Read Worm: The First Digital World War Online
Authors: Mark Bowden
—The X-Men Chronicles
The first reports of the new worm came to T. J. Campana from everywhere: in the form of instant messages and emails; from Phil Porras at SRI; from experts at Symantec, which markets the Norton AntiVirus software; from the network security geeks at iDefense; from F-Secure, a Finnish security firm; and from many others. This was on the first night.
“Hey, we’re seeing something really weird.”
“Something’s happening.”
T.J. wasn’t surprised. He knew what it was. He had been waiting for a worm like this one for months.
He is program manager for security at Microsoft’s Digital Crimes Unit, which is to say that he is engaged in ceaseless warfare. Since Windows is the primary operating system for computers worldwide, it is the primary target for those seeking to infiltrate, destroy, pilfer, or hijack computers for nefarious purposes. In addition to developing and marketing its operating system and software, the company is increasingly engaged in this running battle. It’s a very sophisticated contest. Malware is a thriving global industry, fleecing Microsoft’s customers with scams that range from the crude and obvious, sexual come-ons and mountebank schemes, to the more subtle, like this worm, which was rapidly and silently assembling what threatened to become a very large botnet. T.J. is in charge of disrupting these constant incursions, and helping to catch those responsible. He and his colleagues labor to be proactive. They try to spot and patch vulnerabilities before the bad guys can fully exploit them—which is precisely what they had done with this one.
Microsoft’s Redmond campus is a new and impressive corporate center outside Seattle that, at least from above, resembles . . . not a microchip exactly, although that would have been perfect, but the innards of an old watch. A spring-driven watch, with all its intricate gears, wheels, and escapement arms—albeit one with trees, sculptured lawns, and gardens. Viewed from above it contains a number of identical four-armed office buildings that curve toward rounded points at the end of each arm, like the teeth of simple sprockets. From the ground the giant sprockets are uniform in color, tan stone with green-tinted windows, and three stories high. There is an Erector Set feel to the place, a very tidy world where form rigorously follows function, where thousands of casually dressed young people in sneakers and jeans and wearing rumpled backpacks move under sheltered sidewalks like electrons marching along programmed routes, all of them fiercely pretending, in that laid-back Pacific Northwest way, not to be at work. Here is the home of the Windows Operating System, the software that mediates the computer experience for most of the billions of clueless who handle a keyboard or mouse every day. The sophisticated graphics-based wizardry of today’s Windows rests on a fulcrum of the old MS-DOS system written in the 1970s, when Bill Gates and others got the immeasurably lucrative idea that computers should be easy to use even for those who knew nothing about how they worked, perhaps the premier jackpot notion of the twentieth century.
Gates and Paul Allen, his buddy from Lakeside, an exclusive Seattle prep school, had hit upon the idea of writing an easy-to-use computer operating system in 1974, after Allen saw a cover story in
Popular Electronics
about something entirely new, a personal computer. At a time of enormous, bulky mainframes, the Altair 8080 was a kit, marketed by a company called Micro Instrumentation and Telemetry Systems (MITS), that could be assembled into a working microcomputer in your own home. Few expected much of a market for it beyond avid computer hobbyists. If users managed to put it together correctly (many did not), they could operate it only by manipulating toggle switches to program the computer with object code, the ones and zeros of binary language. Gates and Allen were solidly in the demographic of the Altair 8080. They had fallen in love with computers at Lakeside as teenagers, and saw immediately that demand for the Altair would grow significantly if the machine were easier to use. Utilizing BASIC, one of the earliest computer languages, they tailored a program to accomplish that goal, and then sold it to MITS in Albuquerque in 1975. They incorporated as “Micro-soft” at the same time, and launched the business that would make both young men superrich, along with a fair number of techies they enlisted to help them.
