Black Hats, Cyber Bots, Zombies, And You

The UConn Comcast Center of Excellence for Security Innovation houses researchers working to combat malicious hackers (Istockphoto).

The UConn Comcast Center of Excellence for Security Innovation houses researchers working to combat malicious hackers (Istockphoto).

By Colin Poitras, UConn Communications
This story originally appeared in UConn Magazine.

Cyberattacks come in all shapes and sizes. Experts say it could be only a matter of time before they pose a real threat to our daily lives. The electronic devices in our world today are interconnected like never before. Our cars are no longer machines but rolling PCs with different components constantly talking to one another. Our watches are telephones. Our telephones are high-speed computers. And with all this increased convenience comes greater vulnerability. In the constant rush to get new products to market, security can be an afterthought.

chandyFortunately, a crack team of cybersecurity specialists, led by John Chandy, an electrical and computer engineering professor, and Laurent Michel, an associate professor of computer science and engineering, is working to protect our information. UConn’s Comcast Center of Excellence for Security Innovation is advancing research to strengthen the nation’s electronic information networks and training a new generation of hardware, software, and network security engineers to protect the integrity of everything from small consumer electronics to the complex computer systems running our major industrial, financial, and transportation systems.

Secured behind passcode-protected entry doors, the Comcast lab is embedded deep inside one of UConn’s main academic buildings. Getting there can be an adventure.

If you visit the lab via the building’s main door, you must go down a set of stairs, along a long hallway to the rear of the building, then it’s a quick left, quick right, another left, up a ramp, through some fire doors, past the locked doors of several large humming mechanical rooms, another right, another left, yet another right, and finally a quick left and you are there. Or you might be. It’s hard to be sure because there is absolutely no indication of where the lab is on any of the directional office signs. Even next to the lab’s main door there is only a small 9- by 6-inch plaque in letters slightly larger than what you are reading here.

FBI Alert Number I-031716-PSA: Motor Vehicles are Increasingly Vulnerable to Remote Exploits
“researchers could gain significant control over vehicle functions remotely by exploiting wireless communications vulnerabilities”

WHITE HAT HACKERS

Talk to Michel or Chandy for a few minutes and you begin to get a sense of what life is like in their world of electronic espionage. And if you leave feeling a little paranoid, well, that’s to be expected.

Michel will tell you that the world is filled with hackers and malicious machines

known as zombies, or computer bots, which hackers have seized via remote control and without their owners’ knowledge or permission. Those machines are constantly scouring the Internet trying to steal information from your, my, and everyone else’s computers. From the moment you open your laptop and connect to the Internet, your computer is likely getting assaulted by malicious attacks, Michel says. If your computer’s security is good and you keep current with all the latest security updates, chances are you’re successfully fending off most of them… for now. But hackers are a relentless and mischievous bunch. All it takes is one click on a bogus email, one click on an infected website, and the black hat hackers are in.

The good news is that amid the piles of green motherboards, electrical wiring, testing equipment, and computer consoles, Chandy, Michel, and a team of about a half-dozen very talented graduate and undergraduate students are playing the role of said hackers. Here, however, they are the good guys. Michel likes to describe the team as “ethical hackers,” white hats probing ever deeper into Comcast’s hardware and computing systems to expose potential vulnerabilities.

The battle between the white hats and the black hats is constant. Cybersecurity is an ever-shifting landscape as new technologies, system updates, viruses, worms, and attack strategies emerge on the Internet.

“John and I are constantly on the lookout for what’s happening,” says Michel. “What are the new vulnerabilities? What are the latest attacks? To do this properly, you have to be like a surfer. You have to be on top of the wave, not behind it. You have to keep moving and always stay a little bit ahead.”

If the lab is successful at breaking into a system, that’s a good thing. Exposing a vulnerability in the lab gives vendors the opportunity to correct a problem before a product goes to market or to fix a problem if the product is already in circulation.

If the research team fails to get into a system, well, that’s okay too. That means the system’s designers are on top of their game and did a great job protecting the system’s integrity and locking it tight.

Since it opened, Chandy says the lab has made significant discoveries that helped vendors and saved consumers considerable headache. But because of the often secretive nature of the lab’s work and its basis in security, the limelight of commercial success doesn’t always extend to the lab’s cubicles and workbenches.

When students find a potential vulnerability in a system, the lab immediately notifies the vendor or system provider so the weakness can be addressed. A lot of times, news of the discovery stops there. Chandy recounts a time when he and other lab members heard of a significant system vulnerability being discussed at a national cybersecurity conference. It sounded familiar. Chandy turned to his colleagues and whispered, “Didn’t we find that months ago?” Such is the nature of the business.

