6_computer virus
π Digital
Are we prepared for a cyberpandemic?

Computer virus vs biological virus, similarities?

Sophy Caulier, Independant journalist
On March 3rd, 2021 |
3 mins reading time
1
Computer virus vs biological virus, similarities?

    Jean-Yves Marion
    Jean-Yves Marion
    Professor at Université de Lorraine and director of Loria
    Key takeaways
    • We owe the expression “computer virus” (1983) to Leonard Adleman, a bioinformatician renowned for his work on “DNA computing” (computation using DNA sequences).
    • A cyberpandemic would show similarities to the Covid-19 pandemic, but the human body – especially thanks to its sophisticated immune system – is far more ingenious than computer systems.
    • Computer viruses, much like their biological counterparts, are capable of mutating to evade detection. Out of the 63 antiviruses tested by Jean-Yves Marion’s laboratory, only 7 were capable of detecting the intrusion of the banking Trojan called “Emotet”.

    When was the anal­o­gy between bio­log­i­cal and com­put­er virus­es made?

    Jean-Yves Mar­i­on: The use of the word “com­put­er virus” comes from Leonard Adle­man, a com­put­er sci­ence pro­fes­sor and mol­e­c­u­lar biol­o­gist renowned for his work on DNA com­put­ing (com­pu­ta­tion using DNA sequences). He was one of the devel­op­ers of the RSA encryp­tion algo­rithm. In 1983, one of his PhD stu­dents, Fred Cohen, devel­oped a new type of infor­mat­ic threat. He designed a pro­gram grant­i­ng him the access rights and data of unknow­ing users who down­loaded it. As such, Adle­man named this type of pro­gram “a virus”. The anal­o­gy between com­put­ers and biol­o­gy was pop­u­lar at the time, peo­ple spoke of arti­fi­cial intel­li­gence, neur­al net­works, etc.

    Can we also apply this anal­o­gy to the means of fight­ing viruses?

    There are pos­si­ble com­par­isons. The con­cept of lock­down, for exam­ple, is par­tic­u­lar­ly applic­a­ble to net­works. A fire­wall and fron­tend servers – a demil­i­tarised zone (DMZ) – iso­late the rest of the net­work to pro­tect it as much as pos­si­ble. It’s almost like putting on masks so we don’t get infected! 

    How­ev­er, if biol­o­gy and com­put­er sci­ence show sim­i­lar­i­ties in the rea­son­ing or analy­sis of a sit­u­a­tion, this is not the case when it comes to defence. From a bio­log­i­cal point of view, the human immune sys­tem is a fan­tas­tic machine. It knows how to defend itself against virus­es, bac­te­ria, aggres­sions, etc. It even knows how to “update” itself by tak­ing into con­sid­er­a­tion pre­vi­ous attacks. Our dig­i­tal sys­tems are light years away from this inge­nu­ity and efficiency. 

    We would great­ly ben­e­fit from a bet­ter under­stand­ing of our immune sys­tem to see if some ele­ments could be trans­posed in antivirus soft­ware. The mech­a­nisms of liv­ing beings are far more com­plex and sophis­ti­cat­ed. A cyber­at­tack is only designed by one or sev­er­al humans. It is there­fore pos­si­ble for oth­er indi­vid­u­als to under­stand and coun­ter­act this attack. Admit­ted­ly, cyber­at­tacks claim vic­tims, but we can defend our­selves. Where­as in the case of the Covid-19 pan­dem­ic… it is much harder!

    Does this mean that we could pro­tect our­selves against a cyberpandemic? 

    Sev­er­al answers. First, a world­wide cyber­pan­dem­ic has been announced for ages: “every­thing will stop, there will be no more cars, ener­gy, etc.” But it remains to be seen! We are far from the chaos por­trayed in dis­as­ter movies. At the same time, the num­ber of cyber­at­tacks increas­es and make vic­tims every day. When a com­pa­ny is attacked by a ran­somware, it leads to impor­tant human and eco­nom­ic con­se­quences. Final­ly, we have already been sub­ject to sev­er­al attacks result­ing in impor­tant per­ma­nent dam­age. For exam­ple, Wan­naCry or Not­Petya were respon­si­ble for bil­lions of finan­cial loss­es around the world.

    Addi­tion­al­ly, virus­es evolve, mutate and con­ceal them­selves bet­ter and bet­ter. Some even include many vari­a­tions. Let us take for exam­ple the bank­ing Tro­jan called Emotet. It appeared in 2014 and since then, its form, sig­na­ture or behav­iour have changed over time. It is cur­rent­ly one of the most wide­spread virus­es. We sub­mit­ted a par­tic­u­lar sam­ple of Emotet to 63 antivirus­es on Google’s Virus­To­tal web­site. Only 7 of them detect­ed this malware…

    Not to men­tion the bil­lions of con­nect­ed objects in our homes and our cities which can be attacked, divert­ed from their intend­ed use. So yes, a cyber­pan­dem­ic is pos­si­ble, but it would not take the same form as a bio­log­i­cal pandemic.

    What do you fear the most?

    I think that the true pan­dem­ic today is dis­in­for­ma­tion. Much like a dis­ease pan­dem­ic, it is viral. Intel­li­gent lan­guage or image pro­cess­ing tools are now so sophis­ti­cat­ed that they make it pos­si­ble to cre­ate “deep­fakes”, fake but entire­ly cred­i­ble videos which can make some­body say any­thing. It is pos­si­ble to pro­duce false “likes”, fake chat­bots, to wide­ly spread false infor­ma­tion, attack elec­toral systems…