Fabius Maximus website

Parsing Cyberwar, part 3: Patch #1 – Lessons from the Gauss malware

Summary: In “Parsing Cyberwar – Part 3” Marcus Ranum discussed the logistical problems implicit in cyberweapons. We now have a case-study showing how quickly a new cyberweapon technology obsoletes itself.  This, coupled with the tendency of one cyberweapons’ getting burned and potentially burning others in its family tree, will to tend to keep cyberweapons in the tactical domain, where they’ll be part of a churning arms-race that happens in “internet time.”

War fascinates us. Magazines, books, clubs, and a thousand websites discuss every aspect, every weapon. But most often looking backwards, because the romance and excitement of war lies in past — combat with now-obsolete weapons. In the 17th century war aficionados loved mounted knights. In 1938 tanks were boring, cavalry were prestigious. In 2000 fighter jocks were hot, uav’s were boring. Now special ops are dashing, with cyberwar discussed mostly by nerds.

This series by Marcus Ranum shows us the frontier of war (and crime), helping us prepare for the future instead of polishing myths about trendy but now only niche forms of war.  You children might consider this the primary form of State-to-State war, seeing tanks and fighters only as toys on the playroom floor.

Article deleted at author’s request.


(6) Other chapters in the Parsing Cyberwar series

  1. The Battlefield
  2. The Logistical Train
  3. Synergies and Interference
  4. Patch #1 – Lessons from the Gauss malware
  5. The Best Defense is a Good Defense

In the final part, we will conclude with an assessment of what practical actions are available to corporations and governments in the cyberwar environment.

(7)  For More Information

(a) On the FM website

See the FM Reference Page about Cyber-espionage and Cyber-war!, with links to Marcus Ranum’s other posts and a wide range of other resources.

(b)  Articles about malware

  1. Mysterious Font Left by Malware Befuddles, PC World, August 2012
  2. While Origin Unclear, Gauss Indicates Malware Tool Boom, CSO Online, August 2012
  3. On the Pallida Narrow Mystery and Remote Detection, CrySys Blog, August 2012
  4. With Microscope and Tweezers: the Worm from MIT’s Perspective, Communications of the ACM, June 1989 — Classic paper describing the rapid analysis of the Morris Internet Worm. The worm was dissected and details were published in a matter of days after its release, resulting in the complete blocking of its main attack vectors internet-wide. Admittedly, the internet was small back then.