From the beginning, the genius of Microsoft had depended not only on technology but just as much—maybe even more—on shrewd business sense and careful market positioning, which seemed to come naturally to Gates in particular. The most lucrative step in the company’s development came five years after the Altair, when IBM selected Microsoft (by then it had lost the hyphen) to provide the software for its entry into the burgeoning personal computer market. This was Microsoft-Disc Operating System (MS-DOS). IBM was the leading name in computers at the time. The computer giant had either been caught napping or deliberately waited out the early years of personal computer development (accounts vary), before introducing a home model designed to appeal to mainstream users, a machine that relied less on innovation than on standardization. Projecting that within the decade computers would be as commonplace in the home as TV sets, IBM intended to launch a microcomputer that borrowed the most successful features of the experimental machines being sold by Apple, Tandy, MITS, and other pioneers, and use its own manufacturing and promotional clout to grab the largest share of this emerging market. The product was a machine that could reliably and simply perform the most common tasks users asked of it—mostly word processing and simple statistical analysis. It had to be readily compatible with the large variety of software being written to capitalize on the home computing phenomenon. Gates and Allen had already proved themselves masters of this new art, and won the competition to handle the software side of the PC. When it proved successful beyond anyone’s expectations, they rode its sales straight into the stratosphere.
Some of the world’s youngest billionaires were minted. A generation of hopeful geeks began migrating to Silicon Valley with plans to conjure the next digital miracle. Perhaps the most remarkable thing about Microsoft was that its biggest coup was yet to come. It reached historic peaks of commercial fortune in a series of increasingly bold leaps. After getting established with an operating system for the Altair 8080, and then scoring big with MS-DOS, Gates (Allen had by now withdrawn with his billions from an active role in the company) spurred his already large and extremely successful enterprise to create Windows, the most successful software venture ever. If we look back at MS-DOS today, it seems almost comically primitive and awkward. Home users were still working with a display screen that consisted of blinking lines of type on a dark screen, little more than the video equivalent of a typewriter display. Meanwhile, a host of exciting new applications were being developed that utilized the machine’s mounting capabilities, most notably the ability to generate interactive visual images. The two primary ideas behind Windows were not new; they were known to the entire software industry in the 1980s. One was to design a Graphical User Interface (GUI) that would greatly simplify computer use by enabling users to point and click on visual images, or icons, instead of typing out commands. The second was to sandwich in a new layer of software, an Interface Manager, between the operating system and the applications—word processing, calculation, games, journalism, spreadsheet analysis, etc.—that would enable users to switch easily from one to the other, or even display multiple functions simultaneously. It would take Microsoft the rest of the decade to perfect Windows, even as Steve Jobs at Apple introduced Lisa and then the Macintosh 128K, which beat it to the market by a wide margin. Microsoft introduced two early versions of Windows in the 1980s that were widely considered inferior to the competition, but successfully overleaped everyone else in May 1990 with Windows 3.0. To accomplish it, Gates had hired experienced software developers away from competing firms, locked up agreements with more than twenty computer manufacturers to endorse the new system while it was still in development, and then strolled out on a stage in New York City to announce the breakthrough product in what he called “the most extravagant, extensive, and expensive [$3 million] software introduction ever.” The awkward teenager, whose parents once forbade him to use a computer for months for fear his personal growth was being stunted by the machine, had evolved into not just a software innovator and skillful high-stakes businessman, but a showman. Windows took off immediately and just kept on selling. Gates became the richest man in the world, a pinnacle he owned for most of the next twenty years.
From the beginning, the software business was a cutthroat enterprise. Both hardware and software were relatively easy to clone and copy, so success from the earliest days meant both artfully borrowing from the competition and ferociously policing the borders of your own products. The first Windows operating system, introduced in 1985, was influenced by (critics have said “stolen from”) ideas pioneered by other innovators. Gates became famous for his sharp elbows; to protect and enlarge Microsoft’s franchise and his fortune, he took steps that some considered unfair and monopolistic—including the U.S. Department of Justice and the European Commission. Much of the disdain for Microsoft among members of the Geek Tribe stems from this fact. The software giant’s riches and competitive excesses would probably be forgiven if Windows were seen as not just as the richest, but the best. Fairly or not, the opposite is the case. Many geeks view Windows’ various great leaps forward—Windows 95, XP (2001), Vista (2007), Windows 7 (2009)—as dubious adaptations of an inherently flawed design. One of the big problems with Windows, which the Tribe sees as preventable, is that the operating system is especially vulnerable to the predations of malware. Not everyone believes Windows is most-targeted only because it owns the biggest share of the market.
