Black Hats, Cyber Bots, Zombies, and You

Illustration by Hoodzpah Design Co.
UConn's Cybersecurity Lab is beating computer hackers at their own game. (Illustration by Hoodzpah Design Co.)

Cyberattacks come in all shapes and sizes. Experts say it could be only a matter of time before they pose a real threat to our daily lives. The electronic devices in our world today are interconnected like never before. Our cars are no longer machines, but rolling PCs with different components constantly talking to one another. Our watches are phones. Our phones are high-speed computers. And with all this increased convenience comes greater vulnerability. In the constant rush to get new products to market, security can be an afterthought.

Illustration by Hoodzpah Design Co.
Illustration by Hoodzpah Design Co.

Fortunately, a crack team of cybersecurity specialists at UConn – led by John Chandy, an electrical and computer engineering professor, and Laurent Michel, an associate professor of computer science and engineering – is working to protect our information. The Comcast Center of Excellence for Security Innovation is advancing research to strengthen the nation’s electronic information networks and training a new generation of hardware, software, and network security engineers to protect the integrity of everything from small consumer electronics to the complex computer systems running our major industrial, financial, and transportation systems.

Secured behind passcode-protected entry doors, the Comcast lab is embedded deep inside one of UConn’s main academic buildings. Getting there can be an adventure.

If you visit the lab via the building’s main door, you must go down a set of stairs, along a long hallway to the rear of the building, then it’s a quick left, quick right, another left, up a ramp, through some fire doors, past the locked doors of several large humming mechanical rooms, another right, another left, yet another right, and finally a quick left and you are there. Or you might be. It’s hard to be sure, because there is absolutely no indication of where the lab is on any of the directional office signs. Even next to the lab’s main door there is only a small 9- by 6-inch plaque in letters slightly larger than what you are reading here.

White Hat Hackers

Talk to Michel or Chandy for a few minutes and you begin to get a sense of what life is like in their world of electronic espionage. And if you leave feeling a little paranoid, well, that’s to be expected.

Michel will tell you that the world is filled with hackers and malicious machines known as zombies, or computer bots, which hackers have seized via remote control and without their owners’ knowledge or permission. Those machines are constantly scouring the Internet trying to steal information from your, my, and everyone else’s computers. From the moment you open your laptop and connect to the Internet, your computer is likely getting assaulted by malicious attacks, Michel says. If your computer’s security is good and you keep current with all the latest security updates, chances are you’re successfully fending off most of them … for now. But hackers are a relentless and mischievous bunch. All it takes is one click on a bogus email, one click on an infected website, and the black hat hackers are in.

The good news is that amid the piles of green motherboards, electrical wiring, testing equipment, and computer consoles, Chandy, Michel, and a team of about a half-dozen very talented graduate and undergraduate students are playing the role of said hackers. Here, however, they are the good guys. Michel likes to describe the team as “ethical hackers,” white hats probing ever deeper into the Comcast Center’s hardware and computing systems to expose potential vulnerabilities.

Illustration by Hoodzpah Design Co.
Illustration by Hoodzpah Design Co.

The battle between the white hats and the black hats is constant. Cybersecurity is an ever-shifting landscape as new technologies, system updates, viruses, worms, and attack strategies emerge on the Internet.

“John and I are constantly on the lookout for what’s happening,” says Michel. “What are the new vulnerabilities? What are the latest attacks? To do this properly, you have to be like a surfer. You have to be on top of the wave, not behind it. You have to keep moving and always stay a little bit ahead.”

If the lab is successful at breaking into a system, that’s a good thing. Exposing a vulnerability in the lab gives vendors the opportunity to correct a problem before a product goes to market or to fix a problem if the product is already in circulation.

If the research team fails to get into a system, well, that’s okay too. That means the system’s designers are on top of their game and did a great job protecting the system’s integrity and locking it tight.

Since it opened, Chandy says the lab has made significant discoveries that helped vendors and saved consumers considerable headache. But because of the often secretive nature of the lab’s work and its basis in security, the limelight of commercial success doesn’t always extend to the lab’s cubicles and workbenches.

When students find a potential vulnerability in a system, the lab immediately notifies the vendor or system provider so the weakness can be addressed. A lot of times, news of the discovery stops there. Chandy recounts a time when he and other lab members heard of a significant system vulnerability being discussed at a national cybersecurity conference. It sounded familiar. Chandy turned to his colleagues and whispered, “Didn’t we find that months ago?” Such is the nature of the business.

“The lab we have here is pretty unique for a university,” says Chandy. “A lot of times, the way we get into these systems is not necessarily through back doors. I would call them testing and debugging phases.

“One of the things a vendor wants to do when they release these systems is they want to test it” he adds, “so they leave the interfaces open so we can do just that.”

The Internet of Things
Some of the latest technology on the market involves what Chandy calls the Internet of Things. People used to have a personal computer that did one job. A watch that did another. A phone that had its uses, and a TV or thermostat with separate functions. Now, with the Internet of Things, all of those devices are capable of interacting and talking to one another. You can turn up your home thermostat from work using your smart phone. You can check your email on your watch and pay your bills through your TV.

But with all that convenience and interconnectivity comes increased vulnerability. Keeping your information safe on all those different platforms is this team’s task.

“We’re mainly looking at things from a hardware level, those devices that are going out in the field and whether they are properly protected. We try to come up with scenarios that make sense from an attacker’s perspective,” says Chandy. “We take on the role of the hacker because if we can do it, that means a hacker can do it, too.”

As an academic lab, the Comcast Center is also a place of learning. The testing that is done here is not a matter of repetitive trial-and-error assaults, but a more deliberative, targeted, scientific process.

“Think of it like a game of Clue,” says Michel. “It’s not like we try something just to find out if it works or not. As we attempt an attack, we gather evidence along the way. That evidence may betray something about the platform, the device, the software that we are trying to test. Once we have that information, we regroup and discuss what we have learned and its implications, and then we try to develop more experiments and high-end scenarios so we can learn more. So it’s not like we have this dictionary of 20 different attacks and we try them all sequentially. It’s a much more principled approach.”

The students working in the lab operate in silence. A young woman types away intently on her keyboard. A bearded student in a New York Giants T-shirt sighs heavily, steps away from his computer for a brief break, then returns. Focused. Once again engrossed with the task before him at his work station. Two sage green walls in the rear of the lab are covered with black ink diagrams and hastily scrawled text.

An eviscerated teddy bear sits on a desktop.

“Stress relief, John?” a visitor asks, pointing to the multicolored wires ripped out of the bear’s abdomen.

“Side project,” Chandy answers with a sly grin. Then he explains that even a children’s toy as innocuous as a teddy bear can be a personal security threat. In this case, the interactive bear has a small computer inside that Chandy’s lab found lacked authentication protection. It could be hacked, potentially exposing the owner’s and other bear owners’ personal information with a few strokes of cyber sleight-of-hand.

“The students here are developing skills that none of them had a year ago,” says Chandy. “The skills they are developing would make them great hackers. But it is also making them great engineers.”