Season 4, Ep. 16 – TWiTH: Code Red worm tunnels through the Internet, with Gun.io

Transcript

(THE FRONTIER THEME PLAYS AND FADES OUT)

Abbey (00:05):

So all your kids are done with school for the summer?

David (00:08):

Yep. This is the first week, I think.

Abbey (00:14):

Nice. (David: Yeah.) Do you guys have any plans for a summer trip this year?

David (00:20):

No summer trip this year. We went to Savannah during Christmas break (Abbey: Oh, cool.) this past year, so that was kind of a nice big trip. And then my youngest finished up eighth grade, and so he had his like, Washington D.C. trip during spring break, and then my eldest is going to be a senior in high school, and his French class did a trip to Paris. So like, I kinda feel like they’re well vacationed, so I don’t feel too bad about not planning (Abbey: Yeah.) a summer trip. I was like, I haven’t been to Paris. Like…<laugh>.

Abbey (00:54):

No. I took Latin. So where were they gonna send us? Like, you wanna go to the Vatican?

David (01:00):

The past? Yeah <laugh>.

Abbey (01:03):

<Laugh>. Yeah. For some reason I was just thinking the other day about how I didn’t go on the eighth grade trip, (David: Wow.) and the only memorable thing from any of my friends that went was my friend Mark got his shoelace stuck in an escalator at one of the museums they went to.

David (01:18):

Yeah. That’s a terrifying moment <laugh>.

Abbey (01:22):

It sounds very eighth grade boyish. (David: Yeah <laugh>.) He was like, “I’m not gonna stand on those footprints,” and stood to the side, and found out why you stand on the footprints.

David (01:33):

Yeah. I had an escalator destroy a suitcase (Abbey: Ooooohh.) a couple months ago, and I was like, “Really?” And then I was just trying to be all like, casual about it. (Abbey: <Laugh>.) Like, and you know, people behind me were like, “Oh, that guy just got his fucking suitcase destroyed an escalator,” (Abbey: <Laugh>.) <laugh>, “What an idiot,” you know? And I was just like, “Whatever. I’m just gonna walk with my destroyed suitcase to the train thing and go to the other terminal. It’s fine.” Suitcase was like, 700 years old, so it was time to get a new one. So it was fine.

Abbey (02:09):

Was one of those situations where you’re like, waiting for something to happen to allow yourself to buy a replacement.

David (02:15):

Yeah. You know, it died doing what it loves best: traveling.

Abbey (02:19):

Traveling. There you go. Well, David, we’re here today to talk about the Code Red worm. (RETRO SYNTHESIZER MUSIC PLAYS)

News anchor 1, via 2001 news report (02:27):

(VIDEO CLIP AUDIO PLAYS) It is not a virus, it’s a worm.

News anchor 2, via 2001 news report (02:29):

And tomorrow the Code Red worm is expected to cause another round of outages and slowdowns on the Internet. What does it mean for you and businesses with computers?

News anchor 1 (02:37):

We’re joined now by Jim Margolis from TheComputerGuru.com with more. Jim?

Jim Margolis, via 2001 news report (02:41):

Code Red deactivates as soon as you reboot the machine, but of course, it could get reinfected. There is a patch available at Microsoft’s website that takes Code Red off and prevents that vulnerability from being exploited. (VIDEO CLIP AUDIO FADES OUT)

Abbey (02:53):

Code Red was a computer worm that was observed for the first time on July 15th, 2001. It attacked computers running Microsoft’s IIS web server and was the first large scale mixed threat attack, but successfully attacked enterprise networks. Its widespread impact was largely due to how quickly and efficiently it worked, because IIS was the standard for Windows NT and Windows 2000 at that point. It affected a lot of other systems with web servers, mostly by the way of side effects, which exacerbated the overall impact of the worm and cemented its place in history as one of the many malware outbreaks infecting Windows systems in the ‘90s and 2000s. I feel like that was also where like, antivirus really got its teeth into things. Like, the beginning of the end of Norton. So the way that it worked was Code Red infected systems through buffer overflow vulnerability, which was pretty common at the time. There were buffers for overflow, and once you hit that, it would just execute any code. So they used a huge string of the letter “N” to overflow buffer, allowing the worm to execute arbitrary code and infecting the machine. It was first discovered and researched by eEye Digital Security employees, Marc Maiffret and

David (04:19):

Electronic Eye, right? Yeah, or something. Like, when we had the electronic mail come around? That stuff was exciting.

