[look also at: AMCW - Autonomous Mobile Cyber Weapon]
PROBLEM IN MILITARY APPLICATION OF COMPUTER VIRUS
Military application of computer virus could have long been sought,
however, the biggest problem that prevented or limited military use was
the poor mobility of computer virus. (viruses also refer to worms) The
mobility that conventional computer viruses have is wandering as self-activated
movement. The movement of virus has neither specific destination nor knowledge
of route nor strategies in the movement. So conventional viruses are spread
all over the place after releasing; it has no specifically defined or aimed
destinations to move toward and has no ability to cruise. The mobility
of conventional computer virus is very primitive that all existing computer
viruses don't have an ability to move toward specific destinations as they
only have wandering ability as self-movement. In fact, the mobility of
virus isn't intentional but natural effect of growth in number when a virus
infects other programs. If a virus is launched against adversaries, the
virus will spread every where that the virus can infect and harm whether
adversaries or allies. So everyone knows that releasing computer virus
for a military purpose isn't a smart idea unless the virus is directly
delivered into adversaries computer systems. Delivery and transmission
are another means of movements of computer virus, and is distinguished
from self-movement of virus, wandering. They're called nonself-movement.
The nonself-movement, especially delivery, only opens the potentiality
of military application for conventional virus. Otherwise, there is no
hope at all for defence use of conventional virus. Since the mobility of
computer viruses are so poor and primitive, military application of virus
is not possible unless cyber soldiers penetrate and deliver viruses into
adversaries' computer system during cyber conflicts or deliver viruses
into adversaries by other means.
In fact, many existing viruses are written
poorly. Viruses are known to be written for someone's emotional satisfaction
in underground by his spare time with his limited resource and knowledge
in computer science and technology.
Computer virus is one of the things about which
we may have big confidence but we may know little. No research institutes
or academic institutes seem to engage in computer virus research, except
very few in a small scale. The major research activities are analysis of
newly captured viruses' compositions to find bit patterns; and development
of virus scanners that can recognize the patterns in response to the demands
of market or computer users. Misinformation and poor understanding on computer
virus are prevalence. The primitiveness in mobility and poor craftsmanship
of virus made us to believe, virus is trivial and military application
of the triviality, computer virus, is more like a scientific fiction. And
our poor understanding and knowledge in computer virus also lead us to
think that computer virus will continue to remain trivial and there are
no room to grow for viruses and a number of simple technologies are only
options to be used for designing and developing computer viruses. As a
result of these false beliefs, far inadequate attention has been given
defence or military application of computer virus and vulnerability as
result of the application.
NEW RESEARCH
A recent theoretical research into computer virus mobility has discovered
a novel property of virus (a behavior of virus), cruise. The discovery
tells that computer viruses can have ability to travel from a source to
specifically defined or aimed destination themselves. Conventional viruses
or worms neither have specifically define destinations to be arrived nor
have sophisticated mobility of traveling from a source to a defined or
aimed destination. Conventional viruses or worms may still be able to spread
from a source to other computers, however, the chance of a virus that was
released from a source and arrive at an aimed destination is very low or
near to zero. Conventional viruses or worms spread in all directions without
aimed or defined destinations, however, a virus with cruise property has
clearly defined destinations and travel along the best route, thus it makes
very efficient trip from a source to the destinations.
It means that a computer virus that has cruise
ability can be launched and it can travel autonomously to the specifically
defined or aimed destinations over computer networks, e.g. Internet. The
biggest obstruction in military use of conventional virus as an autonomous
mobile weapon was inability to cruise, however, the new theoretical discovery
showed that virus can have the sophisticated movements of cruise from a
source to defined or aimed destinations. It implies that military use of
virus is feasible as an autonomous mobile cyber weapon. The discovery also
revealed the fact that our computer systems all including computer systems
in defence and business sectors are vulnerable by such a weapon attacks.
The cruise is yet novel concept in computer science and antivirus industry
community and even in defence research. There seem to be no discussion
or research on the concept of cruise previously.
Computer viruses are still remained as the
symbol of vandalism on computer systems or cyberspace. And no one yet gives
adequate attention on the vulnerabilities due to advanced mobility of virus,
which is very feasible and is expected to be emerged. The potentiality
of computer virus is part of our ignorance, now. Our lack of understanding
on computer virus has prevented us from using it as military tools, and
our limited imagination prevents us to find some other good applications
of computer virus.
WHAT IS AMCW?
An Autonomous Mobile Cyber Weapon (AMCW) is a novel type of computer
virus or worm that is capable of cruising and is designed for or usable
in cyber wars or spyings. Conventional computer viruses or worms are considered
autonomous and mobile, however, they're not practicable in military use
as a mobile weapon and have no significant threat as a weapon due to lack
of sophistication in mobility, inability to cruise. Thus programs including
conventional computer viruses that don't have ability to cruise are excluded
from AMCW.
AMCWs may be applicable to defence, intelligence
and surveillance. For example, police may use AMCW to monitor activity
of drug cartel, gang and other illicit groups. AMCWs don't seem to exist
in this moment, however, the existence is very likely in near future.
