Day: September 3, 2011

Biological ‘Computer’ Destroys Cancer Cells: Diagnostic Network Incorporated Into Human Cells

Posted on


Researchers led by ETH professor Yaakov Benenson and MIT professor Ron Weiss have successfully incorporated a diagnostic biological “computer” network in human cells. This network recognizes certain cancer cells using logic combinations of five cancer-specific molecular factors, triggering cancer cells destruction.

Yaakov (Kobi) Benenson, Professor of Synthetic Biology at ETH Zurich, has spent a large part of his career developing biological computers that operate in living cells. His goal is to construct biocomputers that detect molecules carrying important information about cell wellbeing and process this information to direct appropriate therapeutic response if the cell is found to be abnormal. Now, together with MIT professor Ron Weiss and a team of scientists including post-doctoral scholars Zhen Xie and Liliana Wroblewska, and a doctoral student Laura Prochazka, they made a major step towards reaching this goal.

In a study that has just been published in Science, they describe a multi-gene synthetic “circuit” whose task is to distinguish between cancer and healthy cells and subsequently target cancer cells for destruction. This circuit works by sampling and integrating five intracellular cancer-specific molecular factors and their concentration. The circuit makes a positive identification only when all factors are present in the cell, resulting in a highly precise cancer detection. Researchers hope that it can serve a basis for very specific anti-cancer treatments.

Selective destruction of cancer cells

The scientists tested the gene network in two types of cultured human cells: cervical cancer cells, called HeLa cells, and normal cells. When the genetic bio-computer was introduced into the different cell types, only HeLa cells, but not the healthy ones, were destroyed.

Extensive groundwork was required to achieve this result. Benenson and his team had to first find out which combinations of molecules are unique to HeLa cells. They looked among the molecules that belong to the class of compounds known as microRNA (miRNA) and identified one miRNA combination, or profile, that was typical of a HeLa cell but not any other healthy cell type.

Finding the profile was a challenging task. In the human body there are about 250 different healthy cell types. In addition, there are numerous variants of cancer cells, of which hundreds can be grown in the laboratory. Still greater is the diversity of miRNA: between 500 to 1000 different species have been described in human cells. “Each cell type, healthy or diseased, has different miRNA molecules switched on or off,” says Benenson.

Five factors for cancer profile

Creating a miRNA “profile” is not unlike finding a set of symptoms to reliably diagnose a disease: “One symptom alone, such as fever, can never characterize a disease. The more information is available to a doctor, the more reliable becomes his diagnosis,” explains the professor, who came to ETH from Harvard University a year and a half ago. The researchers have therefore sought after several factors that reliably distinguish HeLa cancer cells from all other healthy cells. It turned out that a combination of only five specific miRNAs, some present at high levels and some present at very low levels, is enough to identify a HeLa cell among all healthy cells.

A network operates similar to a computer

“The miRNA factors are subjected to Boolean calculations in the very cell in which they are detected. The biocomputer combines the factors using logic operations such as AND and NOT, and only generates the required outcome, namely cell death, when the entire calculation with all the factors results in a logical TRUE value,” says Benenson. Indeed, the researchers were able to demonstrate that the network works very reliably in living cells, correctly combining all the intracellular factors and giving the right diagnosis. This, according to Benenson, represents a significant achievement in the field.

Animal Model and Gene Therapy

In a next step, the team wants to test this cellular computation in an appropriate animal model, with the aim to build diagnostic and therapeutic tools in the future. This may sound like science fiction, but Benenson believes that this is feasible. However, there are still difficult problems to solve, for example the delivery of foreign genes into a cell efficiently and safely. Such DNA delivery is currently quite challenging. In particular this approach requires temporary rather than permanent introduction of foreign genes into the cells, but the currently available methods, both viral and chemical, are not fully developed and need to be improved.

“We are still very far from a fully functional treatment method for humans. This work, however, is an important first step that demonstrates feasibility of such a selective diagnostic method at a single cell level,” said Benenson.

Supercookies: What You Need to Know About the Web’s Latest Tracking Device

Posted on


Recently, online properties like Hulu, MSN and Flixster have been caught using a tougher version of the common cookie. These “supercookies” (aka “Flash cookies” and “zombie cookies”) serve the same purpose as regular cookies by tracking user preferences and browsing histories. Unlike their popular cousins, however, this breed is difficult to detect and subsequently remove. These cookies secretly collect user data beyond the limitations of common industry practice, and thus raise serious privacy concerns.

