Exploring malware to bypass DNA screening and lead to ‘biohacking’ attacks

Pierluigi Paganini November 30, 2020

Boffins from the Ben-Gurion University of the Negev described a new cyberattack on DNA scientists that could open to biological warfare.

A team of researchers from the Ben-Gurion University of the Negev described a new cyberattack on DNA scientists that could open to biological warfare.

Scientists play a crucial role in modern society, especially during the COVID-19 pandemic.

A research paper titled “Cyberbiosecurity: Remote DNA Injection Threat in Synthetic Biology” published in the academic journal Nature Biotechnology documented how to use malware to compromise a biologist’s computer to replace sub-strings in DNA sequencing.

Threat actors could exploit bugs in the Screening Framework Guidance for Providers of Synthetic Double-Stranded DNA and Harmonized Screening Protocol v2.0 systems to circumvent protocols.

The experts explained that every time a DNA order is made by biologists to synthetic gene providers, the US Department of Health and Human Services (HHS) guidance requires the adoption of screening protocols to scan for potentially harmful DeoxyriboNucleic Acid.

The researchers used a malicious code to circumvent these protocols through obfuscation. The tests demonstrated that 16 out of 50 obfuscated DNA samples were able to bypass the DeoxyriboNucleic Acid screening. 

“Eve is a cyber-criminal targeting Alice. Eve can easily infect Alice’s vulnerable computers with malware. Eve replaces all or part of Alice’s order with a malicious sequence (Fig. 1). Eve employs DNA obfuscation — inspired by cyber-hacking malicious code obfuscation — to camouflage fragments of the pathogenic DNA in the hijacked order.” reads the research paper. “Bob will not detect the malicious DeoxyriboNucleic Acid; with obfuscation, best-match-based screening procedures will return legitimate matches for any 200 bp subsequence. Eve’s sequences can contain all of the necessary constituents to subsequently deobfuscate themselves in vivo via CRISPR–Cas9-mediated deletion and homology-directed repair.”

The researchers also explained that threat actors could carry out man-in-the-browser attacks against software used to design and manage synthetic DNA projects to inject arbitrary DNA strings into genetic orders.

Malicious DNA injection performed by a remote cyber-criminal

The researchers explained that malware could manipulate the residue Cas9 protein transforming this sequence into pathogens.

“If Alice or her clients insert the plasmid containing the obfuscated agent into Cas9-expressing cells, the DeoxyriboNucleic Acid, deobfuscated by CRISPR–Cas9, will allow the expression of the gene encoding a noxious agent. This threat is real” continues the paper.

“To regulate both intentional and unintentional generation of dangerous substances, most synthetic gene providers screen DNA orders which is currently the most effective line of defense against such attacks,” states Rami Puzis, head of the BGU Complex Networks Analysis Lab. “Unfortunately, the screening guidelines have not been adapted to reflect recent developments in synthetic biology and cyberwarfare.”

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment