By Matt Windsor | Illustrations by Tim Rocks
There's big money to be made in the computer industry these days. In fact, someone with the right skills and the wrong motives can expect to pull in millions every week by engaging in cybercrime.
Can you stop the bad bugs? Fight back in this video game inspired by the work of UAB researchers
Mega-salaries don’t come without risks, of course—including the increasing likelihood that your efforts will attract the attention of UAB researcher Gary Warner and his dedicated team of caffeine-fueled student analysts. In a lab overlooking the UAB football practice field, Warner’s undergraduate and graduate students are playing a high-stakes game of their own, matching wits with criminal masterminds a world away. The students’ efforts have been recognized with official thank-yous from Facebook and the FBI, and job offers from Microsoft, PayPal, and a who’s who of the current hot tickets in Silicon Valley.
Read on to learn about some of the group’s most notable exploits—and how you can become a digital detective with UAB’s new master’s degree program in computer security.
When the FBI needed help shutting down an international cybercrime ring, agents came to UAB. The bureau’s Operation Ghost Click was on the trail of a group of foreign nationals that gained millions through a massive spam campaign. When an unsuspecting user clicked on a virus-laden e-mail, the criminals were able to hijack Internet searches and route the user’s computer directly to certain Web sites and advertisements. Eventually, hundreds of millions of computers were infected.
Investigators from the FBI and NASA’s Office of Inspector General worked with UAB researchers and students to identify the latest threats from the 1 million messages per day streaming into the UAB Spam Data Mine.
Wild animals run amok in the mega-popular Facebook game known as “Farmville,” but for more than three years, Facebook users ran the risk of encountering a far more dangerous enemy on the site: a rogue worm called Koobface. Hidden behind seemingly innocent links (“Hey man, check out this video!”), the virus infected hundreds of thousands of computers, forcing users to watch ads and visit commercial Web sites—a scheme that earned millions in revenue for the criminals.
In March 2011, however, Facebook’s security team located and terminated the criminal-controlled “mothership” computer directing this army of infected machines. The coup was made possible in part by UAB’s Gary Warner and graduate student Brian Tanner. In January 2012, the site’s security team thanked Warner and Tanner by name for their help in stopping the menace.
“Brian had been investigating Koobface since 2008,” Warner says. “Several times, his work made the criminals change what they were doing. One time, he determined a way to cause Koobface to dump out a list of all the user passwords that it had, and then we contacted Google and Yahoo and Facebook and had them change all those passwords. In one day, the criminals lost 100,000 users.”
Learn more about Brian Tanner in this Q&A.
Last year, UAB officially launched a master’s degree program in computer forensics and security management. It is the only graduate program of its kind, says Warner, who notes that dozens of companies routinely contact him looking to hire his graduates.
“Our computer science program is for people who have really strong math and programming skills and are really serious developers,” says Warner. “There is a lot more investigation and analysis training in the master’s in computer forensics. You do have to be able to program, but not at the same level that a computer science master’s student would. If your goal is to be a cybercrime investigator, this is the graduate program for you.”
UAB’s PhishIntel database is a unique catalog of the worst of cybercrime and cybercriminals. Built on top of the billion-message-strong UAB Spam Data Mine, PhishIntel offers investigators from federal agencies, state and local law enforcement, and private businesses a way to find their man in cyberspace. By connecting the dots between the seemingly random acts of crime around the Internet, PhishIntel can separate the major players from the small fry, giving overworked investigators a roadmap on where to focus their scarce resources. Word is getting around: Users at major banks and federal agencies now log on to the site multiple times per day.
“Banks have now become very responsive to phishing attacks,” says Warner. “Within a few hours of the start of a crime, we can stop it. But that same day, the criminals will make another fake site—or several more. What we need to do is track down the criminals responsible for creating all those sites and put them in jail. With PhishIntel, law enforcement can find the evidence they need to do that.”
Learn more from current and former students in UAB's computer forensics program:
• Sarah Turner, master's student, who reports on trending malware attacking U.S. firms
• Brian Tanner, 2011 master’s graduate, now working as an analyst at Sentar, a computer security firm
• Josh Larkins, 2011 master's graduate, now working at a major U.S. bank