Computer network security personnel are
encountering more and more ugly surprises when they take apart the hacker
programs that are planted in PCs. These hacker "payloads" have become much more
powerful over the last few years. Much like the AI (Artificial Intelligence) in
computer games has become more realistic, so have the tools hackers build into
their payloads. The most powerful of these new payloads still concentrate on
the key objectives of their kind; don't
get caught, and steal something useful. But now they do so with much more
The defensive abilities have multiplied
to include the ability to detect the anti-virus defenses of the PC they have
infected, and a wide range of tools to defeat anti-virus software. A few years
back, a clever payload would simply shut off the anti-virus, but today,
top-grade payloads modify the anti-virus system so that the user thinks the PC
is still protected, when it isn't.
Payloads, which are usually less than
50,000 characters of code, quickly establish communication with their owner,
and receive additional tools as needed. This would include additional analysis
tools, to get a better idea of what the infected PC has to offer the hacker.
The analysis proceeds in several stages, and if it looks like a very valuable
find, human hackers will intervene to supervise the looting.
The new payloads also have a combat
capability, and can literally order up an attack on PCs, usually servers,
responsible for looking out for hacker attacks. The attacks are usually in the
form of a DDOS (shutting down a server with a huge flood of bogus control
messages) attack, but more subtle assaults are now being seen as well.
The new payloads also know when to shut
down an attack against a PC that is too strongly defended. Better to get out
undetected, and return later with better tools, than to be discovered (and
alert the human operators to a vulnerability). The new payloads will also
reject (not infect) PCs that are identified as likely to run into
communications problems, or subject to regular security checks. The hackers are
keeping lists of IP addresses (the unique address every PC on the Internet must
have) of PCs that are known to be not worth the
effort to attack.
While most of these super-payloads are
being used for stealing money or salable information from individuals or
companies, these tools can also be turned into military weapons. This is
nothing new. Throughout history, tools have often been turned into weapons. But
in the case of Cyber War, the best weapons, so far, tend to be the tools of
criminal gangs looting via the Internet.