Q&A: Black Hawk Down Author Mark Bowden

The Chester County writer talks about his new book, Worm, and why the Internet needs to be rebuilt from scratch

On Tuesday, the man who wrote Black Hawk Down and Killing Pablo released his newest non-fiction work, Worm: The First Digital World War (Atlantic Monthly Press, $25). In it, Bowden, a former Inquirer reporter, tells the story of a computer worm1 dubbed “Conficker,” which has invaded millions of computers since its 2008 debut. Here, he tells us what this all means for the future of the Internet as we know it.

Do people not take the threat of an Internet worm seriously in part because of the needless hysteria that erupted over the Millennium Bug?
Yes, it has become a real problem. Part of the reason is that the media—and I count myself as part of that—are really ignorant of highly technical things. They have a tendency to ask for a worst case scenario. That translates into a lot of tabloid media and these lurid reports on the Internet and cable TV that the world is going to crash on such and such a date. With Conficker, there were headlines like “CYBERGEDDON!” And when it didn’t happen, everybody went, Oh, false alarm from the folks who brought you Y2K.

With that disclaimer, what really is the worst case scenario with malware like Conficker?
Well, the botnet2 that Conficker created had the potential to crash the Internet, which would take down the entire world for a period of time. It wouldn’t take long to disrupt enormous numbers of vitally important networks and activities: commerce, telecommunications, air traffic control systems, police, military, hospitals. There would be a loss of life and tremendous confusion. Such a thing could happen with a botnet using 10 to 12 million computers. They’re all linked and can be used for the same task. If a person used it to launch a massive denial-of-service attack3, it would basically crush the Internet itself.

What countries are our biggest enemies in this particular war?
These are generally non-state actors, but they tend to be in Eastern Europe. The Ukraine is a real center. Their laws are very liberal when it comes to launching malware. China is a major source for cyber attacks and cyber espionage. But it’s hard to pinpoint. We are reaping the consequences of having this ultimate democratizing tool in the hands of criminals and enemy nation states instead of what was originally intended for well-intentioned people to exchange information and collaborate.

What are the chances that the computer I am on right now has been attacked by a worm?
Very good. I think that something like one fifth or a quarter of the computers in the world are linked to one botnet or another. The chances are much greater on a Windows machine than a Mac. They prefer to target Windows since it is far and away the most popular operating system in the world. If you’re going to design a tool meant to get as far and wide as you can spread it, you want to get the biggest bang for your buck.

Can’t patches4—like the one that Microsoft issued for Conficker—solve the problem?
Actually, Microsoft saw Conficker coming. They discovered the hole in their OS, and they issued a patch before Conficker even appeared. But the problem is, most people who are registered Windows users don’t download security updates, and the vast majority of Windows users aren’t even registered. They’re unauthorized users, so none of them get the security updates. When Microsoft issues a patch, in a sense, it advertises its vulnerability. There are cyber gangs out there who, when they get a notice of a security patch, ask, How can we take advantage of this with the millions and millions of people that don’t have a patch?

So what can be done?
The Internet needs to be completely rebuilt from scratch so that every bit or byte of information that enters cyberspace is fingerprinted so that we know who created it. And you would need a very high level of international policing against using it for harm. It’s very possible that this will happen and that this new Internet, with the current Internet co-existing, would be where you would conduct your business if you wanted a secure environment. I know that the Internet Engineering Task Force is working on a plan to rebuild it along those lines. It might cost you to purchase this higher level of security. Otherwise, you can hang out in the outlands.

You’ve had pretty good luck having your books turned into movies. What are your chances with Worm?
You know, I would not be surprised if someone buys the rights to it. I’ve had inquiries. Most of the books and stories that I write are optioned. But I don’t really know how anybody could adapt this into a film. I’ve spoken with people from Brad Pitt’s development company, and I told them that I couldn’t imagine how to turn it into a movie. Then again, I wouldn’t have readily imagined Moneyball as a film.


1Worm: A self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention.

2Botnet: A collection of compromised computers connected to the Internet, termed bots, that are used for malicious purposes. When a computer becomes compromised, it becomes a part of a botnet.

3Denial-of-service attack: An attempt to make a computer resource unavailable to its intended users. One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable.

4Patch: a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance.

Definitions via Wikipedia.