Bryan Kocher
Communications of the ACM, Volume 32 Number 1, pp.3,6
ISSN 0001-0782
January 1989
Download PDF (212.17Kb) (You need to be registered on forum)president's letter
On November 2nd, 1988, an electronic epidemic was started that infected many of the UNIX computers attached to Internet. There are two interesting aspectsto this epidemic. One is that the attacking "virus" was non-destructive; it did not destroy files or processesin progress. The other is that the alleged perpetrator of the epidemic is the son of the chief scientist at the National Computer Security Center of the National Security Agency (NSA). I believe that after many years of fruitless admonitions by the NSA, a way has finally been found to focus serious attention on systems security, i.e., hygiene.
The germ causing this epidemic was quite different from the "viruses" previously encountered in the PC world. The PC "viruses" have two common traits. First, to serve their purpose they must be malicious. PC "viruses" are electronic pranks. The originator of the prank wants the victims to know they've been had. Many PC users, however, aren't too sophisticated. They might not notice that their machine is running slow, or the disk is always full, etc., so the prankster does something that anyone would recognize as abnormal. The "virus" erasesall their files! Just to make sure that the prank is noticed, the "virus" usually puts a messageon the screen explaining what just happened. Second, the victim must do things to help the "virus" spread. The victim gets the virus by downloading software not certified to be safe from an electronic bulletin board or by exchange with another victim. The parallels between contracting a PC "virus" and a sexually transmitted disease are painfully obvious.
The November UNIX epidemic was different from the PC "viruses." It did not damage any of the hundreds of machines infected. It did nothing to announce its presence. Obviously, the perpetrator assumed that the infected systems' owners would realize they had been pranked. More importantly, the prankster apparently wanted the Internet community to realize that truly dangerous infections would not announce their presence. Most of the Internet systems are part of professionally managed systems installations. A PC-like "virus" could only destroy data created since the last system backup. At most installations, that means one day's to one week's work could be lost. That is not a big loss compared to the PC users who almost never make backups and would lose everything. A destructive prank wouldn't be catastrophic on Internet.
Internet, however, does contain lots of data that the government would like to label as "unclassified but sensitive." A really destructive "virus" would spread itself slowly and quietly throughout Internet, collecting and collating data from the entire network until worthwhile intelligence materials were developed. This would be an automated version of the "Wily Hacker" exposed in the May issue of this magazine. In fact, there is no assurance that such an electronic "mole" is not already in place.
Potential invaders of UNIX networks must be heartened to note how easily and frequently security can be breached through Internet. The Lawrence Berkeley Laboratory was vulnerable to the Wily Hacker until mid-1987, yet the Lab's organizational cousin, Lawrence Livermore, a nuclear weapons facility, admitted to ten invasions in one recent week. It seemsthat the Wily Hacker episode has not convinced many people to strengthen their security sufficiently to preclude successful viral attacks.
The UNIX epidemic is like any other epidemic disease. It won't go away until the conditions that allow it to flourish are changed to prevent further infection. Cholera is a classic example of epidemic disease. First identified in Calcutta, India in 1817, it reached Britain in 1829 and killed over 22,000 people within two years. Hundreds of thousands died over the next 30 years. Once germ theory was understood and the contamination of drinking water by sewage shown to be the cause of cholera, the epidemic could be controlled. The city of London constructed 1,300 miles of sewers (built by hand with 318 million bricks) to carry 420 million gallons of effluent per day out to sea.Public health laws were passedrequiring that drinking water be piped from certified safe sources. Other public health legislation has been added over the years and Britain has become safe from most epidemic diseases.
Just as in human society, hygiene is critical to preventing the spread of disease in computer systems. Preventing disease requires setting and maintaining high standards of sanitation throughout society, from simple personal precautions (like washing your hands or not letting anyone know your password), to large investments (like water and sewage treatment plants or reliably tested and certified secure systems).
Standalone systems, like hermits, almost never get sick. They never come in contact with germs that they haven't already beaten. However, if we are to become a networked society, we must treat computer diseases as a real threat to that society. We must heed the public health warnings from NSA, practice personal systems hygiene, adhere to sanitary standards, and support the development of secure systems to keep the germs out. Electronic epidemics should be like cholera epidemics-something you only read about in history books.