WHAT DOES 'AUTONOMOUS' MEANS?
Autonomy gives high productivity and purchasability. AMCW could replace cyber soldiers (a person, especially with hackers skills and knowledge, who engages in wars, conflicts and/or spyings in cyberspace) can carry out tasks more effectively instead of manual operations by cyber soldiers or even assist cybersoliders. Since AMCW is autonomous, a computer program, it can be purchased while cyber soldiers are not purchasable. AMCW can work 24 hours a day and everyday without stopping so it could produce more works.
WHAT DOES 'MOBILE' MEANS?
Self-movement of AMCW can provide untraceability and multiplication characteristics. As an autonomous weapon, the untraceability makes sender or owner of AMCW anonymous while multiplication gives increase power of AMCW operation.
IS AMCW PRACTICABLE?
Any mobile program such as viruses or worms only showed aimless and
random movements; the movements are very inefficient. So virus was never
be able to reach an aimed computer unless delivered by somone or other
means. If it were possible, so far why wouldn't we have seen any? Does
it mean AMCW is impracticable?
Probability of a virus reaching an aimed or
desired destination would be near to zero. For example, someone releases
a virus in hope to reach a specifically aimed computer in other country.
The virus will tend to grow in number and be spreading to all over the
world (until all copies of the virus are eliminated) and one of them will
be captured and analyzed in some point and detection or prevention means
will soon be available to detect and eliminate them before further grow
and spread. Thus, for a virus reaching an aimed destination appears to
be impracticable.
No program even demonstrated capability of
aiming specific computers, and a virus spreads to all over the world after
releasing than traveling from a machine to an aimed computer. Since AMCW
is type of virus, and the chance of reaching an aimed destination seems
to be near zero. Then is AMCW impracticable?
WHY AMCW IS PRACTICABLE
No program has shown the capability of aiming specific computers because
of all conventional viruses or worms have wandering as self-movment. In
order to have aiming capability for a virus, cruise property is required.
Mobility of viruses or worms, in fact, come
from nonself-movements, duplication and delivery. Self-activated moving
capability is too weak usually can not escape a computer by themselves.
For example, viruses that we caught did not move themselves but were delivered
or duplicated. We accidentally download infected programs or share a virus
contaminated disks, etc. Perhaps the most powerful self-movement we ever
seen was the Internet Worm, which demonstrated powerful self-movement from
a machine to hundreds of other machines in few days. Despite of the powerful
ability of the self-movement, it was not sophisticated at all. The movement
was random and aimless. We may witness more powerful self-movement, however,
programs can not efficiently travel to an aimed destination by themselves
without cruise property. No conventional viruses have cruise property,
exhibiting ability of aiming specific computers, however, a virus with
cruise property can exhibit the ability of aiming specific computers.
Previously, the chance of reaching an aimed
destination is considered almost zero, however, a virus with cruise ability
has very high chance of success. Any virus that doesn't have cruise ability
tend to spread all over the machines. Each machine has its own immunity.
Some computer has high immunity while others have low immunity against
virus or other growing programs in number. (Usually computers do not have
immunity against newly created viruses, however, once the viruses are analyzed,
computers will begin to have immunity against the viruses.) The more wide
spread a virus, the easier to discover the virus and analyze for immunity
of computers. Thus, conventional computer viruses are, in fact, very easier
to capture since large population of a particular kind of virus is likely
available as they grows in number continuously. However, AMCW or a virus
that has cruise ability is very different in movement. AMCW neither tend
to spread all over the machines nor world but take the weakest computers
in immunity to make trip to an aimed destination. Thus, the sophisticated
movement of AMCW makes big difference in accomplishing trips from a source
to a destination.
A program (virus or worm) can have very efficient
movement to aimed destinations. What makes such sophisticated movement
possible is 'cruise'. Cruise is an alternative self-movement to wandering,
is the most efficient movement from a source to an aimed or defined destination.
For example, a virus that is designed to travel to a specific destination
would take the best path, which provides the highest chance of accomplishing
trips, among a number of paths.
In order to make forceful movement from a computer
to another, it may use emailing method and/or password break. A virus will
be emailed with forged sender identity to aimed destination or the virus
penetrate into the destination by breaking password. The forceful self-movement
(across computers) from a computer to another had been demonstrated by
Internet Worm (1988) and Christmas Card (1987). And password cracking programs
(Crack, CrackerJack, etc.) and password sniffing programs exhibit some
technique and feasibility of obtaining passwords. These techniques may
be used to make forceful self-movements for AMCW.
HOW HAS AMCW BEEN COINED?
It's been ignore that a program can make sophisticate and intentional travel to an aimed destination in electronic networks, however, a research into mobility of virus theoretically unlocked the secrecy of mobility of computer virus.
DO WE NEED AMCW?
Little more than a century ago, most people didn't believe a machine
can fly, and might have even asked why do we even need flying machines?
Nowadays, the flying machines became means of public transportation and
more. Why do we need AMCW or programs that travel across electronic networks?
AMCW has great potential as sophisticated and
powerful weapon for use of patrol, surveillance, intelligence, law enforcement
and defence against crime, violence and war. However, uses of AMCW by illicit
groups against government and legitimate organizations and individuals
are not prohibitive like a gun may be carried by a police officer while
the gun could be used by wicked people against law.
