Malicious engineering

Quivering there in the shadows of an axed registry, lying low, this little app has to hide itself, feed itself, load itself, talk to its owners behind your back and pretend to be YOU whenever you visit the bank. The rest of the time it stealthily marks the passage of opportunity, with phone-home events from the heated insides of your ‘puter…

Outsider

All around, there is the incessant chatter of other bits of code having a rollocking good time; luxuriating in the plentiful resources thrown at them, basking in the glorious warmth of the user’s attention… seeking mouse clicks and keystrokes and well, what must be ‘love’ to a software app.

What it must think of these other apps. They must seem like fools in comparison: so many cpu cycles they don’t even know what to do with ’em. Glossy dialogs inviting interaction and kosher requests for things that actually exist.

But what the hey. These other apps instil confidence in the end-user, don’t they? Their norms and familiarities are a useful backdrop for what’s about to be played out. It’s all good for  business…

A craft by any other name

You know, software engineering is no longer (was never?) the sole province of kind-hearted souls with nothing but constructive things to do all day. Selection pressure swings its giant reaper through netspace everyday, and the apps that have to do most of the bobbing and weaving to stay ahead are the malware and crimeware apps. They evolve in lock-step with our implementations of cyber-security. Unsurprisingly then, there are people designing and ARCHITECTING the take-down of your machine for financial gain. And though we may not like to say it, such people are software engineers in their own right.

As the entrails of this little beastie will attest, engineering crimeware is no mean feat (when was the last time you wrote anything this determined? Yeah, I thought so).

I mean, this thing had its Anorak on, hood up; prowling the unlit corridors of svchost.exe on many a compromised machine… till Finjan came along and ripped off the cover.

Dissecting a piece of crimeware like this must feel like staring into a software engineering mirrorworld, and it’s hard to be apalled (even if you’re determined to be) when you get a glimpse through the looking-glass. Familiar algorithms and business logic, but pointed at the spaces in-between things. Cleaving apart interfaces and squirreling through.

Of course, the infrastructure of the web makes all of this so easy. The humble http protocol, the quintessence of simplicity in web comms, is easily subverted to serve any of our myriad agendas, good or bad. For each crimeware app in the field it is a simple matter to ferry forth all the gory details of the host computer and its soon-to-be-out-of-pocket owner. It is mainly the small matter of doing this undetected and, failing that, unintelligibly (to entities outside the crime ring) that introduces the need for a properly architected solution.

Cracking good business intelligence

An even more interesting development in cybercrime is that cybercriminals now look for the same kind of business metrics and intelligence tools that a regular operation would resort to. So they have built for themselves all manner of dashboards and charting applications that track the progress of their infiltrations, the yields and losses from each, and so on. (Makes me think of episodes from The Wire – prolly one of the finest television series ever made, incidentally – when Stringer Bell went to business school and started to believe he was a business man instead of a regular O.G.)

Cybergangs are able to gather a fairly rich crop of information about their global exploits. Information which allows them to implement strategies that are even more effective next time round. Sometimes I do wonder if they didn’t invent tracking and analytics and simply let the rest of us think *we* did.

Final thoughts

I think that this particular pattern of co-evolution will push the issue of a striated internet, which not many people talk about… but I believe it to be a strong possibility. It will just get to a point where the haves will piss off and instantiate their own nets, albeit on the same infrastructure, and the rest of us will have to wade through the security-vs-scam/spam dogfights to get anything done.

Leave a Reply

Your email address will not be published. Required fields are marked *