BLACK HATS, CYBER BOTS, ZOMBIES, AND YOU

This Cybersecurity Lab Is Beating Computer Hackers at Their Own Game.

Written By Colin Poitras ’85 (CLAS)
Illustrations by Hoodzpah Design Co.

fallen chess piece
Chess Piece

Cyberattacks come in all shapes and sizes. Experts say it could be only a matter of time before they pose a real threat to our daily lives. The electronic devices in our world today are interconnected like never before. Our cars are no longer machines but rolling PCs with different components constantly talking to one another. Our watches are telephones. Our telephones are high-speed computers. And with all this increased convenience comes greater vulnerability. In the constant rush to get new products to market, security can be an afterthought.

Fortunately, a crack team of cybersecurity specialists, led by John Chandy, an electrical and computer engineering professor, and Laurent Michel, an associate professor of computer science and engineering, is working to protect our information. UConn’s Comcast Center of Excellence for Security Innovation is advancing research to strengthen the nation’s electronic information networks and training a new generation of hardware, software, and network security engineers to protect the integrity of everything from small consumer electronics to the complex computer systems running our major industrial, financial, and transportation systems.

Secured behind passcode-protected entry doors, the Comcast lab is embedded deep inside one of UConn’s main academic buildings. Getting there can be an adventure.

If you visit the lab via the building’s main door, you must go down a set of stairs, along a long hallway to the rear of the building, then it’s a quick left, quick right, another left, up a ramp, through some fire doors, past the locked doors of several large humming mechanical rooms, another right, another left, yet another right, and finally a quick left and you are there. Or you might be. It’s hard to be sure because there is absolutely no indication of where the lab is on any of the directional office signs. Even next to the lab’s main door there is only a small 9- by 6-inch plaque in letters slightly larger than what you are reading here.

shifty eyes
Left Pupil
Right Pupil
Traffic Light Yellow
Traffic Light Red
car

Megan is driving her new sedan to the mall to get her nails done before heading to work at the deli down the road. She decides she has time for a coffee and heads for her regular caffeine spot where barista Tim likes to flirt with her by writing funny names on her cup. Never just “Megan.” She waits for the oncoming traffic to clear and turns left into the plaza. But the car keeps going straight. She spins the steering wheel. Nothing. Pumps the brakes. Nothing. The car accelerates toward the next intersection, while Megan continues pumping the brakes wildly. Nothing.

She’s about to collide with a black pickup truck covered in skull decals, when the car slams to a stop. The light turns green. Traffic moves forward. With her foot pushing the brake pedal to the floor as hard as she can, Megan’s car rockets forward. Two towns away, Brian leans back in his ergonomic desk chair, grinning at the wall full of screens depicting moving cars – including Megan’s.

FBI Alert Number I-031716-PSA: Motor Vehicles are Increasingly Vulnerable to Remote Exploits
“researchers could gain significant control over vehicle functions remotely by exploiting wireless communications vulnerabilities”

White Hat Hackers

Talk to Michel or Chandy for a few minutes and you begin to get a sense of what life is like in their world of electronic espionage. And if you leave feeling a little paranoid, well, that’s to be expected.

Michel will tell you that the world is filled with hackers and malicious machines known as zombies, or computer bots, which hackers have seized via remote control and without their owners’ knowledge or permission. Those machines are constantly scouring the Internet trying to steal information from your, my, and everyone else’s computers. From the moment you open your laptop and connect to the Internet, your computer is likely getting assaulted by malicious attacks, Michel says. If your computer’s security is good and you keep current with all the latest security updates, chances are you’re successfully fending off most of them… for now. But hackers are a relentless and mischievous bunch. All it takes is one click on a bogus email, one click on an infected website, and the black hat hackers are in.

The good news is that amid the piles of green motherboards, electrical wiring, testing equipment, and computer consoles, Chandy, Michel, and a team of about a half-dozen very talented graduate and undergraduate students are playing the role of said hackers. Here, however, they are the good guys. Michel likes to describe the team as “ethical hackers,” white hats probing ever deeper into Comcast’s hardware and computing systems to expose potential vulnerabilities.

The battle between the white hats and the black hats is constant. Cybersecurity is an ever-shifting landscape as new technologies, system updates, viruses, worms, and attack strategies emerge on the Internet.

“John and I are constantly on the lookout for what’s happening,” says Michel. “What are the new vulnerabilities? What are the latest attacks? To do this properly, you have to be like a surfer. You have to be on top of the wave, not behind it. You have to keep moving and always stay a little bit ahead.”

