1. Extra Categories
  2. Editor's Pick
May 23, 2019updated 24 May 2019 4:08pm

The Persistence of Chaos: Why is this malware-ridden laptop worth $1.2m?

By Luke Christou

Bidding on a malware-ridden laptop has surpassed $1.2m since it was put up for auction earlier this week.

The Samsung Netbook device has been infected with six malware strains — ILOVEYOU, MyDoom, SoBig, WannaCry, DarkTequila and BlackEnergy — which combined have caused financial damage of more than $95bn.

The project, titled The Persistence of Chaos, is a collaboration between artist Guo O Dong and Deep Instinct, a company applying deep learning to cybersecurity. Deep Instinct has ensured that the system cannot be exploited to cause further damage and all ports on the device will be disabled once the auction ends.

Since going under the hammer, bidding has reached $1.2m and with four days to go before it reaches its conclusion, there is time for bidding to climb even higher.

A pile of old malware

Struggling to understand why somebody would pay a seven-figure sum for a device that sells for under £100 on Ebay and a hard drive full of software designed to empty your bank account, Verdict turned to the cybersecurity community for answers.

Cybersecurity firms typically study malware to discover how it works and what it does in order to work out how to protect against it. Yet, given three of the six malware strains were first discovered more than a decade ago, and all six have already been widely researched and protected against, the device offers no use to academics hoping to advance cybersecurity protection.

“Most widespread malwares have been analysed and I see no reason to go back and reiterate the work that was already done,” Pascal Geenens, a cybersecurity evangelist for cloud security company Radware, explains.

Of course, many of the strains infecting the device aren’t viruses that you would likely see on a modern day device. The SoBig virus, for example, first appeared in August 2003, and was used to send out spam emails. Despite remaining the second fastest spreading computer worm in the history of the web to this day, it deactivated itself a month later after causing more than $35bn in damage.

Yet, as Roy Rashti, cybersecurity expert at cybersecurity firm BitDam told Verdict: “Almost any malware that was spread throughout history can be found online.

“If someone wants to access those files for academic or malicious intentions, they can do so without the need to invest $1m.”

The Persistence of Chaos: Modern modern art

The point of the project, however, isn’t to study the malware, but to showcase the very real reality of these threats.

“These pieces of software seem so abstract, almost fake with their funny, spooky names,” artist Guo O Dong told Vice. “But I think they emphasise that the web and IRL are not different spaces.

“Malware is one of the most tangible ways that the internet can jump out of your monitor and bite you.”

Guo is among a new wave of artists applying creativity to technology and the internet to create new, unseen forms of art. Earlier this year Portrait of Edmond Belamy became the first painting created by artificial intelligence to go up for auction, for example.

However, the cybersecurity community remains unconvinced.

“I’m having to rethink what constitutes art on a regular basis – I thought the Banksy that shredded itself was pushing the boundaries of art but this is on a whole new level, a laptop with a resale value of around $50 being auctioned for such a huge amount is just crazy!” Gary Cox, Technology Director, Western Europe for Infoblox, told Verdict.

Preserving the history of cyber warfare

According to Guo, the project serves as a “a catalogue of historical threats”. Given the widespread disruption that threats such as WannaCry and Petya have had on society and business of late, the industry does feel there is some value in documenting these particularly impactful threats.

While undeniably gimmicky, Geenens invisions the device “getting a central spot in a museum for the history of cyber war in a couple of decades”. Given the exploit behind WannaCry was developed by the US National Security Agency (NSA) and the ever-increasing rise of state-sponsored cyberattacks, that doesn’t seem all that unlikely.

“This laptop essentially contains modern-day history in the form of zeros and ones. The malware on this machine created such an impact at the time that it will go down in history,” Jake Moore, Security Specialist at ESET, told Verdict. “

The Persistence of Chaos, according to Matt Aldridge, Senior Solutions Architect at Webroot, serves as a “statement about the state of the internet” and “(particularly western) society in general”. Highlighting these threats could help prompt important discusses about how we move forward in the digital age, Aldridge believes.

“Preserving and highlighting cyber threats in this way and opening up conversations around where we are going as a society is an interesting innovation and I can only respect what has been achieved by the artist Guo O Dong.”

It’s creator feels that seeing the malware in a “live environment” (The Persistence of Chaos is being live-streamed here) will help people to think about the damage that these threats, and future threats, can cause.

If the aim of this stunt is to prompt discussion around cybersecurity, then it certainly seems to have achieved it’s goal. However, some question whether stunts like this will lead to better cybersecurity practice or simply district from what is an increasingly important issue.

“Is it a way to start conversations about cyber? Definitely, it’s already doing that. Is it a good way? I’m not so convinced – in many ways it’s trivialising it and causing a distorted picture of what it’s about,” Faye Mitchell, Deputy Head of School of Computing, Electronics and Mathematics at Coventry University.

“I have been asked ‘are they trying to breed the viruses together? Won’t that be dangerous?’ which is on one level a useful barometer of cyber knowledge, but also a scary reminder of how easy it can be to lead people into false ideas.”

With “more advanced threats” likely to fall into the hands of cybercriminals in the future according to Mitchell, the lacking cybersecurity knowledge of many is concerning. It is clear that better education is needed if the spread of malicious files like ILOVEYOU, MyDoom, SoBig, WannaCry, DarkTequila and BlackEnergy is to cease or at least slow down, but the cybersecurity community remains largely unconvinced that stunts like this really offer any value.

“Beauty is in the eye of the beholder,” Paul Farrington, EMEA CTO for Veracode, believes… “But there are probably a million more useful things a buyer could do with the money.”

A potential security risk?

The Persistence of Chaos has been air gapped, meaning it is completely disconnected from any local or public networks.

“It is safe to say that if this malware resurges, it will certainly not come from this laptop,” Moore said. However, Cox feels that the device could still present a risk, given the drive the malware is located on could potentially be removed and placed into a different device. While many of the strains on the device have since been protected against, this could still pose a risk to systems that have not been updated.

“You could liken it to selling a weapon, or at very least equipping someone to be able to commit crime,” Cox told Verdict.

Etienne Greeff, CTO and Founder of SecureData, feels that while the public may be safe, those behind the auction might have to watch their backs in the future:

“Somewhere in Russia, a hacker is wondering how he only made a measly $300,000 from his Ransomware attack when he could have made $1m selling it as art.

“Malware is malicious, and the people writing it are even more so. I wonder if the guy creating the installation got permission from the authors. If not, and if I were them, I would be very, very careful about how I use my computer in future.”

Yet, with cybercriminals earning billions of dollars targeting industrial giants, business executives, and even the odd cybersecurity vendor, Guo should be just as safe as the rest of us which, so it often seems, isn’t all that safe.