Chapter 23. Protecting Against Programmed Threats

It's 4:00 a.m. on Friday, August 13, and Hillary Nobel's pager is ringing. Nobel, the network administrator for a major New York City law firm, has gotten used to having her pager go off two hours before she is supposed to wake up: her firm has been under attack by computer hackers in China for several weeks now. The hackers have never gotten in, as near as she can tell: practically every page has been a false alarm. So Nobel turns off her pager and goes back to sleep.

Nobel's phone rings a few moments later. When she picks up the phone, she hears a panicked voice on the other end of the line. It's her counterpart at the firm's London office. None of the firm's desktop computers are working properly when they are plugged into the network, although they all work fine if the network connector is pulled and they are run as standalone machines.

Grumbling, Nobel turns on her laptop and tries to log into her firm's central server. But instead of a nice friendly login screen asking for her username and password, she instead sees this message:

Dear Ms. Nobel,

The virus reports and false alarms on your firm's so-called "intrusion detection 
system" are the result of a slow, stealthy worm (SSW) that was illegally brought into 
your office network on an infected laptop on July 9th. The SSW is software that was 
designed by our programmers as a part of our copyrighted game software; your 
employee's use of this software is in violation of our copyright. We are now seeking 
redress using this self-help approach that is allowable under US copyright law.

Detecting that it had been illegally copied by one of your employees, the SSW 
responded by mapping out your firm's network and servers. On July 14th the system 
found your backup server and changed the key that is used to encrypt your backups. 
Simultaneously, the Cryptographic File System driver for all of your Windows and Unix 
servers was enabled, using a key of our specification.

This morning the key for your backup system was erased, as was the key for your 
now-encrypted file servers. If you wish to have this key sent to an email account 
of your choosing, kindly enter your banking information into the form below and click the
button labeled "I ACCEPT." This will settle our claim against your firm by initiating 
a bank transfer for $75,000 USD from your bank account into a drop box under our 
control; clicking "I ACCEPT" will simultaniously waive you and your firm's rights to 
renegotiate the terms of this settlement.

Nobel reaches for her phone and starts to call the FBI. Then, thinking somewhat more clearly, she puts down the phone and takes out her checkbook and the smart card required for transfers over $5,000. If she works fast enough, she might be able to get the servers operational before sunrise over Central Park.

    Part VI: Appendixes