Computer hackers could create malicious software that crosses the line from technology to biology, crafting viruses that could spread dangerous epidemics, researchers said at Black Hat Europe.
“We are really on the border between the living and the not living,” said Guillaume Lovet, senior manager of Fortinet’s Threat Research and Response Center, during a keynote speech discussing the similarities between biological and computer viruses. Fortinet was the main sponsor of the Black Hat Europe security conference in Amsterdam last week.
The comparison between computer and human viruses was made to give security researchers a better understanding of why the human immune system is so much better in battling viruses then antivirus systems.
“We came to wonder if there can be some kind of convergence between human viruses and computer viruses,” Lovet added. “It may sound like a scenario for a bad Hollywood movie, but it is not such a stupid question.”
One of the main things that led Fortinet researchers to that conclusion is the similarity between computer and human viruses. In essence they behave the same way, including information coding for parasitic behavior inside a host system.
Reasoning along this line of thought, a Denial of Service (DoS) attack can be compared to HIV (Human immunodeficiency virus), because both aim at overloading a system, said Ruchna Nigam, security researcher at Fortinet.
There are other comparisons between computer viruses and HIV. HIV attacks the immune system, making humans more vulnerable to certain diseases. Computer viruses such as W32/Sality also use this strategy, terminating antivirus programs and setting a malicious program as an authorized application to bypass Microsoft’s firewall.
The researchers also pointed out that both humans and computers infect themselves. A human visiting a doctor and getting an infection is not an unthinkable scenario, Lovet and Nigam pointed out. Likewise, computers can get infected by visiting a website and downloading a so-called drive-by download — malware that is embedded in the site that tries to install itself on computers. “This is how the ZeuS Trojan built a botnet of an estimated 3.6 million hosts in the USA alone,” noted Lovet and Axelle Apvrille, another Fortinet researcher, in a research paper.
Biological viruses, such as the influenza virus, are also known to change upon replication. When viruses replicate “they mutate themselves,” Nigam said. This behavior is comparable to the way the Conficker and Koobface viruses work. It’s a nightmare for security analysts, because every replicated sample is significantly different from its predecessor. This can render antivirus signatures, designed to detect malicious viruses, close to useless.
One important difference between these polymorphic viruses, as these adaptive variants are known, is that computer viruses only changes form. “Only the package is changed;” the code is not rewritten, Nigam explained.Computer viruses like Conficker have are also known to incubate, nestling themselves on systems to attack at a later time, which is comparable to the flu. “These ideas are taken from the physical world,” said Nigam.There are differences between biological and computer viruses, the researchers noted. If someone wrote the influenza virus in code, the file containing the virus would be no bigger than 22KB. Computer viruses are far bigger than that. In addition, they are more advanced. Biological viruses are not able to implement techniques comparable with encryption and antidebugging tricks, the researchers noted. This is fortunate, because drugs would have severe problems eliminating such virus variations.However, Lovet speculates that human and computer viruses could converge in the future. Most human viruses are essentially DNA or RNA code, strands that contain essential genetic instructions for all known living organisms. “In a nutshell: a biological virus is information that codes for behavior in a host system,” the researchers say. Computer viruses are essentially the same.
The frontier between the digital and the biological world is already blurring, the researchers said, citing cybernetic prosthesis as a good example. Some people have several electronic devices in their body, such as pacemakers, deep brain stimulators and cochlear implants, they noted. As soon as those devices communicate with an external machine, which in most cases is necessary at some point, they become theoretically vulnerable to computer viruses.In 2002, scientists were able to synthesize the poliovirus. Since then, biotechnology has moved on, making it possible to synthesize bacteria, and organisms are genetically modified almost every day, the researchers said. In addition, all the code for synthetic DNA is stored on computers.
“Seeing that the infamous Stuxnet virus, in 2010, was able to creep through a uranium enrichment plant, seize control of its PLC (programmable logic controller), and destroy its centrifuging gear, one could reasonably think that a virus infecting the computers sporting DNA databases is not outside the realm of possibility,” the researchers said in their paper.
“Conversely, software used when sequencing DNA of a living organism, and databases storing bits that code for that sequence, are probably not absent of vulnerabilities.” But whether it is possible to make a virus with malicious DNA sequences that could, once transcribed into bits, exploit those vulnerabilities, remains to be seen.Using a coded virus to affect human biology for military purposes is highly unlikely, since a spreading computer virus is much harder to control than, for example, anthrax bacteria. Releasing a virus might backfire and infect a nation’s own army. However, bioterrorists might be interested in the use of attacks based on such viruses, Lovet said. “And that is a very scary thought.”
Loek covers all things tech for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to firstname.lastname@example.org