Cracking the code: The crowd vs the virus

April 25th, 2012 by

Today’s blog involves a thrilling tale of international espionage. But for once the hero is not an alcoholic, sex-addicted Englishman with a fancy exploding pen. This time it’s a rather remarkable crowd.

So before you read further, please ensure that your Cone of Silence has been activated, and that nobody has cut any eye holes in any of your paintings. All done? Good, then I can begin.

The story begins in 2010, when Iranian state computers were brought to a standstill by a highly infectious virus named Trojan-Spy.0485/Malware-Cryptor.Win32.Inject.gen.2 (or Stuxnet if you’re human). Experts at the big antivirus companies concluded that Stuxnet was probably created by the US or Israeli intelligence services, and was designed to cripple the Iranian nuclear program.

This blog will self destruct in ten seconds

Of course, the US and Israel responded with the traditional mantra of the intelligence community: deny all knowledge. The story seemed to go away. The idea of governments releasing their own viruses into the wild is pretty sinister, but not quite as bad as the thought of Mahmoud Ahmadinejad’s finger hovering over a nuclear button. Stuxnet was specifically designed to target Iran’s illegally-imported Siemens supercomputers, so why should the rest of us worry? Besides, the threat seemed to be over.

But then in 2011 a new virus was discovered by analysts at Budapest University’s (awesomely named) CrySys Lab. It was called Duqu, and it shared some key similarities with the Stuxnet virus. But while Stuxnet’s purpose was obvious, Duqu worked in more mysterious ways. It passed through millions of machines without a trace, but wiped the hard drives of others. Much of its code was written in an unidentified language. What was its purpose? And how was it made? Even the experts at the big antivirus companies were stumped.

Nobody had the answers, until Igor Soumenkov of Kaspersky labs decided to call on the crowd for assistance. In a blog post, Soumenkov outlined the problem and provided samples of the virus code. Within hours a crowd was born, colonizing the comment thread and establishing a presence on Reddit.

The man with the golden crowd

Soumenkov’s crowd is a perfect example of the power of collective reasoning. Members quickly sifted through the code, picking out familiar features and eliminating possible answers. Some worked alone, some in groups. With their help, Soumenkov was able to close the case and identify the code. He concluded that Duqu appears to be the work of the same team that created Stuxnet, and is an aggressive data gathering tool. The intended target of the virus remains unknown, but the crowd is still investigating.

So why did Soumenkov’s crowd work so well? Part of its success was due to Soumenkov himself. He presented the problem clearly and responded to questions quickly, providing extra information when needed. This kind of feedback is crucial to getting the most out of a crowd. At Microtask we use some pretty incredible (if I do say so myself) code of our own to verify the accuracy of our Microtaskers and let them know how well they’re doing. By being given feedback, a task-oriented crowd can learn and improve. This kind of clear direction is vital to a crowd’s success.

The Duqu affair shows how powerful collective reasoning really is. Soumenkov’s crowd of volunteers managed to crack a code created by the world’s most powerful, well-funded state security agency (probably). As well as helping to cure infected computers, the crowd shone a light into one of the darkest corners of international relations. In a world filled with mysterious super-viruses and shadowy government hacking teams, it’s nice to know the crowd’s got your back.

  • MN Hossain

     The effort detailed is effective and enriched with in related data. Excellent. stop ringing ears