This article can also be found in the Premium Editorial Download "Information Security magazine: What are botnets and how can you prepare for them?."
Download it now to read this article plus other related content.
Could cryptography be the next destructive malware payload?
Researchers have talked for years about the threat of polymorphic malware that uses encryption to conceal its malicious intent and stealthily replicates itself in undetectable forms.
But what if encryption wasn't just a malware camouflage or propagation mechanism? What if malware writers could apply encryption in a payload to hold data for ransom, extorting victim enterprises?
It's more than theory. Conditions are ripe for a new class of malware: crypto-viruses. These yet-to-be-seen-in-the-wild contagions have the potential to hold critical data hostage, anonymously leaking it to third parties and making it nearly impossible to prove that valuable data was stolen. Malware writers are already using encryption as a means of concealing their creations, and research and proof-of-concept worms have shown that cryptography can be used as a weapon. If you're not prepared, you could lose your data.
The cryptovirology theory is simple: An attacker generates a public/private key pair for the purpose of holding the victim's data ransom. The public key is placed within the virus, and the private key is kept secret by the attacker. The virus queries the host operating system's random number generator for a symmetric key, such as a 128-bit AES key. The virus encrypts the host's data files, possibly including sensitive financial, research or other crucial information. The symmetric key is then encrypted with the virus's public key. In cryptography circles, this process is known as hybrid encryption and is the basis for virtually all e-mail encryption applications.
Next, the virus overwrites the symmetric key in memory and securely deletes all copies of the plaintext, ensuring that none of the compromised host's original files are accessible. The attacker then demands a ransom in exchange for the the private key to decrypt the data held hostage.
While it's relatively trivial to combine the power of cryptography with malware, conditions for exploiting the dangerous combination haven't been favorable until now. An attacker can encrypt data and create backdoors, but still needs a way of extorting his victims without getting caught. Anonymizing services, which form the basis for several e-mail systems, e-voting protocols and private Web-surfing services, provide an extortion mechanism. Also, as we've seen with DDoS extortion threats, phishing schemes and identity theft, the bad guys have created effective money-laundering mechanisms and have started working with organized criminal groups. Incorporating cryptography into these extortion schemes is highly likely. (See "Malicious Moneymakers.")
Likewise, other obfuscation techniques, such as having a cryptovirus post stolen, or encrypted data posted to a public bulletin board, make it much more difficult to trace an attacker. By posting encrypted data to a popular public Web site or newsgroup, anyone can see what's posted, but only the attacker can decrypt the package. Sorting out the actual attacker from the multitude of innocent visitors would be difficult. Disgruntled insiders, malicious social activists and cyberterrorists could use cryptovirology to destroy a company or operation.
Probable Crypto Attacks
Research conducted by Adam Young, a senior managing consultant at LEGC, and Moti Yung, a senior researcher at Columbia University, has identified myriad probable attack scenarios using malicious cryptography. Though plausible, none have yet been reported outside lab environments. The following are a sampling of possible cryptovirology attack scenarios:
Deniable Password Snatching. This attack combines public-key cryptography with a password-stealing Trojan. After grabbing passwords from a victim machine through keystroke logging, sniffing and/or cracking, the Trojan asymmetrically encrypts the recovered login/ password pairs using the attacker's public key. Only the attacker can decrypt the passwords with his private key. The Trojan writes a file with the encrypted passwords to all removable and writable media (such as USB hard drives, hundreds of users' home directories and networked machines), and possibly even sends the encrypted password file to hundreds or thousands of e-mail addresses, Web sites and newsgroups.
This attack maintains tight control over the stolen passwords, giving only the attacker access to them. It also diffuses culpability by giving the encrypted password file to anyone and anything that comes in contact with the compromised host, making the identification of an attacker extremely difficult.
Private Information Retrieval. This attack stealthily searches a victim's databases and servers for specific pieces of information, and steals them without revealing what the malware was searching for (the tag string) or what was stolen (the sensitive data). It's relatively easy to design code that scans a database for a specific data set, such as a person's name, and then use that string to find a corresponding piece of information, like the person's salary. To conceal the malicious activity, the attacker can use a crypto algorithm to cloak the database search. The malware then encrypts the stolen data, making it impossible to tell what was taken even if the enterprise intercepts the malware. The attacker is then free to use his private key to decrypt the pilfered data.
Questionable Encryption. This technique is designed to cast doubt on whether an attack has occurred. The attacker allows the victims to watch the asymmetrically encrypted data get transmitted to multiple sites and copied to tens of thousands of machines. After a certain period of time, the attacker anonymously reveals a bogus private key that has nothing to do with the encrypted data. The victim enterprise then uses this fake key to decrypt the data into bogus plaintext messages, which are intended to make the enterprise believe that the attacker was merely bluffing and didn't steal anything. Yet, with the proper private key, the attacker would still have access to all of the data.
There are numerous other possible variations of these attacks, some that open enterprises to extortion, others that leak sensitive information and a few that are designed to break down the integrity of victim systems.
While plausible, pulling off these attacks isn't trivial. To leverage public keys and other encryption schemes as malicious tools, the attacker needs in-depth knowledge of the implementation of public/private keys and nearly flawless code to ensure reliable execution. This is perhaps one of the reasons why no such attacks have been witnessed (or at least reported) in the wild. Still, with solid, open-source crypto packages available for download, malware employing these capabilities is very likely in the near future.
This was first published in March 2005