Whatever its alleged failings, and however uncool Microsoft has been made to appear in Apple’s clever advertising campaigns, Windows operating systems still run most of the computers in the world, by far. The system itself consists of literally millions of lines of code that support a virtual galaxy of applications, from the profound to the mundane. It’s organic, in that it is constantly evolving, and has become far too complex for any one person to fully grasp. The size of the Redmond campus, which employs more than ten thousand people, just over one-tenth of Microsoft’s worldwide workforce, reflects this bewildering specialization, with whole divisions of the company, whole sprockets, devoted to a growing variety of software. T.J.’s specialty is protection.
He does not look like a geek. He is tall and athletic, with long arms and legs; broad shoulders; a wide, round clean-shaven face; and rimless glasses. He spent his youth playing sports: baseball, football, soccer—“pretty much anything,” he says—and mostly misspent the early years of his college education. Now in his thirties, he still looks like a jock. He has a loose, easy gait and a resolutely informal manner. He wears his hair cropped close, and often covers it with a baseball cap—he was wearing a blue one with the gold initials FBI on the front the day I met him in 2010. The path to his present position was determined not so much by technical interest or ability as by a desire to catch bad guys. Law enforcement was his original goal. He took a somewhat lackadaisical nine-year path through Florida State University in the 1990s, overindulging (by his own account) in the ample social opportunity afforded by the steamy Tallahassee campus before knuckling down to earn an undergraduate degree in criminology, and then a master’s degree in information science. The field is only partly related to computers, but T.J. had a stronger than usual relationship with digital networks even then. When graduation appeared on the horizon, he applied for jobs with several federal law enforcement and intelligence agencies. He had his heart set on the CIA, where he might “have an impact,” he says, but a friend pointed out that his résumé might also interest a software company.
During his last few years at school, T.J. had a part-time job as an IT (information technology) aide for one of the university’s departments. He worked his way up from supporting desktop software to systems manager for the entire department. His parents had gotten him one of the early PCs in the late 1980s, when PCs were starting to become a fixture of home offices, and he had learned enough on it to understand, by the time he went to college, the advantages of linking his computer to the university’s large and powerful network. He experimented with using multiple modems to broaden his bandwidth when connecting, and apart from the convenience afforded by the network’s speed and accessibility, he discovered caches of new movies and music—places where Internet pirates had stashed their illicit goods. This was a common practice. Video and audio files took up lots of space, so pirates would hack their way into large computer networks and stash their stolen goods in obscure corners where they were likely to go unnoticed. With triple the normal bandwidth, T.J. was able to construct honey-pots, where he could study the methodology behind the over-incresing attacks. He learned a lot about how Internet predators gained access to networks . . . and watched a free movie or two now and then. He was not actually stealing the material, see; it was already stolen. . . . It also gave him a real sense for the emerging world of cybercrime.
His facility with computers and networks landed him a full time IT job, where, between installing machines, checking out applications, and building campus networks, he began dealing with increasingly frequent and sophisticated efforts to break into his department’s files. This awakened T.J.’s inner Batman. He learned to apply monitoring tools like port mirrors to snare and track the invaders. Such work was obsessively interesting—toe-to-toe with the villains!—and he was soon more driven by crime fighting than by the routine IT chores or his classes . . . hence his desire to chase bad guys for real as a federal agent. The fed jobs were competitive, particularly after the terrorist attacks of September 11, 2001, fired up patriotic instincts on college campuses, so to cover all his bases T.J. dropped off his résumé with a visting Microsoft recruiter. He didn’t even stay for the guy’s whole presentation. So he was surprised when he got an email the next day inviting him to drop by for a “screening interview.”