Koçulu’s work is just one example of computer code that has spread much further than we might think. Soon after the left-pad incident, software developer David Haney noted that another tool on npm – which consisted of a single line of code – had become an essential part of seventy-two other programs. He listed several other pieces of software that were highly dependent on simple snippets of code. ‘I can’t help but be amazed by the fact that developers are taking on dependencies for single line functions that they should be able to write with their eyes closed,’ he wrote.[36] Borrowed pieces of code can often spread further than people realise. When researchers at Cornell University analysed articles written with LaTeX, a popular scientific writing software, they found that academics would often repurpose each other’s code. Some files had spread through networks of collaborators for more than twenty years.[37]
As code spreads, it can also pick up changes. After those three students posted the Mirai code online at the end of September 2016, dozens of different variants emerged, each with subtly different features. It was only a matter of time before someone altered the code to launch a major attack. In early October, a few weeks before the Dyn incident, security company RSA noticed a remarkable claim on a dark net marketplace: a group of hackers was offering a way to flood a target with 125 gigabytes of activity per second. For $75,000, someone could buy access to a 100,000-strong botnet, which was apparently based on some adapted Mirai code.[38] However, it wasn’t the first time the Mirai code had changed. In the weeks before they published the code, Mirai’s creators made over twenty alterations, apparently in an attempt to increase the contagiousness of their botnet. These included features that made the worm harder to detect, as well as tweaks to fight off other malware that was competing for the same susceptible machines. Once out in the wild, Mirai would continue to change for years to come; new variants were still appearing in 2019.[39]
When Fred Cohen first wrote about computer viruses in 1984, he pointed out that malware might evolve over time, becoming harder to detect. Rather than settling down to a well-balanced equilibrium, the ecosystem of computer viruses and anti-virus software would continuously shift around. ‘As evolution takes place, balances tend to change, with the eventual result being unclear in all but the simplest circumstances,’ he noted.[40] ‘This has very strong analogies to biological theories of evolution, and might relate well to genetic theories of diseases.’
A common way of protecting against malware is to have anti-virus software look for known threats. Typically, this involves searching for familiar segments of code; once a threat is recognised, it can be neutralised.[41] Human immune systems can do something very similar when we get infected or vaccinated. Immune cells will often learn the shape of the specific pathogen we’ve been exposed to; if we get infected again, these cells can respond quickly and neutralise the threat. However, evolution can sometimes hinder this process, with pathogens that once looked familiar changing their appearance to evade detection.
One of the most prominent – and frustrating – examples of this process is influenza evolution. Biologist Peter Medawar once called the flu virus ‘a piece of nucleic acid surrounded by bad news’.[42] There are two particular types of bad news on the surface of the virus: a pair of proteins known as haemagglutinin and neuraminidase, or HA and NA for short. HA allows the virus to latch onto host cells; NA helps with the release of new virus particles from infected cells. The proteins can take several different forms, and the different flu types – like H1N1, H3N2, H5N1 and so on – are named accordingly.
Winter flu epidemics are mostly caused by H1N1 and H3N2. These viruses gradually evolve as they circulate, causing the shape of those proteins to change. This means our immune system no longer recognises the mutated virus as a threat. We have annual flu epidemics – and annual flu vaccination campaigns – because our bodies are in essence playing a game of evolutionary cat-and-mouse with the infection.
Evolution can also help artificial infections persist. In recent years, malware has started to alter itself automatically to make identification harder. During 2014, for example, the ‘Beebone’ botnet infected thousands of machines worldwide. The worm behind the bots changed its appearance several times a day, resulting in millions of unique variants as it spread. Even if anti-virus software learned what the current versions of code looked like, the worm would soon shuffle itself around, distorting any known patterns. Beebone was finally taken offline in 2015, when police targeted the part of the system that wasn’t evolving: the fixed domain names used to co-ordinate the botnet. This proved far more effective than trying to identify the shapeshifting worms.[43] Similarly, biologists are hoping to develop more effective flu vaccines by targeting the parts of the virus that don’t change.[44]
Given the need to evade detection, malware will continue to evolve, while authorities attempt to keep up. The routes of transmission will also keep changing. As well as finding new targets – like household devices – infections are increasingly spreading through clickbait and tailored attacks on social media.[45] By sending customised messages to specific users, hackers can boost the chances they’ll click on a link and inadvertently let malware in. However, evolution isn’t just helping infections spread effectively from computer-to-computer or person-to-person. It’s also revealing a new way to tackle contagion.
7
Tracking outbreaks
The affair would end with a murder attempt. For over ten years, Richard Schmidt, a gastroenterologist in Lafayette, Louisiana, had been having a relationship with Janice Trahan, a nurse fifteen years his junior. She’d divorced her husband after the affair started, but despite his promises, Schmidt had not left his wife and three children. Trahan had tried to break off the affair before, but this time it would
