If there's one thing Sarah Gordon understands, it's the mind of the virus writer. In her current position as a senior research fellow for the Symantec Antivirus Research Center, Gordon conducts research on the ethical implications of technology and the psychological aspects of human-computer interaction. Recently, we asked her what makes virus writers tick.
CSO: What did you find when you unravelled the hackers' psyche?
Sarah Gordon: Like many young people engaging in at-risk behaviours, virus writers often don't comprehend the consequence of their actions for themselves or others. That, coupled with their ordinary "boy-or-girl-next-door-ness," makes them not so different from most young people.
However, somewhere there is a fundamental disconnect between virus writing and acknowledging the large-scale consequences of those actions.
How have virus writers evolved over the years?
The motivations for virus writing have remained pretty consistent, but times do change. We've begun to observe blended threats that combine the replication requirement of a virus with other attack characteristics such as exploiting vulnerabilities. That could indicate that their skill sets are evolving. Nimda, for example, sent itself via e-mail and then also exploited unpatched servers. Bugbear, another blended threat, spread through network shares but also logged keystrokes and functioned as a back door.
How have the writers' goals or methods changed?
The methods adapt to follow the technology. People say these kids are getting smarter, but that is not the case. The technologies are becoming more complex but ironically much simpler to manipulate. That, coupled with the innate curiosity of young people, creates a ripe environment for such exploration.
What elements of computer evolution have made the virus writer's job easier?
System homogenisation [the increasing standardisation of products and protocols] is part of the problem, but there are other aspects as well. Supervision is another key area. In some countries, kids are just now getting wired into the Net — without supervision. Imagine their wide-eyed wonder upon discovering something like self-replicating programs — commonplace and not all that complex to the experienced programmer. These things seem like magic to the newcomer. Also, remember that the differentiation between positive and negative attention is not necessarily a given for young people.
If I were to ask you to look into the future, what do you expect to see from the virus-writing community in the next few years?
The community as we know it will not exist in the future — rather, it will be an evolved community reflecting the norms and attitudes of the people involved. Additionally, the technology, its functionality and its accessibility will play a role. These communities don't exist in a vacuum. They are part of a larger computing environment, and we will — either consciously or unconsciously, by action or inaction — play a role in how they develop.