Maybe you have experienced - or perhaps you can imagine - the stress and hectic schedule that is characteristic of leaving a company where one has become a valuable member of a small and very busy team.  The emotional and professional strain of leaving long-time coworkers, wrapping up final projects, trying to train a replacement, cleaning out one's desk - all must be accomplished in the proverbial 'two weeks' (really just 10 short business days).  In my case, the frantic atmosphere was intensified by the presence of not one virus, but two - one biological, one technical.

Not only did I come down with some odd flu-variant, which left me feeling like death for the latter of my two weeks and made finishing out my time exceedingly difficult, but the company itself experienced attacks by two nasty computer viruses - getting hit not once, but twice.  A rapid-deploying ransom-ware virus known as AlphaCrypt (as well as a second, malicious duplication virus) attacked our main databases, forcing company near-incapacitation for days.  Just a week earlier, our website had been hacked, disabling some key features which were still under repair at the time.  As the main website administrator, part-time database manager, and unfortunate discoverer of the virus, I somehow landed in the middle of it all.  It seemed like - in my last few days at the company - everything that could go wrong, did.  And although it seemed like the experience should have been hellish, I found the challenge strangely fascinating.  Now, weeks later, with more time and restored health, I have taken the opportunity to dive down an internet hole into the realm of cyber-security, viruses and malware.

A Little History of Viruses

Computer viruses - malware programs that spread through replicating themselves to 'infect' computers, and which do things the computer user or owner did not intend and does not want - have been around almost as long as personal computers.  The first known virus - Brain - was created by two brothers in Pakistan in 1986 to demonstrate vulnerabilities in the MS-DOS computer.  It spread rapidly through infected floppy disks, and gave rise to future waves of inspired hackers.

At first, viruses were primarily created as a testament to their creator's ingenuity and coding prowess.  Although they sometimes had harmful effects on the infected computer, often they were relatively harmless - periodically displaying a visual effect or notification to remind the computer user that they had been infected, or occasionally crashing the computer.  Even more malicious viruses, such as the Casino virus, which forced the computer user to play a game of virtual Russian Roulette for their files, were developed as a tribute to their creator and the creator's friends - a kind of 'look what I can do.'

These early viruses first spread through infected floppy disks, which were the only way of installing software, distributing data or making backups, and then eventually through the infected files themselves.  Once email and local area networks became prevalent, viruses could spread even faster through infected email attachments and then to connected computers, and then, once computers had regular access to the World Wide Web, viruses could spread even more rapidly through infected websites and unsecured connections.  Of course, it was only a matter of time before the purpose of viruses changed and they primarily became used to make money.

The first virus known to have been developed for the purpose of making money was Fizzer.  Once Fizzer had infected your computer, it would use the computer processing power to send spam.  Many other financially-motivated viruses followed, and eventually with the advent of e-commerce, the virus' purpose became more insidious.  Instead of just sending spam through your computer, viruses could be designed to steal information by recording keystrokes, taking screenshots, or intercepting unsecured information.  Of course, that wasn't the end of the virus evolution, and today's virus trend is ransom-ware - the type of virus that made my last two weeks so stressful.

Ransom-ware sneaks into your computer, waits until the keyboard and mouse are idle (indicating you are away from your desk), and rapidly begins to encrypt all of your files, jumping from database to database and across to any connected computers.  Once all your files have been encrypted, a message pops up demanding a ransom be wired where-ever in the world your virus originated from or you will lose all your files.  If you don't have backups, or if the backups were also encrypted, you may have no choice but to send such a ransom.  Fortunately, in my case, we had backups in my butt to which we were able to revert - albeit slowly.  For a business, ransom-ware can be very nasty.

For a more detailed history of viruses, please check out Mikko Hypponen's fascinating talk at Defcon 2012.

Cyberwarfare: A new normal?

Starting in the 21st century, viruses with a different kind of motivation - political - have become much more prevalent and dangerous. The most famous of these was, of course, Stuxnet, which targeted an Iranian nuclear facility in 2010. Alleged to have been created by an alliance between the United States government and Israel, Stuxnet was a tightly-coded, high-resource virus with a very specific target. Although it potentially infected millions of computers through shared USB drives, it was triggered only by the presence of very specific hardware found in Iranian nuclear facilities. In essence, it was a computer virus targeting a physical product for political reasons - a revolution in virus history in terms of both design and motivation.

Although Stuxnet is by far the most famous politically-motivated virus, it is not the only one. A related virus - DuQu - was likely created by the same makers of Stuxnet, and has been used to spy on member states of the European Union - tracking keystrokes, taking screenshots, and reporting back to remote servers. Another recently-discovered virus - Flame - may have been commissioned by the same interests, but appears to have been in operation much longer. It is primarily used to spy on infected computers, many of which are in Iran. A very sophisticated virus, Flame has been found on far fewer computers - around 1000 - but was incredibly well built, with remote controlled modularity and creation-date obfuscation.

