University researchers changing the focus on hacking to humans

Cybersecurity and hacking

A computer in a brightly lit office somewhere on the campus, in Patuxent Building maybe, or the computer science building, registers an attack — digits on a monitor. Someone, somewhere, is probing, looking for a weakness.

They’re in. There are credit card numbers, passwords, Social Security numbers — all ripe for the taking. Someone, somewhere, cracks his or her knuckles and gets to work.

Right there, in that instant, cybersecurity professionals could have attempted to dissuade a hacker from making a real attack — once a hacker has entered a system, but before he or she has decided to gather information or attack others, said Michel Cukier, Maryland Cybersecurity Center education associate director. Though few cybersecurity professionals normally speculate on the human element of hacking, that’s exactly what Cukier is exploring in his research with criminology professor David Maimon.

The pair hopes their interdisciplinary approach to cybersecurity can add perspective to a field dominated by the search for technical solutions.

And any fresh technique is welcome in advancing the study of defending networks because if a person follows through with the hack, “the game is over,” said Cukier, a reliability engineering professor and director of the Advanced Cybersecurity Experience for Students honors program.

“We’re some of the first scholars to try to pay attention to the human element behind cybercrime,” Maimon said. “The focus before was on the technical components of the issues: How would you patch the system, fix the network. It would be the equivalent of me as a criminologist trying to solve a murder by looking at the gun only.”

It’s not the easiest task — a hacker can attack at any time, from anywhere in the world, and hide behind a maze of proxies and slave computers.

But Maimon and Cukier have enlisted the help of the Division of Information Technology, which allowed them to set up hundreds of phantom computers — “honeypots”— in the university network. Without any sensitive information at risk on the dummy computers, the cybercrime researchers can let attacks play out and test hackers’ reactions to different stimuli. Maybe an automatic warning message will appear. Sometimes the surveillance software is more sophisticated than other times. The goal: see what the hackers pay attention to.

“In cybersecurity, access to data is considered the Holy Grail,” Cukier said.

And he and Maimon have it. In addition to the honeypots, DIT gave Maimon and Cukier access to closely guarded data about the estimated 6,000 attacks the university receives daily.

It’s a gigantic amount of information and they’re still working through it, they said, but Maimon said they’ve noticed some interesting connections. Reports between 2007 and 2009 show more than 50 percent of attacks happened during normal 9 a.m. to 5 p.m. business hours. And when more foreign users accessed the university’s network, attacks from their specific countries of origin increased.

Cukier was quick, though, to point out that they found correlation, not causation. Hackers, he said, don’t necessarily attack when certain users are on the network. As their research progresses, they will determine whether such information could be fashioned into practical security solutions.

The university’s network could offer insight as the researchers move toward finding those more concrete results. Experts call it a bazaar environment, Maimon said, to which anyone with a user name and password could gain access. Even guests unaffiliated with the university can log in at Mc-Keldin Library — so many different people doing whatever they want expose the network to all kinds of attacks, he said.

Gabriel Williams, a junior history major, said he uses the computers at McKeldin for everything from music and games to research. But network security isn’t on his mind, he said.

“It’s not really something I think about, honestly,” Williams said. “I know the school’s security is pretty good.”

Junior psychology major Avery Lundskow uses both the McKeldin computers and her own computer to accomplish work. But though she uses antivirus software on her own computer, she said she doesn’t worry about the school’s network security.

Maimon and Cukier are also working to understand how the actions of the hackers’ victims can affect a network’s security, but that part of their research is still in an early analysis phase. They enacted a cybersecurity campaign in certain dorms, informing students that pirating software, for example, can attract network attacks. And now, Maimon said, they’re analyzing the data to find out if students acted differently and if hackers somewhere noticed.

“By doing this, we are opening another door to create more sophisticated security solutions by looking at the human element,” Maimon said. “We are opening a door to a new world where we can get a better understanding about the hacker and the victim. How they are doing this, why there are doing this, how they are exposing themselves.”