“The lab we have here is pretty unique for a university,” says Chandy. “A lot of times, the way we get into these systems is not necessarily through back doors. I would call them testing and debugging phases,” Chandy says. “One of the things a vendor wants to do when they release these systems is they want to test it. So they leave the interfaces open so we can do just that.”

 

FBI Alert Number I-091015-PSA: Internet of Things poses opportunities for cyber crime
“devices with default passwords or open Wi-Fi connections are an easy target for cyber actors to exploit”

 

THE INTERNET OF THINGS

Some of the latest technology on the market involves what Chandy calls the Internet of Things. People used to have a personal computer that did one job. A watch that did another. A telephone that had its uses and a TV or thermostat with separate functions. Now, with the Internet of Things, all of those devices are capable of interacting and talking to one another. You can turn up your home thermostat from work using your smart phone. You can check your email on your watch and pay your bills through your TV.

But with all that convenience and interconnectivity comes increased vulnerability. Keeping your information safe on all those different platforms is this team’s task.

“We’re mainly looking at things from a hardware level, those devices that are going out in the field and whether they are properly protected. We try to come up with scenarios that make sense from an attacker’s perspective,” says Chandy. “We take on the role of the hacker because if we can do it, that means a hacker can do it, too.”

As an academic lab, the Comcast Center is also a place of learning. The testing that is done here is not a matter of repetitive trial-and-error assaults, but a more deliberative, targeted, scientific process.

“Think of it like a game of Clue,” says Michel. “It’s not like we try something just to find out if it works or not. As we attempt an attack, we gather evidence along the way. That evidence may betray something about the platform, the device, the software that we are trying to test. Once we have that information, we regroup and discuss what we have learned and its implications, and then we try to develop more experiments and high-end scenarios so we can learn more. So it’s not like we have this dictionary of twenty different attacks and we try them all sequentially. It’s a much more principled approach.”

The students working in the lab operate in silence. A young woman types away intently on her keyboard. A bearded student in a New York Giants T-shirt sighs heavily, steps away from his computer for a brief break, then returns. Focused. Once again engrossed with the task before him at his work station. Two sage green walls in the rear of the lab are covered with black ink diagrams and hastily scrawled text.

An eviscerated teddy bear sits on a desktop.

“Stress relief, John?” a visitor asks, pointing to the multicolored wires ripped out of the bear’s abdomen.

“Side project,” Chandy answers with a sly grin. Then he explains that even a children’s toy as innocuous as a teddy bear can be a personal security threat. In this case, the interactive bear has a small computer inside that Chandy’s lab found lacked authentication protection. It could be hacked, potentially exposing the owner’s and other bear owners’ personal information with a few strokes of cyber sleight-of-hand.

“The students here are developing skills that none of them had a year ago,” says Chandy. “The skills they are developing would make them great hackers. But it is also making them great engineers.”

 

Lisa wasn’t looking forward to the confrontation. Her aging mother, bedridden with different ailments and dependent on care, was really angry this time. For months she had suspected Sarah, her live-in nurse, was stealing her money. And now, the latest bank statement confirmed it. On top of it all, Sarah always seemed to be on her iPad when her mother needed her. The chest pains were back. The small automatic defibrillator under her mother’s skin activated twice in the past two months. The stress wasn’t good.

Lisa enters the house. She eyes Sarah, who is standing, her back to her, at the kitchen counter – again, on her computer. Lisa walks into her mother’s room, careful to speak softly so their conversation won’t be overheard. Within a few minutes, Lisa notices her mother’s color start to change. She seems to have trouble breathing. Sweat builds on her upper lip. She tells Lisa she feels strange, like her heart is racing out of control. The device in her chest keeps vibrating, sending sharp shocks into her heart muscles. The shocks are getting stronger. Her mother cries out in pain. Lisa calls frantically for Sarah. No response. Her mother goes limp.

Back in the kitchen, Sarah quietly shuts down her iPad and walks toward the bedroom.

 
 

CSI CYBER — UCONN

More than 20 faculty members and more than 100 graduate students in the schools of Engineering and Business are conducting research through the Connecticut Cybersecurity Center at UConn. They are examining cryptography and cryptanalysis; data security and privacy; information fusion and data mining for Homeland Security; and trustable computing systems.

The academic research building that houses the Comcast Center of Excellence for Security Innovation houses two other major cyber- security labs. The Center for Hardware Assurance, Security, and Engineering (CHASE) contains some of the most advanced equipment available to conduct security analysis on nanoelectronics. Its research focuses on counterfeit device detection and preserving the integrity of silicon microchips, the very cornerstones of the worldwide computer industry. The building also is home to the Center for Voting Technology Research (VoTeR Center), which investigates new technologies to ensure the integrity of the electronic voting process.