Abbey (04:27):

Oh, yes. Good call. Good call. That was probably right about the same time. (David: Yeah.) They named it Code Red, because they were drinking the Mountain Dew flavor of the same name at the same time. Kenneth D. Eichman was the first to discover how to block it and was invited to the White House for his discovery. The way the worm presented itself was to deface a website, which basically completely replaces the contents, and the screen just said, “Hello! Welcome to www.worm.com! Hacked by Chinese!” Who knows how true that was. It also ran a protocol based on the day of the month. So the first 19 days were spent looking for other IIS servers to attack. The eight days after that, it launched DOS attacks on fixed IP addresses, one of which included the White House. So it was pretty cool that the guy got invited to the White House, full circle. A rewritten version called Code Red Two hit the internet the next month, but it primarily focused on Chinese servers. This wasn’t the first of, you know, the direct attacks on virus or systems, but what was it about this one that just made it like, stand out? Aside from the obviously sweet name?

David (05:42):

I don’t know if this was the first one, or maybe the first big one, but the big ones before were like, you got some email from somebody, and it was like, “Hey, open me up and click a thing inside here, and it’ll be great,” (Abbey: Yeah.) and then you clicked it, and then it wasn’t great, and then it just like, went through your Outlook inbox and emailed your grandma, and then she infected all of her friends at the retirement home, and it just kept going around and around.

Abbey (06:11):

So, prior to this, you had to like, actually enable an action that did it.

David (06:15):

And then this was like, maybe kinda like, scarier computer to computer, ‘cause I doubt people really understood even servers, much less like, a buffer overflow attack and things like that. So it’s like, (Abbey: Obviously.) How is this just happening? Like, computers talking to computers, and I think it’s easier to get your head around the fact that like, you get an email and if you click a thing, then something happens to your computer. It’s just like, servers getting attacked may be stranger?

Abbey (06:49):

Like, that turned into, at a certain point, people of a certain age just stopped opening email attachments. Like, I feel like that started with about like, us, you know? Like, I feel like people younger than us don’t open emails with, don’t open email attachments from people they don’t know.

David (07:06):

Yeah, ‘cause the first ones were that, and so kind of like, got ingrained into your basic like, internet safety standards. And so then, you know, I guess if you’re a hacker and wanting to do things, then you gotta go do other things. And the thing is like, it was always Windows systems for like, years, and it continues like, often to be the case, and the reason it, often it’s the case, is that many people who choose Windows are like, government entities, education entities, that don’t have a lot of money to spend on IT resources, who patch things regularly. So like, Microsoft will have something that happens, they’ll be like, “Here, patch it,” and then 10 years go by, and you never patch it at, you know, the hospital or…

Abbey (07:55):

And patches fall off.

David (07:56):

<Laugh>. Patches fall off or whatever. So then, hackers hit those vulnerabilities, and it’s not like they need to like, really research ’em hard. It’s like, Microsoft’s website’s like, there’s a security vulnerability <laugh> here. (Abbey: Yeah.) Fix it. IT administrators and like, you know, nobody’s around at the hospital to fix the thing, so then they get infected.

Abbey (08:17):

They’re like, “We actually don’t have some time for that.” (David: <Laugh>. Yeah.) We were at my dad’s house a couple months ago, and he was talking about having a problem with his Norton antivirus. I was like…yeah. My dad has consistently used Microsoft computers (David: <Laugh>.) with antivirus software. I feel like, back in the day it was like, “Macs can’t get viruses.” I’m sure that they can, but it was just a lot harder to exploit that.

David (08:55):

Definitely seemed to be the case, that it was just more potential to do more harm on Windows systems than on Unix based ones.

Abbey (09:08):

To your point, there’s a lot of like, a lot of government systems, a lot of healthcare systems, places that need really big networks, generally rely on them. Which then, you know, once you get one thing in the network, easier to (David: Yeah.) worm your way through the rest. (David: <Laugh>.) I would love to know what happens once you click on Worm.com. You know, like, what was the point of them creating the worm, just to deface the deface?

David (09:39):

You know, there’s probably some main reasons that people do, you know, computer virus things. (Abbey: <Laugh>.) You know, obviously like, one of <unintelligible> was to make money, (Abbey: Right.) to do crime things, and that’s often, you know, the most. But there’s plenty of people that just, you know, want attention and fame and wanna be talked about on a podcast, you know, 20 years later <laugh>. So, you know, you’re welcome, Code Red creators.

Abbey (10:04):

We’re here for you.

