Betting on Malware

Predicting viruses and worms

DARPA's plan to create a futures market for terrorist activities is dead, but the concept is a natural for predicting viruses and worms, says SecurityFocus columnist George Smith.

The fun folks at DARPA were at it again last week, cooking up projects at the nexus of security and the war and terror that somehow manage to offend everyone. First there was the Total Information Awareness project. Next came the misnamed Combat-Zones-that-See, a scheme to use artificial intelligence and thousands of cameras hooked to PCs to track the comings and goings of your auto.

Last week's was called the Policy Analysis Market, a futures betting parlor that would magically reveal rugged intelligence on terrorism activities. It would do this by being a sophisto gambling joint for the insider minds on terror.

People who knew, or thought they knew, willing to plunk down their own money on probabilities and predictions would show trends and spikes in terrorism and geopolitical upheaval.

It was a rotten thing, said the Senate. We're not going to allow the anonymous to bet on death and destruction. They might incite it, and inside trading terrorist groups could prosper. Plus, it bore the mark of John Poindexter -- a man whose motto, at least in the national defense arena, could be, "I bring bad things to life."

The Policy Analysis Market website was flying high last Tuesday morning, but before noon PST, it was gone. I have banished everything to do with this, indicated Tony Tether, director of DARPA. We were so foolish.

Poindexter was also alleged to be polishing his resignation by week's end.

I can agree with all of that. But a dirty little secret of security affairs is that every discipline has its speculators.

In computer security, or virus prediction, you can pick up the trades and pluck their names from the weekly news.

Who is foretelling the melting of the Internet, the failure of the power grid due to remote attack, the zero-day worm?

Here, however, we are confined to virtual destruction and chaos. If a Policy Analysis Market existed for this, it could be defended on the basis that it's much less ambitious and only has to do with bloody computers.

It would be interesting to see it separate the shrewd soothsayers from those who perform just for the jazz, the outrageous claim in print or on TV.

The Richard Clarkes of the world would have to be cautious. Larding up their accounts with long and short range bets on electronic catastrophes would be catastrophic to their wallets.

Those who might do well would be the people willing to hedge their predictions, or who went for small bets on cybertrouble at the grass roots level -- like picking the top three computer viruses for the next quarter, or the growth percentage for spam in the next six months. You couldn't go wrong on the near term prospects for Klez, Bugbear and Sobig.

Another fruitful avenue to wealth would be in the highly technical prediction of the mechanics of worms and cyberattacks. Computer scientists have proven adept at recognizing emerging vulnerabilities and before-the-fact potentials for computer viruses.

Betting futures on such things would be easy. The hard part would lie in the realization that the possession of such intelligence does not automatically guarantee that the nation-at-large benefits from it.

Case in point -- the arrival of Word macro viruses many moons ago. Anti-virus developers, computer science analysts -- all had warned Microsoft that Word viruses were going to happen. Then they did, and they did, and they did. And more time went by before anyone at the software giant got worked up enough to do anything about the first wave of them.

There would also have to be some defenses erected against insider trading and gaming of the system -- big time sanctions for those caught betting on things like the prevalence of computer viruses armed with pre-press release data from, let's say, MessageLabs.

And it would be only proper to give some type of financial reward to those who predicted spam would crush everything else malicious in your mailbox, well before everyone else got worked up about it.

Now don't think I'm too smug about all this. It's easy to look back and make sport while choosing examples from history to prove a point. I know I'd lose my shirt in a futures market, but I might be tempted to sneak in a few bets on the prospects of Klez.

© SecurityFocus logo

George Smith is a Senior Fellow at GlobalSecurity.org, a defense affairs think tank and public information group. He also edits the Crypt Newsletter and has written extensively on viruses, the genesis of techno-legends and the impact of both on society.

Sponsored: 10 ways wire data helps conquer IT complexity