“The battle between the white hats and the black hats is constant.”

If the lab is successful at breaking into a system, that’s a good thing. Exposing a vulnerability in the lab gives vendors the opportunity to correct a problem before a product goes to market or to fix a problem if the product is already in circulation.

If the research team fails to get into a system, well, that’s okay too. That means the system’s designers are on top of their game and did a great job protecting the system’s integrity and locking it tight.

Since it opened, Chandy says the lab has made significant discoveries that helped vendors and saved consumers considerable headache. But because of the often secretive nature of the lab’s work and its basis in security, the limelight of commercial success doesn’t always extend to the lab’s cubicles and workbenches.

When students find a potential vulnerability in a system, the lab immediately notifies the vendor or system provider so the weakness can be addressed. A lot of times, news of the discovery stops there. Chandy recounts a time when he and other lab members heard of a significant system vulnerability being discussed at a national cybersecurity conference. It sounded familiar. Chandy turned to his colleagues and whispered, “Didn’t we find that months ago?” Such is the nature of the business.

“The lab we have here is pretty unique for a university,” says Chandy. “A lot of times, the way we get into these systems is not necessarily through back doors. I would call them testing and debugging phases,” Chandy says. “One of the things a vendor wants to do when they release these systems is they want to test it. So they leave the interfaces open so we can do just that.”

shifty eyes
Left Pupil
Right Pupil

“The battle between the white hats and the black hats is constant.”

Background image featuring a stylized keyhole
Key with shifty eyes and ring with wifi rays shooting from the top

It’s finals week and Tom, a UConn senior, is crazed. He has three tests in two days. His car loan is due. His student loan payment is due. His roommate is an all-day partier who never gives him a moment’s rest back at the dorm. Desperate for a quiet place to work, Tom heads to a library off campus. It’s one of his favorite places to study and it offers free Wi-Fi. He throws down his backpack and pulls out his laptop. Finally. Peace. He logs on. The laptop immediately attaches to the library’s wireless connection. Tom calls up his bank, logs in to his checking account, and makes a quick loan payment for his car. Done. Now the student loan. He logs in to the loan service, accesses his account. Paid. Done.

In a study carrel in another part of the library, Tina, a bright young lady with a gift for computing and a keen resentment for all of the preppy college kids in town, has set up an alternate Wi-Fi base on her laptop. Her network identifies itself by the same name as the library’s network and is coded to override it. Library visitors’ laptops recognize the familiar Wi-Fi and automatically connect. All of their information – the sites they visit, their logins, their passwords, their emails, their Facebook posts – are now funneling through Tina’s bogus network and straight to her hard drive. She sits back and smiles. Tina has bills to pay too. And Tom’s information was just what she was waiting for.

FBI Alert Number I-091015-PSA: Internet of Things poses opportunities for cyber crime
“devices with default passwords or open Wi-Fi connections are an easy target for cyber actors to exploit”

The Internet of Things

Some of the latest technology on the market involves what Chandy calls the Internet of Things. People used to have a personal computer that did one job. A watch that did another. A telephone that had its uses and a TV or thermostat with separate functions. Now, with the Internet of Things, all of those devices are capable of interacting and talking to one another. You can turn up your home thermostat from work using your smart phone. You can check your email on your watch and pay your bills through your TV.

But with all that convenience and interconnectivity comes increased vulnerability. Keeping your information safe on all those different platforms is this team’s task.

“We’re mainly looking at things from a hardware level, those devices that are going out in the field and whether they are properly protected. We try to come up with scenarios that make sense from an attacker’s perspective,” says Chandy. “We take on the role of the hacker because if we can do it, that means a hacker can do it, too.”

As an academic lab, the Comcast Center is also a place of learning. The testing that is done here is not a matter of repetitive trial-and-error assaults, but a more deliberative, targeted, scientific process.

“…with all that convenience and interconnectivity comes increased vulnerability.”

“Think of it like a game of Clue,” says Michel. “It’s not like we try something just to find out if it works or not. As we attempt an attack, we gather evidence along the way. That evidence may betray something about the platform, the device, the software that we are trying to test. Once we have that information, we regroup and discuss what we have learned and its implications, and then we try to develop more experiments and high-end scenarios so we can learn more. So it’s not like we have this dictionary of twenty different attacks and we try them all sequentially. It’s a much more principled approach.”

