Conficker in control May 15, 2010 7:10 AMSubscribe
A botnet with 6 to 12 million computers, employing the world's most sophisticated encryption and peer to peer communication lies waiting, but for what?When the Conficker computer “worm” was unleashed on the world in November 2008, cyber-security experts didn’t know what to make of it. It infiltrated millions of computers around the globe. It constantly checks in with its unknown creators. It uses an encryption code so sophisticated that only a very few people could have deployed it. For the first time ever, the cyber-security elites of the world have joined forces in a high-tech game of cops and robbers, trying to find Conficker’s creators and defeat them. The cops are failing. And now the worm lies there, waiting … [via Postroad's rich linkdump: Goodsh*t (nsfw)] The basis for the highest-level modern ciphers is a public-key encryption method invented in 1977 by three researchers at MIT: Ron Rivest (the primary author), Adi Shamir, and Leonard Adleman. In the more than 30 years since it was devised, the method has been improved several times. The National Institute of Standards and Technology sets the Federal Information Processing Standard, which defines the cryptography algorithms that government agencies must use to protect communications. Because it is the most sophisticated oversight effort of its kind, the standard is determined by an international competition among the world’s top cryptologists, with the winning entry becoming by default the worldwide standard. The current highest-level standard is labeled SHA-2 (Secure Hash Algorithm–2). Both this and the first SHA standard are versions of Rivest’s method. The international competition to upgrade SHA-2 has been under way for several years and is tentatively scheduled to conclude in 2013, at which point the new standard will become SHA-3.
Rivest’s proposal for the new standard, MD-6 (Message Digest–6), was submitted in the fall of 2008, about a month before Conficker first appeared, and began undergoing rigorous peer review—the very small community of high-level cryptographers worldwide began testing it for flaws.
Needless to say, this is a very arcane game. The entries are comprehensible to very few people. According to Rodney Joffe, “Unless you’re a subject-matter expert actively involved in crypto-algorithms, you didn’t even know that MD-6 existed. It wasn’t like it was put in The New York Times.”
So when the new version of Conficker appeared, and its new method of encrypting its communication employed MD-6, Rivest’s proposal for SHA-3, the cabal’s collective mind was blown.
“It was clear that these guys were not your average high-school kids or hackers or predominantly lazy,” Joffe told me. “They were making use of some very, very sophisticated techniques.
“Not only are we not dealing with amateurs, we are possibly dealing with people who are superior to all of our skills in crypto,” he said. “If there’s a surgeon out there who’s the world’s foremost expert on treating retinitis pigmentosa, he doesn’t do bunions. The guy who is the world expert on bunions—and, let’s say, bunions on the third digit of Anglo-American males between the ages of 35 and 40, that are different than anything else—he doesn’t do surgery for retinitis pigmentosa. The knowledge it took to employ Rivest’s proposal for SHA-3 demonstrated a similarly high level of specialization. We found an equivalent of three or four of those in the code—different parts of it.
“Take Windows,” he explained. “The understanding of Windows’ operating system, and how it worked in the kernel, needed that kind of a domain expert, and they had that kind of ability there. And we realized as a community that we were not dealing with something normal. We’re dealing with one of two things: either we’re dealing with incredibly sophisticated cyber criminals, or we’re dealing with a group that was funded by a nation-state. Because this wasn’t the kind of team that you could just assemble by getting your five buddies who play Xbox 360 and saying, ‘Let’s all work together and see what we can do.’”