David (10:05):

We hope we fulfilled your desire to be talked about and be famous in a strange way. You know, there’s the white hat type people, or think people, who think they’re doing white hat stuff. Like, I remember somebody just like, doing a bunch of simple SQL injection attacks on various education sites, to just like, “Hey,” and like, “You need to fix your stuff. Like, there’s sensitive like, information about children in your databases and like, fix it.” (Abbey: Yeah.) So there’s, you know, there’s various things. I asked ChatGPT why hackers created the Code Red virus, because I figured ChatGPT would know.

Abbey (10:51):

ChatGPT has to know <laugh>.

David (10:53):

Yeah, ‘cause like, you know, that worm’s been around, and ChatGPT talks to computers. ChatGPT was a little cagey. [It] told me that it was like, you know, malicious intent, but that it’s important to note that as an AI language model, it cannot provide specific motivations or intentions of individual hackers or groups.

Abbey (11:16):

Okay, ChatGPT.

David (11:18):

Just need to, (Abbey: Infer <laugh>.) you know, remember that it’s just robot. It can’t be talking about people’s motivations. But yeah, ChatGPT did say that they might include factors such as personal gain, a desire to cause disruption, a demonstration of technical skills, political activism, or simply desire to challenge security systems. Maybe it was Ken who did it, right? (Abbey: <Laugh>.) Kenneth Eichman. He was like, “If I do this, I could go to the White House.” (Abbey: Yeah, yeah.) I’ll create the problem and then fix it.

Abbey (11:57):

I mean, I feel like we see like, the most prominent ways you see it, you know, you see like, Anonymous hacking things and…I’m trying to think of other…I don’t know. I guess I haven’t thought a lot about the implications of like, you know, like, white hat hacking. I wonder if anyone’s ever made a white hat virus.

David (12:17):

In my Code Red researching, I discovered that two people made worms to fix the Code Red worm. So it’s… (Abbey: Oh really?) Yeah, it was like, you know, our Covid vaccines, basically. Here’s a virus to fix the virus or whatever.

Abbey (12:41):

Yeah. Oh, that’s interesting. Were they successful?

David (12:43):

I mean, according to this article from 2001, you know, one of them was called Code Green, creatively titled there, (Abbey: Yeah.) and CR Clean, and then, you know, they came with their own warnings, similar to ChatGPT. Warnings saying, you know, “We’re a worm and use at your own risk.”

Abbey (13:08):

I wonder if you’d be more or less likely to instigate that worm if you knew you had been hacked by another worm. Would you be a little bit leery of it?

David (13:18):

Well, and then it did the same thing. So it would go and look for other, it would look for infected Code Red machines and then be like, “Hey, do you wanna clean up with this?” <Laugh>.

Abbey (13:30):

Wow. That’s crazy. So it kind of would just run the same vulnerability to see who else had been exploited by it and say, “Do you want me to exploit you in a better way?” (David: Yeah <laugh>.) <Laugh>. “Do you want me to be nice about this?”

David (13:47):

“Would you like me to be aggressively helpful and fix your computer with kinda your consent?” <Laugh>.

Abbey (13:54):

Yes. Aggressively helpful <Laugh>. (David: <Laugh>.) I wonder if there would ever be a time when like, things become unpackable, or do you think that that’s just part of like, that’s part of like, technological innovation is like, the instant somebody finds something new, somebody else will find a new way to exploit it.

David (14:15):

Yeah, I think as long as people wanna, you know, do the things that ChatGPT, you know, told me our motivations after saying that like, couldn’t tell me about motivations, you know, (Abbey: Yeah.) it’s gonna be the case. <Unintelligible>.

Abbey (14:29):

<Unintelligible> motivations. They are there.

David (14:31):

<Laugh>. Yeah. I mean, and then it was made to share information. It wasn’t made to safeguard information. So like, security has always come second, and because it’s always been about sharing information and innovation and not worried about how people are gonna exploit your innovation, when you’re innovating. So I think that’s always gonna be a concern. You can, you know, I think, you know, once the apocalypse comes and the Internet is down, we’re all back to paper and not using computers. Then, it’ll be hard. (Abbey: Yeah.) I always, my in-laws have a box of note cards with all their passwords, and it’s like, the most secure way to store your passwords, (Abbey: Yeah.) because like, hackers cannot get into your box o’ passwords.

Abbey (15:25):

Yeah, my mother-in-law carries hers around in a little book. It’s like, in her purse.

David (15:30):

Yeah. Yeah. I mean, I guess now, people who are listening to this are gonna go to my in-laws house and like, steal their passwords, so that was probably a mistake. Sorry, Dottie. Sorry, Ozzie.

Abbey (15:45):

We’re just giving them two options. Sorry, Crystal. Man, we’re exposing their vulnerabilities right now <laugh>.

David (15:51):

They need to put the box in another box or put the box in a safe now. Yeah.

