Sandworm

In recent years there's been a groundswell in studies of the ecology of hidden things -- soil biota, genomics, cell biology, the human biome. All thanks to new tools, which is to say computers. Along those lines, I just spent some time digging into two very different books, both of them big on hidden ecosystems. One is a classic work of science fiction and the other is a new work of non-fiction.

Both feature worms, shaping worlds in powerful and mysterious ways.

One is Frank Herbert's 1965 classic, Dune, which I'm rereading in anticipation of Denis Villeneuve's star-studded movie coming out later this year. The other, by tech writer Andy Greenberg, is a scarily relevant look inside the Russian hacker group known to westerners as Sandworm, which for years has been wreaking havoc all around the globe (Greenberg, a staffer at Wired magazine, also wrote This Machine Kills Secrets, a sort of cypherpunk prelude to Sandworm).


I'm far from a computer whiz, and have no first-hand knowledge of the dark side of the net. I have, however, been fascinated by hidden computer ecologies dating to articles I read about whistling "phone phreaks" in Coevolution Quarterly sometime in the last century. Not to mention James Bamford's Puzzle Palace (1982), pioneering books of the personal computer age like Fire in the Valley (1984), the disclosures of Edward Snowden, and Kim Stetter's riveting book on Stuxnet ("the world's first digital weapon"), Countdown to Zero Day.

You're certainly aware of the effects hackers had on the 2016 U.S. election, and fears about what may be in store later this year. And even as I write, headlines appear reading "Russians Hacked Ukrainian Gas Company at Center of Impeachment." No big deal, you say. To which I would reply, please read Sandworm, then check out FireEye's Cyber Threat Map: https://www.fireeye.com/cyber-map/threat-map.html -- the numbers of (detected) threats move nearly as fast as those in the national debt clock.

In Sandworm, Greenberg traces years of subtle movements of the eponymous group, showing how the giant worm has gotten smarter as it's slithered along below the surface of everyday life, sending out practice runs, slow-motion detonations, and real-world tests (often with devastating consequences); learning from its mistakes; and incorporating tools developed by other groups -- including certain three-letter U.S. government organizations. Fittingly, quotations from Dune serve as epigraphs to the sections of the book:

"Once men turned their thinking over to machines in the hope that this would set them free. But that only permitted other men with machines to enslave them."

Recently an old trick called "warshipping" has resurfaced, where attackers mail a snooper in a plain box to, for example, a corporate headquarters. As it sits in the mail room attackers can hack the target's wireless access, and thus their computer system. But this pales in comparison to the cyber-ecologies that Greenberg unearths.

Like a little too much these days, it starts in Ukraine, Russia, and outside the beltway. An American cyber-security team teasing apart malware has discovered Cyrillic characters and other possible Russian links in lines of code from an infected Ukrainian system. Imagine my surprise when they find Arrakis and Atreides and Sardaukar -- names from Dune. And imagine their surprise when they discover that this malware is not mere spyware. The security team realizes it's "looking at reconnaissance for attack." Ukraine seems to be the focus, but, ominously, the worm dives and disappears.

Later, the lights go out in Kiev. About that time, in the U.S., the DNC's emails are leaked, and a presidential election is thrown into turmoil. When researchers dig deeper and try to present what they find to the new administration, they're told, "We're not interested in talking about that." Naturally, more exploits follow, originating not only from Russia. Malware with names like EternalBlue (brought to you by the aforementioned U.S. agency), WannaCry, and Mimikatz surface, tear things apart, and fade away.

Then Mimikatz and EternalBlue are joined, and NotPetya is unleashed upon the world, "the fastest-propagating piece of malware we've ever seen." "Honed for maximum virulence." "A total horror movie." "The closest thing the earth has yet seen to the long-predicted, infrastructure-crippling cyberwar doomsday." You get the idea. 

By the way, if you're involved with Sandworm and try to wriggle out of it, you and members of your family get poisoned with a deadly nerve agent.

With that, I wish you all a happy "Safer Internet Day," coming up on February 4.

-Jake Vail is an Info Services Assistant at Lawrence Public Library.

We welcome your respectful and on-topic comments and questions in this limited public forum. To find out more, please see Appropriate Use When Posting Content. Community-contributed content represents the views of the user, not those of Lawrence Public Library