Malware: proposal for a social history

Malware: proposal for a social history

Computer security is the culmination of a series of subversions. Just as policing evolves in response to crime, so computer systems evolve in response to threats. When it comes to malware, while the code is clever, the social engineering is more persistent, and more depressing. Malware designers evolve their products through testing and tooling to find out what works best. What wording will mean that more victims click on that ransomware link? Do people trust social media messages more than emails? More and more, malware evolves in response to human social and economic systems, and organisational/geo-political priorities, rather than to technical vulnerabilities.

Technological histories exist, recording major developments – the first Worm, the first RootKit, the first ransomware and so on. The social history is more dispersed and is yet to be written. Elements of a theory of malware could focus on: Where was it developed, for what purpose, who by, and how? How have victim and perpetrator characteristics evolved with the systems they use? What ethical and political questions are raised by it? For example, do we have the right to destroy self replicating computer programs, and how should malware be preserved for future study? My sense is malware history is somewhat separated from other kinds of crime historiography.

We would need to begin with a basic taxonomy. Here is my first sketch of the social history of malware: First stage: technically focused malware. Often created to prove a point, or by accident, like the first computer worm. Second stage: payload. Malware delivers a technical form that does something else, like modifies a computer system, or locks you out of it. Third stage: organisational. Malware becomes an object of economic and political activity. There is a high division of labour. Stuxnet and NotPetya encode geo-political priorities. Markets like Dark0de trade and systematise it.

Methods should set out the relevant fields. Studying evolving malware means studying the evolving computer security industry, its capacity for threat detection and horizon analysis, and the back and forth between malware operators and industry personnel. Constructs to be examined include changes in how costs are calculated and understood – from direct economic losses to reputation damage, lay perceptions of malware, and popular discourse and cultural representations of the topic. There is an opportunity for theoretical innovation here, for example considering QAnon as a mimetic virus.

Lessons to learn: total security is not possible (Aycock, 2006). We might end up with an understanding of malware as a varied sphere of illegitimacy, which is occupied in different ways by systems and people. The debate over disinformation could fit into this.  It is a powerful propaganda tool used by authoritarian regimes to suppress civil liberties, undermine opposition and simply swamp out opposition or independent information and as a tool of international relations. But also itself become a go-to tool for strategic de-legitimation of uncomfortable political positions (you used the fakes!). Likewise, malware is a purposeful set of technical instruments which share characteristics. There may be a myth of precision influencing discussion, that if only we get the right focus we can pre-cog malware and harden vulnerable targets – code for you dumb users. It is a dance that won’t stop.
To carry out this study we would have to be mindful of Inglis (2014) critique of presentism and simplistic periodisation in sociology and elsewhere, and develop an understanding of the sociological dynamics underpinning cybercrime that avoids simple periodisation and to which I would add social science’s tendency towards deletion of its recent past.
Aycock, John. 2006. Computer Viruses and Malware. Springer.
Inglis, David. 2014. ‘What Is Worth Defending in Sociology Today? Presentism, Historical Vision and the Uses of Sociology’. Cultural Sociology 8(1):99–118. doi: 10.1177/1749975512473288.

Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.