Wednesday, June 07, 2006

Pact with the Devil

Is the University of Cambridge Computing Laboratory superstitious? Report number 666 (on computer malware) was published on 6/6/6 and is entitled Pact with the Devil [abstract, pdf, announcement].

This was clearly contrived. The Laboratory normally publishes a couple of reports every month. Report number 665 was published in April 2006, and then several reports were apparently held back so that the malware report could be assigned an auspicious number and date.

(Three further reports were published immediately after the malware report. Perhaps the numbers and dates are assigned by some bureaucratic computer system; but we may presume that the computer scientists at Cambridge would know how to cheat the system if they had chosen to do so. Perhaps it matters to some people whether this really was the 666th report, and not the 669th report with the code numbers swapped.)

Superstition is an interesting phenomenon. The computer scientists can claim an interesting defence: they are not irrational themselves, merely exploiting the irrationality of other people. Contriving an auspicious number is a trick to get themselves some publicity for the report. (Hey, it's got me to post a blog about it, and I'm not admitting to being superstitious either.)

The report itself talks about malware that coopts users to help with propagation - exploiting their greed, malice and short-sightedness.

It can be observed that a biological virus may alter the host's behaviour - for example, causing them to cough germs over other people. I understand that some people infected with a biological virus become so angry and alienated that they deliberately set out to infect other people. Obviously a biological virus that can cause this kind of behaviour is likely to be more successful at propagating itself.

The authors of the paper discuss various mechanisms and incentive structures that a crafty computer virus could use to bribe and blackmail users, causing them to assist with propagation. It's a scary thought. But the authors end with an even scarier thought - we may no longer be able to draw a hard line between malware and other propagated software. Until we have proper controls, "running other peoples software will remain an activity to be undertaken with caution". tags: POSIWID
Technorati tags:


Mike Bond said...

Richard, your analysis is certainly correct that the issuance of this report in such a way is completely contrived.

However the one point I would beg to differ on is that it was planned as a trick to get some cheap publicity. It was actually done purely to satisfy (or rather aggravate) purely internal superstitions, bascially to indulge a few people's senses of humour.

Once it was announced internally, someone said "hey, that's funny, you should press release that." so we did, and this is circumstantially coroborrated by the fact that the post didn't go out until about 4pm on 6th June 06, pretty much too late to get any proper coverage on the auspicious day itself.

Superstition is great stuff. As I compiled the report in Latex, I noticed that the size of the postscript output was 222KB, and if you multiply 222 by three, you get 666. Most significant.


Mike Bond.

Markus Kuhn said...

Organizations can hardly be superstitious; this attribute — I think — must remain reserved for individuals. Our monthly rate of new TR releases is as variable as any Poisson process: we had none in May 2006, just like we had none in December 2005. (For those who care: the author of TR-667 and TR-668 did actually submit a first draft in May, but did not provide a formatting-error fixed PDF until later in June, so there was actually no serious tweaking necessary to get TR-666 published on 6/6/6). But yes, as the editor in charge of our department's technical report series, I could not resist when I noticed a few weeks ago that the numbers might coincide, and asked around for particularly suitable submissions for this special number. I am most pleased that George and Mike had a perfect match in the drawer and were able to deliver on fairly short notice.

The suggestion to make this a press release came only later on 6/6/6 from colleagues, probably far too late to get any coverage.