Biology

September 3, 2009

3.2 KB of Code Can Kill You

19104972 A colleague of mine, Karthik Krishnamoorthy, forwarded me a link comparing H1N1 to a computer virus. The post is the most fascinating description of the inner workings of a virus I have ever read and does an excellent job of translating the biology of a real virus into computer terms more understandable by us in the information security industry.

For Example: "If you thought of organisms as computers with IP addresses, each functional group of cells in the organism would be listening to the environment through its own active port. So, as port 25 maps specifically to SMTP services on a computer, port H1 maps specifically to the windpipe region on a human. Interestingly, the same port H1 maps to the intestinal tract on a bird."

The article shows how real viruses have the equivalent of polymorphism and NOP sleds, and most worryingly how efficient they are.

"So it takes about 25 kilobits — 3.2 kbytes — of data to code for a virus that has a non-trivial chance of killing a human. This is more efficient than a computer virus, such as MyDoom, which rings in at around 22 kbytes. It’s humbling that I could be killed by 3.2kbytes of genetic data. Then again, with 850 Mbytes of data in my genome, there’s bound to be an exploit or two."

The article goes on to talk about how the virus mutates and adapts to the environment despite its relatively small amount of 'disk space'.

The article can be found here.

Posted by justin_foster on September 3, 2009 at 09:38 AM in Biology, Security | | Comments (0) | TrackBack (0)

|

June 8, 2009

Are hackers partially schizophrenic?

914335_85510317 I think a significant portion of hackers lie somewhere in the schizophrenic spectrum. Oddly this is good for them, and bad news for us.

Over the course of evolution, genetic anomalies have emerged that walk a fine line between being productive and being dangerous. For instance, mild versions of cystic fibrosis can protect against cholera by preventing the dehydration of the lungs. People in certain regions defend against malaria with sickle-cell anemia, and its generally believed those with Tay-Sachs disease have a natural defense against tuberculosis.

These traits continue to be bred into successive generations because the mild versions carry an adaptive value and don't impact the lifespan or breading abilities of the carrier. The result however, is that a percentage of the descendants develop full blown versions of the disorders with all of the disastrous consequences. Mother nature it seems, is willing to take this risk.

Schizophrenia presents on a wide spectrum, with a less severe version known as schizotypal personality. Schizotypal personality (also known as Schizotypal disorder) is characterized by the need for social isolation, odd behavior and thinking, and often unconventional beliefs. Unlike those diagnosed with schizophrenia, people with schizotypal personality can lead very full and productive lives. The negative effects are so vague they are mostly undiagnosed and untreated. Moreover, like the other disorders mentioned there can be advantages to having a schizotypal personality.

In a lecture by Joel Sapolsky he explains that the family members of people with schizophrenia have a higher rate of schizotypal disorder. Normally this presents itself in their gravitation towards solo occupations (lighthouse keeper, movie projectionist, etc). In cases where the unconventional beliefs and perceptual experiences are the stronger trait he draws a connection to religious or spiritual leaders. He points out that some behaviors one could consider psychologically suspect (like talking to a burning bush) can be acceptable and transformative in the right context.

I see a strong correlation between the behaviors of someone with schizotypal personality and a hacker. Certainly I'm not suggesting schizotypal disorder is a trait required for hackers. Like any other subculture the reasons people are drawn in can be widely influenced by environment. But there is a correlation between the diagnostic criteria and the typical profile of a hacker.

Schizotypal personality is characterized by five or more of the following (From Wikipedia):

1. Ideas of reference (excluding delusions of reference)
2. Odd beliefs or magical thinking that influences behavior and is inconsistent with subcultural norms (e.g., superstitions, bizarre fantasies or preoccupations)
3. Unusual perceptual experiences, including bodily illusions
4. Odd thinking and speech (e.g., vague, circumstantial, metaphorical, overelaborate, or stereotyped)
5. Suspiciousness or paranoid ideation
6. Inappropriate or constricted affect
7. Behavior or appearance that is odd, eccentric, or peculiar
8. Lack of close friends or confidants other than first-degree relatives
9. Social anxiety that tends to be associated with paranoid fears rather than negative judgments about self

Can you think of a serious hacker who doesn't exhibit five or more of these traits?

If you look at the terminology of hackers there is evidence of meta-magical thinking (especially references to mythical creatures). There also tends to be a strong affinity for escapism in science fiction and fantasy. Hackers usually seek isolation, preferring to peer only in cyberspace. When they do gather, such as at Defcon, you can't help but notice that the audience personifies the odd, eccentric and peculiar. Hackers tend to be unfairly categorized as having poor communication skills, perhaps it's just a byproduct of the way their minds work. Some hackers have a hyper-inflated sense their own importance, perhaps this is ideas of reference rather than ego. Most of the symptoms fit the stereotype.

But the point of this article is that partial genetic traits like this can be an enormous source of strength. They use the ability for unconventional thinking to innovate new ways to do things. For ethical hackers this results in creative techniques to expose vulnerabilities. For the black hat hacker this results in innovative new ways to pwn users and systems. I would argue that without these genetic traits there would be far less exotic malware like polymorphic viruses, self defending worms and tamper proof obfuscation. The powers of thought combined with the tendency towards isolation would also correlate well with the ability of the black hats to stay ahead of defenses (producing variants faster than we can keep up).

Before anyone gets offended by this suggestion, please know that I am certainly not a biologist or psychologist, nor do I have statistical data to back this up. Like attempts to related ADD to hackers in the past, this is merely an unprovable observation.

What I do know is that the enemy is formidable, bringing the full force of their intellects to bear. As security professionals we may be defending against more than an army of hackers, we may be defending against their genes.

Posted by justin_foster on June 8, 2009 at 11:59 AM in Biology, Hackers | | Comments (3) | TrackBack (0)

|

About

The views and opinions expressed on this blog are my own and in no way represent the views or opinions of my employer, Trend Micro.

 Subscribe in a reader

Archives

Twitter Updates

    follow me on Twitter
    Lijit Search
    Creative Commons License

    Copyright © 2010. This work is licensed under a Creative Commons Attribution 2.5 Generic License.

    Some images used with permission from istockphoto.com, clipart.com and sxc.hu subject to individual copyright.