UCSB’s Cyber Security Studs

In an effort to quash something silent but violent, UCSB researchers — along with the help of a variety of law enforcement agencies including the FBI — are using a $6.2 million grant they recently received from the U.S. Army Research Office to develop a new, state-of-the-art computer defense system.

Last year, backed by a grant from the National Science Foundation, researchers from UCSB’s Computer Security Group — including computer science professors Richard Kemmerer, Giovanni Vigna, Christopher Kruegel, and economics professor Douglas Steigerwald — posed as computer hackers as a means of identifying malware-infected computers, otherwise known as botnets. A botnet, according to Professor Vigna, is as scary as it is scientific. “Botnets are a network of compromised computers under the control of a single entity, called a botmaster. A botnet can be asked to do anything, but usually they are used to perform denial-of-service attacks, send spam, [and] steal personal information from the compromised computer,” he said.

Horrifyingly, their hacking revealed over 180,000 infected computers throughout the United States and Europe, all of which had been taken captive by one of the world’s most notorious botnets, Torpig. The process, albeit alarming, did prove fruitful for the researches, as their investigation yielded Torpig’s inner workings. Called its “underground economy” — how a botnet is able to trade and share people’s financial and personal information — the discovery was the chief motivator for the National Science Foundation grant.

After learning of Torpig’s unfortunately far-reaching extent, the researchers teamed up with the FBI, various law enforcement agencies, and financial institutions to notify the users of the aforementioned 180,000 computers, telling them that everything from their credit and debit card information to their email addresses were endangered. In addition to studying how cybercriminals could potentially affect electronic voting, the Computer Security Group is currently in the throes of other combating other threats to cyber security.

Having recently received a $6.2 million grant from the U.S. Army Research Office, the Security Group has been asked to team up with both UC Berkeley and the Georgia Institute of Technology as part of a multi-campus approach to assemble a more encompassing computer defense system. According to Professor Kemmerer, the project aims to enhance national security. “It’s called situational awareness. Every kind of information you can think of — including state secrets — exists on a computer somewhere. Unless that computer is locked up with no connection to the outside world, there’s a chance of that information getting compromised.”

Professor Vigna further explained the concerns behind cybercrime, and how the grant has afforded them a means to better combat it. “This is a grant to support the protection of computer networks from targeted attacks. The idea is to understand how a network infrastructure is used when carrying out a specific task, so that attacks against the network can be put in context. Unfortunately, identifying attacks in the first place is hard. Therefore the goal of our research is to develop novel techniques to support this type of analysis,” he said.

As per the goals of the grant funding, the multi-campus effort aims to improve cyber-security in five ways: create practical techniques that can automatically assess how any given network is being used, create an automatic means of assessing particular relationships within a network, develop a system to identify potential victims of cybercrime, develop a system to scale the impact of an executed attack, and create a means of visualizing a networks’ statuses in order to combat in-process attacks. Professor Kemmerer added that “game theory techniques” will be implemented as a means of determining “what the next move of the attackers might be and how effective different countermeasures would be.” In the meantime, what type of defense can computer uses employ against the cybercriminals’ offense? According to Professors Kruegel and Vigna, preventative measures abound.

Professor Kruegel attests to two of the Security Group’s own creations, Wepawet and Anubis. “People can cut and paste the link to a Web page (in the case of Wepawet) or a program (in the case of Anubis) and the sites will let them know whether the behavior of that page or program is actually malicious,” he said. Advocating cautionary measures, Professor Vigna suggests users “keep their software as updated as possible, stop using Internet Explorer, [and] not click on suspicious links that come in emails.” Professor Vigna also added that users need not worry about their documents and pictures being affected by a botnet — all the while maintaining that people should nevertheless remain cautious. “The malware can do anything. However, most of the time the malware wants to stay undetected for the longest time possible and therefore obvious destructive behavior is unlikely.”