Of course, the United States is not the only nation creating viruses for political reasons. In fact, in 2001, a Filipino-based virus, Code Red, attempted to overwhelm the White House web site and shut it down, which it would have done had not the site been moved at the last minute. And more recently, in 2015, a new Trojan virus called Bedep has emerged, using infected computers to inflate the impressions of pro-Russian media sources. Essentially, Bedep works by piggy-backing off of previous viruses that have already infected computers to inflate the impressions of advertising.

[For background, advertisers agree to pay for digital ad space based on how many views those ads are likely to get. If the ad space has been demonstrated to guarantee a high number of ad views or 'impressions' then the space is more valuable. Of course, this opened up the market to fake impressions by bots and by 'real' users who actually have no idea they have viewed this information. Malware on the infected computer will open up a hidden instance of a browser and use it to view advertising or other media that the virus-controllers have been hired to view. In the case of Bedep, it appears that pro-Russian interests have 'hired' these virus-creators to 'view' pro-Russian media in order to inflate the number of impressions and add legitimacy to the content.]

Although the Bedep virus appears to be relatively mild for now, it goes to show that - once vulnerabilities have been exploited and virus capabilities have been demonstrated - it is only a matter of time before other interests will begin to take advantage. As one last example, since 2012 journalists and activists, are being increasingly targeted through malware and viruses, including by known terrorist groups such as ISIS. Using malware to expose dissenting journalists or to just infect their computers, cyberterrorism is not super prevalent yet, but may become so soon.

Note: There were also some earlier viruses - including Sasser and Blaster, an FTP worm and a spam email worm respectively - which had unintentional political consequences. Sasser infections forced Air Canada and Delta Air to cancel numerous flights due to IT failures in 2004 and Blaster caused morning commuter trains in Washington DC to be halted in 2003. However, these were not politically-motivated attacks, and such effects appear to have been collateral.

CyberSecurity

Today you can find computers in every industry, operating almost every kind of machinery and device, from microwaves and bulldozers to power grids and the stock market. Although such automation has undoubtedly increased production and supported incredible accomplishments that were impossible before the computer era, 'with great power comes great responsibility.' As the history of viruses demonstrates, computers are far from invulnerable, even with Norton, McAfee, Avast and the rest of the security world on alert.

Most recently, the Target hacking scandal alarmed thousands of US citizens whose credit card data was stolen. In June 2015, the IRS itself was hacked and over 100,000 people became vulnerable to identity theft. There have also been many recent attacks on the banking industry, including Citibank, J.P. Morgan Chase, and the Agricultural Bank of China, with hundreds of millions of dollars stolen as a result. Although news of such high profile financially-motivated attacks may be alarming, computer users should perhaps be more concerned about the everyday theft of information - which happens on almost every level of device usage.

Every time you use Facebook, Google, Yahoo, or any other search engine or social media site, your movements are being tracked (with the exception of DuckDuckGo, apparently). We implicitly give our consent to this software to follow our every move, and to record our behavior. I've joked many times that Google could steal my identity in a heartbeat, but it really is not a laughing matter, especially considering what we now know about the NSA and even local law enforcement's activities. It is not just Google or Facebook or AT&T that is looking at your information for the 'harmless' purpose of selling you cuter clothes or cat toys; Big Brother is watching you too - illegally, I might add.

Furthermore, at this point, its not just the big companies either. Yes, Uber and AirBnb have joined the ranks, but so has just about every other application on your phone. Whether or not you consider it malicious, or appreciate the customization of emojis to your texting habits, it is undeniable that most software today - if it connects to the internet - is spying on you and relating information back to HQ. And this built-in malware - even if not specifically for the purpose of harming the user - could certainly be appropriated by those who take the time to do so.

So what to do about all this?  Well, its hard to say no to using Google or to all the cute features of your mobile apps, and its not strictly necessary.  However, you should be aware that digital surveillance is now the norm, and you cannot trust any software to guarantee your privacy.  Maybe you'll download an anti-snooping app next, or start using the anonymity software Tor, or maybe your next phone will be the BlackPhone.  What value you place on your digital privacy, and how you protect it, is up to you.  Just know that no one is going to protect if for you -certainly not the government.  As Francis Bacon said: 'Knowledge is power.' They're gathering knowledge about you, but at least now you know about it.

PS: Can't have this post without an 'Ooorah, Snowden!', who ironically now lives in Russia.

Update: Check out this Al Jazeera article regarding the recent hack of Hacking Team, and the list of clients to whom they sold spyware.