IS IT POSSIBLE AN INDIVIDUAL USE AMCW TO TARGET SOMEONE ANONYMOUSLY ?
Use of AMCW would not be limited to organizations but individuals with relatively simply and less sophisticated AMCW. It could be very possible that a simple AMCW that was designed to target against someone for even malicious purpose. This would be even much easier to succeed in this moment because currently antiviral efforts are mainly focused on viruses that move by duplication, delivery and wandering but cruise. So there is a security hole for an malicious AMCW to strike innocent individuals especially on Internet. AMCW can be maliciously designed to sniff passwords and obtain data in someone else's computer, and much more.
HOW TO PREVENT?
Since AMCW has sophisticated movement, it doesn't tend to spread so AMCW isn't as popular as conventional viruses, so it makes difficult to obtain sample. Prevention of detection of AMCW has quite different concern contrary to conventional viruses. Should we try to detect an AMCW that police launched for surveillance against illicit organizations?
HOW MUCH THE R&D OF AMCW PROGRESSED?
No research has been known to be conducted other than by Sung Moo Yang
(myself), and his research has shown cruise, which is the most important
to know about feasibility of AMCW. His current research doesn't necessarily
aim on development of AMCW but focused on mobility of computer virus (program),
and tells what factors that affect chance of accomplishing cruise for AMCW.
In order to develop general purpose AMCW, there
should be some more research dedicated on particular AMCW issues, for example,
how to make cybermap along which AMCW makes movements. In this sense, AMCW
is not far from its birth.
WHO IS MAKING AMCW?
No one has reportedly been engaging in such activity (in 1997). Since it has commercial value and use, AMCW may be built by commercial organizations in collaboration with research institutes. It's unknown, however, who is making AMCW or who will make. So far, AMCW is considered not yet exist (in this time, 1997). However, defence contractors and many software companies are capable of carrying such experiments and developments while universities or research institutes could engage in research to support development of AMCW.
HOW TO DEVELOP AMCW?
In order to develop the first practicable AMCW for general purpose and multiple destinations, it would require substantial efforts and cost in research, experiments and development by a number of scientists and software engineers in a period of few years, contrary to the writing conventional viruses. However, AMCW aiming an easy destination for a special purpose would neither require complexity nor high cost. There are enough information already available to construct simple AMCW for capable persons or organizations.
MOBILITY OF VIRUS
Mobility of virus may be one of the most important aspect and phenomenon
on computer virus, however, there was almost no study and no interest on
this issue, and very much unknown, and especially self-movements has been
ignored. Computer viruses or worms move in two different ways, self-activated
and nonself-activated means. Most of viruses move by nonself-activated
means (nonself-movement).
Nonself-movement is subdivided into delivery
and duplication. Delivery is a means of nonself-movement, and doesn't involve
growth of virus in number as a result of movement but involve with delivery
of storage media such as ROM and disk. An early example of delivery is
the trojan horse AIDS information that was mailed to many number of medical
researchers under name of Cyborg Corporation in 1989. A consultant in Virginia
sent AIDS information disk containing the trojan horse by mail and was
arrested a year after the incident. The trojan horse has no ability to
move itself, thus, it has no self-movement capability. Mostly the program
was moved by delivery of disks. It shows that how the nonself-activated
means of movement can be effectively penetrate to aimed destination.
Duplication is another nonself means of movement, including emailing,
downloading, uploading, etc. In 1988 December Montreal, a virus called
MacMag was planted into two computers and 350,000 of computers (according
to the MacMag publisher) on a day of March of the following year around
the globe showed a message written by the publisher of MacMag magazine,
and eliminated itself from the computer. In order to display a message
in 350,000 Macintosh computers, the virus had to grow and move far more
number. The virus mostly moved by two means duplication and delivery from
2 Macintosh in Montreal to hundreds thousands of other Macintosh around
world within 3 months.
Self-movement used to have only one means,
wandering. Wandering is random movements that have no specifically defined
destination. Worms like Christmas Card and Internet Worm exhibit this property.
All other viruses have wandering property, however, ability of self-movement
is very weak, most of time, even could not escape out of a computer by
itself. Cruise is newly known self-movement since 1996, is the most efficient
movements from a source to a defined destination along the best path.
AMCW AND CYBERSHIP
A cybership is a program (a virus or worm) that is capable of cruising. AMCW is simply a cybership that is designed for or usable in conflicts, wars and spyings in cyberspace.
LEGAL ASPECT OF AMCW
(Does anyone know about this topic?)
RELEVANT INFORMATION
"Autonomous Mobile Cyber Weapon"
The introductory article to autonomous mobile cyber weapon (AMCW) describes
what is AMCW, why AMCW is possible to come into existence, and its implications.
"Behavior
Cruise"
Research paper on property cruise.
"Wandering
and Cruise"
Detailed description of wandering and cruise.
HOW TO KNOW MORE ABOUT
Knowledge is for everyone, and should be shared for progress. Contact Sung Moo Yang <yang@infoserve.net>.