April Fool: RAPIL - a slap in the face for hackers and virus writers

Filed Under: Malware, SophosLabs, Video

An exciting day in SophosLabs. After long and arduous efforts, we announce our new beta technology offering to defeat the hackers, which we are currently referring to as RAPIL (Recognition and Analysis of Potentially Intruding Lifeforms).

As the following video demonstrates, RAPIL is already producing impressive results:

View the Sophos RAPIL video on YouTube

As regular readers to the blog know, the amount of malware being created every month is increasing rapidly. Organized criminal gangs have been driven by money to generate viruses, Trojan horses and spyware to hack into computers. Until today most security companies, including Sophos, have focused their efforts on defeating hackers by detecting the malicious software. SophosLabs is today announcing ground-breaking technology that detects hackers using facial recognition. By identifying and stopping the virus writer, we can stop malware from even being written, tested and released.

Utilizing the webcams built into many modern computers, SophosLabs is able to produce a real-time forensic analysis of a PC user's facial features to determine if they are exhibiting hacker-like characteristics. Current tests have shown that, with a clear background and face void of any obstructions, such as hats, moustaches or glasses RAPIL has a success rate of 97.78%.

If RAPIL identifies that the user sitting in front of the computer is likely to be a hacker, the PC's screen is blanked, keyboard frozen and the first 512 GB of the hard drive encrypted with a user-defined key. Most hard drives will therefore be encrypted in their entirety. The following message is then displayed:

Rapil displaying a warning message.

How it works:
RAPIL runs as a ring zero process with multithreaded access to the signal produced by the system camera, ensuring that it cannot be subverted by rootkits or any other deliberate tampering by the intruder. The signal from the webcam is sampled 32 times a second. Thousands of 2D and 3D facial characteristics, including retinal patterns, shape of the philtrum, symmetry of the lips, size of the forehead and facial expression are tested to establish the probability of the user being a hacker. Various existing and newly developed machine learning techniques, such as K-Means clustering, SVM classifiers, decision trees, cross validation and genetic programming are used to calculate the probability and match the characteristics of the user with the measurements common for the set of intruders. However, the more faces we test, the greater accuracy RAPIL can achieve.

Limitations:
When RAPIL queries an image with a clear background and face void of any obstructions, its current success rate is 97.78%. The accuracy rate significantly decreases if the advanced evasion techniques such as facial polymorphism are used by the potential intruder. Facial polymorphism is a technique often used by sophisticated intruders. The face is polymorphic when the it is randomly obstructed by an item such as hats, moustaches or glasses. Facial metamorphism is even more difficult to detect. It occurs when the user changes their facial characteristics for every command run on the system.

Can you help?
At this early BETA stage, our priority is to address the current limitations of the technology and in the true spirit of Web and Security 2.0 community we decided to ask for your help. We need your photographs to increase our library of faces. Be creative. The more data we can input at this stage, the better the software will be when we release it. Help us revolutionize security software as we know it! Rather than stop the bad code, let us identify and stop the bad guys!

In order to help us making RAPIL a complete success please upload you photos, with our without face obfuscation to our RAPIL area on flickr.

We are aiming to ship a fully-working version of RAPIL in early spring of 2009.

RAPIL logo

RAPIL could not have been developed without the assistance of Professor Dr Otto Clarkwurk from the Institute of Facial Futurology, who gave us unprecedented access to his data archive of 35 years worth of cranial topologies and retinal scans. Thanks to Otto and all of his students for their help in this important security breakthrough.

Updated on 3 April:

Thank you for your feedback about this new and exciting technology we actually invented only a few days ago. Just at the right time to put it up as an April Fool's day joke. We hope you enjoyed reading the blog and watching the movie as much as we enjoyed making it. We thought that this joke could be a good reminder that technology cannot solve all problems around stopping virus writers. We will keep doing our job the old fashioned way, by stopping malware when it reaches your systems and let other parts of the society, primarily education and law enforcement to do its job towards reducing the overall malware problem.

,

You might like

About the author

Vanja is a Principal Virus Researcher in SophosLabs. He has been working for Sophos since 1998. His major interests include automated analysis systems, honeypots and malware for mobile devices. Vanja is always ready for a good discussion on various security topics.