UAB student superheroes solve cyber-crimes for social networks, banks

Leaders in social networks, banks and law enforcement turn to UAB’s computer forensics team to connect criminals to online crimes.

Gary Warner, director of Research in Computer Forensics at the University of Alabama at Birmingham, is more likely to be mistaken for Clark Kent rather than Superman. However, he has all the tools a modern day crime-fighter needs: computers, data storage, energy drinks and manpower. Make that student power.

GaryWarner_Fall2011“You will not find another program like Gary’s that allows students to work directly with top security personnel at Facebook, Google, Yahoo, PayPal and eBay in the war against cyber-crime,” said Brian Tanner, the first UAB student to earn a master’s degree in Computer Forensics and Security Management. “I loved feeding information to companies and law-enforcement agencies and having them say, ‘This is great! This is data we don’t have!’”

And that is pretty much what Facebook said when Tanner called them about Koobface. Koobface was the first botnet to successfully interact with social networking websites. Potential victims were no longer receiving emails from Nigerian princes but getting Facebook messages from a friend: "you won’t believe what they’re saying about you online, click here." Tanner calls Koobface’s work social engineering at its finest.

“Koobface was one of the first botnets to have widespread success using social networks as its main target and that made criminals worldwide realize attacking social networks can be very lucrative,” said Tanner. “As we did the research we realized we could cause Koobface to reveal to us all of the fake users that it had created on Facebook and all of the websites it had compromised, and that is how we tracked them down at UAB.”

Tanner and Warner were personally thanked by Facebook for their role in finding the international criminals behind Koobface. Tanner graduated UAB and went to work in software development in the defense and aerospace industry for Sentar. His classmates were hired immediately by NASA, Microsoft and IBM. They bypassed entry-level jobs because of their experience at UAB.

gary_warner_2010_5It is obvious Warner, who also was personally thanked by the FBI recently for tracking down cyber-criminals in FBI Operation Ghost Click, has assembled the brightest young minds at his UAB lab. He works the talent much like the farm system in Major League Baseball, developing specific skills to make them pros. He can do that because of the UAB Center for Information Assurance and Joint Forensics Research, a multi-disciplinary research center that combines resources from law enforcement, business, government agencies and other research institutions.

“Students have multiple disciplines from which to choose — such as our anti-phishing team that includes more than a dozen students employed to evaluate fake bank websites and identify the ways criminals are taking advantage of people,” said Warner. “We have other students investigating online pharmaceutical scams, work-at-home scams and malicious software threats, known as malware, delivered by spam emails. Understanding the threats helps us inform and protect the public, as well as helping law enforcement develop appropriate investigative methods for finding the criminals.”

Federal manpower studies show that each year there are only about1,100 U.S. graduates with relevant degrees in computer security, but there are jobs for 10,000 graduates a year.