On Romulan Ale and Bird of Prey Malware

Wednesday, July 20, 2011

Vulcan Mindm3ld


In the 31st century the United Federation of Planets is under attack by aggressors under the banner of “Anonymous.”

This rogue group was a force to be reckoned with in the 21st century and their reawakening is again causing fear, uncertainty, and doubt (FUD).

They’ve engineered a nanobot which assumes control of communication channels and is able to morph into nucleic acid robots (nubot) – synthetic robotics devices at the nanoscopic scale capable of “walking DNA” among other things.

The primary attack vector is through innocuous communication channels. Once the “Bird of Prey” malware is in place, it replicates and devours information resources at alarming rate. This capability is attributed to the nanobot’s ingenious design which is based on the tribble, a species native to the planet Iota Geminorum IV.

It is believed the aptly named “Bird of Prey” is a reference to a type of warship of the same name’s cloaking device. It is also believed the name was intended to mislead authorities into believing the Klingons and Romulans are responsible for its creation.

Before the FUD level rises to an uncontrollable level, I’ve been tasked with reviewing historical records of the attacker group and formulating a defense. Historical records of the 21st century include detailed incident reports but unfortunately do not describe the social behaviors which led to the incidents.

Starfleet has sent me back to the 21st century to identify human behaviors which might have led to the rise of this first generation of attackers and short-lived suppression. As a half human, Starfleet believes I can understand human behavior while my Vulcan half will analyze it logically.

In addition to analyzing human behavior, I’ve been tasked to engage as many of this century’s cyber security professionals as possible, such as malware expert Kevin McAleavey and others which seek refuge on Infosec Island.

The first order of business is to assimilate myself into the culture. Curiously, I find myself using colorful metaphors and attempting to replicate Romulan ale in what is known as a “bath tub.” The consumption of these concoctions has left this vegetarian craving Roscoe’s Chicken and Waffles and the embrace of hot, green, Orion Starfleet female cadets.

My first observation is the obsession with money. My research reveals that this obsession is best described by the 15th century word: “greed.” In this century, money is required to obtain resources. This requirement is the basis for an archaic economic model called “supply and demand.”

It is illogical to think I could dissuade the attackers from continuing – their motivation to reek havoc is not of interest to me at this point. Instead, I will begin by analyzing why the attackers seem to have the advantage.

The human experience should not be measured by time but rather the interactions and complexity of events requiring problem solving skills during said time. This brings me back to the availability of resources. In the 20th century, the availability of computer technology was limited to those who had the financial means.

Even those individuals formerly trained had limited access to computer technology. Only a few were granted complete access to allow them to research and explore the inner workings.

It wasn’t until the late-twentieth century (circa 1991) that more individuals could afford their own hardware and a sophisticated operating system to do with as they please in the comfort of their own homes.

This generation was not bound by corporate access rules, the rigors of academia, and the collegiate mindset of “experiments” with “expected” results. This freedom was not governed by a paradigm forged by greedy book publishers and academia. Do not label this generation as undisciplined; on the contrary, they are very focused and very disciplined.

The defenders, on the other hand, are bound by a set of process and procedures. An organization’s inflexibility in deviating from them compound the problems. Many changes are often rejected on the basis of economic concerns. Most believe that communicating new process and procedures and having them adopted in a timely manner is just too costly.

The majority of defenders are focusing on useless security guidelines such as the Defense Information System Agency’s potential discrepancy indicator (PDI) GEN001280. This “security” guideline recommends that manual pages on systems be read-only. This is illogical.

Why would the attackers care to modify the contents of informational, manual pages about the very system they’ve already illegally accessed? This is as useful as wearing lipstick to defend against a prison gang attack.

There is hope. In the wake of these attacks, the voice of a subset of the defenders known as security professionals are being heard. Of course, their human emotions take over and they tend to say things like, “We told you so.”

A minority of these security professionals are also rethinking old strategies and aren’t afraid to abandoned ideas which have been categorized as “that’s the way it has always been.”

This concludes my initial assessment. I am off to attempt another batch of Romulan ale after which, I will attempt to engage these security professionals in order to gather information for my second report.

Possibly Related Articles:
Information Security
Humor Policy malware Attacks Network Security Standards FUD
Post Rating I Like this!
Kevin McAleavey You might want to check that tricorder before you return home. You don't know where it's been.

Just sayin' :)
Vulcan Mindm3ld LOL! I am leaving that behind in the hands of a few select, trustworthy engineers as a way to seed some much needed technology.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.