Alistair Fairweather: Computer viruses are no longer for amateurs

Biological viruses are among the most rapidly evolving organisms on our planet. The same is true of computer viruses, except that malevolent human organisations are driving this evolution, not natural selection. The most recent strains of these digital pathogens are evidence that virus makers have reached a new level of sophistication.

Take CryptoLocker, a nasty piece of "ransomware" that swept through the world in October 2013. After tricking you into installing it – usually by masquerading as an attachment to a legitimate business-related email – CryptoLocker sets about stealthily encrypting every file on your computer.

This encryption essentially scrambles all your files, making them unusable by man or machine until they are decrypted. Since CryptoLocker uses 2 048-bit encryption – what used to be considered "military grade" – it is impossible to decrypt any of your data without having the appropriate decryption key.

That's where the "ransom" part comes in: when CryptoLocker has succeeded in encrypting all your files it pops up a window demanding $300 (or more) for the key that will decrypt them. It gives its hapless victim 72 hours to comply, after which the key is deleted forever. Payment is only accepted via (effectively) untraceable mechanisms like BitCoin and digital money orders that can only be purchased with cash.

The fact that criminals are using our own security tools to attack us is not particularly new. The computer security arms race has always been complicated by the fact that our enemies have access to the same (and sometimes better) technologies as those who defend us.

What is new is how organised and sophisticated these criminal gangs have become. Two decades ago viruses were almost exclusively the province of spotty misanthropes residing in their mothers' basements. These were people with an axe to grind or a point to prove (usually about their prowess at programming), not profit-maximising criminal enterprises.

What makes this new breed of virus maker particularly dangerous is that they have the resources to buy their way into digital ecosystems once effectively protected by their pay-to-play nature.

The global digital advertising supply chain is a perfect example of such an ecosystem. In the last 18 months, criminals have begun using a technique known as "malvertising" to attack the readers of large online publishers.

These criminals pose as legitimate buyers of advertising space, often purporting to be placing advertisements on behalf of trusted online brands. They approach online publishers or advertising networks (who buy and sell advertising space in bulk) and offer to buy large chunks of inventory, often over holiday periods. They are willing to pay up-front for this advertising space, although they will try to negotiate 30 or 60 day payment terms if they can.

For the first few days of the agreement, the criminals deliver innocuous but fake adverts to the unwitting publishers – just enough time to lull them into a false sense of security. As soon as the proverbial coast is clear, the criminals switch the fake adverts with malicious code that can infect readers' computers with viruses or fool them with scams.

Then, before either the readers or the publishers realise what is happening, the criminals switch back to the fake advert again, rendering the attack undetectable. They then repeat this cycle until they get caught.

This kind of bait-and-switch technique is possible because of the highly distributed and syndicated nature of online advertising. Adverts are often delivered to publishers via third party services; systems that act like giant clearinghouses for advertising space, matching buyers and sellers.

These services themselves routinely accept syndicated adverts, meaning that by the time an advert reaches a reader it might have passed through half a dozen different service providers. If only one of these service providers has lax security measures, the whole supply chain can be corrupted.

The Mail & Guardian was the target of a malvertising attack late last year. In our case the criminals were using another kind of ransomware – one that impersonates anti-virus software and requires you to pay to "upgrade" it and remove the (fake) viruses it has so helpfully detected.

The nature of the attack was so stealthy and sophisticated that it took the publication weeks to track down the source. Thankfully we at M&G have friends in the information security industry who helped us to do so. A smaller publisher might never have found and plugged this hole.

Another example of criminals' increasing willingness to invest money up front in their attacks emerged last week. Malware distributors have begun buying popular Google Chrome extensions and then using them to launch attacks on unsuspecting users.

Extensions are small pieces of software that add custom functionality to a browser. They typically do things like save a link to your favourite bookmark tool or share the article you are reading to Facebook. What makes them dangerous is that they can be remotely updated by their author without you giving them explicit permission.

This kind of unguarded back door is like mother's milk to criminals. Once they have control over the extension, they use it to silently inject all manner of horrific attacks into the users' computers. And because browser extensions are the last place most people would think to look, these attacks can continue for some time.

It's tempting to blame the original authors of the extensions, but if someone approached you and offered to pay you several thousand dollars for a piece of software that took you a couple of hours to write, chances are you would also sell.

And the fact that criminals are willing to spend tens of thousands of rands up front, shows you both how lucrative their activities are, and how skilled they are at balancing costs with benefits. Researchers at Symantec, a security firm, infiltrated the servers of a ransomware operation and found data that suggested these gangs can make millions of dollars per year from their schemes.

When Fred Cohen coined the term "computer virus" in his 1986 PhD thesis, he probably had no idea how apt it would prove. Nearly 30 years later, they have mutated well beyond disruptive nuisances into relentless plagues that can kill or cripple entire computer networks and the businesses that rely on them.

And yet these criminals remain a tiny minority. Computers have created trillions of dollars of value and unleashed the talents of billions of people. I would not exchange these enormous benefits for a world without viruses. But governments and ordinary citizens need to educate themselves about these threats, and soon. They are only going to get worse.

Subscribe to the M&G

These are unprecedented times, and the role of media to tell and record the story of South Africa as it develops is more important than ever.

The Mail & Guardian is a proud news publisher with roots stretching back 35 years, and we’ve survived right from day one thanks to the support of readers who value fiercely independent journalism that is beholden to no-one. To help us continue for another 35 future years with the same proud values, please consider taking out a subscription.

Related stories

How to escape the ‘era of pandemics’

Any of 850 000 viruses could cause the next global crisis. Experts say we should focus on prevention

Will the coronavirus cause a major growth slowdown in China?

The panic generated by the new coronavirus, 2019-nCov, which originated in Wuhan, one of China’s largest cities and a...

The coronavirus is a disease of Chinese autocracy

An outbreak of a new coronavirus that began in the Chinese city of Wuhan has already infected over 4000 people –...

Seven things you should know about this country’s largest Lassa fever outbreak

Nigeria's latest and largest epidemic has claimed almost 100 lives. Find out more about the virus.

Explainer: why children are at risk of hand, foot and mouth disease

Hand, foot and mouth disease is a viral infection that can affect infants and young children.

Dating apps have not killed dating

We are sexually omnivorous and not programmed for monogamy. But most of us prefer choosing one special somebody over an endless stream of nobodies.

Subscribers only

Covid-19 surges in the Eastern Cape

With people queuing for services, no water, lax enforcement of mask rules and plenty of partying, the virus is flourishing once again, and a quarter of the growth is in the Eastern Cape

Ace prepares ANC branches for battle

ANC secretary general Ace Magashule is ignoring party policy on corruption-charged officials and taking his battle to branch level, where his ‘slate capture’ strategy is expected to leave Ramaphosa on the ropes

More top stories

Sudan’s government gambles over fuel-subsidy cuts — and people pay...

Economists question the manner in which the transitional government partially cut fuel subsidies

Traditional healers need new spaces

Proper facilities supported by well-researched cultural principles will go a long way to improving the image and perception of the practice of traditional medicine

Did Botswana execute ‘poachers’ ?

The Botswana Defence Force’s anti-poaching unit has long been accused of a ‘shoot to kill’ policy. Over 20 years the unit has killed 30 Namibians and 22 Zimbabweans

Limpopo big-game farmer accused of constant harassment

A family’s struggle against alleged intimidation and failure to act by the authorities mirrors the daily challenges farm dwellers face

press releases

Loading latest Press Releases…