"The Worm: The First Digital World War," by Mark Bowden

Published by Atlantic Monthly Press (2011)

Reviewed by Sonia McNeil

In honor of this year’s inaugural, “supersized” Patch Tuesday, Lawfare reviews Mark Bowden’s The Worm: The First Digital World War.

The Worm chronicles the appearance and evolution of the Conficker worm from the perspective of the small cadre of cyberexperts who led what became a global effort to contain it. Bowden’s account begins on November 20, 2008, the day the Conficker worm surfaced on the block of IP addresses monitored by Internet security expert Phil Porras of SRI International like, as Bowden puts it, “a rancher with his boots propped on the rail on the front porch before a wide-open prairie with, as the country song says, miles of lonesome in every direction.” As the worm spreads through the Internet, the reader is introduced to members of the community that Bowden dubs the “Geek Tribe,” from which a tight-knit group of tech specialists organizes to defend against the worm. Bowden captures the technical, political, and interpersonal challenges of the months that follow using choice excerpts from exchanges among members of the Conficker Working Group (aka the Cabal) itself, as well as information from tech and mainstream media coverage. The result is a story that readers will find entertaining, informative, and – hopefully – a little alarming.

Bowden is a seasoned journalist, and it shows. The book skillfully intersperses scenes from the protagonists’ race against Conficker with descriptions of the genesis and development of worms, viruses, and the Internet itself. Toggling between these parallel narratives gives the reader an expanded vocabulary, a sense of the Conficker worm’s pedigree, and a glimpse of the international market for botnets and crimeware sold “complete with customer assistance and regular updates” to ensure that black market customers can “keep up with the white hats’ moves.” Bowden also helpfully demystifies technical terms by grounding the vernacular of the “mysterious techno dimension” in concrete analogies – using, for example, a description of a harried short-order cook to illustrate the progression of a buffer overflow attack.

This device is both effective and revealing. After all, the Cabal must battle not only digital wrongdoers but “the Glaze” – “the unmistakable look of profound confusion and uninterest that descends whenever a conversation turns to the inner workings of a computer.” Reading The Worm gives one the sense that Bowden is no stranger to the Glaze himself. As he notes, even “people who spend hours every day with their fingertips on keyboards, whose livelihoods and even leisure-time preferences increasingly depend on fluency with a variety of software, remain utterly clueless about how any of it works.” Worse, “[t]he innards of mainframes and operating systems and networks are considered not just unfathomable but somehow unknowable, or even not worth knowing, in the way that many people are content to regard electricity as voodoo.”

Willful or not, digital naïveté has tangible effects. “Because the idea of the Internet is so nebulous, it is hard for most people, even in positions of public responsibility, to imagine it under attack, or destroyed,” Bowden observes. As a result,

Those who specialize in cybersecurity face a wall of incomprehension and disbelief when they sound an alarm. It is as if this dangerous weapon pointed at the vitals of the digital world is something only they can see. And in recent years they face a new problem … amusement. The alarm has been sounded falsely too often – take the widespread fear of an international computer meltdown at the turn of the millennium, [or] the Y2K phenomenon, which did not happen. This has conditioned the popular press to regard warnings from the Tribe in the same way it regards periodic predictions of the apocalypse from wacky televangelists. The news tends to be reported with a knowing wink, as if to say: And here’s your latest prediction of divine wrath and global destruction from the guys who wear those funny plastic protectors in their shirt pockets. Take it as seriously as you wish. Oddly, as the de facto threat posed by malware grew, it became harder and harder to get people, even people in responsible positions, to take it seriously.

This book clearly and effectively communicates the gravity of the threat – and, crucially, explains why the Conficker worm itself remains a danger today. If you are reading this review on a screen, take this seriously indeed.

The Worm is commended to the pwned and free alike. Happy Patch Tuesday.