Abbey (15:56):

Yeah. Have you ever, you don’t have to answer this, because if you’ve done something illegal, we don’t wanna put you on the spot. (David: <Laugh>.) Have you ever done any like, white hat, sort of like, exploring vulnerabilities in systems, or have you, you know, is it like, something that you’ve been interested in, as part of like, doing development, doing like, security stuff?

David (16:21):

I think like, the only thing I’ve ever tried is like, a simple like, SQL injection type thing, and it might’ve been somewhere where I work, but like, it’s never been that interesting to me. When I worked at a FinTech company, we worked with a third party company that did, that employed white hat hackers, and so we would give them (Abbey: Oh, cool.) access to our system, as if they were a customer, and then they would do, you know, pen test hacking attempts, and then if they found something, depending on the severity of the vulnerability that they found, they would get a bounty, somewhere between like, a couple hundred bucks to like, thousands of dollars.

Abbey (17:11):

Man. Alright.

David (17:12):

Yeah, it’s an industry unto itself, and it’s a specific skill set and profession. You know, you can find all sorts of Udemy courses or Coursera on white hat hacking.

Abbey (17:26):

I was in Vegas for a friend’s bachelor party, and the bachelor party happened to be at the same time as the white hat convention was happening at the hotel we were all staying at. And this friend, whose bachelor party it was, was the person who like, got me into software. So like, one of the guys who was there just didn’t, he didn’t do like, any of the bachelor party stuff during the day. (David: <Laugh>.) He just went to the white hat convention. I was like, I admire that. Like, alright. He’d do all day <unintelligible>.

David (18:00):

Yeah. One of people I worked with at the finance company was really white hat hacking, and also, I think, not white hat hacking, and went to like, a conference where people don’t use their real names and stuff and like, (Abbey: Everyone’s John.) aren’t allowed to post on social media <laugh>.

Abbey (18:20):

Okay. So to touch on the other point, this part has nothing to do with hacking the Code Red. So you had said, I think it was like, I think you said it was the second flavor of Mountain Dew, and you were correct.

David (18:37):

Was that right? Ok. (Abbey: Yeah.) It was really good. I feel like it was a big moment in software, or not software, soft drink history.

Abbey (18:47):

<Laugh>. Software, soft drink. Yeah. So it came out in 2001, so that was the same year that Code Red happened. So they were like, brand new on the scene. Today, there are 32 flavors of Mountain Dew.

David (19:03):

Wow. That is a lot of Mountain Dew <laugh>.

Abbey (19:08):

I had an incident in like, probably middle school, early high school, my mom was like, a single mom and was kind of just like, “Grab whatever you want for breakfast. I don’t care,” (David: <Laugh>.) and I remember one day like, going to catch the bus and grabbing cookies and Mountain Dew, and that was like, the end of my relationship with sugar and with Mountain Dew.

David (19:29):

That’s a good breakfast. It’s gonna get you through (Abbey: Yeah.) the day, (Abbey: Yeah.) or at least the first hour of the day.

Abbey (19:37):

At least for the bus ride.

David (19:38):

Yeah. I got lunch the other day, and there was one of those Pepsi freestyle machines with, (Abbey: Oh.) I think even, additional options. I just sent you the photo, I meant to send it to you sooner. Cherry, vanilla, strawberry, lemon, Mountain Dew. Like, this wasn’t even like, Baja Blast stuff. This is just like, let’s throw some fruit things in your Mountain Dew.

Abbey (20:03):

Vanilla Mountain Dew.

David (20:07):

Yeah. I mean, there’s a…

Abbey (20:09):

You can try up to three flavors. So which three did you put in your Mountain Dew <laugh>?

David (20:16):

I was scared, and I just got Pepsi with cherry in it. I just couldn’t, I couldn’t do it. (Abbey: Can’t go wrong with Cherry Pepsi.) I’m not like, a method actor, preparer for podcasts. Return to my Mountain Dew drinking roots. (Abbey: No, no.) So no Mountain Dew consumed since you told me about this podcast.

Abbey (20:41):

We did see, there are a lot of antique shops out here, and we were in one, and we saw this sign that looked like a, it looked like a repop sign. It was like, perfect, and it was a vintage Mountain Dew sign that was selling for $1,800. Apparently, there’s a deal with like, the original Mountain Dew guy. If you can find a sign with the original Mountain Dew man, they’re worth a ton of money. (David: <Laugh>.) Yeah.

David (21:10):

Yeah. I didn’t know Mountain Dew had like, an old mascot. Like, there was a mascot of like a, (Abbey: Yeah.) is it some mountain climber on a dewey slope or something?

