Pixel Tracker

Wednesday, December 12 , 2018, 6:15 pm | Fog/Mist 58º


UCSB Security Group Exposes Internet Vulnerabilities

Computer researchers take over Torpig, one of the largest and most notorious botnets in the world

It’s like something out of a Robert Ludlum novel: Cybercriminals bent on stealing confidential information hijack the computers of unsuspecting users around the world and infect them with malicious software. Unbeknown to their owners, these computers form a network of zombie machines — a botnet — that volunteers whatever information the cybercriminals command it to find.

Recently, researchers in the Computer Security Group at UCSB went on a virtual crime spree of their own and took control of Torpig, one of the largest and most notorious botnets in the world.

Pretending to be hijackers, the researchers dived into what they call the “underground economy” and exposed Torpig’s inner workings. In the process, they discovered that 180,000 Windows computers — mainly in the United States and Europe — were under the botnet’s control. These computers were providing data on online bank accounts, credit and debit card accounts, and e-mail accounts. The researchers collaborated with the FBI and other law enforcement agencies, as well as with the banks and financial institutions involved, to notify the owners of the compromised accounts.

The botnet investigation, which is part of an ongoing grant from the National Science Foundation to study the workings of the underground economy, is only one of several projects the group has undertaken in the past several years in its quest to make the cyberworld a safer place. Others include the development of Web sites that examine the veracity of suspicious Web programs or Web pages, and a study of electronic voting machines and their vulnerability to election-altering attacks.

Earlier this month, the group received a $6.2 million grant from the U.S. Army Research Office to lead a multicampus, collaborative effort to develop a comprehensive security system that can defend against cyber attacks. Designed to determine whether and how an infiltration by hackers might affect the outcome of a particular military mission, the system will automatically identify attacks on the Internet, assess the degree of damage, identify possible responses and predict future threats.

“It’s called situational awareness,” said Richard Kemmerer, professor of computer science. “Every kind of information you can think of — including state secrets — exists on a computer somewhere. Unless that computer is locked up with no connection to the outside world, there’s a chance of that information getting compromised.”

Kemmerer is one of the UCSB group’s three core faculty members. The others include Giovanni Vigna, professor of computer science, and Christopher Kruegel, associate professor of computer science.

The research team also includes Tobias Höllerer, associate professor of computer science, and Joao Hespanha, professor and vice chair of electrical and computer engineering.

The new project calls on the group to advance current state-of-the-art cyber security in five key areas: devising sound yet practical techniques to automatically analyze network activity to obtain an up-to-date view of how the network is being used; developing comprehensive analysis techniques to automatically extract relationships in the network; creating a situational awareness framework that will identify targets of cyber attacks and estimate the impact of a successful attack; developing models of adversary behavior that will help predict the effects of future attacks; and establishing a visualization framework that will provide an easily understood view of the network’s status, and to help learn about attacks while they are in process.

The other universities involved in the project are UC Berkeley and the Georgia Institute of Technology.

Two main characteristics make the Computer Security Group at UCSB uniquely qualified to lead projects that range from botnets to voting machines to national security.

“On the one hand, we’re academics, so our approach to problems is based on the scientific method and theoretical modeling,” Vigna said. “But we also have the skills and knowledge to be very practical and rooted in the real world. When we do research, it’s very applied and we create tools the whole world can use. Other academics do proofs of concepts, but we go a step further and actually build programs that people can use to protect themselves.”

Among those programs are the Web sites Wepawet and Anubis. The sites are available to anyone who wants to determine whether a Web page or program poses a security risk.

“People can cut and paste the link to a Web page, in the case of Wepawet, or a program, in the case of Anubis, and the sites will let them know whether the behavior of that page or program is actually malicious,” Kruegel said.

“We want our ideas to be used in practice,” said Kemmerer, who also holds UCSB’s Computer Science Leadership Endowed Chair. “In order to do this, we build tools that implement the novel research ideas we come up with. Making these tools available free on the Internet allows other researchers to build on our work and to validate that it functions as advertised. In addition to providing tools to practitioners and other researchers, this is just good science.”

Combining academic and real-world pursuits was not always the premise of the Computer Security Group. It began 28 years ago as the Reliable Software Group with Kemmerer at the helm. His research involved several different areas of system dependability. Security was one piece of the reliable software puzzle. When Vigna came to UCSB in 1997 as a postdoctoral researcher, he brought his experience as a network engineer — and a hacker — and he and Kemmerer began collaborating on new ideas.

“It was probably the result of a synergy between my more low-level approach and his theoretical perspective,” Vigna said. When Kruegel joined the team, that synergy became even stronger. “We have a group that is very uniquely positioned with respect to the international scene.”

Kruegel, who had been a postdoctoral student at UCSB, left the university to join the faculty of the Vienna University of Technology. In 2005, he established the International Secure Systems Lab in Vienna, which also operates facilities at the Institute Eurécom on the French Riviera and at UCSB. He returned to the computer science department at UCSB in 2008.


Support Noozhawk Today

You are an important ally in our mission to deliver clear, objective, high-quality professional news reporting for Santa Barbara, Goleta and the rest of Santa Barbara County. Join the Hawks Club today to help keep Noozhawk soaring.

We offer four membership levels: $5 a month, $10 a month, $25 a month or $1 a week. Payments can be made using a credit card, Apple Pay or Google Pay, or click here for information on recurring credit-card payments and a mailing address for checks.

Thank you for your vital support.

Become a Noozhawk Supporter

First name
Last name
Select your monthly membership
Or choose an annual membership

Payment Information

Membership Subscription

You are enrolling in . Thank you for joining the Hawks Club.

Payment Method

Pay by Credit Card:

Mastercard, Visa, American Express, Discover
One click only, please!

Pay with Apple Pay or Google Pay:

Noozhawk partners with Stripe to provide secure invoicing and payments processing.
You may cancel your membership at any time by sending an email to .(JavaScript must be enabled to view this email address).

  • Ask
  • Vote
  • Investigate
  • Answer

Noozhawk Asks: What’s Your Question?

Welcome to Noozhawk Asks, a new feature in which you ask the questions, you help decide what Noozhawk investigates, and you work with us to find the answers.

Here’s how it works: You share your questions with us in the nearby box. In some cases, we may work with you to find the answers. In others, we may ask you to vote on your top choices to help us narrow the scope. And we’ll be regularly asking you for your feedback on a specific issue or topic.

We also expect to work together with the reader who asked the winning questions to find the answer together. Noozhawk’s objective is to come at questions from a place of curiosity and openness, and we believe a transparent collaboration is the key to achieve it.

The results of our investigation will be published here in this Noozhawk Asks section. Once or twice a month, we plan to do a review of what was asked and answered.

Thanks for asking!

Click Here to Get Started >

Reader Comments

Noozhawk is no longer accepting reader comments on our articles. Click here for the announcement. Readers are instead invited to submit letters to the editor by emailing them to [email protected]. Please provide your full name and community, as well as contact information for verification purposes only.