The students working in the lab operate in silence. A young woman types away intently on her keyboard. A bearded student in a New York Giants T-shirt sighs heavily, steps away from his computer for a brief break, then returns. Focused. Once again engrossed with the task before him at his work station. Two sage green walls in the rear of the lab are covered with black ink diagrams and hastily scrawled text.

An eviscerated teddy bear sits on a desktop.

“Stress relief, John?” a visitor asks, pointing to the multicolored wires ripped out of the bear’s abdomen.

“Side project,” Chandy answers with a sly grin. Then he explains that even a children’s toy as innocuous as a teddy bear can be a personal security threat. In this case, the interactive bear has a small computer inside that Chandy’s lab found lacked authentication protection. It could be hacked, potentially exposing the owner’s and other bear owners’ personal information with a few strokes of cyber sleight-of-hand.

“The students here are developing skills that none of them had a year ago,” says Chandy. “The skills they are developing would make them great hackers. But it is also making them great engineers.”

“…with all that convenience and interconnectivity comes increased vulnerability.”

shifty eyes
Left Pupil
Right Pupil
Background
Fire
Fire
Minute Hand
Hour Hand
dynamite with username and password written across it

FBI Alert Number I-091015-PSA: Internet of Things poses opportunities for cyber crime
“devices with default passwords or open Wi-Fi connections are an easy target for cyber actors to exploit”

Lisa wasn’t looking forward to the confrontation. Her aging mother, bedridden with different ailments and dependent on care, was really angry this time. For months she had suspected Sarah, her live-in nurse, was stealing her money. And now, the latest bank statement confirmed it. On top of it all, Sarah always seemed to be on her iPad when her mother needed her. The chest pains were back. The small automatic defibrillator under her mother’s skin activated twice in the past two months. The stress wasn’t good.

Lisa enters the house. She eyes Sarah, who is standing, her back to her, at the kitchen counter – again, on her computer. Lisa walks into her mother’s room, careful to speak softly so their conversation won’t be overheard. Within a few minutes, Lisa notices her mother’s color start to change. She seems to have trouble breathing. Sweat builds on her upper lip. She tells Lisa she feels strange, like her heart is racing out of control. The device in her chest keeps vibrating, sending sharp shocks into her heart muscles. The shocks are getting stronger. Her mother cries out in pain. Lisa calls frantically for Sarah. No response. Her mother goes limp.

Back in the kitchen, Sarah quietly shuts down her iPad and walks toward the bedroom.

FBI Alert Number I-091015-PSA: Internet of Things poses opportunities for cyber crime
“devices with default passwords or open Wi-Fi connections are an easy target for cyber actors to exploit”

CSI Cyber UConn

More than 20 faculty members and more than 100 graduate students in the schools of Engineering and Business are conducting research through the Connecticut Cybersecurity Center at UConn. They are examining cryptography and cryptanalysis; data security and privacy; information fusion and data mining for Homeland Security; and trustable computing systems.

The academic research building that houses the Comcast Center of Excellence for Security Innovation houses two other major cyber- security labs. The Center for Hardware Assurance, Security, and Engineering (CHASE) contains some of the most advanced equipment available to conduct security analysis on nanoelectronics. Its research focuses on counterfeit device detection and preserving the integrity of silicon microchips, the very cornerstones of the worldwide computer industry. The building also is home to the Center for Voting Technology Research (VoTeR Center), which investigates new technologies to ensure the integrity of the electronic voting process.

exploding bomb with WWW (world wide web) written onto it

Discuss

  1. As a UCONN MBA Graduate from the 1970’s, deeply involved with Academics and Cybersecurity in California, I am so proud to read of the great work you are doing. Your work is a great asset to the University, its vendors, students and staff. There is a difficult balance between Academic Freedom and Security that is not present in the commercial world, where companies, if the choose to do so, have the ability to lock down systems preventing staff from reaching sites, receiving email or installing equipment that is not directly related to job function.

    Secondarily, thank you for publishing for all Huskies a very informative exposes of the dangers lurking in the world that we all live in. There are few opportunities for those of us in Cyber to disseminate actionable, practical to a large audience. Unfortunately, the media that we are all exposed to, sensationalizes Cyber incidents, without presenting any practical information for protection, as you have done. As a result I am concerned that the general population is becoming numb to the dangers, accepting inevitability and taking no action until it has direct impact on them.

    There are no ironclad assurances of safety to organizations or individuals, regardless of the protections and detections in place. Complacency geometrically increases the chances of a successful compromise or breach.

    Keep up the good work!

    Stu Gross
    San Diego, CA

Leave a Reply