SCIENCE

How can hackers attack the laboratory, trick scientists into creating infectious viruses?

Cybersecurity researchers at Ben-Gurion University in Israel recently discovered a computer attack that could allow hackers to manipulate operations in a remote biological lab. This can help them fool scientists into working in creating toxins and viruses without even knowing it.

The previous view has been that if terrorists want to spread the virus or poison by appropriating a reputable laboratory or hiding it inside a vaccine or any other medical treatment, they most must have physical access to the laboratory or part of its supply chain.

But that is no longer true, according to a new study published in the journal Nature Biotechnology of Ben-Gurion University.

Computer attacks can allow hackers to manipulate operations in a remote biology lab.

We know that biological studies today often use synthetic DNA, including developing immunity to create vaccines. These synthetic DNA are built in a computer controlled biotechnology machine.

Therefore, Ben-Gurion researchers have developed and tested an “end-to-end” attack scenario aimed at altering the data on the biotechnology tool’s computer. The result is an attack like this that displaces short DNA child chains with a malicious code.

The researchers claim that hackers with a simple “trojan” software and a bit of hidden code can also turn a life-saving drug into a biological weapon:

“A cyberattack that interferes with synthetic DNA orders can lead to the synthesis of nucleic acids that encode parts of the pathogenic organism or harmful proteins and toxins … This threat is We ran a proof-of-concept test in which a disordered DNA encoding a malicious peptide was not detected by software that performed the screening instructions. has been transferred to production “.

The researchers describe a situation in which a bad guy uses a trojan horse to infect a researcher’s computer. When that researcher orders the synthetic DNA, the malware scrambles the order so it looks legitimate to the security software the DNA synthesis store uses to test it. In fact, these disordered DNA child chains are harmful.

The DNA store made the order (accidentally sent it to the dangerous DNA researcher) and the researcher’s security software was unable to detect the disturbed child chains so the researcher remained ignorant.

Using these hypothetical trojans, researchers at Ben-Gurion University managed to bypass the security system of 16 out of 50 orders they tried to attack.

Detailed End to End attack scenario on a synthetic DNA order-produce-delivery chain

(1) Alice is a biological engineer. She turned on her computer that was infected with a Trojan (also known as a man-in-the-browser attack, a variant of the man-in-the-middle attack).
(2) Alice designs an experiment and sequence of DNA for cell transformation.
(3) When Alice orders synthetic DNA from Bob, a DNA synthesis company, the attacker replaces part of the sequences ordered by Alice with scrambled selective agents and sequences. may be reordered to malware in the future.
(4) Bob screened the order but could not identify the malicious chain due to the tampering.
(5) Synthetic DNA is generated.
(6) The order is returned to Alice.
(7) Alignment of the delivered order can be done by a third party or by Alice herself.
(8) The results of the sequence are checked by computer infected with the Trojan.
(9) While doing her normal research, Alice accidentally uses toxic DNA without her knowledge.
But what does all of this mean? We’re in a dangerous time when artificial intelligence (AI) isn’t advanced enough to detect these types of adaptive envelope attacks and humans simply can’t focus their attention. Its ideas are on a large scale.

The synthetic DNA replication system scientists use today is so vast that it is impossible for humans to check each of the sequences in it. We are relying entirely on automated software and AI to ensure this system works properly. But when an anomaly occurs, the machine will transfer that task to a human, in this case, the human would not be able to see through the smoke screen.

To solve this problem, the researchers proposed a set of cybersecurity measures including digital signatures, behavioral analytic artificial intelligence, and a synthetic DNA filter with greater resolution. , an advanced protocol and cross-check mode allow other scientists to detect malicious orders.

The study authors recommend that these measures be implemented immediately in the biotechnology community, as the gap to be patched is now too large.

Leave a Reply

Your email address will not be published. Required fields are marked *