About 11 years ago a friend of mine was pitching a television show to different networks. The premise was that he was going to play practical jokes against MTV. For instance, he called up the producers of the show behind MTV Beach House and told them his little brother was “afflicted” and had a wish of going to the MTV Beach House. “What’s wrong with him?” the producer asked. “He’s afflicted”. And so on. Plane tickets would be arranged, bands would be booked, etc. Hilarity would ensue. It wasn’t my favourite idea of his but he was pursuing it. So I decided to play a trick on my friend.
MTV.com’s e-mail system had some unfortunate security issues. I logged into the back door there and sent my friend an e-mail from email@example.com informing him he was in serious trouble and MTV was going to take every “litigious and federal” action at “our disposal”.
My friend panicked and left repeated apologies at MTV’s legal office until I calmed him down and told him what I did. We’re not really friends any more but I wave hello when I see him across the street.
Note to MTV: This was the only time I did this. I never showed anyone else how to do it. And, to your credit, you patched the hole a year later. I’m assuming there’s some sort of hacking statute of limitations on this sort of thing. But don’t mess with me.
You would think after 11 years and billions of dollars that security would be better. It isn’t. It is worse than anyone realises. If you buy a computer at the store, take it out of the box and plug it into your cable modem without any sort of firewall, within 30 minutes your computer will be infected. Once it’s infected there is nothing you can do about it. What will it be infected with? One of those viruses that Norton Anti-Virus can take care of? No. That’s old school.
New school are the minions of what are called “bot armies”. A “bot” is a piece of software that attaches itself to the lowest levels of your computer and simply does nothing. It’s like a sleeper cell. It can sit dormant for years. Every now and then it will wake up to do two things: head out to various internet chat rooms to see if the “bot master” has left instructions for it; and the other thing it will do is rewrite itself, so if any anti-virus software was created to try to find it, it will no longer find it. It morphs into something else. It’s a cancer that can’t be found or stopped.
And about 50m computers worldwide, including computers in about half of the S&P 500, are infected with these bots right now. What do these bots do when they are given an assignment? Often they become spam gateways and quietly send out millions of spam e-mails without the owner of the computer realising. They are also used to launch denial-of- service attacks against companies or websites. Or they are used to keep track of all credit card numbers entered in on your computer and then the bot master gathers all the numbers and sells them to the identity theft black market. It’s no longer 12-year-old Russian kids writing these types of “malware”. Those 12-year-olds are now 19-year-olds who are being paid by various criminal organisations to build more sophisticated versions of these bots.
I was visiting an anti-bot start-up comprised of PhD programmers. I asked them: “What happens when the guys making these bots get as smart as you guys?” They started laughing. “They are much smarter than us already.”
Fortunately, from a stock market perspective, there might be ways to play it. Forget the security software companies. They might be useless. The hardware guys, Cisco and Juniper, are buying companies in the space and developing hardware to detect these intruders at the network level. They are probably good purchases here.
The only real way to avoid getting infected is to never put anything on your computer. Always store things remotely. Only one company provides the services and software to allow this at an enterprise level: VMware, which is about to be spun out of EMC at probably a $10bn valuation, where it would be cheap in my opinion. VMware provides virtualisation software that makes you think everything is on your computer but all your files will instead be on hard drives in the corporate data centre, allowing companies much more thorough protection against bots, as well as saving on IT costs. I’m not the only one who thinks VMware is a home-run. Intel and Cisco both just invested in the company and Hewlett-Packard and IBM (competitors to EMC) are among VMware’s largest customers. This is an IPO worth buying.
Is all hope lost? Will the internet go down and hard drives get wiped out around the world? Probably. But think back to what it was like pre-internet, take a deep breath and make sure you remember how to enjoy a good sunset.
Get alerts on VMware Inc when a new story is published