Moore's Outlaws

Cyber attacks are increasing exponentially. Here's what recent episodes can teach us about thwarting cyber crime, espionage, and warfare.

By David Talbot

Eugene Kaspersky, CEO of the Russian antivirus company Kaspersky Lab, admits it crossed his mind last year that he might die in a plane crash caused by a cyber attack. Kaspersky is a man of eclectic tastes and boyish humor; when we met in his office on the outskirts of Moscow, he was munching a snack of sweetened, freeze-dried whole baby crabs from Japan, and at one point he showed me a pair of men's undergarments, bought on a Moscow street, that had been stamped "Protected by Kaspersky Anti-Virus." But he grew quite serious when the subject turned to the days leading up to April 1, 2009.

That was the date a virulent computer worm called Conficker was expected to receive an update from its unknown creator--but nobody knew to what end. A tweak to Conficker's code might cause the three million or so machines in its army of enslaved computers, called a botnet, to start attacking the servers of some company or government network, vomit out billions of pieces of spam, or just improve the worm's own ability to propagate. "It's like if you have a one million army of real soldiers. What can you do?" ­Kaspersky asked rhetorically. "Anything you want." He let that sink in for a moment. "We were waiting for April 1--for something. I checked my travel schedule to make sure I didn't have any flight. We had no idea about this functionality. Security officials were really nervous." In the end? "Nothing happened. Whew! Whew!" Kaspersky cried out. He crossed himself, clasped his hands in a prayerlike pose, and gazed toward the ceiling.

The unknowns about Conficker in the spring of 2009 (the infection remains widespread but, so far, inactive) reflect larger unknowns about just how bad cyber security will get (see Briefing). The trends aren't promising: tour Kaspersky's labs--or those of any computer security company or research outpost--and you quickly learn that malware is tougher to detect, spam delivery faster, and attacks growing in number and financial impact (see "The Rise in Global Cyber Threats" see slideshow). Security

experts and attackers are locked in a kind of arms race. In Kaspersky's case, his engineers and cryptographers do everything from seeking faster automated virus-detection methods to trolling Russian-language hacker blogs for clues about what's coming.

Ingenious solutions are multiplying, but the attacks are multiplying faster still. And this year's revelations of China-based attacks against corporate and political targets, including Google and the Dalai Lama, suggest that sophisticated electronic espionage is expanding as well. "What we've been seeing, over the last decade or so, is that Moore's Law is working more for the bad guys than the good guys," says Stewart Baker, the former general counsel of the National Security Agency and a former policy chief at the U.S. Department of Homeland Security, referring to the prediction that integrated circuits will double in transistor capacity about every two years. "It's really 'Moore's outlaws' who are winning this fight. Code is more complex, and that means more opportunity to exploit the code. There is more money to be made in exploiting the code, and that means there are more and more sophisticated people looking to exploit vulnerabilities.

Read more at Technology Review