better tools, than to be discovered (and alert the human operators to a vulnerability). The new payloads will also reject (not infect) PCs that are identified as likely to run into communications problems, or subject to regular security checks. The hackers are keeping lists of IP addresses (the unique address every PC on the Internet must have) of PCs that are known to be not worth the effort to attack.

While most of these super-payloads are being used for stealing money or salable information from individuals or companies, these tools can also be turned into military weapons. This is nothing new. Throughout history, tools have often been turned into weapons. But in the case of Cyber War, the best weapons, so far, tend to be the tools of criminal gangs looting via the Internet.




Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close