Cyber-Security Pros Create “Frankenstein” Monster

Peter Suciu for redOrbit.com – Your Universe Online

It´s alive! Well, not quite, but UT Dallas computer scientists have created a new software that helps develop defense against new kinds of attacks, and in essence it is a monster of sorts.

The UT Dallas team, headed by Dr. Kevin Hamlen, associate professor of computer science, created software that can cloak itself as it steals and reconfigures information in a computer program. But Hamlen and doctoral student Vishwath Mohan didn´t create this software with criminal intention.

Instead the software was designed as a way to stay ahead of cyber attacks by essentially being able to act like its own cyber threat. The result is a software program “Frankenstein” — named because of the potentially destructive nature of this technology, which is in keeping with the monster-creating scientist in Mary Shelley´s 1818 novel Frankenstein (also known as The Modern Prometheus).

“Shelley´s story is an example of a horror that can result from science, and similarly, we intend our creation as a warning that we need better detections for these types of intrusions,” said Hamlen to the University of Texas at Dallas News Center. “Criminals may already know how to create this kind of software, so we examined the science behind the danger this represents, in hopes of creating countermeasures.”

The irony of course is that “Frankenstein” is in fact the scientist in the nearly two-centuries old novel, not the monster itself. Whether this fact is lost on Hamlen is unclear.

What is clear is that Frankenstein the program is not in fact a virus at all, but rather it could provide cover for an actual virus or another type of malware. Antivirus software typically works by figuring out the pattern of change a virus creates on a machine, and malware typically mutates as it jumps from machine to machine.

Frankenstein can provide a way to evade the scanning mechanism, by taking code from the programs that are already on a computer and re-purpose it.

“We wanted to build something that learns as it propagates,” Hamlen added . “Frankenstein takes from what is already there and reinvents itself. Just as Shelley´s monster was stitched from body parts, our Frankenstein also stitches software from original program parts, so no red flags are raised. It looks completely different, but its code is consistent with something normal.”

Hamlen and his team are working to aid government counter terrorism efforts by providing a cover to infiltrate terrorist computer networks. This type of so-called cyber warfare is apparently on the rise, with various malware being used in recent months. The most notable is the so-called “Shamoon” malware attack, which took out a variety of oil industry computers.

That attack is now being blamed on hacktivists, especially as the code in the software reportedly featured amateurish coding errors. But earlier this year Iran´s nuclear energy facilities were hit with the Stuxnet malware, which is believed to have originated in Israel as a way to ensure that Iran couldn´t develop nuclear weapons.

The question is whether this type of malware could ever get out of control? For that we need only look to Cornell University student Robert Tappan Morris, who created the now notorious “Morris Worm,” in 1988. This was the first computer worm distributed on the Internet, and Morris maintained that it wasn´t designed to cause damage but rather determine the size of the Internet.

A coding error — a critical error at that — transformed the worm and created a denial of service attack, that reportedly took down 6,000 major UNIX machines.

Of course Frankenstein the scientist didn´t set out to create a monster either.