Abbey (21:23):

No, it’s a little bit more redneck than that. (David: <Laugh>.) He’s got like, a straw hat. It was invented in Tennessee.

David (21:36):

Okay. Wow, yeah. That’s…yeah. That doesn’t age well. That’s pretty bad.

Abbey (21:41):

No it doesn’t.

David (21:42):

Oh yeah. It has an inappropriate name, too. I’m not even gonna say that <laugh>.

Abbey (21:47):

Right. Yep. (David: Okay.) I was like, we’ll leave that for somebody else to research. You can do that on your own.

David (21:53):

Yeah, yeah. NSFW.

Abbey (21:56):

Man. What else was popular? What popular drinks during that time could have been consumed?

David (22:01):

I was thinking, with the, you know, probably racist, xenophobic name of the, you know, that they put in with the “Hacked by Chinese” stuff. Like, I think it would’ve been more fun if they had said “Hacked by Canadians”, and then they could have named it “Clearly Canadian” after that drink. It would have just been a much better fit.

Abbey (22:27):

Oh, I loved Clearly Canadian.

David (22:29):

Clearly Canadian was the treat. Oh yeah, it was always the treat, ‘cause it was like, somehow like, hard to get or more expensive (Abbey: Yeah.) in the glass bottle. It was just like, this is like, high class software, or soft drink, right here. This is the best.

Abbey (22:44):

Yeah. Yes. High class.

David (22:47):

And there’s probably nothing Canadian about Clearly Canadian.

Abbey (22:53):

No. Just like Texas Pete’s is not made in Texas. (David: <Laugh>. Yeah.) They’re going through a lawsuit. Do you remember Surge? It was another kinda like, lemon lime soda, Mountain Dew-ish.

David (23:09):

Mountain Dew-ish, yeah.

Abbey (23:13):

It was like, extra caffeine. It was like, more caffeine than Mountain Dew.

David (23:17):

Yeah, they’re so…the energy drinks, it’s just wild now. But you know, people don’t even, you know, the eSports crowd is not drinking Mountain Dew anymore. They’re onto (Abbey: No.) much more powerful things. Of all the drinks, like, if we go into like, alcoholic drinks, you know, Four Loko, always a great one. Zima, always is good, you know?

Abbey (23:46):

Putting like a Jolly Rancher in a Zima.

David (23:49):

<Laugh>. I feel like Zima was ahead of its time. Like, I feel like the Zima people are like, looking at all this like, hard seltzer stuff, and they’re like, “That was us. Like,” (Abbey: “We did it already.”) “why didn’t people get it?” Yeah.

Abbey (24:03):

I don’t know if they still do it, but up until a few years ago, like, I think Coors had purchased the Zima name, and you could go on the Coors tour in Golden and get Zima at the little like, bar thing afterwards. (David: <Laugh>.) It wasn’t good. I obviously tried it.

David (24:19):

Still not good. (Abbey: No.) Sorry, Zima creator.

Abbey (24:24):

Sorry, Zima. It might have not been the original. Well, now that we’ve covered it all, we’ve covered the worm, we’ve covered the Code Red, any last thoughts on this particular worm?

David (24:36):

No, not on this particular worm, or any other worms.

Abbey (24:43):

Or any other worms. Garden worms <laugh>.

David (24:44):

Garden worms. Yeah, just, you know, if you discover a worm, just try to be creative. Remember that the name might last a long time.

Abbey (24:54):

Make sure you’re drinking something amazing. There are millions of craft beers with absurd names out there.

David (25:01):

If you discover how to stop some kind of computer virus or worm, you could hang out with Joe Biden, and then spend an hour trying to explain computer things to an octogenarian. (THE FRONTIER THEME FADES IN)

Abbey (25:15):

Yes <laugh>. Try to explain overflow vulnerabilities <laugh>, (David: Yeah.) using a glass of Code Red Mountain Dew.

David (25:24):

<Laugh>. Which is Joe Biden’s favorite drink, actually. (Abbey: Is it?) Our president loves Code Red.

Abbey (25:31):

It’s in his Twitter bio <laugh>.

David (25:34):

Yeah. Don’t fact check that.

Faith, via previous recording (25:37):

Thanks for listening to the Frontier Podcast, powered by Gun.io. We drop two episodes per week, so if you like this episode, be sure to subscribe on your platform of choice, and come hang out with us again next week, and bring all your internet friends. If you have questions or recommendations, just shoot us a Twitter DM @theFrontierPod, and we’ll see you next week.

(THE FRONTIER THEME ENDS)