Hackers can trick scientists into creating deadly viruses

The team said hackers do not need to be physically present in order to access any dangerous substance.

December 02, 2020 10:16 am | Updated 10:16 am IST

Hackers can trick scientists into creating deadly viruses.

Hackers can trick scientists into creating deadly viruses.

(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

A new type of cyberattack on DNA synthesis could trick scientists into creating dangerous viruses and toxins.

Researchers at the Israel-based Ben-Gurion University of the Negev, in a study titled, ‘Cyberbiosecurity: Remote DNA Injection Threat in Synthetic Biology’, published in Nature Biotechnology, highlighted the potential dangers of this biohacking techniques.

The team said hackers do not need to be physically present in order to access any dangerous substance. They can simply dupe scientists into producing toxins and viruses by launching a cyberattack.

“As cybersecurity becomes an increasing concern across all business sectors, the possible procurement of DNA for malicious purposes by hackers highlights the need for greater cyber-biosecurity,” researchers noted in the paper.

They explained how a cybercriminal can target a scientist’s computer and replace all or parts of sub-strings in DNA sequencing. By employing DNA obfuscation, the attacker can circumvent the protocols where the synthetic gene provider will not detect the malicious DNA.

Following which, the sequencing report will show the DNA as error-free, and even if scientists seek additional details, malware will ensure that the results falsely reflect the original DNA sequence that they intended to order.

 

Researchers conducted a proof of concept test, and found that an obfuscated DNA was not detected by software implementing the screening guidelines and the order was moved to production.

Screening guidelines are not robust

This was made possible due to weak screening guidelines. When DNA orders are made to synthetic gene providers, synthesis providers check each requested sequence across databases of problematic sequences before order fulfilment, as per the 2010 US Health and Human Services guidelines.

However, there are no comprehensive databases of pathogenic sequences, and the guidelines, unenforced outside of US National Institutes of Health (NIH) grantees are outdated.

Other industry groups have tried to fill the vacuum with their additional guidelines, but researchers believe that without a comprehensive penetration testing of the screening frameworks, some pathogenic sequences will fall through the oversight cracks. Academics have called for implementation of enhanced protocols by legislation and regulation.

They also suggested that synthesisers can implement cybersecurity protocols, such as electronic signatures on orders, and adapt to provide intrusion detection approaches, ranging from heuristic signatures to artificial intelligence behavioural analysis, to identify malicious code. Besides, fulfilled orders should be revisited when new information arises and data should be shared in a privacy-preserving manner to enable detection of malicious orders deliberately distributed across multiple synthesizers

“Cyber dangers are spilling over to the physical space, blurring the separation between the digital world and the real world, especially with increasing levels of automation in the biological lab,” researchers said.

“Best practices and standards must be woven into operational biological protocols to combat these threats.”

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.