Cybersecurity researchers are sounding the alarm over a new and particularly nasty threat from hackers: a hybrid cyber-biological attack in which unwitting biologists are tricked into manufacturing deadly toxins.
In a new paper published in the journal Nature Biotechnology, cyber researchers from Israel’s Ben-Gurion University of the Negev suggest that unscrupulous hackers and bioterrorists could hijack the largely automated systems used to produce synthetic DNA for lab experiments.
By surreptitiously injecting malware into the systems’ code, these bad actors could replace a substring of DNA on a scientist’s computer – with potentially deadly consequences.
Further, bioterrorists could theoretically buy dangerous DNA from companies that don’t closely screen the origins of orders, making the DNA provider an unwitting accomplice in a chemical or biological attack.
“To regulate both an intentional and unintentional generation of dangerous substances, most synthetic-gene providers screen DNA orders, which is currently the most effective line of defense against such attacks,” says Rami Puzis, head of the university’s Complex Networks Analysis Lab.
The US Department of Health and Human Services issues guidance for DNA providers, but the Israeli researchers found that screening protocols for those purchasing DNA are vulnerable to obfuscation techniques employed by hackers, allowing them to slip toxin-producing DNA into requests that should be immediately rejected.
“Using this technique, our experiments revealed that 16 out of 50 obfuscated DNA samples were not detected when screened according to the ‘best-match’ HHS guidelines,” Puzis says.
The researchers highlight a worrying ease of accessibility to vulnerable automated systems used within the sphere of synthetic gene engineering, due to poor cybersecurity defenses.
They propose improved screening algorithms, specifically protecting in-vivo gene editing work in the lab, to prevent such DNA injection attacks from ever occurring.