Malware production through bricolage and scalar threats

We are well into the era of advanced, generation 2.0 types of malware. Adware, ransomware, cryptocurrency miners and others use social engineering and complex value chains with multiple functions being coordinated through them. Threats to industrial control systems, other backbone processes, and threats that use the internet of things remove the human from the victim loop. Malware is created through bricolage, the assembly of an object from mismatched things.

In September 2010, a new computer worm was isolated which appeared to attack industrial control systems produced by Siemens, the German industrial combine. It was unusual in that it targeted a very specific set of systems, those used to control gas centrifuges, devices for separating out nuclear material and enriching uranium; and its mode of spread, which used USB thumb drives. Though not unique that suggests a specific kind of target and aim. It was clearly designed to infiltrate secure systems that are airgapped. It was designed by US and Israel military intelligence to attack the Iranian nuclear programme. It had some effect, though limited and probably not commensurate with the expenditure of time and one shot security holes employed. The process of development used a patchwork of existing vulnerabilities. It used shared vulnerabilities identified and developed by specialised groups such as the Equation group within the NSA.  

Stuxnent is an example of a nonscalar threat. By design the worm does little outwith its target environment other than spread itself. A significant feature of modern cyber threats is how they work at scale. Stemming from a thoughtful email from one of my students about the imagery of crime in a Europol report, I noticed that the imagery used for serious crimes is often depersonalised and draws on the language of viral, industrial capitalism.  It characterises serious criminal activity in this large scale, industrialised, highly productive terms.

They often crimes that are low severity individually and hence tend to be unreported but have an impact at scale which is what makes them hard to prosecute. This focus on a scalar threat is a recurring one in many documents now such as Mills, Skodbo and Blyth (2013) which explicitly tackles this. To me we are facing two challenges: first, tools and exploitation modes are designed to scale up and down depending on opportunity. Second, distributed delivery means interventions tend to end up punching fog. The scalar affordances of the technology and the labour structure allow for effective and resilient threat industries such as ransomware to emerge and make them difficult to guard against. The ability to scale down as well as scale up is significant for the organised crime group’s degree of resilience to disruption.

Mills H, Skodbo S and Blyth P (2013) Understanding organised crime: estimating the scale and the social and economic costs. London: Home Office.

Author: Angus Bancroft

I'm a lecturer at the University of Edinburgh department of Sociology, studying illicit drug use, illicit markets and various shades of cyber crime. Email angus.bancroft@ed.ac.uk Tweet @angusbancroft

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.