Supercookies are similar to the standard browser cookies most folks are familiar with, but are stored in different locations on a user’s machine, for example, in a file used by a plug-in (Flash is the most common). This makes them harder to find and delete, especially since a browser’s built-in cookie detection process won’t remove them either. Furthermore, some supercookies have additional capabilities, like regenerating regular cookies to prevent their removal by the user.

To make matters worse, removing master supercookies is much more difficult. It requires the user to dig through the file system and delete them manually, an inconvenient task even for advanced users. The novice, on the other hand, likely won’t even realize supercookies exist, let alone be able to find them.

The kind of data supercookies track isn’t typical cookie material. A browser limits the typical cookie to be written, read and ultimately removed by the site that created it. The supercookie, on the other hand, operates outside of established safeguards. It can track and record user behavior across multiple sites. While it’s easy to understand that a site would want to track a user’s activity while she navigates its turf, it’s ethically questionable that site operators are able to record a user’s actions beyond site parameters.

In several cases, a company’s supercookie is the result its partnership with a digital marketing firm that places a high value on user behavior. In response to FTC pressure, the Internet ad and marketing industry respondedby publishing “self-regulatory” policies, although it restricts itself from little else than a user’s medical records.

To the majority of the public, this type Internet tracking is outside of the bounds of acceptable conduct. While the “right to track” may be written into a terms of use or user agreement contract, it is often not fully disclosed or within the realm of industry standards, rendering its legal defense moot. Furthermore, tracking provokes abreach of trust between user and site — and consumers have historically exhibited intolerance to brand betrayal.

While many companies that had been challenged on their use of supercookies were quick to cease, some choose to continue the practice. Many web marketing firms, advertisers and less-than-scrupulous websites still refuse to follow industry best practices — they continue to practice knowingly. And many more sites don’t even realize they’re utilizing supercookies in the first place.

Whether it has decided to cease web tracking or not, the company at risk needs to beware of losing control of already collected data. A data breach would result in catastrophic — and perhaps incurable — brand distrust. A user’s discovery of a company’s surreptitious data collection and the subsequent vulnerability of that data could easily spell the end of a brand’s reputation.

Companies that care about reputation and user trust should audit their sites and properties to ensure that data collection and the use of supercookies parallel user expectations. This analysis applies to the site, its advertisers and any third party tools or plug-ins. Companies need to ensure that all data collection has been thoroughly disclosed in order to avoid legal liability.

Companies should not wait for a problem to arise before initiating a comprehensive data security overview. A regular screening of all user data and its safeguards is good practice. The cost a company suffers for securing its data and customer trust is small compared to the business and public relations fallouts that would result from a security breach.

A successful company will always make a comprehensive attempt at transparency by handling data responsibly. The use of data tracking tools like supercookies does not rank highly in consumer acceptance, whether its application is technically “legal” or not. Regardless of the manner in which information is collected, know that negligent data handling will not be excused by claims that a company was in the dark about its collection practices. In the eyes of the consumer, the more data collected, the more of an obligation that company has to keep it safe.

‘Peeping Tom’ webcam blackmailer jailed for six years

Posted on


Luis Mijangos. Picture credit: Nick Ut/AP

A man from Southern California who hacked into over 100 computers, and used personal information stolen from them to extort sexually explicit videos of young women and teenage girls, has been sentenced to six years in prison.

32-year-old Luis Mijangos, an illegal immigrant from Mexico who was living in Santa Ana, California, was arrested last year after a lengthy investigation by the authorities.

Mijangos infected his victims’ computers with malware, allowing him to gain access to their email accounts, turn on their webcam to take secret movies, and search their PCs for sexually explicit and intimate images and videos.

In some cases, Mijangos also posed as some of the victims’ boyfriends to convince them to send him nude pictures.

At this point, things got really nasty. Mijangos would threaten to post his victims’ intimate images online unless they provided him with more sexually explicit photos and videos for his personal gratification.

In at least one instance, Mijangos posted naked photographs of a woman on her friend’s MySpace page.

Mijangos, who is confined to a wheelchair because of a medical condition, was sentenced to six years in prison by US District Judge George King.

Before sentencing, Mijangos apologised to his victims:

"To all the victims I want to say that I'm sorry. I'm ready to do the right thing and stay out of trouble."

