Skip to content Skip to navigation

Worm: How Big a Security Threat?

October 5, 2011
| Reprints
Conficker: a non-event or cautionary tale?

I recently had an opportunity to hear Mark Bowden, a national correspondent for The Atlantic Monthly, speak about the threat of a piece of computer malware known as Conficker, which is the subject of his latest book, “Worm: The Story of the First Digital World War.” The book expands on an article published in the Atlantic in 2010. In Bowden’s view, the Conficker threat can infiltrate systems for banking, telephone service, energy flow and healthcare information.

To be sure, Conficker is disturbing with regard to the ease it was introduced and the rapidity in which it spread. Conficker was introduced in 2008, exploiting vulnerability in the Windows operating system—one that Microsoft knew about, Bowden said. Weeks before Conficker appeared on the scene, the company issued a software patch that theoretically could have closed up the hole. Unfortunately, many computer users are less than diligent in heeding security updates; and in any case, the patch was issued only to computers using Microsoft software, leaving bootlegged computer systems unprotected.

No one really knows who is behind the malware, either. Some say it originated in the Ukraine, and other says it could have the backing of a nation state. One thing is for sure, in Bowden’s view: whoever is behind it has expert knowledge of the Windows operating system, which so far has evaded all attempts to contain it.

Conficker has gone through at least four iterations since it was first introduced, and now resides in tens of millions of computers worldwide—forming a vast “botnet” of infected computers that can be operated remotely for illicit purposes. No one really knows how many computers are infected, Bowden says. He says the network is large enough to break security codes of commercial enterprises, and gather social security numbers and other personal data. It is large enough to launch a “denial of service” attack that can crash the Internet.

In early 2009, a group of volunteer computer experts tracking Conficker predicted that an attack would be launched on April 1. That deadline came and went with no major incident. And that fact has resulted in some mixed reviews of Bowden’s book, some of which said it was alarmist and Conficker’s hype was a non-event.

It’s worth noting that even government computer security experts were not aware of the Conficker worm when it made its first appearance, according to the book.

Bowden’s position is that the threat is real, and that whoever is behind it wants to exploit the Internet’s vulnerabilities to make money rather than shut the Internet down. When asked specifically about the risks to the healthcare industry, he replied that depending on the nature of an attack, it could result in loss of life, particularly on an industry that is more and more dependent on sharing information over the Internet, as well as put vast amounts of personal data at risk.

So far, that’s conjecture, but I think that the Conficker story can serve as a cautionary tale. Medical identity theft is on the rise, this at a time when cloud computing is playing an ever-greater role in healthcare. The use of mobile computing devices has become increasingly popular among physicians, and social networking is playing a larger role in healthcare as well. All of that is to the good, but they also bring risks. How well prepared are providers to secure data as new uses of digital information emerge?