HOUSE_OVERSIGHT_018328.jpg

drives with meaningless ones and zeros, spread onto millions of computers. Once a machine was infected the overwrite command would activate every year on March 6th — a twisted celebration of the birthday of the great Renaissance artist. But because the program operated at the BIOS level - the basic input/output heart of those early machines - it was nearly impossible to eradicate. Computer security companies, soon to be known as computer “insecurity” companies because they were (and are) constantly behinder, responded with the following rather unconvincing advice: Turn your machine off on March 5‘, Turn it back on March 7th 132 Even the biggest, most powerful companies were shipping programs packed with potential problems, cracks that were often baked into the design of a system, invisible even to their makers. A couple of years after the Hac-Tic conference, for example, a popular word processing program included a feature that could permit a surreptitious hacker to make a computer to execute all sorts of nefarious commands once a user had opened a harmless-looking document. This was sort of like shipping hundreds of millions of door locks that would pop easily open for criminals who knew to ask. Did you use a word processor in the 1990s? Likely your machine faced this danger: You’d open a note from a friend or a memo from your boss and you'd then instantly, unstoppably forfeit control of your computer, even if you didn’t know or see or feel the impact for years. That problem was fixed - companies learned to issue what became known as “patches” to plug the inadvertent leaks in their systems — but that such a danger existed and could be profitably used was a sign of aruthless evolution. There were billions of dollars, even then, at stake. As technology advanced, so did the malware, which was adapting and evolving to new opportunities. Think of how hugely different our experience of machines is today as opposed to just a few years ago. Hacking has matured as fast - maybe faster. Early attacks were aimed at machines that had, essentially, no defenses. Programs like “Michelangelo” were designed to act much like the viruses of a common cold or food poisoning. They sickened and then controlled individual machines, devices with no immune systems. Hackers faced a challenge in finding ways to sneak these digital diseases onto computers, but of course they finally found holes. They hid viruses on floppy disks or inside documents or spread-sheets that appeared otherwise safe. Intelligence agencies became infamous for passing out “free disks” at conferences or littering defense contractor parking lots with infected USB sticks, waiting for some unsuspecting employee to pop them into a computer and invisibly activate some bit of carefully installed, hidden malware. Or, in a clever case of “know your target”, sneaking malware into the code of some particularly violent video game, sure to be played by an adrenaline-addled system administrator in a fit of afterhours boredom. 132 Turn it back on: For a discussion of Michaelangelo see entry for virus in Encyclopedia of Computer Science 4 Ed. (Chichester, UK: John Wiley and Sons Ltd. ), 1839-1841, 96 HOUSE_OVERSIGHT_018328