33 years ago the public faced the first computer virus. Since then more than a million viruses have been developed, hundreds of millions of devices have been infected, billions of dollars have been lost in productivity, and the anti-malware industry has become a significant market in the ICT business.
What started as an innocent prank has evolved into a digital weapon of geopolitical significance, transforming the way wars are fought. Today, malicious software is used to steal sensitive emails from political parties, infiltrate and attack nuclear facilities, and disrupt entire economies. Malware - Symptoms of Viral Infection presents a timeline of infamous malware, from early DOS viruses pushing the visual aesthetics of the text-based operating system, to advanced worms, spyware and ransomware used as geopolitical weapons.
Following Het Nieuwe Instituut’s commitment to looking beyond the classic notions of authorship in the production of spaces, objects, and virtual media, this exhibition explores a design practice that is mostly anonymous and clandestine. Viruses are sophisticated acts of design that are not generally intended for social innovation or problem solving. Yet these devices also require a close reading. This journey into the dark side of computing illustrates the beauty and sophistication of some of these viruses, highlighting their unique method of destruction, impact and context.
Early DOS Viruses
The design of viruses has been central to the history of networked computing, as well as that of sub- and countercultures aiming to disrupt the existing economic and political structures of power. Despite their questionable means and damaging effects, the design of computer viruses has in many cases, especially in earlier decades, been connected to radical imaginaries and attempts to create a less unequal and exploitative world.
The early DOS computer viruses were characterised by tech enthusiasts and pranksters and their place in popular culture at an intersection with other forms of epidemic. The media hysteria that spread around computer viruses in the 1980s can’t be understood without its biological counterpart. Analogies between the discourse on cybercrime and immunology - triggered primarily by the so-called AIDS epidemic as well as thewell the first notable cases of computer viruses - exploded in popular anxieties and ideologies.
Viruses are a result of human design, yet they also prompt a particular non-human agency, suggesting a more than metaphorical similarity between biological and computational diseases as agents of bodily invasion. Computer security rhetoric, as well as the way in which computer viruses are construed and combated, is intrinsically dependent upon the dominant cultural understandings of immunology, sexuality, and legality. Viruses infect, spread, and cause epidemics.
With the rise of the internet and the introduction of Microsoft's Macro language, viruses spread faster and had larger implications. Their design became even more accessible through the rising popularity of virus generators. These DIY toolkits allowed almost anyone with basic computer skills to design a virus, its form of spreading and infection, as well as its anti-antivirus capabilities according to their own specifications.
This is the time of social engineering towards mass-mailing malware. The creativity of the authors focuses primarily on designing messages that exploit weaknesses in human cognitive abilities, rather than technological loopholes. Their designs trick victims into clicking on email attachments such as infected documents, links to webpages, or sharing networks. Upon falling into the trap, seemingly sent by a friend, colleague or legitimate entity, worms penetrate the computer's memory and a code is activated, infecting the computer. It then replicates itself in order to spread to other computers.
As criminal organisations and antivirus software companies realised the potential for profiting from their viral creations in a wired world, ransomware gained a foothold.
This type of malware prevents users from accessing their system or personal files and demands ransom payment in order to regain access. One of the most common methods of infection is from malicious spam sent through unsolicited email. Malspam uses social engineering in order to deceive people into opening attachments or clicking on links apparently sent by legitimate institutions or trusted contacts.
Another popular infection method is malvertising, using online ads to direct users to criminal servers while browsing online, even on legitimate websites. These can be activated without ever clicking on an advert, and without the user's knowledge. Servers then retrieve personal details that help deliver the malware best suited to the victim.
In a drive towards productivity and efficiency, society has become ever more reliant on digital technologies, all of which are additionally interlinked. As a result, critical infrastructures such as water and energy supplies, government services, banks, and transportation are even more susceptible to infection by computer viruses.
In June 2017 the NotPetya malware brought down the operative capacities of the Ukrainian government and most of its agencies. Airports, hospitals, power companies, banks, ATMs and card payment systems were affected. The virus spread around the world, impacting companies such as Maersk, Merck, and TNT Express, extracting data and permanently damaging computer files, resulting in exorbitant losses in damages.
As the growing sophistication of cyber threats render national borders obsolete and alter geopolitical dynamics, governments, intergovernmental bodies, and private companies have entered the race to tackle them. Yet, together with the market development of computer technology, security systems, viral suppressors and software, the defence and intelligence community has also embraced tactics designed by black hat hackers to react more effectively to attacks by integrating cyber measures with conventional military capabilities. The result is what we know as electronic warfare and cyberwars.
The introduction of The Internet of Things makes it increasingly difficult to control the spread of viruses and cyber-attacks. Advancements in artificial intelligence and machine learning enable viruses to adapt to human behaviour, exploit emotions, and spread faster in a more targeted manner, thus amplifying the damage. In the near future they could even pose a direct threat to the human body as implantable technologies such as pacemakers and cochlear implants will be used to improve health conditions.
While notions of the smart city and smart system have become pervasive in the design world as well as the context of policy making and tech development, the consequences of their implementation remain to be seen. Viruses are not the only dangerous force in an otherwise wholesome and benevolent online reality. Current debates on privacy in relation to information technology are inevitably connected to systems of security and surveillance. Systems that have, on the one hand, been implemented by the state and corporations in the name of public safety and connectedness and, on the other, are used by these same powers to spy and exert control on us. Digital platforms and applications play their part in data gathering, creating elaborate psychological user profiles, and capitalising on them.
The result is a challenge for the design and tech communities. How should security and privacy be imagined and designed under the current conditions, and within our mediated realities?
The exhibition line-up includes
- Brain, 1986
- AIDS, 1990
- CRASH, 1990
- Coffeeshop, 1992
- HHnHH, 1992
- Skynet, 1994
- LSD, 1994
- Mars Land, 1997
- Happy99, 1999
- Melissa, 1999
- ILOVEYOU, 2000
- Anna Kournikova, 2001
- CodeRed, 2001
- Stuxnet, 2009
- Kenzero, 2010
- Regin, 2011
- Flame, 2012
- Shamoon, 2012
- CryptoLocker, 2013
- PolloCrypt, 2015
- WannaCry, 2017
- NotPetya, 2017