This entry reflects the Black Hat Europe presentation based on the research by Fortinet’s Guillaume Lovet and Axelle Apvrille, dedicated to comparing the human virus defense mechanisms with those implemented in computers.
Guillaume Lovet: This presentation is a bit different from the other talks that you may have attended so far, because basically it’s a comparison between computer viruses and biological viruses. That means we will have to delve into some biological concepts, so we won’t be talking only about computers, for a change. And we do hope that you will enjoy it as much as we enjoyed it when we did the research.I wrote this paper and did the research with Axelle Apvrille, unfortunately she couldn’t be here today, so I will be assisted by Ruchna here. The paper was reviewed by Koshika Yadava – PhD student in Immunology, so basically she made sure that we would not say too much bullcrap in the paper. We are all part of the Fortinet’s FortiGuard team except for Ms. Yadava of course; basically, FortiGuard team is the threat research and threat response team at Fortinet. So, the reason behind all that: as I said, when we started we wanted to do a comparison for fun and to please our curious minds, because hackers have curious minds. Basically, we really enjoyed it. Along the way, we figured out that it could help us get a better understanding of why the immune systems in Biology are so much better than the AV systems in computers in terms of virus detection. Granted, some people die because they are infected by viruses, but they never go undetected. They might win over our immune system, but they never go undetected; and we will see exactly why it is so much different from the AV systems, where computer viruses stay undetected for months, for years.
And eventually, along the course of our research, we came to wonder if at some point there could be some kind of convergence between biological viruses and computer viruses. That means computer viruses starting to behave more like biological viruses, and biological viruses starting to behave more like computer viruses, and possibly one crossing the frontier to the other realm and vice versa, which may sound foolish at first or may sound like a bad scenario for a Hollywood movie, but you will see afterwards it’s not so stupid a question actually.So, this is how we will proceed. First we will go through some background on Biology, which is necessary but not too deep. Then we will compare the attack strategies and defense strategies of biological and computer viruses, and we will see the similarities. And then, as I said, the scary stuff for Hollywood will be in the end with convergence scenarios.
What is very interesting about viruses is that they are really at the frontier between the living and the non-living. We don’t really know if it is a form of life or not. It depends on your definition of the form of life. Now, most scientists will tell you the smallest form of life is a bacterium, because it is one cell, and all the living organisms are made of cells. So, the smallest possible living being should be one cell, one bacterium.
A virus is not a bacterium because it doesn’t have a metabolism of its own. To exploit, to decode the information in its DNA, it can’t rely on its own metabolism, it must infect a host, a cell, and it’s the cell that will produce and interpret its DNA sequences. So, it has genetic material like all the living beings but it doesn’t have a metabolism; it’s not a cell like all living beings, so it’s, really, in the middle.So, since it doesn’t have a metabolism of its own, it must attach to a cell to replicate. Once attached to a cell, it injects its genetic material into the cell. In most cases, you will then have a lytic cycle when the genetic material is injected into the cell, and the cell’s metabolism starts to read the DNA sequence and produce the proteins that the DNA sequence coded for. And those proteins will create new viruses, and when there are enough new viruses in the cell, the cell cannot contain them any more, it just bursts, and all the new viruses get loose and will go infect other cells.
Sometimes you will also have lysogenic cycle, where the genetic material is inserted inside the DNA of the cell. And so, when the cell replicates, it gets conserved, at some point it will be interpreted like this and will fall back to that scenario.