Wednesday, 15 November 2006

Look out - he's got a computer virus!

Malicious Cryptography: Exposing Cryptovirology by Adam Young and Moti YungISBN 0-7645-4975-8 Wiley, NY, 2004

This book presents an initial, interesting idea - could a computer virus be written that attacks a computer by encrypting the user's data? This could be a tool for extortion or a unique Denial of Service attack. Now this is not a new idea. In 1993 that earnest student of computer virology, Dr Mark Ludwig in Computer Virus Development Quarterly Vol 1 no 4 released KOH a "friendly" encrypting virus. KOH would encrypt your files, thus protecting them from the agents of the New World Order. Of course there was the danger (nudge nudge, wink wink) that KOH could infect someone else's computer with a key that you alone knew, leaving them at your mercy, unless they have the cryptanalytic ability to decrypt their files.

Young and Yung's monograph proposes the same scenario with a new twist - the data is encoded with an asymmetric cipher, thus rendering it unrecoverable except to the virus writer. The authors state that such a virus has indeed been trialled in a proof-of-concept form, on a Macintosh SE30 in System 6. From memory, this is a nice environment to develop on, so there's no "whoops, where's it gone?" problem. There is some detailed high level discussion of techniques and pitfalls. The authors then go on to describe how contemporary cryptographic technology may be adapted to the theft of information such as secure data and passwords. This is all done at the level of mathematical relationships - there is no viral code.

Two new words are added to the language - cryptovirology (the study of computer viruses with a cryptographic payload, usually malicious) and kleptography (the application of cryptography to data theft).

Here are a few chapter or section headings to give a taste of the themes running through this work: Through Hackers's Eyes; Cryptovirology; Deniable Password Snatching; Using Viruses to Steal Information; Computationally Secure Information Stealing; The Nature of Trojan Horses; Subliminal Channels.

The book starts with an accessible piece of fiction, but quickly progresses to the opaque style common to much academic writing in this field. The reader is well advised to brush up on matrix algebra, Jacobians and Abelian and non-Abelian groups and to have a working knowledge of computer viruses (however obtained). There are appendices intended to provide brief tutorials on computer viruses and public key cryptography. But both these very different specialised fields require far more study than any pr_ecis can provide.

While the writing is often hard going there is an enjoyable first chapter describing three incidents in the life of a virus writer (a student at a US university) as he writes and releases a virus. It provides a vicarious experience of the motivation for such activity - the mental challenge, the adrenalin rush and the exercise of secret power.

The writing, as referred to above, is uneven and there seems to be some confusion as to who the audience is for this work. Adam Young developed the idea as part of his doctoral thesis with Moti Yung as his supervisor and some of the text seems to have been lifted from the doctoral thesis - you have been warned! It's an academic work, so academic cryptographers would be the principal readers. But since it's offered for sale to the public, one wonders who else would read it?

We can rule out some groups. If you refer to yourself as "133t", then you can count yourself out, as can those wannabees who capture virus code, do a partial rewrite, add their handle, then release their "new" version. There is no rip-off virus code here. Even whoever wrote Nimda or Code Red or NetSky will find this heavy going, competent thought they are in the mysteries of mobile code and system calls. Certainly anti-virus software coders will find this of little use.

The main audience is probably that large group of amateur cryptographers who form the backbone of the cypherpunk mailing lists. They will not be disappointed. The writing is at their level and assumes a base knowledge that most would be comfortable with. There are at least three wholly original ideas presented: cryptovirology, kleptography and the use of subliminal channels for data leaks.

If I can let my imagination run free, perhaps also among the audience are the legendary Hidden Masters of cyberspace, those hackers beyond "elite" in their esoteric knowledge, who work alone, do not meet other hackers except deep behind some firewall and who are never suspected, let alone arrested. Perhaps they will be inspired to even greater feats of data theft. But then we'd never know, would we?


Anonymous said...

what is the koh virus?

Anonymous said...

Is there anymore information you can give on this subject. It answers a lot of my questions but there is still more info I need. I will drop you an email if I can find it. Never mind I will just use the contact form. Hopefully you can help me further.

- Robson

John Alexander Faulkner said...


Give me an email address, or ay least what you mean by "more info".