WebcamMijangos is far from the first hacker to take remote control of webcams to spy upon victims.

For instance, in early 2005, Spanish authoritiesfined a student who captured movie footage from unsuspecting users, and arrested a 37-year-old man who spied on victims via a webcam while stealing banking information.

The following year, Adrian Ringland, from the English town of Ilkeston, Derbyshire, wassentenced to jail for ten years after admitting posing as a minor on internet chatrooms and using spyware to take explicit photographs via children’s webcams.

And in 2008, a 27-year-old Canadian man was charged with using spyware to take over the webcams of women as young as 14 and coercing them into posing naked for him.

Perhaps the most eyebrow-raising incident I have heard of, however, is the case of the man who is alleged to have displayed error messages on his potential victims’ laptop screens, tricking them into taking their webcams into the shower with them.

With many home users keeping poorly-defended PCs in their bedroom, there is clearly considerable potential for abuse – particularly amongst the young. The message is simple: keep your PC protected against the latest threats with anti-malware software, security patches and firewalls, and if in any doubt unplug your webcam when you’re not using it.

Hurricane Irene clickjacking scam on Facebook

Posted on


Hurricane Irene

States in the USA, such as Vermont and New Jersey, are continuing to deal with heavy flooding in the aftermath of Hurricane Irene.

And we weren’t surprised to find internet scammers attempting to profit from other people’s misery.

For instance, here is a clickjacking scam which at the time of writing is still active on Facebook.

Hurricane Irene Facebook clickjacking scam

This Facebook page reads:

VIDEO SHOCK - Hurricane Irene New York kills All

All? Hmm.. that would be a rather fanciful claim even for the most sensationalist tabloid report. But maybe it will be enough to make you click further.

Hurricane Irene Facebook clickjacking scam

BAM! Too late. You’ve been clickjacked. Even before you’ve had a chance to notice that the page is suddenly talking to you in Italian, the webpage has taken your click onto what you thought was the video’s play button and secretly behind-the-scenes tricked you into saying you “Like” the page – thus promoting it to your online Facebook friends.

If you were running an add-on like NoScript for Firefox you would have been protected by a warning message:

Hurricane Irene Facebook clickjacking scam intercepted by NoScript

But let’s imagine that you weren’t protected. What happens next?

Hurricane Irene Facebook clickjacking scam

The page insists that you share the link to the Facebook page, presumably in an attempt to increase its viral spread. So far things don’t seem to be working well for the scammers – as only 12 people have said they “Like” the page (and one of those is my test account). Maybe folks are suspicious about a claim that Hurricane Irene has killed *everyone* in New York.

Hurricane Irene Facebook clickjacking scam

You’re still keen to watch the video, of course, but first the scammers want you to take an online survey – which not only asks you for personal information but also can earn them commission.

If you are hit by a scam like this you should remove the page from the list of pages that your Facebook profile likes..

Unlike Hurricane Irene Facebook clickjacking scam

..and remove it from your newsfeed, reporting it as spam to Facebook.

Remove Hurricane Irene Facebook clickjacking scam

The good news is that this particular scam hasn’t become widespread, but many others do.

If you’re a Facebook user and want to keep up on the latest threats and security news I would recommend you join the Sophos Facebook page - where more than 100,000 people regularly discuss the latest attacks.

UK student loans targeted by phishers in latest spam campaign

Posted on


With British students about to start another year at university, the last thing they probably want to hear is that there is a problem with a student loan.

But that’s precisely the camouflage that online scammers are using to steal personal information today.

An email, claiming to come from Directgov UK, tells students that there is a problem with the online account for their student loan, and they need to update their account urgently.

Here’s a typical spammed-out message we’ve seen in our traps:

Student loan phishing attack

Subject:

Student Loan Update.

Message body:

Dear Student Finance Customer.

We at HM Government noticed your Student loan online log in details is incorrect and need to be updated.

DOWNLOAD THE ATTACHMENT TO UPDATE YOUR ACCOUNT NOW

Regards
Inline Verification. Directgov UK.

Attached file:

Student Loan Update.html

Clicking on the HTML attachment is not a good idea, however, as it will urge you to enter your details which are then sent via a website to the phishers.

Student loan phishing attack

Sophos products block the message as spam, and block the webpage that the HTML form is attempting to post the personal information.

Remember to always be suspicious of unsolicited attachments. Also, I would hope that a good student would have noticed the grammatical mistake in the phisher’s email..