For the past four decades, clever programmers have written computer viruses and worms that replicate and spread, either by bypassing technical security features or by taking advantage of human nature. Hacks started with playful images appearing unexpectedly, shifted to emails sent by harvesting address lists and turning thousands of computers into a vast “botnet” that attacks servers, and more recently, have locked down systems while demanding ransom payments. Scholars looking for an origin to the concept of self-replicating software often point to the mathematician John von Neumann, who advanced a “theory and organization of complicated automata” over a series of five lectures in December 1949. Von Neumann’s theory outlined a key role for software in the self-replication of machines. [1] However, the idea of software spreading across a network or inserting itself into other programs was more concept than reality for many years.
In the early 1960s, a hacker culture began to emerge at MIT, Stanford, and a few other locations when students experimented with new ways to program so-called minicomputers (which were the size of refrigerators, hence significantly smaller than previous room-sized computers). For example, the video game Spacewar was coded on the PDP-1 during off hours at MIT; copies were soon played across the country at Stanford. In an interesting reversal, the Unix operating system originated in coding by Ken Thompson and colleagues at Bell Laboratories to enable them to play their own video game, Space Travel, after Bell Labs upgraded to a new minicomputer. [2]
Networked computers started coming under attack in 1971 with the release of the first computer worm across the Advanced Research Projects Agency Network (ARPANET). A program called the Creeper displayed the message, “I’m the creeper, catch me if you can!” Internet pioneers at ARPA then wrote the first anti-virus program, the Reaper, which identified and deleted creeper code. The Reaper looked for a specific set of instructions and if found, proceeded to log that mainframe out of ARPANET. When the computer was rebooted and reconnected, the code was gone since it never fully integrated into the operating system. The relationship of Reaper to Creeper served as an inspiration for the game, “Core War,” in which programmers compete to write code that can take control of a virtual computer. In turn Core War inspired today’s hacking competitions, including at the famous DEF CON held annually in Las Vegas since 1993. [3]
The term “computer virus” was coined by the University of Southern California professor Len Adleman in 1983, when his graduate student Fred Cohen gave a seminar presentation on how to gain control of a Unix system. However, the first personal computer virus identified “in the wild,” Elk Cloner, had been attacking Apple II computers since 1982 via floppy disks; every 50th time the disk was used, a message appeared: “It will get on all your disks / It will infiltrate your chips / Yes, it’s Cloner!” [4] The first DOS virus was written in 1986 by two programmers in Pakistan. “Brain” operated by infecting the boot sector and demonstrated that inserted code could remain in the computer. [5] By 1987, the Christma Exec virus relied on tricking computer users with the promise to draw a Christmas tree on their screens. While the program did in fact draw a tree, it also sent a copy of itself to the users’ email correspondents, which recipients trusted because they thought they knew the sender. [6]
Consequently, commercially available antivirus programs found a ready market, starting in the latter half of the 1980s. Notably, the pioneer John McAfee launched VirusScan in 1987 to search out known viruses. Other firms followed and by the early 1990s, numerous competing products could be used to scan computers in workplaces and homes. Yet, in a cycle that continues to the present, the antivirus programs relied on experts identifying problematic code and incorporating it into the search algorithm after a virus already had infected some computers.
Other malware has spread in recent decades, including trojans (disguised as a normal file or program), spyware, adware, and code that links up thousands of computers into a vast botnet. Some intrusions linger in network systems for years before either causing direct harm or sending confidential information to the author of the hack. As ever more devices—ranging from household appliances to military systems—are connected to the internet, the harms associated with hacking are rising. A common estimate holds that some 74,000 new computer viruses are released daily. But the process of finding bugs, hacks, and other cyber infections remains artisanal, with thousands of computer scientists and technicians searching billions of lines of code for intrusions or vulnerabilities.
In the early 2010s, experts at the Defense Advanced Research Projects Agency (DARPA) observed advances in critical areas of computer science necessary to automate the analysis and patching of software. In 2014, DARPA announced a two-year competition to design and build computer systems that would block attacks or find and isolate malicious code. Specifically, DARPA sought to underwrite the development of an “architecture” for an artificial intelligence machine, which they termed a “cyber reasoning system.” Systems had to integrate autonomous analysis, autonomous patching, autonomous vulnerability scanning, autonomous service resiliency, and autonomous network defense. [7] To speed development, DARPA announced that qualified systems would go head-to-head in a series of rounds, and finalists would meet to compete for $4 million in prizes, with the top system winning $2 million.
Starting with 100 teams made up of top security researchers and hackers from around the world, the final event in August 2016 featured seven groups competing in front of a large live audience in Las Vegas. Through a series of visualizations, the machines demonstrated their ability to find and patch flawed code within seconds while identifying and exploiting opponents’ weaknesses. The winning system “Mayhem,” then competed against human teams in a computerized game of "capture the flag" at the DEF CON competition (in which hackers seek to break into each other’s systems with the ultimate goal of improving computer security). Mayhem came in last against the human teams, but was in the lead at several points during the competition. When announcing the winners, DEF CON organizers stated, “We would in particular like to congratulate Mayhem, from ForAllSecure, for their spectacular performance as the first autonomous computer system to play DEF CON capture the flag.” [8]
Although not yet in commercial use, these artificial intelligence systems are advancing rapidly, and I can readily envision them playing a greater role in protecting networks, devices, and systems in the near future. Starting April 18—but only for a limited time—visitors to the National Museum of American History can see Mayhem on display. Our goal in exhibiting Mayhem is to show visitors what a cyber security system looks like and encourage people to think about the increasing role that artificial intelligence systems are playing in our daily lives. Visitors will gain insights into steps being taken to reduce vulnerabilities and improve Internet security and leave inspired to learn more about what they need to do to reduce the spread of computer viruses.
Notes:
[1] John von Neumann, Theory of Self-Reproducing Automata (University of Illinois Press, 1966).
[2] Peter Salus, A Quarter Century of Unix (Addison-Wesley Press, 1994).
[3] Gregory Conti, Thomas Babbitt, and John Nelson, “Hacking Competitions and their Untapped Potential for Security Education,” IEEE Security & Privacy 9.3 (2011): 56-59.
[4] Kim Zetter, “Nov. 10, 1983: Computer ‘Virus’ is Born,” Wired (October 11, 2009); available online at: https://www.wired.com/2009/11/1110fred-cohen-first-computer-virus
[5] National Institute of Standards and Technology, Threat Assessment of Malicious Code and Human Threats (U.S. Government Printing Office, 1994).
[6] Thomas Chen, “Trends in Viruses and Worms,” The Internet Protocol Journal 6.3 (2003): 23-33.
[7] DARPA, “Cyber Grand Challenge: Technical Paper Guidelines,” (May 29, 2014), available at: http://archive.darpa.mil/cybergrandchallenge_competitorsite/Files/CGC_Technical_Paper_Guidelines.pdf
[8] Vito Genovese, 2016 DEF CON CTF Final Scores,” Legitimate Business Syndicate (September 6, 2016), available online at:https://blog.legitbs.net/2016/09/2016-def-con-ctf-final-scores.html